From de0a0f813f148f72801388318f648ac329cb7279 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Wed, 15 Jan 2025 12:08:32 +0100 Subject: [PATCH 01/47] Update crossplane-runtime to v1.17.0 and upjet to db86f70a1651 Add new arg to conversion.RegisterConversions() github.com/crossplane/crossplane-runtime v1.17.0 github.com/crossplane/upjet v1.4.1-0.20250108142216-db86f70a1651 Signed-off-by: Rickard von Essen --- cmd/provider/accesscontextmanager/zz_main.go | 2 +- cmd/provider/activedirectory/zz_main.go | 2 +- cmd/provider/alloydb/zz_main.go | 2 +- cmd/provider/apigee/zz_main.go | 2 +- cmd/provider/appengine/zz_main.go | 2 +- cmd/provider/artifact/zz_main.go | 2 +- cmd/provider/beyondcorp/zz_main.go | 2 +- cmd/provider/bigquery/zz_main.go | 2 +- cmd/provider/bigtable/zz_main.go | 2 +- cmd/provider/binaryauthorization/zz_main.go | 2 +- cmd/provider/certificatemanager/zz_main.go | 2 +- cmd/provider/cloud/zz_main.go | 2 +- cmd/provider/cloudbuild/zz_main.go | 2 +- cmd/provider/cloudfunctions/zz_main.go | 2 +- cmd/provider/cloudfunctions2/zz_main.go | 2 +- cmd/provider/cloudplatform/zz_main.go | 2 +- cmd/provider/cloudrun/zz_main.go | 2 +- cmd/provider/cloudscheduler/zz_main.go | 2 +- cmd/provider/cloudtasks/zz_main.go | 2 +- cmd/provider/composer/zz_main.go | 2 +- cmd/provider/compute/zz_main.go | 2 +- cmd/provider/config/zz_main.go | 2 +- cmd/provider/container/zz_main.go | 2 +- cmd/provider/containeranalysis/zz_main.go | 2 +- cmd/provider/containerattached/zz_main.go | 2 +- cmd/provider/containeraws/zz_main.go | 2 +- cmd/provider/containerazure/zz_main.go | 2 +- cmd/provider/datacatalog/zz_main.go | 2 +- cmd/provider/dataflow/zz_main.go | 2 +- cmd/provider/datafusion/zz_main.go | 2 +- cmd/provider/datalossprevention/zz_main.go | 2 +- cmd/provider/dataplex/zz_main.go | 2 +- cmd/provider/dataproc/zz_main.go | 2 +- cmd/provider/datastore/zz_main.go | 2 +- cmd/provider/datastream/zz_main.go | 2 +- cmd/provider/dialogflowcx/zz_main.go | 2 +- cmd/provider/dns/zz_main.go | 2 +- cmd/provider/documentai/zz_main.go | 2 +- cmd/provider/essentialcontacts/zz_main.go | 2 +- cmd/provider/eventarc/zz_main.go | 2 +- cmd/provider/filestore/zz_main.go | 2 +- cmd/provider/firebaserules/zz_main.go | 2 +- cmd/provider/gke/zz_main.go | 2 +- cmd/provider/gkehub/zz_main.go | 2 +- cmd/provider/healthcare/zz_main.go | 2 +- cmd/provider/iam/zz_main.go | 2 +- cmd/provider/iap/zz_main.go | 2 +- cmd/provider/identityplatform/zz_main.go | 2 +- cmd/provider/kms/zz_main.go | 2 +- cmd/provider/logging/zz_main.go | 2 +- cmd/provider/memcache/zz_main.go | 2 +- cmd/provider/mlengine/zz_main.go | 2 +- cmd/provider/monitoring/zz_main.go | 2 +- cmd/provider/monolith/zz_main.go | 2 +- cmd/provider/networkconnectivity/zz_main.go | 2 +- cmd/provider/networkmanagement/zz_main.go | 2 +- cmd/provider/notebooks/zz_main.go | 2 +- cmd/provider/orgpolicy/zz_main.go | 2 +- cmd/provider/osconfig/zz_main.go | 2 +- cmd/provider/oslogin/zz_main.go | 2 +- cmd/provider/privateca/zz_main.go | 2 +- cmd/provider/pubsub/zz_main.go | 2 +- cmd/provider/redis/zz_main.go | 2 +- cmd/provider/secretmanager/zz_main.go | 2 +- cmd/provider/servicenetworking/zz_main.go | 2 +- cmd/provider/sourcerepo/zz_main.go | 2 +- cmd/provider/spanner/zz_main.go | 2 +- cmd/provider/sql/zz_main.go | 2 +- cmd/provider/storage/zz_main.go | 2 +- cmd/provider/storagetransfer/zz_main.go | 2 +- cmd/provider/tags/zz_main.go | 2 +- cmd/provider/tpu/zz_main.go | 2 +- cmd/provider/vertexai/zz_main.go | 2 +- cmd/provider/vpcaccess/zz_main.go | 2 +- cmd/provider/workflows/zz_main.go | 2 +- go.mod | 33 ++++---- go.sum | 83 ++++++++++---------- hack/main.go.tmpl | 2 +- 78 files changed, 132 insertions(+), 136 deletions(-) diff --git a/cmd/provider/accesscontextmanager/zz_main.go b/cmd/provider/accesscontextmanager/zz_main.go index 2666c2d41..b42b50cae 100644 --- a/cmd/provider/accesscontextmanager/zz_main.go +++ b/cmd/provider/accesscontextmanager/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_accesscontextmanager(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/activedirectory/zz_main.go b/cmd/provider/activedirectory/zz_main.go index fc4354ef1..4a6247ef6 100644 --- a/cmd/provider/activedirectory/zz_main.go +++ b/cmd/provider/activedirectory/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_activedirectory(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/alloydb/zz_main.go b/cmd/provider/alloydb/zz_main.go index d8aafa2f4..f315fe0f8 100644 --- a/cmd/provider/alloydb/zz_main.go +++ b/cmd/provider/alloydb/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_alloydb(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/apigee/zz_main.go b/cmd/provider/apigee/zz_main.go index 8175b3d53..e0d13a752 100644 --- a/cmd/provider/apigee/zz_main.go +++ b/cmd/provider/apigee/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_apigee(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/appengine/zz_main.go b/cmd/provider/appengine/zz_main.go index edb4ae505..929b16289 100644 --- a/cmd/provider/appengine/zz_main.go +++ b/cmd/provider/appengine/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_appengine(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/artifact/zz_main.go b/cmd/provider/artifact/zz_main.go index dabce1a77..f78f10f43 100644 --- a/cmd/provider/artifact/zz_main.go +++ b/cmd/provider/artifact/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_artifact(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/beyondcorp/zz_main.go b/cmd/provider/beyondcorp/zz_main.go index 4c4efabc4..4b4d72562 100644 --- a/cmd/provider/beyondcorp/zz_main.go +++ b/cmd/provider/beyondcorp/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_beyondcorp(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/bigquery/zz_main.go b/cmd/provider/bigquery/zz_main.go index b3d59e0dc..a7b176859 100644 --- a/cmd/provider/bigquery/zz_main.go +++ b/cmd/provider/bigquery/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_bigquery(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/bigtable/zz_main.go b/cmd/provider/bigtable/zz_main.go index 1714bc65c..c5a1e51f5 100644 --- a/cmd/provider/bigtable/zz_main.go +++ b/cmd/provider/bigtable/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_bigtable(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/binaryauthorization/zz_main.go b/cmd/provider/binaryauthorization/zz_main.go index c2f21c571..2887202ad 100644 --- a/cmd/provider/binaryauthorization/zz_main.go +++ b/cmd/provider/binaryauthorization/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_binaryauthorization(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/certificatemanager/zz_main.go b/cmd/provider/certificatemanager/zz_main.go index c2b3129d4..fef25a448 100644 --- a/cmd/provider/certificatemanager/zz_main.go +++ b/cmd/provider/certificatemanager/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_certificatemanager(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloud/zz_main.go b/cmd/provider/cloud/zz_main.go index 938e5dcbb..a0bab4de0 100644 --- a/cmd/provider/cloud/zz_main.go +++ b/cmd/provider/cloud/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloud(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloudbuild/zz_main.go b/cmd/provider/cloudbuild/zz_main.go index b40c3875c..37d1f4809 100644 --- a/cmd/provider/cloudbuild/zz_main.go +++ b/cmd/provider/cloudbuild/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloudbuild(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloudfunctions/zz_main.go b/cmd/provider/cloudfunctions/zz_main.go index cbe5af053..c7fbbe40b 100644 --- a/cmd/provider/cloudfunctions/zz_main.go +++ b/cmd/provider/cloudfunctions/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloudfunctions(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloudfunctions2/zz_main.go b/cmd/provider/cloudfunctions2/zz_main.go index 748f06f40..4f32d9612 100644 --- a/cmd/provider/cloudfunctions2/zz_main.go +++ b/cmd/provider/cloudfunctions2/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloudfunctions2(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloudplatform/zz_main.go b/cmd/provider/cloudplatform/zz_main.go index f5212d9fb..e2e3f9895 100644 --- a/cmd/provider/cloudplatform/zz_main.go +++ b/cmd/provider/cloudplatform/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloudplatform(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloudrun/zz_main.go b/cmd/provider/cloudrun/zz_main.go index ff43da415..036f4b577 100644 --- a/cmd/provider/cloudrun/zz_main.go +++ b/cmd/provider/cloudrun/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloudrun(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloudscheduler/zz_main.go b/cmd/provider/cloudscheduler/zz_main.go index c45955c1f..ac7c04dcd 100644 --- a/cmd/provider/cloudscheduler/zz_main.go +++ b/cmd/provider/cloudscheduler/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloudscheduler(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/cloudtasks/zz_main.go b/cmd/provider/cloudtasks/zz_main.go index 913980642..50801c1bf 100644 --- a/cmd/provider/cloudtasks/zz_main.go +++ b/cmd/provider/cloudtasks/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_cloudtasks(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/composer/zz_main.go b/cmd/provider/composer/zz_main.go index 531dbe53e..c00f2b289 100644 --- a/cmd/provider/composer/zz_main.go +++ b/cmd/provider/composer/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_composer(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/compute/zz_main.go b/cmd/provider/compute/zz_main.go index 5130b4152..d9e8dfd2a 100644 --- a/cmd/provider/compute/zz_main.go +++ b/cmd/provider/compute/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_compute(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/config/zz_main.go b/cmd/provider/config/zz_main.go index c265bba71..320b40418 100644 --- a/cmd/provider/config/zz_main.go +++ b/cmd/provider/config/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_config(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/container/zz_main.go b/cmd/provider/container/zz_main.go index c777fcede..73c56da7a 100644 --- a/cmd/provider/container/zz_main.go +++ b/cmd/provider/container/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_container(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/containeranalysis/zz_main.go b/cmd/provider/containeranalysis/zz_main.go index e222af5da..1129e0dc0 100644 --- a/cmd/provider/containeranalysis/zz_main.go +++ b/cmd/provider/containeranalysis/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_containeranalysis(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/containerattached/zz_main.go b/cmd/provider/containerattached/zz_main.go index 803bc8690..b3b713837 100644 --- a/cmd/provider/containerattached/zz_main.go +++ b/cmd/provider/containerattached/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_containerattached(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/containeraws/zz_main.go b/cmd/provider/containeraws/zz_main.go index ef5e2a899..1bff86473 100644 --- a/cmd/provider/containeraws/zz_main.go +++ b/cmd/provider/containeraws/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_containeraws(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/containerazure/zz_main.go b/cmd/provider/containerazure/zz_main.go index fd5b78eac..b4e51f67d 100644 --- a/cmd/provider/containerazure/zz_main.go +++ b/cmd/provider/containerazure/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_containerazure(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/datacatalog/zz_main.go b/cmd/provider/datacatalog/zz_main.go index 6b78e02fc..7f478199a 100644 --- a/cmd/provider/datacatalog/zz_main.go +++ b/cmd/provider/datacatalog/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_datacatalog(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/dataflow/zz_main.go b/cmd/provider/dataflow/zz_main.go index bd83b67a9..5e34a1cad 100644 --- a/cmd/provider/dataflow/zz_main.go +++ b/cmd/provider/dataflow/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_dataflow(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/datafusion/zz_main.go b/cmd/provider/datafusion/zz_main.go index 19644864d..6719f92a5 100644 --- a/cmd/provider/datafusion/zz_main.go +++ b/cmd/provider/datafusion/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_datafusion(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/datalossprevention/zz_main.go b/cmd/provider/datalossprevention/zz_main.go index 55c2bf4f7..f04382402 100644 --- a/cmd/provider/datalossprevention/zz_main.go +++ b/cmd/provider/datalossprevention/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_datalossprevention(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/dataplex/zz_main.go b/cmd/provider/dataplex/zz_main.go index f06b804f1..fed1e7e2c 100644 --- a/cmd/provider/dataplex/zz_main.go +++ b/cmd/provider/dataplex/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_dataplex(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/dataproc/zz_main.go b/cmd/provider/dataproc/zz_main.go index 963e13101..53b69adb6 100644 --- a/cmd/provider/dataproc/zz_main.go +++ b/cmd/provider/dataproc/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_dataproc(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/datastore/zz_main.go b/cmd/provider/datastore/zz_main.go index f34419557..0c6c43899 100644 --- a/cmd/provider/datastore/zz_main.go +++ b/cmd/provider/datastore/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_datastore(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/datastream/zz_main.go b/cmd/provider/datastream/zz_main.go index a3735d965..97b7ea7b8 100644 --- a/cmd/provider/datastream/zz_main.go +++ b/cmd/provider/datastream/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_datastream(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/dialogflowcx/zz_main.go b/cmd/provider/dialogflowcx/zz_main.go index 6666e1e08..580a815c6 100644 --- a/cmd/provider/dialogflowcx/zz_main.go +++ b/cmd/provider/dialogflowcx/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_dialogflowcx(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/dns/zz_main.go b/cmd/provider/dns/zz_main.go index 3a73330a4..06bdd3d23 100644 --- a/cmd/provider/dns/zz_main.go +++ b/cmd/provider/dns/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_dns(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/documentai/zz_main.go b/cmd/provider/documentai/zz_main.go index 4cebe29e2..0a36af473 100644 --- a/cmd/provider/documentai/zz_main.go +++ b/cmd/provider/documentai/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_documentai(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/essentialcontacts/zz_main.go b/cmd/provider/essentialcontacts/zz_main.go index a701e83e7..d9fe2d5f9 100644 --- a/cmd/provider/essentialcontacts/zz_main.go +++ b/cmd/provider/essentialcontacts/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_essentialcontacts(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/eventarc/zz_main.go b/cmd/provider/eventarc/zz_main.go index ab8e7ba2d..23385b7cb 100644 --- a/cmd/provider/eventarc/zz_main.go +++ b/cmd/provider/eventarc/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_eventarc(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/filestore/zz_main.go b/cmd/provider/filestore/zz_main.go index b8001fcda..0e09e07ac 100644 --- a/cmd/provider/filestore/zz_main.go +++ b/cmd/provider/filestore/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_filestore(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/firebaserules/zz_main.go b/cmd/provider/firebaserules/zz_main.go index 8994f1016..627eadfd3 100644 --- a/cmd/provider/firebaserules/zz_main.go +++ b/cmd/provider/firebaserules/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_firebaserules(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/gke/zz_main.go b/cmd/provider/gke/zz_main.go index 8266fe53a..0ea9f3782 100644 --- a/cmd/provider/gke/zz_main.go +++ b/cmd/provider/gke/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_gke(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/gkehub/zz_main.go b/cmd/provider/gkehub/zz_main.go index efb3921d0..63658dd2d 100644 --- a/cmd/provider/gkehub/zz_main.go +++ b/cmd/provider/gkehub/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_gkehub(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/healthcare/zz_main.go b/cmd/provider/healthcare/zz_main.go index 2c5c83419..11fc5dff3 100644 --- a/cmd/provider/healthcare/zz_main.go +++ b/cmd/provider/healthcare/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_healthcare(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/iam/zz_main.go b/cmd/provider/iam/zz_main.go index 8ee3533dd..3e93f15bb 100644 --- a/cmd/provider/iam/zz_main.go +++ b/cmd/provider/iam/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_iam(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/iap/zz_main.go b/cmd/provider/iap/zz_main.go index 18c7b8c29..624f6de49 100644 --- a/cmd/provider/iap/zz_main.go +++ b/cmd/provider/iap/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_iap(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/identityplatform/zz_main.go b/cmd/provider/identityplatform/zz_main.go index c31a0e1fc..7d712d2ac 100644 --- a/cmd/provider/identityplatform/zz_main.go +++ b/cmd/provider/identityplatform/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_identityplatform(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/kms/zz_main.go b/cmd/provider/kms/zz_main.go index f1e58923f..e91f42530 100644 --- a/cmd/provider/kms/zz_main.go +++ b/cmd/provider/kms/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_kms(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/logging/zz_main.go b/cmd/provider/logging/zz_main.go index 1a6f5b002..dc317cd14 100644 --- a/cmd/provider/logging/zz_main.go +++ b/cmd/provider/logging/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_logging(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/memcache/zz_main.go b/cmd/provider/memcache/zz_main.go index cbcb1a20e..3474d82ed 100644 --- a/cmd/provider/memcache/zz_main.go +++ b/cmd/provider/memcache/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_memcache(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/mlengine/zz_main.go b/cmd/provider/mlengine/zz_main.go index bca9eea26..fb629c8ca 100644 --- a/cmd/provider/mlengine/zz_main.go +++ b/cmd/provider/mlengine/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_mlengine(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/monitoring/zz_main.go b/cmd/provider/monitoring/zz_main.go index be9764ed6..30279b007 100644 --- a/cmd/provider/monitoring/zz_main.go +++ b/cmd/provider/monitoring/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_monitoring(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/monolith/zz_main.go b/cmd/provider/monolith/zz_main.go index cd43d107c..9240d4380 100644 --- a/cmd/provider/monolith/zz_main.go +++ b/cmd/provider/monolith/zz_main.go @@ -220,7 +220,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_monolith(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/networkconnectivity/zz_main.go b/cmd/provider/networkconnectivity/zz_main.go index 5470459f2..6a1cf1385 100644 --- a/cmd/provider/networkconnectivity/zz_main.go +++ b/cmd/provider/networkconnectivity/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_networkconnectivity(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/networkmanagement/zz_main.go b/cmd/provider/networkmanagement/zz_main.go index 8f64893a8..b587fc692 100644 --- a/cmd/provider/networkmanagement/zz_main.go +++ b/cmd/provider/networkmanagement/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_networkmanagement(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/notebooks/zz_main.go b/cmd/provider/notebooks/zz_main.go index 6632811fd..b3cab1156 100644 --- a/cmd/provider/notebooks/zz_main.go +++ b/cmd/provider/notebooks/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_notebooks(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/orgpolicy/zz_main.go b/cmd/provider/orgpolicy/zz_main.go index 568c8838a..873ac21f1 100644 --- a/cmd/provider/orgpolicy/zz_main.go +++ b/cmd/provider/orgpolicy/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_orgpolicy(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/osconfig/zz_main.go b/cmd/provider/osconfig/zz_main.go index 40ed62600..c9f766a70 100644 --- a/cmd/provider/osconfig/zz_main.go +++ b/cmd/provider/osconfig/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_osconfig(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/oslogin/zz_main.go b/cmd/provider/oslogin/zz_main.go index e2689efad..117b70978 100644 --- a/cmd/provider/oslogin/zz_main.go +++ b/cmd/provider/oslogin/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_oslogin(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/privateca/zz_main.go b/cmd/provider/privateca/zz_main.go index 199738696..9db810194 100644 --- a/cmd/provider/privateca/zz_main.go +++ b/cmd/provider/privateca/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_privateca(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/pubsub/zz_main.go b/cmd/provider/pubsub/zz_main.go index 856c9f45b..729ee8370 100644 --- a/cmd/provider/pubsub/zz_main.go +++ b/cmd/provider/pubsub/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_pubsub(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/redis/zz_main.go b/cmd/provider/redis/zz_main.go index 17f06d7f3..1fa75e7ac 100644 --- a/cmd/provider/redis/zz_main.go +++ b/cmd/provider/redis/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_redis(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/secretmanager/zz_main.go b/cmd/provider/secretmanager/zz_main.go index 5fcbdc7fc..5269d43d3 100644 --- a/cmd/provider/secretmanager/zz_main.go +++ b/cmd/provider/secretmanager/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_secretmanager(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/servicenetworking/zz_main.go b/cmd/provider/servicenetworking/zz_main.go index 28fa91b0a..a0e1fa32a 100644 --- a/cmd/provider/servicenetworking/zz_main.go +++ b/cmd/provider/servicenetworking/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_servicenetworking(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/sourcerepo/zz_main.go b/cmd/provider/sourcerepo/zz_main.go index a127b0423..d0005580c 100644 --- a/cmd/provider/sourcerepo/zz_main.go +++ b/cmd/provider/sourcerepo/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_sourcerepo(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/spanner/zz_main.go b/cmd/provider/spanner/zz_main.go index 9f51e06ed..44574124e 100644 --- a/cmd/provider/spanner/zz_main.go +++ b/cmd/provider/spanner/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_spanner(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/sql/zz_main.go b/cmd/provider/sql/zz_main.go index d5bdc5d49..3ca6ecafd 100644 --- a/cmd/provider/sql/zz_main.go +++ b/cmd/provider/sql/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_sql(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/storage/zz_main.go b/cmd/provider/storage/zz_main.go index 1cc19d84e..890428166 100644 --- a/cmd/provider/storage/zz_main.go +++ b/cmd/provider/storage/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_storage(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/storagetransfer/zz_main.go b/cmd/provider/storagetransfer/zz_main.go index bfd43108a..cc632125d 100644 --- a/cmd/provider/storagetransfer/zz_main.go +++ b/cmd/provider/storagetransfer/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_storagetransfer(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/tags/zz_main.go b/cmd/provider/tags/zz_main.go index c1d82a2f3..dc645c552 100644 --- a/cmd/provider/tags/zz_main.go +++ b/cmd/provider/tags/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_tags(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/tpu/zz_main.go b/cmd/provider/tpu/zz_main.go index 1f1f59a02..e27ad231c 100644 --- a/cmd/provider/tpu/zz_main.go +++ b/cmd/provider/tpu/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_tpu(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/vertexai/zz_main.go b/cmd/provider/vertexai/zz_main.go index ce5e079f0..2ad678738 100644 --- a/cmd/provider/vertexai/zz_main.go +++ b/cmd/provider/vertexai/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_vertexai(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/vpcaccess/zz_main.go b/cmd/provider/vpcaccess/zz_main.go index 39c060284..bb255c5d4 100644 --- a/cmd/provider/vpcaccess/zz_main.go +++ b/cmd/provider/vpcaccess/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_vpcaccess(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/cmd/provider/workflows/zz_main.go b/cmd/provider/workflows/zz_main.go index fa1b388d3..81313159e 100644 --- a/cmd/provider/workflows/zz_main.go +++ b/cmd/provider/workflows/zz_main.go @@ -215,7 +215,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_workflows(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } diff --git a/go.mod b/go.mod index ee76a693b..a3b70b0f3 100644 --- a/go.mod +++ b/go.mod @@ -8,17 +8,17 @@ go 1.23 require ( dario.cat/mergo v1.0.0 - github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876fa57 + github.com/crossplane/crossplane-runtime v1.17.0 github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 - github.com/crossplane/upjet v1.4.1-0.20241007154751-5cdf36996e4a + github.com/crossplane/upjet v1.4.1-0.20250108142216-db86f70a1651 github.com/hashicorp/terraform-json v0.22.1 github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 github.com/hashicorp/terraform-provider-google v1.20.1-0.20241111170140-c875b30c3ae6 github.com/pkg/errors v0.9.1 gopkg.in/alecthomas/kingpin.v2 v2.2.6 - k8s.io/apimachinery v0.29.4 - k8s.io/client-go v0.29.4 - sigs.k8s.io/controller-runtime v0.17.3 + k8s.io/apimachinery v0.30.0 + k8s.io/client-go v0.30.0 + sigs.k8s.io/controller-runtime v0.18.2 sigs.k8s.io/controller-tools v0.14.0 ) @@ -55,8 +55,8 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/envoyproxy/go-control-plane v0.12.0 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect - github.com/evanphx/json-patch v5.6.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fatih/camelcase v1.0.0 // indirect github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect @@ -114,7 +114,6 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect @@ -128,9 +127,9 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/muvaf/typewriter v0.0.0-20210910160850-80e49fe1eb32 // indirect github.com/oklog/run v1.0.0 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/common v0.48.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/afero v1.11.0 // indirect @@ -153,10 +152,10 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.24.0 // indirect go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect + go.uber.org/zap v1.27.0 // indirect go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 // indirect + golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.22.0 // indirect @@ -177,11 +176,11 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.29.4 // indirect - k8s.io/apiextensions-apiserver v0.29.2 // indirect - k8s.io/component-base v0.29.2 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/api v0.30.0 // indirect + k8s.io/apiextensions-apiserver v0.30.0 // indirect + k8s.io/component-base v0.30.0 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/go.sum b/go.sum index d3f9a41dc..83c086c30 100644 --- a/go.sum +++ b/go.sum @@ -54,8 +54,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/bufbuild/protocompile v0.6.0 h1:Uu7WiSQ6Yj9DbkdnOe7U4mNKp58y9WDMKDn28/ZlunY= -github.com/bufbuild/protocompile v0.6.0/go.mod h1:YNP35qEYoYGme7QMtz5SBCoN4kL4g12jTtjuzRNdjpE= +github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= +github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -72,12 +72,12 @@ github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1Ig github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creachadair/staticfile v0.1.2/go.mod h1:a3qySzCIXEprDGxk6tSxSI+dBBdLzqeBOMhZ+o2d3pM= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876fa57 h1:728dBhd/xm0Wv3g/BtoT90tMTvV6aY45QVRnNCCWJ/g= -github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876fa57/go.mod h1:Pz2tdGVMF6KDGzHZOkvKro0nKc8EzK0sb/nSA7pH4Dc= +github.com/crossplane/crossplane-runtime v1.17.0 h1:y+GvxPT1M9s8BKt2AeZJdd2d6pg2xZeCO6LiR+VxEF8= +github.com/crossplane/crossplane-runtime v1.17.0/go.mod h1:vtglCrnnbq2HurAk9yLHa4qS0bbnCxaKL7C21cQcB/0= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 h1:HigXs5tEQxWz0fcj8hzbU2UAZgEM7wPe0XRFOsrtF8Y= github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= -github.com/crossplane/upjet v1.4.1-0.20241007154751-5cdf36996e4a h1:XC/M8NTYAQi9D8ixoSZEg2+BAJPDBx6fTeexdMtHyk0= -github.com/crossplane/upjet v1.4.1-0.20241007154751-5cdf36996e4a/go.mod h1:wkdZf/Cvhr6PI30VdHIOjg4dX39Z5uijqnLWFk5PbGM= +github.com/crossplane/upjet v1.4.1-0.20250108142216-db86f70a1651 h1:acYuDYmlpOvPPCeJSgByqGVWI1vUKytM02ilt1pndpw= +github.com/crossplane/upjet v1.4.1-0.20250108142216-db86f70a1651/go.mod h1:F2u9XwKNzxM+myfS1Opjnc6a5E1N2PC7Mytbkavawvs= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw= @@ -99,10 +99,10 @@ github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/Ir github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= -github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= -github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= -github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -125,7 +125,6 @@ github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXY github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -195,8 +194,8 @@ github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932/go.mod h1:cC6EdPbj/1 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240117000934-35fc243c5815 h1:WzfWbQz/Ze8v6l++GGbGNFZnUShVpP/0xffCPLL+ax8= -github.com/google/pprof v0.0.0-20240117000934-35fc243c5815/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240422182052-72c8669ad3e7 h1:3q13T5NW3mlTJZM6B5UAsf2N5NYFbYWIyI3W8DlvBDU= +github.com/google/pprof v0.0.0-20240422182052-72c8669ad3e7/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -303,8 +302,6 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= @@ -337,10 +334,10 @@ github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= @@ -349,13 +346,13 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= +github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= @@ -442,8 +439,8 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M= go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -454,8 +451,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -611,26 +608,26 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.4 h1:WEnF/XdxuCxdG3ayHNRR8yH3cI1B/llkWBma6bq4R3w= -k8s.io/api v0.29.4/go.mod h1:DetSv0t4FBTcEpfA84NJV3g9a7+rSzlUHk5ADAYHUv0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.4 h1:RaFdJiDmuKs/8cm1M6Dh1Kvyh59YQFDcFuFTSmXes6Q= -k8s.io/apimachinery v0.29.4/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= -k8s.io/client-go v0.29.4 h1:79ytIedxVfyXV8rpH3jCBW0u+un0fxHDwX5F9K8dPR8= -k8s.io/client-go v0.29.4/go.mod h1:kC1thZQ4zQWYwldsfI088BbK6RkxK+aF5ebV8y9Q4tk= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk= -sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/hack/main.go.tmpl b/hack/main.go.tmpl index 845994350..b36e918e2 100644 --- a/hack/main.go.tmpl +++ b/hack/main.go.tmpl @@ -220,7 +220,7 @@ func main() { })), "cannot create default store config") } - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider), "Cannot initialize the webhook conversion registry") + kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") kingpin.FatalIfError(controller.Setup_{{ .Group }}(mgr, o), "Cannot setup GCP controllers") kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") } From 81968564503b74f0921c1c83860f281255100eb8 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Thu, 16 Jan 2025 12:20:19 +0100 Subject: [PATCH 02/47] Update go.mod and Makefile to terraform-provider-google v6.16.0 Signed-off-by: Rickard von Essen --- Makefile | 2 +- go.mod | 73 +++++++++++++------------- go.sum | 154 ++++++++++++++++++++++++++++--------------------------- 3 files changed, 116 insertions(+), 113 deletions(-) diff --git a/Makefile b/Makefile index df350586c..5656d4155 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ PROJECT_NAME := provider-$(PROVIDER_NAME) PROJECT_REPO := github.com/upbound/$(PROJECT_NAME) export TERRAFORM_VERSION := 1.5.5 -export TERRAFORM_PROVIDER_VERSION := 5.45.0 +export TERRAFORM_PROVIDER_VERSION := 6.16.0 export TERRAFORM_PROVIDER_SOURCE := hashicorp/google export TERRAFORM_PROVIDER_REPO ?= https://github.com/hashicorp/terraform-provider-google export TERRAFORM_DOCS_PATH ?= website/docs/r diff --git a/go.mod b/go.mod index a3b70b0f3..0fe84a292 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/crossplane/upjet v1.4.1-0.20250108142216-db86f70a1651 github.com/hashicorp/terraform-json v0.22.1 github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 - github.com/hashicorp/terraform-provider-google v1.20.1-0.20241111170140-c875b30c3ae6 + github.com/hashicorp/terraform-provider-google v1.20.1-0.20250113183301-1a5ead85e7d2 // v6.16.0 github.com/pkg/errors v0.9.1 gopkg.in/alecthomas/kingpin.v2 v2.2.6 k8s.io/apimachinery v0.30.0 @@ -24,16 +24,16 @@ require ( require ( bitbucket.org/creachadair/stringset v0.0.8 // indirect - cel.dev/expr v0.15.0 // indirect - cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.8.0 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect - cloud.google.com/go/bigtable v1.29.0 // indirect - cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/iam v1.1.12 // indirect - cloud.google.com/go/longrunning v0.5.11 // indirect - cloud.google.com/go/monitoring v1.20.3 // indirect - github.com/GoogleCloudPlatform/declarative-resource-client-library v1.71.0 // indirect + cel.dev/expr v0.16.0 // indirect + cloud.google.com/go v0.116.0 // indirect + cloud.google.com/go/auth v0.13.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect + cloud.google.com/go/bigtable v1.33.0 // indirect + cloud.google.com/go/compute/metadata v0.6.0 // indirect + cloud.google.com/go/iam v1.2.2 // indirect + cloud.google.com/go/longrunning v0.6.2 // indirect + cloud.google.com/go/monitoring v1.21.2 // indirect + github.com/GoogleCloudPlatform/declarative-resource-client-library v1.76.0 // indirect github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alecthomas/kingpin/v2 v2.4.0 // indirect @@ -49,12 +49,12 @@ require ( github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect - github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b // indirect + github.com/cncf/xds/go v0.0.0-20240822171458-6449f94b4d59 // indirect github.com/dave/jennifer v1.4.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/envoyproxy/go-control-plane v0.12.0 // indirect - github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect + github.com/envoyproxy/go-control-plane v0.13.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fatih/camelcase v1.0.0 // indirect @@ -71,7 +71,7 @@ require ( github.com/go-openapi/swag v0.22.3 // indirect github.com/gobuffalo/flect v1.0.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/glog v1.2.0 // indirect + github.com/golang/glog v1.2.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/mock v1.6.0 // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -81,8 +81,8 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.13.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect + github.com/googleapis/gax-go/v2 v2.14.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect @@ -90,16 +90,16 @@ require ( github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-plugin v1.6.0 // indirect + github.com/hashicorp/go-plugin v1.6.2 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hc-install v0.6.4 // indirect github.com/hashicorp/hcl/v2 v2.20.1 // indirect github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/terraform-exec v0.21.0 // indirect - github.com/hashicorp/terraform-plugin-framework v1.7.0 // indirect + github.com/hashicorp/terraform-plugin-framework v1.13.0 // indirect github.com/hashicorp/terraform-plugin-framework-validators v0.9.0 // indirect - github.com/hashicorp/terraform-plugin-go v0.23.0 // indirect + github.com/hashicorp/terraform-plugin-go v0.25.0 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-plugin-testing v1.5.1 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect @@ -127,8 +127,9 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/muvaf/typewriter v0.0.0-20210910160850-80e49fe1eb32 // indirect github.com/oklog/run v1.0.0 // indirect + github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/prometheus/client_golang v1.19.1 // indirect - github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/client_model v0.6.0 // indirect github.com/prometheus/common v0.48.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect @@ -144,13 +145,13 @@ require ( github.com/zclconf/go-cty v1.14.4 // indirect github.com/zclconf/go-cty-yaml v1.0.3 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect - go.opentelemetry.io/otel v1.24.0 // indirect - go.opentelemetry.io/otel/metric v1.24.0 // indirect - go.opentelemetry.io/otel/sdk v1.24.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.24.0 // indirect - go.opentelemetry.io/otel/trace v1.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/sdk v1.29.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.29.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect @@ -158,21 +159,21 @@ require ( golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.33.0 // indirect - golang.org/x/oauth2 v0.22.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.6.0 // indirect + golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.191.0 // indirect + google.golang.org/api v0.214.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect - google.golang.org/grpc v1.64.1 // indirect - google.golang.org/protobuf v1.34.2 // indirect + google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/grpc v1.67.1 // indirect + google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 83c086c30..1b99641bf 100644 --- a/go.sum +++ b/go.sum @@ -1,29 +1,29 @@ bitbucket.org/creachadair/stringset v0.0.8 h1:gQqe4vs8XWgMyijfyKE6K8o4TcyGGrRXe0JvHgx5H+M= bitbucket.org/creachadair/stringset v0.0.8/go.mod h1:AgthVMyMxC/6FK1KBJ2ALdqkZObGN8hOetgpwXyMn34= -cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w= -cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= +cel.dev/expr v0.16.0 h1:yloc84fytn4zmJX2GU3TkXGsaieaV7dQ057Qs4sIG2Y= +cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= -cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.8.0 h1:y8jUJLl/Fg+qNBWxP/Hox2ezJvjkrPb952PC1p0G6A4= -cloud.google.com/go/auth v0.8.0/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= -cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= -cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= -cloud.google.com/go/bigtable v1.29.0 h1:2CnFjKPwjpZMZdTi2RpppvxzD80zKzDYrLYEQw/NnAs= -cloud.google.com/go/bigtable v1.29.0/go.mod h1:5p909nNdWaNUcWs6KGZO8mI5HUovstlmrIi7+eA5PTQ= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= -cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= -cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= -cloud.google.com/go/longrunning v0.5.11 h1:Havn1kGjz3whCfoD8dxMLP73Ph5w+ODyZB9RUsDxtGk= -cloud.google.com/go/longrunning v0.5.11/go.mod h1:rDn7//lmlfWV1Dx6IB4RatCPenTwwmqXuiP0/RgoEO4= -cloud.google.com/go/monitoring v1.20.3 h1:v/7MXFxYrhXLEZ9sSfwXdlTLLB/xrU7xTyYjY5acynQ= -cloud.google.com/go/monitoring v1.20.3/go.mod h1:GPIVIdNznIdGqEjtRKQWTLcUeRnPjZW85szouimiczU= +cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= +cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= +cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= +cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= +cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= +cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= +cloud.google.com/go/bigtable v1.33.0 h1:2BDaWLRAwXO14DJL/u8crbV2oUbMZkIa2eGq8Yao1bk= +cloud.google.com/go/bigtable v1.33.0/go.mod h1:HtpnH4g25VT1pejHRtInlFPnN5sjTxbQlsYBjh9t5l0= +cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= +cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= +cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= +cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= +cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= +cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= +cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.71.0 h1:vRKCLiR3faPmXAoqSdwXLv28/kygggzaKXzgdm6GXhg= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.71.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.76.0 h1:VH/j8GmTsvPds/NkGfo4OYr9C7R8ysikaqq4rcDUT0s= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.76.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= @@ -67,8 +67,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw= -github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cncf/xds/go v0.0.0-20240822171458-6449f94b4d59 h1:fLZ97KE86ELjEYJCEUVzmbhfzDxHHGwBrDVMd4XL6Bs= +github.com/cncf/xds/go v0.0.0-20240822171458-6449f94b4d59/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creachadair/staticfile v0.1.2/go.mod h1:a3qySzCIXEprDGxk6tSxSI+dBBdLzqeBOMhZ+o2d3pM= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -94,11 +94,11 @@ github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FM github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.12.0 h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI= -github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= +github.com/envoyproxy/go-control-plane v0.13.0 h1:HzkeUz1Knt+3bK+8LG1bxOO/jzWZmdxpwC51i202les= +github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= -github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= +github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM= +github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -148,8 +148,8 @@ github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnD github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= -github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= +github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -174,8 +174,8 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/addlicense v0.0.0-20210428195630-6d92264d7170/go.mod h1:EMjYTRimagHs1FwlIqKyX3wAM0u3rA+McvlIIWmSamA= -github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= -github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -201,10 +201,10 @@ github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= -github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= -github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= +github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -220,8 +220,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= -github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= +github.com/hashicorp/go-plugin v1.6.2 h1:zdGAEd0V1lCaU0u+MxWQhtSDQmahpkwOun8U8EiRVog= +github.com/hashicorp/go-plugin v1.6.2/go.mod h1:CkgLQ5CZqNmdL9U9JzM532t8ZiYQ35+pj3b1FD37R0Q= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -238,22 +238,22 @@ github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVW github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= -github.com/hashicorp/terraform-plugin-framework v1.7.0 h1:wOULbVmfONnJo9iq7/q+iBOBJul5vRovaYJIu2cY/Pw= -github.com/hashicorp/terraform-plugin-framework v1.7.0/go.mod h1:jY9Id+3KbZ17OMpulgnWLSfwxNVYSoYBQFTgsx044CI= +github.com/hashicorp/terraform-plugin-framework v1.13.0 h1:8OTG4+oZUfKgnfTdPTJwZ532Bh2BobF4H+yBiYJ/scw= +github.com/hashicorp/terraform-plugin-framework v1.13.0/go.mod h1:j64rwMGpgM3NYXTKuxrCnyubQb/4VKldEKlcG8cvmjU= github.com/hashicorp/terraform-plugin-framework-validators v0.9.0 h1:LYz4bXh3t7bTEydXOmPDPupRRnA480B/9+jV8yZvxBA= github.com/hashicorp/terraform-plugin-framework-validators v0.9.0/go.mod h1:+BVERsnfdlhYR2YkXMBtPnmn9UsL19U3qUtSZ+Y/5MY= -github.com/hashicorp/terraform-plugin-go v0.23.0 h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co= -github.com/hashicorp/terraform-plugin-go v0.23.0/go.mod h1:1E3Cr9h2vMlahWMbsSEcNrOCxovCZhOOIXjFHbjc/lQ= +github.com/hashicorp/terraform-plugin-go v0.25.0 h1:oi13cx7xXA6QciMcpcFi/rwA974rdTxjqEhXJjbAyks= +github.com/hashicorp/terraform-plugin-go v0.25.0/go.mod h1:+SYagMYadJP86Kvn+TGeV+ofr/R3g4/If0O5sO96MVw= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= -github.com/hashicorp/terraform-plugin-mux v0.15.0 h1:+/+lDx0WUsIOpkAmdwBIoFU8UP9o2eZASoOnLsWbKME= -github.com/hashicorp/terraform-plugin-mux v0.15.0/go.mod h1:9ezplb1Dyq394zQ+ldB0nvy/qbNAz3mMoHHseMTMaKo= +github.com/hashicorp/terraform-plugin-mux v0.17.0 h1:/J3vv3Ps2ISkbLPiZOLspFcIZ0v5ycUXCEQScudGCCw= +github.com/hashicorp/terraform-plugin-mux v0.17.0/go.mod h1:yWuM9U1Jg8DryNfvCp+lH70WcYv6D8aooQxxxIzFDsE= github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8= github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A= github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c= github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0= -github.com/hashicorp/terraform-provider-google v1.20.1-0.20241111170140-c875b30c3ae6 h1:O7G/mWdsQCJJDc2wWmSfEbjsGf0VtxzOVGKZZYj68m4= -github.com/hashicorp/terraform-provider-google v1.20.1-0.20241111170140-c875b30c3ae6/go.mod h1:Iqt6uYg1iDXW2rOMsZQiFpkt2YnD88HfaTEohOJrla4= +github.com/hashicorp/terraform-provider-google v1.20.1-0.20250113183301-1a5ead85e7d2 h1:MZECoSHbnT3kSPf8+3Vympc13B+BEZGjxJqhrm4pyhY= +github.com/hashicorp/terraform-provider-google v1.20.1-0.20250113183301-1a5ead85e7d2/go.mod h1:4KAmex0caG547rMN6yDmyRdN7LHlSA1P1ONW8NAN/k0= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -344,13 +344,15 @@ github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFz github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= +github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= @@ -418,20 +420,20 @@ github.com/zclconf/go-cty-yaml v1.0.3 h1:og/eOQ7lvA/WWhHGFETVWNduJM7Rjsv2RRpx1sd github.com/zclconf/go-cty-yaml v1.0.3/go.mod h1:9YLUH4g7lOhVWqUbctnVlZ5KLpg7JAprQNgxSZ1Gyxs= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= -go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= -go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= -go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= -go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= -go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= -go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/sdk/metric v1.24.0 h1:yyMQrPzF+k88/DbH7o4FMAs80puqd+9osbiBrJrz/w8= -go.opentelemetry.io/otel/sdk/metric v1.24.0/go.mod h1:I6Y5FjH6rvEnTTAYQz3Mmv2kl6Ek5IIrmwTLqMrrOE0= -go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= -go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= +go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= +go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= +go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= +go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= +go.opentelemetry.io/otel/sdk/metric v1.29.0 h1:K2CfmJohnRgvZ9UAj2/FhIf/okdWcNdBwe1m8xFXiSY= +go.opentelemetry.io/otel/sdk/metric v1.29.0/go.mod h1:6zZLdCl2fkauYoZIOn/soQIDSWFmNSRcICarHfuhNJQ= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -481,8 +483,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -528,8 +530,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -549,8 +551,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.191.0 h1:cJcF09Z+4HAB2t5qTQM1ZtfL/PemsLFkcFG67qq2afk= -google.golang.org/api v0.191.0/go.mod h1:tD5dsFGxFza0hnQveGfVk9QQYKcfp+VzgRqyXFxE0+E= +google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= +google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= @@ -560,20 +562,20 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 h1:KJjNNclfpIkVqrZlTWcgOOaVQ00LdBnoEaRfkUx760s= +google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:mt9/MofW7AWQ+Gy179ChOnvmJatV8YHUmrcedo9CIFI= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= -google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -585,8 +587,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 13ccceb8bdb5379a1e4fae6a2263126afd81a22f Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 07:56:30 +0100 Subject: [PATCH 03/47] Delete google_datastore_index Resource: google_datastore_index is now removed in favor of google_firestore_index See https://github.com/hashicorp/terraform-provider-google/blob/v6.16.0/website/docs/guides/version_6_upgrade.html.markdown#resource-google_datastore_index-is-now-removed Signed-off-by: Rickard von Essen --- .../v1beta1/zz_generated.conversion_hubs.go | 10 - .../v1beta1/zz_generated.deepcopy.go | 303 ------------- .../datastore/v1beta1/zz_generated.managed.go | 68 --- .../v1beta1/zz_generated.managedlist.go | 17 - .../datastore/v1beta1/zz_groupversion_info.go | 32 -- .../datastore/v1beta1/zz_index_terraformed.go | 129 ------ apis/datastore/v1beta1/zz_index_types.go | 175 -------- cmd/provider/datastore/zz_main.go | 221 --------- .../datastore/v1beta1/index.yaml | 16 - examples/datastore/v1beta1/index.yaml | 21 - .../datastore/index/zz_controller.go | 91 ---- internal/controller/zz_datastore_setup.go | 26 -- .../datastore.gcp.upbound.io_indices.yaml | 425 ------------------ 13 files changed, 1534 deletions(-) delete mode 100755 apis/datastore/v1beta1/zz_generated.conversion_hubs.go delete mode 100644 apis/datastore/v1beta1/zz_generated.deepcopy.go delete mode 100644 apis/datastore/v1beta1/zz_generated.managed.go delete mode 100644 apis/datastore/v1beta1/zz_generated.managedlist.go delete mode 100755 apis/datastore/v1beta1/zz_groupversion_info.go delete mode 100755 apis/datastore/v1beta1/zz_index_terraformed.go delete mode 100755 apis/datastore/v1beta1/zz_index_types.go delete mode 100644 cmd/provider/datastore/zz_main.go delete mode 100644 examples-generated/datastore/v1beta1/index.yaml delete mode 100644 examples/datastore/v1beta1/index.yaml delete mode 100755 internal/controller/datastore/index/zz_controller.go delete mode 100755 internal/controller/zz_datastore_setup.go delete mode 100644 package/crds/datastore.gcp.upbound.io_indices.yaml diff --git a/apis/datastore/v1beta1/zz_generated.conversion_hubs.go b/apis/datastore/v1beta1/zz_generated.conversion_hubs.go deleted file mode 100755 index 083a481d1..000000000 --- a/apis/datastore/v1beta1/zz_generated.conversion_hubs.go +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -// Hub marks this type as a conversion hub. -func (tr *Index) Hub() {} diff --git a/apis/datastore/v1beta1/zz_generated.deepcopy.go b/apis/datastore/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index a5df7eae4..000000000 --- a/apis/datastore/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,303 +0,0 @@ -//go:build !ignore_autogenerated - -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by controller-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Index) DeepCopyInto(out *Index) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Index. -func (in *Index) DeepCopy() *Index { - if in == nil { - return nil - } - out := new(Index) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Index) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IndexInitParameters) DeepCopyInto(out *IndexInitParameters) { - *out = *in - if in.Ancestor != nil { - in, out := &in.Ancestor, &out.Ancestor - *out = new(string) - **out = **in - } - if in.Kind != nil { - in, out := &in.Kind, &out.Kind - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.Properties != nil { - in, out := &in.Properties, &out.Properties - *out = make([]PropertiesInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexInitParameters. -func (in *IndexInitParameters) DeepCopy() *IndexInitParameters { - if in == nil { - return nil - } - out := new(IndexInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IndexList) DeepCopyInto(out *IndexList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Index, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexList. -func (in *IndexList) DeepCopy() *IndexList { - if in == nil { - return nil - } - out := new(IndexList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IndexList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IndexObservation) DeepCopyInto(out *IndexObservation) { - *out = *in - if in.Ancestor != nil { - in, out := &in.Ancestor, &out.Ancestor - *out = new(string) - **out = **in - } - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.IndexID != nil { - in, out := &in.IndexID, &out.IndexID - *out = new(string) - **out = **in - } - if in.Kind != nil { - in, out := &in.Kind, &out.Kind - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.Properties != nil { - in, out := &in.Properties, &out.Properties - *out = make([]PropertiesObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexObservation. -func (in *IndexObservation) DeepCopy() *IndexObservation { - if in == nil { - return nil - } - out := new(IndexObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IndexParameters) DeepCopyInto(out *IndexParameters) { - *out = *in - if in.Ancestor != nil { - in, out := &in.Ancestor, &out.Ancestor - *out = new(string) - **out = **in - } - if in.Kind != nil { - in, out := &in.Kind, &out.Kind - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.Properties != nil { - in, out := &in.Properties, &out.Properties - *out = make([]PropertiesParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexParameters. -func (in *IndexParameters) DeepCopy() *IndexParameters { - if in == nil { - return nil - } - out := new(IndexParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IndexSpec) DeepCopyInto(out *IndexSpec) { - *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexSpec. -func (in *IndexSpec) DeepCopy() *IndexSpec { - if in == nil { - return nil - } - out := new(IndexSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IndexStatus) DeepCopyInto(out *IndexStatus) { - *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexStatus. -func (in *IndexStatus) DeepCopy() *IndexStatus { - if in == nil { - return nil - } - out := new(IndexStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PropertiesInitParameters) DeepCopyInto(out *PropertiesInitParameters) { - *out = *in - if in.Direction != nil { - in, out := &in.Direction, &out.Direction - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PropertiesInitParameters. -func (in *PropertiesInitParameters) DeepCopy() *PropertiesInitParameters { - if in == nil { - return nil - } - out := new(PropertiesInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PropertiesObservation) DeepCopyInto(out *PropertiesObservation) { - *out = *in - if in.Direction != nil { - in, out := &in.Direction, &out.Direction - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PropertiesObservation. -func (in *PropertiesObservation) DeepCopy() *PropertiesObservation { - if in == nil { - return nil - } - out := new(PropertiesObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PropertiesParameters) DeepCopyInto(out *PropertiesParameters) { - *out = *in - if in.Direction != nil { - in, out := &in.Direction, &out.Direction - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PropertiesParameters. -func (in *PropertiesParameters) DeepCopy() *PropertiesParameters { - if in == nil { - return nil - } - out := new(PropertiesParameters) - in.DeepCopyInto(out) - return out -} diff --git a/apis/datastore/v1beta1/zz_generated.managed.go b/apis/datastore/v1beta1/zz_generated.managed.go deleted file mode 100644 index a8d8461d1..000000000 --- a/apis/datastore/v1beta1/zz_generated.managed.go +++ /dev/null @@ -1,68 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 -// Code generated by angryjet. DO NOT EDIT. - -package v1beta1 - -import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - -// GetCondition of this Index. -func (mg *Index) GetCondition(ct xpv1.ConditionType) xpv1.Condition { - return mg.Status.GetCondition(ct) -} - -// GetDeletionPolicy of this Index. -func (mg *Index) GetDeletionPolicy() xpv1.DeletionPolicy { - return mg.Spec.DeletionPolicy -} - -// GetManagementPolicies of this Index. -func (mg *Index) GetManagementPolicies() xpv1.ManagementPolicies { - return mg.Spec.ManagementPolicies -} - -// GetProviderConfigReference of this Index. -func (mg *Index) GetProviderConfigReference() *xpv1.Reference { - return mg.Spec.ProviderConfigReference -} - -// GetPublishConnectionDetailsTo of this Index. -func (mg *Index) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { - return mg.Spec.PublishConnectionDetailsTo -} - -// GetWriteConnectionSecretToReference of this Index. -func (mg *Index) GetWriteConnectionSecretToReference() *xpv1.SecretReference { - return mg.Spec.WriteConnectionSecretToReference -} - -// SetConditions of this Index. -func (mg *Index) SetConditions(c ...xpv1.Condition) { - mg.Status.SetConditions(c...) -} - -// SetDeletionPolicy of this Index. -func (mg *Index) SetDeletionPolicy(r xpv1.DeletionPolicy) { - mg.Spec.DeletionPolicy = r -} - -// SetManagementPolicies of this Index. -func (mg *Index) SetManagementPolicies(r xpv1.ManagementPolicies) { - mg.Spec.ManagementPolicies = r -} - -// SetProviderConfigReference of this Index. -func (mg *Index) SetProviderConfigReference(r *xpv1.Reference) { - mg.Spec.ProviderConfigReference = r -} - -// SetPublishConnectionDetailsTo of this Index. -func (mg *Index) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { - mg.Spec.PublishConnectionDetailsTo = r -} - -// SetWriteConnectionSecretToReference of this Index. -func (mg *Index) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { - mg.Spec.WriteConnectionSecretToReference = r -} diff --git a/apis/datastore/v1beta1/zz_generated.managedlist.go b/apis/datastore/v1beta1/zz_generated.managedlist.go deleted file mode 100644 index 30838c27c..000000000 --- a/apis/datastore/v1beta1/zz_generated.managedlist.go +++ /dev/null @@ -1,17 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 -// Code generated by angryjet. DO NOT EDIT. - -package v1beta1 - -import resource "github.com/crossplane/crossplane-runtime/pkg/resource" - -// GetItems of this IndexList. -func (l *IndexList) GetItems() []resource.Managed { - items := make([]resource.Managed, len(l.Items)) - for i := range l.Items { - items[i] = &l.Items[i] - } - return items -} diff --git a/apis/datastore/v1beta1/zz_groupversion_info.go b/apis/datastore/v1beta1/zz_groupversion_info.go deleted file mode 100755 index 238412cbc..000000000 --- a/apis/datastore/v1beta1/zz_groupversion_info.go +++ /dev/null @@ -1,32 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -// +kubebuilder:object:generate=true -// +groupName=datastore.gcp.upbound.io -// +versionName=v1beta1 -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -// Package type metadata. -const ( - CRDGroup = "datastore.gcp.upbound.io" - CRDVersion = "v1beta1" -) - -var ( - // CRDGroupVersion is the API Group Version used to register the objects - CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/apis/datastore/v1beta1/zz_index_terraformed.go b/apis/datastore/v1beta1/zz_index_terraformed.go deleted file mode 100755 index cbd9ee161..000000000 --- a/apis/datastore/v1beta1/zz_index_terraformed.go +++ /dev/null @@ -1,129 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - "dario.cat/mergo" - "github.com/pkg/errors" - - "github.com/crossplane/upjet/pkg/resource" - "github.com/crossplane/upjet/pkg/resource/json" -) - -// GetTerraformResourceType returns Terraform resource type for this Index -func (mg *Index) GetTerraformResourceType() string { - return "google_datastore_index" -} - -// GetConnectionDetailsMapping for this Index -func (tr *Index) GetConnectionDetailsMapping() map[string]string { - return nil -} - -// GetObservation of this Index -func (tr *Index) GetObservation() (map[string]any, error) { - o, err := json.TFParser.Marshal(tr.Status.AtProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(o, &base) -} - -// SetObservation for this Index -func (tr *Index) SetObservation(obs map[string]any) error { - p, err := json.TFParser.Marshal(obs) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) -} - -// GetID returns ID of underlying Terraform resource of this Index -func (tr *Index) GetID() string { - if tr.Status.AtProvider.ID == nil { - return "" - } - return *tr.Status.AtProvider.ID -} - -// GetParameters of this Index -func (tr *Index) GetParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.ForProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// SetParameters for this Index -func (tr *Index) SetParameters(params map[string]any) error { - p, err := json.TFParser.Marshal(params) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) -} - -// GetInitParameters of this Index -func (tr *Index) GetInitParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.InitProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// GetInitParameters of this Index -func (tr *Index) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { - params, err := tr.GetParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) - } - if !shouldMergeInitProvider { - return params, nil - } - - initParams, err := tr.GetInitParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) - } - - // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the - // slices from the initProvider to forProvider. As it also sets - // overwrite to true, we need to set it back to false, we don't - // want to overwrite the forProvider fields with the initProvider - // fields. - err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { - c.Overwrite = false - }) - if err != nil { - return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) - } - - return params, nil -} - -// LateInitialize this Index using its observed tfState. -// returns True if there are any spec changes for the resource. -func (tr *Index) LateInitialize(attrs []byte) (bool, error) { - params := &IndexParameters{} - if err := json.TFParser.Unmarshal(attrs, params); err != nil { - return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") - } - opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} - - li := resource.NewGenericLateInitializer(opts...) - return li.LateInitialize(&tr.Spec.ForProvider, params) -} - -// GetTerraformSchemaVersion returns the associated Terraform schema version -func (tr *Index) GetTerraformSchemaVersion() int { - return 0 -} diff --git a/apis/datastore/v1beta1/zz_index_types.go b/apis/datastore/v1beta1/zz_index_types.go deleted file mode 100755 index 292874da2..000000000 --- a/apis/datastore/v1beta1/zz_index_types.go +++ /dev/null @@ -1,175 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - - v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" -) - -type IndexInitParameters struct { - - // Policy for including ancestors in the index. - // Default value is NONE. - // Possible values are: NONE, ALL_ANCESTORS. - Ancestor *string `json:"ancestor,omitempty" tf:"ancestor,omitempty"` - - // The entity kind which the index applies to. - Kind *string `json:"kind,omitempty" tf:"kind,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // An ordered list of properties to index on. - // Structure is documented below. - Properties []PropertiesInitParameters `json:"properties,omitempty" tf:"properties,omitempty"` -} - -type IndexObservation struct { - - // Policy for including ancestors in the index. - // Default value is NONE. - // Possible values are: NONE, ALL_ANCESTORS. - Ancestor *string `json:"ancestor,omitempty" tf:"ancestor,omitempty"` - - // an identifier for the resource with format projects/{{project}}/indexes/{{index_id}} - ID *string `json:"id,omitempty" tf:"id,omitempty"` - - // The index id. - IndexID *string `json:"indexId,omitempty" tf:"index_id,omitempty"` - - // The entity kind which the index applies to. - Kind *string `json:"kind,omitempty" tf:"kind,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // An ordered list of properties to index on. - // Structure is documented below. - Properties []PropertiesObservation `json:"properties,omitempty" tf:"properties,omitempty"` -} - -type IndexParameters struct { - - // Policy for including ancestors in the index. - // Default value is NONE. - // Possible values are: NONE, ALL_ANCESTORS. - // +kubebuilder:validation:Optional - Ancestor *string `json:"ancestor,omitempty" tf:"ancestor,omitempty"` - - // The entity kind which the index applies to. - // +kubebuilder:validation:Optional - Kind *string `json:"kind,omitempty" tf:"kind,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - // +kubebuilder:validation:Optional - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // An ordered list of properties to index on. - // Structure is documented below. - // +kubebuilder:validation:Optional - Properties []PropertiesParameters `json:"properties,omitempty" tf:"properties,omitempty"` -} - -type PropertiesInitParameters struct { - - // The direction the index should optimize for sorting. - // Possible values are: ASCENDING, DESCENDING. - Direction *string `json:"direction,omitempty" tf:"direction,omitempty"` - - // The property name to index. - Name *string `json:"name,omitempty" tf:"name,omitempty"` -} - -type PropertiesObservation struct { - - // The direction the index should optimize for sorting. - // Possible values are: ASCENDING, DESCENDING. - Direction *string `json:"direction,omitempty" tf:"direction,omitempty"` - - // The property name to index. - Name *string `json:"name,omitempty" tf:"name,omitempty"` -} - -type PropertiesParameters struct { - - // The direction the index should optimize for sorting. - // Possible values are: ASCENDING, DESCENDING. - // +kubebuilder:validation:Optional - Direction *string `json:"direction" tf:"direction,omitempty"` - - // The property name to index. - // +kubebuilder:validation:Optional - Name *string `json:"name" tf:"name,omitempty"` -} - -// IndexSpec defines the desired state of Index -type IndexSpec struct { - v1.ResourceSpec `json:",inline"` - ForProvider IndexParameters `json:"forProvider"` - // THIS IS A BETA FIELD. It will be honored - // unless the Management Policies feature flag is disabled. - // InitProvider holds the same fields as ForProvider, with the exception - // of Identifier and other resource reference fields. The fields that are - // in InitProvider are merged into ForProvider when the resource is created. - // The same fields are also added to the terraform ignore_changes hook, to - // avoid updating them after creation. This is useful for fields that are - // required on creation, but we do not desire to update them after creation, - // for example because of an external controller is managing them, like an - // autoscaler. - InitProvider IndexInitParameters `json:"initProvider,omitempty"` -} - -// IndexStatus defines the observed state of Index. -type IndexStatus struct { - v1.ResourceStatus `json:",inline"` - AtProvider IndexObservation `json:"atProvider,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:storageversion - -// Index is the Schema for the Indexs API. Describes a composite index for Firestore in Datastore Mode. -// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" -// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" -// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" -// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} -type Index struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.kind) || (has(self.initProvider) && has(self.initProvider.kind))",message="spec.forProvider.kind is a required parameter" - Spec IndexSpec `json:"spec"` - Status IndexStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// IndexList contains a list of Indexs -type IndexList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Index `json:"items"` -} - -// Repository type metadata. -var ( - Index_Kind = "Index" - Index_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Index_Kind}.String() - Index_KindAPIVersion = Index_Kind + "." + CRDGroupVersion.String() - Index_GroupVersionKind = CRDGroupVersion.WithKind(Index_Kind) -) - -func init() { - SchemeBuilder.Register(&Index{}, &IndexList{}) -} diff --git a/cmd/provider/datastore/zz_main.go b/cmd/provider/datastore/zz_main.go deleted file mode 100644 index 0c6c43899..000000000 --- a/cmd/provider/datastore/zz_main.go +++ /dev/null @@ -1,221 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -package main - -import ( - "context" - "fmt" - "io" - "log" - "os" - "path/filepath" - "time" - - xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" - "github.com/crossplane/crossplane-runtime/pkg/certificates" - xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" - "github.com/crossplane/crossplane-runtime/pkg/feature" - "github.com/crossplane/crossplane-runtime/pkg/logging" - "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" - "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" - "github.com/crossplane/crossplane-runtime/pkg/resource" - "github.com/crossplane/crossplane-runtime/pkg/statemetrics" - tjcontroller "github.com/crossplane/upjet/pkg/controller" - "github.com/crossplane/upjet/pkg/controller/conversion" - "gopkg.in/alecthomas/kingpin.v2" - kerrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - "k8s.io/client-go/tools/leaderelection/resourcelock" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/cache" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - "sigs.k8s.io/controller-runtime/pkg/metrics" - "sigs.k8s.io/controller-runtime/pkg/webhook" - - "github.com/upbound/provider-gcp/apis" - "github.com/upbound/provider-gcp/apis/v1alpha1" - "github.com/upbound/provider-gcp/config" - resolverapis "github.com/upbound/provider-gcp/internal/apis" - "github.com/upbound/provider-gcp/internal/clients" - "github.com/upbound/provider-gcp/internal/controller" - "github.com/upbound/provider-gcp/internal/features" -) - -const ( - webhookTLSCertDirEnvVar = "WEBHOOK_TLS_CERT_DIR" - tlsServerCertDirEnvVar = "TLS_SERVER_CERTS_DIR" - certsDirEnvVar = "CERTS_DIR" - tlsServerCertDir = "/tls/server" -) - -func deprecationAction(flagName string) kingpin.Action { - return func(c *kingpin.ParseContext) error { - _, err := fmt.Fprintf(os.Stderr, "warning: Command-line flag %q is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).\n", flagName) - kingpin.FatalIfError(err, "Failed to print the deprecation notice.") - return nil - } -} - -func main() { - var ( - app = kingpin.New(filepath.Base(os.Args[0]), "Terraform based Crossplane provider for GCP").DefaultEnvars() - debug = app.Flag("debug", "Run with debug logging.").Short('d').Bool() - syncInterval = app.Flag("sync", "Sync interval controls how often all resources will be double checked for drift.").Short('s').Default("1h").Duration() - pollInterval = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("10m").Duration() - pollStateMetricInterval = app.Flag("poll-state-metric", "State metric recording interval").Default("5s").Duration() - leaderElection = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool() - maxReconcileRate = app.Flag("max-reconcile-rate", "The global maximum rate per second at which resources may checked for drift from the desired state.").Default("100").Int() - - namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() - essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() - enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() - enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("true").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() - - certsDirSet = false - // we record whether the command-line option "--certs-dir" was supplied - // in the registered PreAction for the flag. - certsDir = app.Flag("certs-dir", "The directory that contains the server key and certificate.").Default(tlsServerCertDir).Envar(certsDirEnvVar).PreAction(func(_ *kingpin.ParseContext) error { - certsDirSet = true - return nil - }).String() - - // now deprecated command-line arguments with the Terraform SDK-based upjet architecture - _ = app.Flag("provider-ttl", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] TTL for the native plugin processes before they are replaced. Changing the default may increase memory consumption.").Hidden().Action(deprecationAction("provider-ttl")).Int() - _ = app.Flag("terraform-version", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform version.").Envar("TERRAFORM_VERSION").Hidden().Action(deprecationAction("terraform-version")).String() - _ = app.Flag("terraform-provider-version", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform provider version.").Envar("TERRAFORM_PROVIDER_VERSION").Hidden().Action(deprecationAction("terraform-provider-version")).String() - _ = app.Flag("terraform-native-provider-path", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform native provider path for shared execution.").Envar("TERRAFORM_NATIVE_PROVIDER_PATH").Hidden().Action(deprecationAction("terraform-native-provider-path")).String() - _ = app.Flag("terraform-provider-source", "[DEPRECATED: This option is no longer used and it will be removed in a future release.] Terraform provider source.").Envar("TERRAFORM_PROVIDER_SOURCE").Hidden().Action(deprecationAction("terraform-provider-source")).String() - ) - - kingpin.MustParse(app.Parse(os.Args[1:])) - log.Default().SetOutput(io.Discard) - ctrl.SetLogger(zap.New(zap.WriteTo(io.Discard))) - - zl := zap.New(zap.UseDevMode(*debug)) - logr := logging.NewLogrLogger(zl.WithName("provider-gcp")) - if *debug { - // The controller-runtime runs with a no-op logger by default. It is - // *very* verbose even at info level, so we only provide it a real - // logger when we're running in debug mode. - ctrl.SetLogger(zl) - } - - // currently, we configure the jitter to be the 5% of the poll interval - pollJitter := time.Duration(float64(*pollInterval) * 0.05) - logr.Debug("Starting", "sync-interval", syncInterval.String(), - "poll-interval", pollInterval.String(), "poll-jitter", pollJitter, "max-reconcile-rate", *maxReconcileRate) - - cfg, err := ctrl.GetConfig() - kingpin.FatalIfError(err, "Cannot get API server rest config") - - // Get the TLS certs directory from the environment variables set by - // Crossplane if they're available. - // In older XP versions we used WEBHOOK_TLS_CERT_DIR, in newer versions - // we use TLS_SERVER_CERTS_DIR. If an explicit certs dir is not supplied - // via the command-line options, then these environment variables are used - // instead. - if !certsDirSet { - // backwards-compatibility concerns - xpCertsDir := os.Getenv(certsDirEnvVar) - if xpCertsDir == "" { - xpCertsDir = os.Getenv(tlsServerCertDirEnvVar) - } - if xpCertsDir == "" { - xpCertsDir = os.Getenv(webhookTLSCertDirEnvVar) - } - // we probably don't need this condition but just to be on the - // safe side, if we are missing any kingpin machinery details... - if xpCertsDir != "" { - *certsDir = xpCertsDir - } - } - - mgr, err := ctrl.NewManager(ratelimiter.LimitRESTConfig(cfg, *maxReconcileRate), ctrl.Options{ - LeaderElection: *leaderElection, - LeaderElectionID: "crossplane-leader-election-provider-gcp-datastore", - Cache: cache.Options{ - SyncPeriod: syncInterval, - }, - WebhookServer: webhook.NewServer( - webhook.Options{ - CertDir: *certsDir, - }), - LeaderElectionResourceLock: resourcelock.LeasesResourceLock, - LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), - RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), - }) - kingpin.FatalIfError(err, "Cannot create controller manager") - kingpin.FatalIfError(apis.AddToScheme(mgr.GetScheme()), "Cannot add GCP APIs to scheme") - kingpin.FatalIfError(resolverapis.BuildScheme(apis.AddToSchemes), "Cannot register the GCP APIs with the API resolver's runtime scheme") - - metricRecorder := managed.NewMRMetricRecorder() - stateMetrics := statemetrics.NewMRStateMetrics() - - metrics.Registry.MustRegister(metricRecorder) - metrics.Registry.MustRegister(stateMetrics) - - ctx := context.Background() - provider, err := config.GetProvider(ctx, false) - kingpin.FatalIfError(err, "Cannot initialize the provider configuration") - o := tjcontroller.Options{ - Options: xpcontroller.Options{ - Logger: logr, - GlobalRateLimiter: ratelimiter.NewGlobal(*maxReconcileRate), - PollInterval: *pollInterval, - MaxConcurrentReconciles: *maxReconcileRate, - Features: &feature.Flags{}, - MetricOptions: &xpcontroller.MetricOptions{ - PollStateMetricInterval: *pollStateMetricInterval, - MRMetrics: metricRecorder, - MRStateMetrics: stateMetrics, - }, - }, - Provider: provider, - SetupFn: clients.TerraformSetupBuilder(provider.TerraformProvider), - PollJitter: pollJitter, - OperationTrackerStore: tjcontroller.NewOperationStore(logr), - StartWebhooks: *certsDir != "", - } - - if *enableManagementPolicies { - o.Features.Enable(features.EnableBetaManagementPolicies) - logr.Info("Beta feature enabled", "flag", features.EnableBetaManagementPolicies) - } - - if *enableExternalSecretStores { - o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind - logr.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) - - o.ESSOptions = &tjcontroller.ESSOptions{} - if *essTLSCertsPath != "" { - logr.Info("ESS TLS certificates path is set. Loading mTLS configuration.") - tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) - kingpin.FatalIfError(err, "Cannot load ESS TLS config.") - - o.ESSOptions.TLSConfig = tCfg - } - - // Ensure default store config exists. - kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(ctx, &v1alpha1.StoreConfig{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "default", - }, - Spec: v1alpha1.StoreConfigSpec{ - // NOTE(turkenh): We only set required spec and expect optional - // ones to properly be initialized with CRD level default values. - SecretStoreConfig: xpv1.SecretStoreConfig{ - DefaultScope: *namespace, - }, - }, - Status: v1alpha1.StoreConfigStatus{}, - })), "cannot create default store config") - } - - kingpin.FatalIfError(conversion.RegisterConversions(o.Provider, mgr.GetScheme()), "Cannot initialize the webhook conversion registry") - kingpin.FatalIfError(controller.Setup_datastore(mgr, o), "Cannot setup GCP controllers") - kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager") -} diff --git a/examples-generated/datastore/v1beta1/index.yaml b/examples-generated/datastore/v1beta1/index.yaml deleted file mode 100644 index a5cc848cd..000000000 --- a/examples-generated/datastore/v1beta1/index.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: datastore.gcp.upbound.io/v1beta1 -kind: Index -metadata: - annotations: - meta.upbound.io/example-id: datastore/v1beta1/index - labels: - testing.upbound.io/example-name: default - name: default -spec: - forProvider: - kind: foo - properties: - - direction: ASCENDING - name: property_a - - direction: ASCENDING - name: property_b diff --git a/examples/datastore/v1beta1/index.yaml b/examples/datastore/v1beta1/index.yaml deleted file mode 100644 index f012b8e7a..000000000 --- a/examples/datastore/v1beta1/index.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-FileCopyrightText: 2024 The Crossplane Authors -# -# SPDX-License-Identifier: CC0-1.0 - -apiVersion: datastore.gcp.upbound.io/v1beta1 -kind: Index -metadata: - annotations: - meta.upbound.io/example-id: datastore/v1beta1/index - upjet.upbound.io/manual-intervention: "Manual intervention due to resource created successfully but Uptest returned error: Index already exist." - labels: - testing.upbound.io/example-name: index - name: index -spec: - forProvider: - kind: Index - properties: - - direction: "DESCENDING" - name: "property_example_a" - - direction: "DESCENDING" - name: "property_example_b" diff --git a/internal/controller/datastore/index/zz_controller.go b/internal/controller/datastore/index/zz_controller.go deleted file mode 100755 index dc6518d81..000000000 --- a/internal/controller/datastore/index/zz_controller.go +++ /dev/null @@ -1,91 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -package index - -import ( - "time" - - "github.com/crossplane/crossplane-runtime/pkg/connection" - "github.com/crossplane/crossplane-runtime/pkg/event" - "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" - "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" - "github.com/crossplane/crossplane-runtime/pkg/statemetrics" - tjcontroller "github.com/crossplane/upjet/pkg/controller" - "github.com/crossplane/upjet/pkg/controller/handler" - "github.com/crossplane/upjet/pkg/metrics" - "github.com/pkg/errors" - ctrl "sigs.k8s.io/controller-runtime" - - v1beta1 "github.com/upbound/provider-gcp/apis/datastore/v1beta1" - features "github.com/upbound/provider-gcp/internal/features" -) - -// Setup adds a controller that reconciles Index managed resources. -func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.Index_GroupVersionKind.String()) - var initializers managed.InitializerChain - cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} - if o.SecretStoreConfigGVK != nil { - cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) - } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Index_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Index_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) - opts := []managed.ReconcilerOption{ - managed.WithExternalConnecter( - tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_datastore_index"], - tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), - tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), - tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Index_GroupVersionKind, mgr, o.PollInterval)), - tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), - managed.WithLogger(o.Logger.WithValues("controller", name)), - managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), - managed.WithFinalizer(tjcontroller.NewOperationTrackerFinalizer(o.OperationTrackerStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), - managed.WithTimeout(3 * time.Minute), - managed.WithInitializers(initializers), - managed.WithConnectionPublishers(cps...), - managed.WithPollInterval(o.PollInterval), - } - if o.PollJitter != 0 { - opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) - } - if o.Features.Enabled(features.EnableBetaManagementPolicies) { - opts = append(opts, managed.WithManagementPolicies()) - } - if o.MetricOptions != nil { - opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) - } - - // register webhooks for the kind v1beta1.Index - // if they're enabled. - if o.StartWebhooks { - if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.Index{}). - Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Index") - } - } - - if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { - stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.IndexList{}, o.MetricOptions.PollStateMetricInterval, - ) - if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.IndexList") - } - } - - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Index_GroupVersionKind), opts...) - - return ctrl.NewControllerManagedBy(mgr). - Named(name). - WithOptions(o.ForControllerRuntime()). - WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.Index{}, eventHandler). - Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) -} diff --git a/internal/controller/zz_datastore_setup.go b/internal/controller/zz_datastore_setup.go deleted file mode 100755 index eff70b642..000000000 --- a/internal/controller/zz_datastore_setup.go +++ /dev/null @@ -1,26 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -package controller - -import ( - ctrl "sigs.k8s.io/controller-runtime" - - "github.com/crossplane/upjet/pkg/controller" - - index "github.com/upbound/provider-gcp/internal/controller/datastore/index" -) - -// Setup_datastore creates all controllers with the supplied logger and adds them to -// the supplied manager. -func Setup_datastore(mgr ctrl.Manager, o controller.Options) error { - for _, setup := range []func(ctrl.Manager, controller.Options) error{ - index.Setup, - } { - if err := setup(mgr, o); err != nil { - return err - } - } - return nil -} diff --git a/package/crds/datastore.gcp.upbound.io_indices.yaml b/package/crds/datastore.gcp.upbound.io_indices.yaml deleted file mode 100644 index 8d9b9df8c..000000000 --- a/package/crds/datastore.gcp.upbound.io_indices.yaml +++ /dev/null @@ -1,425 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: indices.datastore.gcp.upbound.io -spec: - group: datastore.gcp.upbound.io - names: - categories: - - crossplane - - managed - - gcp - kind: Index - listKind: IndexList - plural: indices - singular: index - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Synced')].status - name: SYNCED - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .metadata.annotations.crossplane\.io/external-name - name: EXTERNAL-NAME - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Index is the Schema for the Indexs API. Describes a composite - index for Firestore in Datastore Mode. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IndexSpec defines the desired state of Index - properties: - deletionPolicy: - default: Delete - description: |- - DeletionPolicy specifies what will happen to the underlying external - when this managed resource is deleted - either "Delete" or "Orphan" the - external resource. - This field is planned to be deprecated in favor of the ManagementPolicies - field in a future release. Currently, both could be set independently and - non-default values would be honored if the feature flag is enabled. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - enum: - - Orphan - - Delete - type: string - forProvider: - properties: - ancestor: - description: |- - Policy for including ancestors in the index. - Default value is NONE. - Possible values are: NONE, ALL_ANCESTORS. - type: string - kind: - description: The entity kind which the index applies to. - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - properties: - description: |- - An ordered list of properties to index on. - Structure is documented below. - items: - properties: - direction: - description: |- - The direction the index should optimize for sorting. - Possible values are: ASCENDING, DESCENDING. - type: string - name: - description: The property name to index. - type: string - type: object - type: array - type: object - initProvider: - description: |- - THIS IS A BETA FIELD. It will be honored - unless the Management Policies feature flag is disabled. - InitProvider holds the same fields as ForProvider, with the exception - of Identifier and other resource reference fields. The fields that are - in InitProvider are merged into ForProvider when the resource is created. - The same fields are also added to the terraform ignore_changes hook, to - avoid updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after creation, - for example because of an external controller is managing them, like an - autoscaler. - properties: - ancestor: - description: |- - Policy for including ancestors in the index. - Default value is NONE. - Possible values are: NONE, ALL_ANCESTORS. - type: string - kind: - description: The entity kind which the index applies to. - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - properties: - description: |- - An ordered list of properties to index on. - Structure is documented below. - items: - properties: - direction: - description: |- - The direction the index should optimize for sorting. - Possible values are: ASCENDING, DESCENDING. - type: string - name: - description: The property name to index. - type: string - type: object - type: array - type: object - managementPolicies: - default: - - '*' - description: |- - THIS IS A BETA FIELD. It is on by default but can be opted out - through a Crossplane feature flag. - ManagementPolicies specify the array of actions Crossplane is allowed to - take on the managed and external resources. - This field is planned to replace the DeletionPolicy field in a future - release. Currently, both could be set independently and non-default - values would be honored if the feature flag is enabled. If both are - custom, the DeletionPolicy field will be ignored. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md - items: - description: |- - A ManagementAction represents an action that the Crossplane controllers - can take on an external resource. - enum: - - Observe - - Create - - Update - - Delete - - LateInitialize - - '*' - type: string - type: array - providerConfigRef: - default: - name: default - description: |- - ProviderConfigReference specifies how the provider that will be used to - create, observe, update, and delete this managed resource should be - configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - publishConnectionDetailsTo: - description: |- - PublishConnectionDetailsTo specifies the connection secret config which - contains a name, metadata and a reference to secret store config to - which any connection details for this managed resource should be written. - Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - properties: - configRef: - default: - name: default - description: |- - SecretStoreConfigRef specifies which secret store config should be used - for this ConnectionSecret. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - metadata: - description: Metadata is the metadata for connection secret. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations are the annotations to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.annotations". - - It is up to Secret Store implementation for others store types. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels are the labels/tags to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store types. - type: object - type: - description: |- - Type is the SecretType for the connection secret. - - Only valid for Kubernetes Secret Stores. - type: string - type: object - name: - description: Name is the name of the connection secret. - type: string - required: - - name - type: object - writeConnectionSecretToRef: - description: |- - WriteConnectionSecretToReference specifies the namespace and name of a - Secret to which any connection details for this managed resource should - be written. Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsTo. Currently, both could be set independently - and connection details would be published to both without affecting - each other. - properties: - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - name - - namespace - type: object - required: - - forProvider - type: object - x-kubernetes-validations: - - message: spec.forProvider.kind is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.kind) - || (has(self.initProvider) && has(self.initProvider.kind))' - status: - description: IndexStatus defines the observed state of Index. - properties: - atProvider: - properties: - ancestor: - description: |- - Policy for including ancestors in the index. - Default value is NONE. - Possible values are: NONE, ALL_ANCESTORS. - type: string - id: - description: an identifier for the resource with format projects/{{project}}/indexes/{{index_id}} - type: string - indexId: - description: The index id. - type: string - kind: - description: The entity kind which the index applies to. - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - properties: - description: |- - An ordered list of properties to index on. - Structure is documented below. - items: - properties: - direction: - description: |- - The direction the index should optimize for sorting. - Possible values are: ASCENDING, DESCENDING. - type: string - name: - description: The property name to index. - type: string - type: object - type: array - type: object - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: |- - LastTransitionTime is the last time this condition transitioned from one - status to another. - format: date-time - type: string - message: - description: |- - A Message containing details about this condition's last transition from - one status to another, if any. - type: string - observedGeneration: - description: |- - ObservedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: |- - Type of this condition. At most one of each condition type may apply to - a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: |- - ObservedGeneration is the latest metadata.generation - which resulted in either a ready state, or stalled due to error - it can not recover from without human intervention. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} From 6c3dd561da72f06afd3cb968a0e274a57e4b64a1 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:44:58 +0100 Subject: [PATCH 04/47] identityplatform: Replaced projectdefaultconfig with config google_identity_platform_project_default_config is removed in favor of google_identity_platform_project_config See https://github.com/hashicorp/terraform-provider-google/blob/v6.16.0/website/docs/guides/version_6_upgrade.html.markdown#resource-google_identity_platform_project_default_config-is-now-removed Signed-off-by: Rickard von Essen --- ...erraformed.go => zz_config_terraformed.go} | 48 +- .../v1beta1/zz_config_types.go | 902 ++++++++ .../v1beta1/zz_generated.conversion_spokes.go | 20 - .../v1beta1/zz_generated.deepcopy.go | 1849 ++++++++++++++--- .../v1beta1/zz_generated.managed.go | 120 +- .../v1beta1/zz_generated.managedlist.go | 16 +- .../v1beta1/zz_projectdefaultconfig_types.go | 294 --- .../v1beta2/zz_generated.deepcopy.go | 604 ------ .../v1beta2/zz_generated.managed.go | 60 - .../v1beta2/zz_generated.managedlist.go | 9 - .../zz_projectdefaultconfig_terraformed.go | 129 -- .../v1beta2/zz_projectdefaultconfig_types.go | 293 --- config/externalname.go | 4 +- config/externalnamenottested.go | 6 +- config/old-singleton-list-apis.txt | 1 - .../identityplatform/v1beta1/config.yaml | 84 + .../v1beta2/projectdefaultconfig.yaml | 21 - .../identityplatform/v1beta1/config.yaml | 10 +- .../v1beta1/projectdefaultconfig.yaml | 25 - .../v1beta2/projectdefaultconfig.yaml | 25 - .../zz_controller.go | 29 +- .../controller/zz_identityplatform_setup.go | 4 +- ....gcp.upbound.io_projectdefaultconfigs.yaml | 1082 ---------- 23 files changed, 2710 insertions(+), 2925 deletions(-) rename apis/identityplatform/v1beta1/{zz_projectdefaultconfig_terraformed.go => zz_config_terraformed.go} (65%) create mode 100755 apis/identityplatform/v1beta1/zz_config_types.go delete mode 100755 apis/identityplatform/v1beta1/zz_projectdefaultconfig_types.go delete mode 100755 apis/identityplatform/v1beta2/zz_projectdefaultconfig_terraformed.go delete mode 100755 apis/identityplatform/v1beta2/zz_projectdefaultconfig_types.go create mode 100644 examples-generated/identityplatform/v1beta1/config.yaml delete mode 100644 examples-generated/identityplatform/v1beta2/projectdefaultconfig.yaml rename examples-generated/identityplatform/v1beta1/projectdefaultconfig.yaml => examples/identityplatform/v1beta1/config.yaml (67%) delete mode 100644 examples/identityplatform/v1beta1/projectdefaultconfig.yaml delete mode 100644 examples/identityplatform/v1beta2/projectdefaultconfig.yaml rename internal/controller/identityplatform/{projectdefaultconfig => config}/zz_controller.go (79%) delete mode 100644 package/crds/identityplatform.gcp.upbound.io_projectdefaultconfigs.yaml diff --git a/apis/identityplatform/v1beta1/zz_projectdefaultconfig_terraformed.go b/apis/identityplatform/v1beta1/zz_config_terraformed.go similarity index 65% rename from apis/identityplatform/v1beta1/zz_projectdefaultconfig_terraformed.go rename to apis/identityplatform/v1beta1/zz_config_terraformed.go index 13ffdefa1..fd7de5d09 100755 --- a/apis/identityplatform/v1beta1/zz_projectdefaultconfig_terraformed.go +++ b/apis/identityplatform/v1beta1/zz_config_terraformed.go @@ -14,18 +14,18 @@ import ( "github.com/crossplane/upjet/pkg/resource/json" ) -// GetTerraformResourceType returns Terraform resource type for this ProjectDefaultConfig -func (mg *ProjectDefaultConfig) GetTerraformResourceType() string { - return "google_identity_platform_project_default_config" +// GetTerraformResourceType returns Terraform resource type for this Config +func (mg *Config) GetTerraformResourceType() string { + return "google_identity_platform_config" } -// GetConnectionDetailsMapping for this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetConnectionDetailsMapping() map[string]string { - return nil +// GetConnectionDetailsMapping for this Config +func (tr *Config) GetConnectionDetailsMapping() map[string]string { + return map[string]string{"client[*].api_key": "status.atProvider.client[*].apiKey"} } -// GetObservation of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetObservation() (map[string]any, error) { +// GetObservation of this Config +func (tr *Config) GetObservation() (map[string]any, error) { o, err := json.TFParser.Marshal(tr.Status.AtProvider) if err != nil { return nil, err @@ -34,8 +34,8 @@ func (tr *ProjectDefaultConfig) GetObservation() (map[string]any, error) { return base, json.TFParser.Unmarshal(o, &base) } -// SetObservation for this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) SetObservation(obs map[string]any) error { +// SetObservation for this Config +func (tr *Config) SetObservation(obs map[string]any) error { p, err := json.TFParser.Marshal(obs) if err != nil { return err @@ -43,16 +43,16 @@ func (tr *ProjectDefaultConfig) SetObservation(obs map[string]any) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } -// GetID returns ID of underlying Terraform resource of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetID() string { +// GetID returns ID of underlying Terraform resource of this Config +func (tr *Config) GetID() string { if tr.Status.AtProvider.ID == nil { return "" } return *tr.Status.AtProvider.ID } -// GetParameters of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetParameters() (map[string]any, error) { +// GetParameters of this Config +func (tr *Config) GetParameters() (map[string]any, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) if err != nil { return nil, err @@ -61,8 +61,8 @@ func (tr *ProjectDefaultConfig) GetParameters() (map[string]any, error) { return base, json.TFParser.Unmarshal(p, &base) } -// SetParameters for this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) SetParameters(params map[string]any) error { +// SetParameters for this Config +func (tr *Config) SetParameters(params map[string]any) error { p, err := json.TFParser.Marshal(params) if err != nil { return err @@ -70,8 +70,8 @@ func (tr *ProjectDefaultConfig) SetParameters(params map[string]any) error { return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) } -// GetInitParameters of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetInitParameters() (map[string]any, error) { +// GetInitParameters of this Config +func (tr *Config) GetInitParameters() (map[string]any, error) { p, err := json.TFParser.Marshal(tr.Spec.InitProvider) if err != nil { return nil, err @@ -80,8 +80,8 @@ func (tr *ProjectDefaultConfig) GetInitParameters() (map[string]any, error) { return base, json.TFParser.Unmarshal(p, &base) } -// GetInitParameters of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { +// GetInitParameters of this Config +func (tr *Config) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { params, err := tr.GetParameters() if err != nil { return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) @@ -110,10 +110,10 @@ func (tr *ProjectDefaultConfig) GetMergedParameters(shouldMergeInitProvider bool return params, nil } -// LateInitialize this ProjectDefaultConfig using its observed tfState. +// LateInitialize this Config using its observed tfState. // returns True if there are any spec changes for the resource. -func (tr *ProjectDefaultConfig) LateInitialize(attrs []byte) (bool, error) { - params := &ProjectDefaultConfigParameters{} +func (tr *Config) LateInitialize(attrs []byte) (bool, error) { + params := &ConfigParameters{} if err := json.TFParser.Unmarshal(attrs, params); err != nil { return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") } @@ -124,6 +124,6 @@ func (tr *ProjectDefaultConfig) LateInitialize(attrs []byte) (bool, error) { } // GetTerraformSchemaVersion returns the associated Terraform schema version -func (tr *ProjectDefaultConfig) GetTerraformSchemaVersion() int { +func (tr *Config) GetTerraformSchemaVersion() int { return 0 } diff --git a/apis/identityplatform/v1beta1/zz_config_types.go b/apis/identityplatform/v1beta1/zz_config_types.go new file mode 100755 index 000000000..add76c1ae --- /dev/null +++ b/apis/identityplatform/v1beta1/zz_config_types.go @@ -0,0 +1,902 @@ +// SPDX-FileCopyrightText: 2024 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by upjet. DO NOT EDIT. + +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type AllowByDefaultInitParameters struct { + + // Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + DisallowedRegions []*string `json:"disallowedRegions,omitempty" tf:"disallowed_regions,omitempty"` +} + +type AllowByDefaultObservation struct { + + // Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + DisallowedRegions []*string `json:"disallowedRegions,omitempty" tf:"disallowed_regions,omitempty"` +} + +type AllowByDefaultParameters struct { + + // Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + // +kubebuilder:validation:Optional + DisallowedRegions []*string `json:"disallowedRegions,omitempty" tf:"disallowed_regions,omitempty"` +} + +type AllowlistOnlyInitParameters struct { + + // Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + AllowedRegions []*string `json:"allowedRegions,omitempty" tf:"allowed_regions,omitempty"` +} + +type AllowlistOnlyObservation struct { + + // Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + AllowedRegions []*string `json:"allowedRegions,omitempty" tf:"allowed_regions,omitempty"` +} + +type AllowlistOnlyParameters struct { + + // Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json + // +kubebuilder:validation:Optional + AllowedRegions []*string `json:"allowedRegions,omitempty" tf:"allowed_regions,omitempty"` +} + +type AnonymousInitParameters struct { + + // Whether phone number auth is enabled for the project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type AnonymousObservation struct { + + // Whether phone number auth is enabled for the project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type AnonymousParameters struct { + + // Whether phone number auth is enabled for the project or not. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + +type BlockingFunctionsInitParameters struct { + + // The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + // Structure is documented below. + ForwardInboundCredentials *ForwardInboundCredentialsInitParameters `json:"forwardInboundCredentials,omitempty" tf:"forward_inbound_credentials,omitempty"` + + // Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + // Structure is documented below. + Triggers []TriggersInitParameters `json:"triggers,omitempty" tf:"triggers,omitempty"` +} + +type BlockingFunctionsObservation struct { + + // The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + // Structure is documented below. + ForwardInboundCredentials *ForwardInboundCredentialsObservation `json:"forwardInboundCredentials,omitempty" tf:"forward_inbound_credentials,omitempty"` + + // Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + // Structure is documented below. + Triggers []TriggersObservation `json:"triggers,omitempty" tf:"triggers,omitempty"` +} + +type BlockingFunctionsParameters struct { + + // The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + // Structure is documented below. + // +kubebuilder:validation:Optional + ForwardInboundCredentials *ForwardInboundCredentialsParameters `json:"forwardInboundCredentials,omitempty" tf:"forward_inbound_credentials,omitempty"` + + // Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + // Structure is documented below. + // +kubebuilder:validation:Optional + Triggers []TriggersParameters `json:"triggers" tf:"triggers,omitempty"` +} + +type ClientInitParameters struct { + + // Configuration related to restricting a user's ability to affect their account. + // Structure is documented below. + Permissions *PermissionsInitParameters `json:"permissions,omitempty" tf:"permissions,omitempty"` +} + +type ClientObservation struct { + + // (Output) + // Firebase subdomain. + FirebaseSubdomain *string `json:"firebaseSubdomain,omitempty" tf:"firebase_subdomain,omitempty"` + + // Configuration related to restricting a user's ability to affect their account. + // Structure is documented below. + Permissions *PermissionsObservation `json:"permissions,omitempty" tf:"permissions,omitempty"` +} + +type ClientParameters struct { + + // Configuration related to restricting a user's ability to affect their account. + // Structure is documented below. + // +kubebuilder:validation:Optional + Permissions *PermissionsParameters `json:"permissions,omitempty" tf:"permissions,omitempty"` +} + +type ConfigInitParameters struct { + + // List of domains authorized for OAuth redirects. + AuthorizedDomains []*string `json:"authorizedDomains,omitempty" tf:"authorized_domains,omitempty"` + + // Whether anonymous users will be auto-deleted after a period of 30 days + AutodeleteAnonymousUsers *bool `json:"autodeleteAnonymousUsers,omitempty" tf:"autodelete_anonymous_users,omitempty"` + + // Configuration related to blocking functions. + // Structure is documented below. + BlockingFunctions *BlockingFunctionsInitParameters `json:"blockingFunctions,omitempty" tf:"blocking_functions,omitempty"` + + // Options related to how clients making requests on behalf of a project should be configured. + // Structure is documented below. + Client *ClientInitParameters `json:"client,omitempty" tf:"client,omitempty"` + + // Options related to how clients making requests on behalf of a project should be configured. + // Structure is documented below. + Mfa *MfaInitParameters `json:"mfa,omitempty" tf:"mfa,omitempty"` + + // Configuration related to monitoring project activity. + // Structure is documented below. + Monitoring *MonitoringInitParameters `json:"monitoring,omitempty" tf:"monitoring,omitempty"` + + // Configuration related to multi-tenant functionality. + // Structure is documented below. + MultiTenant *MultiTenantInitParameters `json:"multiTenant,omitempty" tf:"multi_tenant,omitempty"` + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.Project + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("project_id",false) + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Reference to a Project in cloudplatform to populate project. + // +kubebuilder:validation:Optional + ProjectRef *v1.Reference `json:"projectRef,omitempty" tf:"-"` + + // Selector for a Project in cloudplatform to populate project. + // +kubebuilder:validation:Optional + ProjectSelector *v1.Selector `json:"projectSelector,omitempty" tf:"-"` + + // Configuration related to quotas. + // Structure is documented below. + Quota *QuotaInitParameters `json:"quota,omitempty" tf:"quota,omitempty"` + + // Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number. + // Structure is documented below. + SMSRegionConfig *SMSRegionConfigInitParameters `json:"smsRegionConfig,omitempty" tf:"sms_region_config,omitempty"` + + // Configuration related to local sign in methods. + // Structure is documented below. + SignIn *SignInInitParameters `json:"signIn,omitempty" tf:"sign_in,omitempty"` +} + +type ConfigObservation struct { + + // List of domains authorized for OAuth redirects. + AuthorizedDomains []*string `json:"authorizedDomains,omitempty" tf:"authorized_domains,omitempty"` + + // Whether anonymous users will be auto-deleted after a period of 30 days + AutodeleteAnonymousUsers *bool `json:"autodeleteAnonymousUsers,omitempty" tf:"autodelete_anonymous_users,omitempty"` + + // Configuration related to blocking functions. + // Structure is documented below. + BlockingFunctions *BlockingFunctionsObservation `json:"blockingFunctions,omitempty" tf:"blocking_functions,omitempty"` + + // Options related to how clients making requests on behalf of a project should be configured. + // Structure is documented below. + Client *ClientObservation `json:"client,omitempty" tf:"client,omitempty"` + + // an identifier for the resource with format projects/{{project}}/config + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // Options related to how clients making requests on behalf of a project should be configured. + // Structure is documented below. + Mfa *MfaObservation `json:"mfa,omitempty" tf:"mfa,omitempty"` + + // Configuration related to monitoring project activity. + // Structure is documented below. + Monitoring *MonitoringObservation `json:"monitoring,omitempty" tf:"monitoring,omitempty"` + + // Configuration related to multi-tenant functionality. + // Structure is documented below. + MultiTenant *MultiTenantObservation `json:"multiTenant,omitempty" tf:"multi_tenant,omitempty"` + + // The name of the Config resource + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Configuration related to quotas. + // Structure is documented below. + Quota *QuotaObservation `json:"quota,omitempty" tf:"quota,omitempty"` + + // Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number. + // Structure is documented below. + SMSRegionConfig *SMSRegionConfigObservation `json:"smsRegionConfig,omitempty" tf:"sms_region_config,omitempty"` + + // Configuration related to local sign in methods. + // Structure is documented below. + SignIn *SignInObservation `json:"signIn,omitempty" tf:"sign_in,omitempty"` +} + +type ConfigParameters struct { + + // List of domains authorized for OAuth redirects. + // +kubebuilder:validation:Optional + AuthorizedDomains []*string `json:"authorizedDomains,omitempty" tf:"authorized_domains,omitempty"` + + // Whether anonymous users will be auto-deleted after a period of 30 days + // +kubebuilder:validation:Optional + AutodeleteAnonymousUsers *bool `json:"autodeleteAnonymousUsers,omitempty" tf:"autodelete_anonymous_users,omitempty"` + + // Configuration related to blocking functions. + // Structure is documented below. + // +kubebuilder:validation:Optional + BlockingFunctions *BlockingFunctionsParameters `json:"blockingFunctions,omitempty" tf:"blocking_functions,omitempty"` + + // Options related to how clients making requests on behalf of a project should be configured. + // Structure is documented below. + // +kubebuilder:validation:Optional + Client *ClientParameters `json:"client,omitempty" tf:"client,omitempty"` + + // Options related to how clients making requests on behalf of a project should be configured. + // Structure is documented below. + // +kubebuilder:validation:Optional + Mfa *MfaParameters `json:"mfa,omitempty" tf:"mfa,omitempty"` + + // Configuration related to monitoring project activity. + // Structure is documented below. + // +kubebuilder:validation:Optional + Monitoring *MonitoringParameters `json:"monitoring,omitempty" tf:"monitoring,omitempty"` + + // Configuration related to multi-tenant functionality. + // Structure is documented below. + // +kubebuilder:validation:Optional + MultiTenant *MultiTenantParameters `json:"multiTenant,omitempty" tf:"multi_tenant,omitempty"` + + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.Project + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("project_id",false) + // +kubebuilder:validation:Optional + Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Reference to a Project in cloudplatform to populate project. + // +kubebuilder:validation:Optional + ProjectRef *v1.Reference `json:"projectRef,omitempty" tf:"-"` + + // Selector for a Project in cloudplatform to populate project. + // +kubebuilder:validation:Optional + ProjectSelector *v1.Selector `json:"projectSelector,omitempty" tf:"-"` + + // Configuration related to quotas. + // Structure is documented below. + // +kubebuilder:validation:Optional + Quota *QuotaParameters `json:"quota,omitempty" tf:"quota,omitempty"` + + // Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number. + // Structure is documented below. + // +kubebuilder:validation:Optional + SMSRegionConfig *SMSRegionConfigParameters `json:"smsRegionConfig,omitempty" tf:"sms_region_config,omitempty"` + + // Configuration related to local sign in methods. + // Structure is documented below. + // +kubebuilder:validation:Optional + SignIn *SignInParameters `json:"signIn,omitempty" tf:"sign_in,omitempty"` +} + +type EmailInitParameters struct { + + // Whether phone number auth is enabled for the project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // Whether a password is required for email auth or not. If true, both an email and + // password must be provided to sign in. If false, a user may sign in via either + // email/password or email link. + PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` +} + +type EmailObservation struct { + + // Whether phone number auth is enabled for the project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // Whether a password is required for email auth or not. If true, both an email and + // password must be provided to sign in. If false, a user may sign in via either + // email/password or email link. + PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` +} + +type EmailParameters struct { + + // Whether phone number auth is enabled for the project or not. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` + + // Whether a password is required for email auth or not. If true, both an email and + // password must be provided to sign in. If false, a user may sign in via either + // email/password or email link. + // +kubebuilder:validation:Optional + PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` +} + +type ForwardInboundCredentialsInitParameters struct { + + // Whether to pass the user's OAuth identity provider's access token. + AccessToken *bool `json:"accessToken,omitempty" tf:"access_token,omitempty"` + + // Whether to pass the user's OIDC identity provider's ID token. + IDToken *bool `json:"idToken,omitempty" tf:"id_token,omitempty"` + + // Whether to pass the user's OAuth identity provider's refresh token. + RefreshToken *bool `json:"refreshToken,omitempty" tf:"refresh_token,omitempty"` +} + +type ForwardInboundCredentialsObservation struct { + + // Whether to pass the user's OAuth identity provider's access token. + AccessToken *bool `json:"accessToken,omitempty" tf:"access_token,omitempty"` + + // Whether to pass the user's OIDC identity provider's ID token. + IDToken *bool `json:"idToken,omitempty" tf:"id_token,omitempty"` + + // Whether to pass the user's OAuth identity provider's refresh token. + RefreshToken *bool `json:"refreshToken,omitempty" tf:"refresh_token,omitempty"` +} + +type ForwardInboundCredentialsParameters struct { + + // Whether to pass the user's OAuth identity provider's access token. + // +kubebuilder:validation:Optional + AccessToken *bool `json:"accessToken,omitempty" tf:"access_token,omitempty"` + + // Whether to pass the user's OIDC identity provider's ID token. + // +kubebuilder:validation:Optional + IDToken *bool `json:"idToken,omitempty" tf:"id_token,omitempty"` + + // Whether to pass the user's OAuth identity provider's refresh token. + // +kubebuilder:validation:Optional + RefreshToken *bool `json:"refreshToken,omitempty" tf:"refresh_token,omitempty"` +} + +type HashConfigInitParameters struct { +} + +type HashConfigObservation struct { + + // (Output) + // Different password hash algorithms used in Identity Toolkit. + Algorithm *string `json:"algorithm,omitempty" tf:"algorithm,omitempty"` + + // (Output) + // Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. + MemoryCost *float64 `json:"memoryCost,omitempty" tf:"memory_cost,omitempty"` + + // (Output) + // How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. + Rounds *float64 `json:"rounds,omitempty" tf:"rounds,omitempty"` + + // (Output) + // Non-printable character to be inserted between the salt and plain text password in base64. + SaltSeparator *string `json:"saltSeparator,omitempty" tf:"salt_separator,omitempty"` + + // (Output) + // Signer key in base64. + SignerKey *string `json:"signerKey,omitempty" tf:"signer_key,omitempty"` +} + +type HashConfigParameters struct { +} + +type MfaInitParameters struct { + + // A list of usable second factors for this project. + // Each value may be one of: PHONE_SMS. + EnabledProviders []*string `json:"enabledProviders,omitempty" tf:"enabled_providers,omitempty"` + + // A list of usable second factors for this project along with their configurations. + // This field does not support phone based MFA, for that use the 'enabledProviders' field. + // Structure is documented below. + ProviderConfigs []ProviderConfigsInitParameters `json:"providerConfigs,omitempty" tf:"provider_configs,omitempty"` + + // Whether MultiFactor Authentication has been enabled for this project. + // Possible values are: DISABLED, ENABLED, MANDATORY. + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type MfaObservation struct { + + // A list of usable second factors for this project. + // Each value may be one of: PHONE_SMS. + EnabledProviders []*string `json:"enabledProviders,omitempty" tf:"enabled_providers,omitempty"` + + // A list of usable second factors for this project along with their configurations. + // This field does not support phone based MFA, for that use the 'enabledProviders' field. + // Structure is documented below. + ProviderConfigs []ProviderConfigsObservation `json:"providerConfigs,omitempty" tf:"provider_configs,omitempty"` + + // Whether MultiFactor Authentication has been enabled for this project. + // Possible values are: DISABLED, ENABLED, MANDATORY. + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type MfaParameters struct { + + // A list of usable second factors for this project. + // Each value may be one of: PHONE_SMS. + // +kubebuilder:validation:Optional + EnabledProviders []*string `json:"enabledProviders,omitempty" tf:"enabled_providers,omitempty"` + + // A list of usable second factors for this project along with their configurations. + // This field does not support phone based MFA, for that use the 'enabledProviders' field. + // Structure is documented below. + // +kubebuilder:validation:Optional + ProviderConfigs []ProviderConfigsParameters `json:"providerConfigs,omitempty" tf:"provider_configs,omitempty"` + + // Whether MultiFactor Authentication has been enabled for this project. + // Possible values are: DISABLED, ENABLED, MANDATORY. + // +kubebuilder:validation:Optional + State *string `json:"state,omitempty" tf:"state,omitempty"` +} + +type MonitoringInitParameters struct { + + // Configuration for logging requests made to this project to Stackdriver Logging + // Structure is documented below. + RequestLogging *RequestLoggingInitParameters `json:"requestLogging,omitempty" tf:"request_logging,omitempty"` +} + +type MonitoringObservation struct { + + // Configuration for logging requests made to this project to Stackdriver Logging + // Structure is documented below. + RequestLogging *RequestLoggingObservation `json:"requestLogging,omitempty" tf:"request_logging,omitempty"` +} + +type MonitoringParameters struct { + + // Configuration for logging requests made to this project to Stackdriver Logging + // Structure is documented below. + // +kubebuilder:validation:Optional + RequestLogging *RequestLoggingParameters `json:"requestLogging,omitempty" tf:"request_logging,omitempty"` +} + +type MultiTenantInitParameters struct { + + // Whether this project can have tenants or not. + AllowTenants *bool `json:"allowTenants,omitempty" tf:"allow_tenants,omitempty"` + + // The default cloud parent org or folder that the tenant project should be created under. + // The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". + // If the value is not set, the tenant will be created under the same organization or folder as the agent project. + DefaultTenantLocation *string `json:"defaultTenantLocation,omitempty" tf:"default_tenant_location,omitempty"` +} + +type MultiTenantObservation struct { + + // Whether this project can have tenants or not. + AllowTenants *bool `json:"allowTenants,omitempty" tf:"allow_tenants,omitempty"` + + // The default cloud parent org or folder that the tenant project should be created under. + // The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". + // If the value is not set, the tenant will be created under the same organization or folder as the agent project. + DefaultTenantLocation *string `json:"defaultTenantLocation,omitempty" tf:"default_tenant_location,omitempty"` +} + +type MultiTenantParameters struct { + + // Whether this project can have tenants or not. + // +kubebuilder:validation:Optional + AllowTenants *bool `json:"allowTenants,omitempty" tf:"allow_tenants,omitempty"` + + // The default cloud parent org or folder that the tenant project should be created under. + // The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". + // If the value is not set, the tenant will be created under the same organization or folder as the agent project. + // +kubebuilder:validation:Optional + DefaultTenantLocation *string `json:"defaultTenantLocation,omitempty" tf:"default_tenant_location,omitempty"` +} + +type PermissionsInitParameters struct { + + // When true, end users cannot delete their account on the associated project through any of our API methods + DisabledUserDeletion *bool `json:"disabledUserDeletion,omitempty" tf:"disabled_user_deletion,omitempty"` + + // When true, end users cannot sign up for a new account on the associated project through any of our API methods + DisabledUserSignup *bool `json:"disabledUserSignup,omitempty" tf:"disabled_user_signup,omitempty"` +} + +type PermissionsObservation struct { + + // When true, end users cannot delete their account on the associated project through any of our API methods + DisabledUserDeletion *bool `json:"disabledUserDeletion,omitempty" tf:"disabled_user_deletion,omitempty"` + + // When true, end users cannot sign up for a new account on the associated project through any of our API methods + DisabledUserSignup *bool `json:"disabledUserSignup,omitempty" tf:"disabled_user_signup,omitempty"` +} + +type PermissionsParameters struct { + + // When true, end users cannot delete their account on the associated project through any of our API methods + // +kubebuilder:validation:Optional + DisabledUserDeletion *bool `json:"disabledUserDeletion,omitempty" tf:"disabled_user_deletion,omitempty"` + + // When true, end users cannot sign up for a new account on the associated project through any of our API methods + // +kubebuilder:validation:Optional + DisabledUserSignup *bool `json:"disabledUserSignup,omitempty" tf:"disabled_user_signup,omitempty"` +} + +type PhoneNumberInitParameters struct { + + // Whether phone number auth is enabled for the project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // A map of that can be used for phone auth testing. + // +mapType=granular + TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` +} + +type PhoneNumberObservation struct { + + // Whether phone number auth is enabled for the project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // A map of that can be used for phone auth testing. + // +mapType=granular + TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` +} + +type PhoneNumberParameters struct { + + // Whether phone number auth is enabled for the project or not. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` + + // A map of that can be used for phone auth testing. + // +kubebuilder:validation:Optional + // +mapType=granular + TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` +} + +type ProviderConfigsInitParameters struct { + + // Whether MultiFactor Authentication has been enabled for this project. + // Possible values are: DISABLED, ENABLED, MANDATORY. + State *string `json:"state,omitempty" tf:"state,omitempty"` + + // TOTP MFA provider config for this project. + // Structure is documented below. + TotpProviderConfig *TotpProviderConfigInitParameters `json:"totpProviderConfig,omitempty" tf:"totp_provider_config,omitempty"` +} + +type ProviderConfigsObservation struct { + + // Whether MultiFactor Authentication has been enabled for this project. + // Possible values are: DISABLED, ENABLED, MANDATORY. + State *string `json:"state,omitempty" tf:"state,omitempty"` + + // TOTP MFA provider config for this project. + // Structure is documented below. + TotpProviderConfig *TotpProviderConfigObservation `json:"totpProviderConfig,omitempty" tf:"totp_provider_config,omitempty"` +} + +type ProviderConfigsParameters struct { + + // Whether MultiFactor Authentication has been enabled for this project. + // Possible values are: DISABLED, ENABLED, MANDATORY. + // +kubebuilder:validation:Optional + State *string `json:"state,omitempty" tf:"state,omitempty"` + + // TOTP MFA provider config for this project. + // Structure is documented below. + // +kubebuilder:validation:Optional + TotpProviderConfig *TotpProviderConfigParameters `json:"totpProviderConfig,omitempty" tf:"totp_provider_config,omitempty"` +} + +type QuotaInitParameters struct { + + // Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. + // Structure is documented below. + SignUpQuotaConfig *SignUpQuotaConfigInitParameters `json:"signUpQuotaConfig,omitempty" tf:"sign_up_quota_config,omitempty"` +} + +type QuotaObservation struct { + + // Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. + // Structure is documented below. + SignUpQuotaConfig *SignUpQuotaConfigObservation `json:"signUpQuotaConfig,omitempty" tf:"sign_up_quota_config,omitempty"` +} + +type QuotaParameters struct { + + // Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. + // Structure is documented below. + // +kubebuilder:validation:Optional + SignUpQuotaConfig *SignUpQuotaConfigParameters `json:"signUpQuotaConfig,omitempty" tf:"sign_up_quota_config,omitempty"` +} + +type RequestLoggingInitParameters struct { + + // Whether logging is enabled for this project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type RequestLoggingObservation struct { + + // Whether logging is enabled for this project or not. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type RequestLoggingParameters struct { + + // Whether logging is enabled for this project or not. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type SMSRegionConfigInitParameters struct { + + // A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list. + // Structure is documented below. + AllowByDefault *AllowByDefaultInitParameters `json:"allowByDefault,omitempty" tf:"allow_by_default,omitempty"` + + // A policy of only allowing regions by explicitly adding them to an allowlist. + // Structure is documented below. + AllowlistOnly *AllowlistOnlyInitParameters `json:"allowlistOnly,omitempty" tf:"allowlist_only,omitempty"` +} + +type SMSRegionConfigObservation struct { + + // A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list. + // Structure is documented below. + AllowByDefault *AllowByDefaultObservation `json:"allowByDefault,omitempty" tf:"allow_by_default,omitempty"` + + // A policy of only allowing regions by explicitly adding them to an allowlist. + // Structure is documented below. + AllowlistOnly *AllowlistOnlyObservation `json:"allowlistOnly,omitempty" tf:"allowlist_only,omitempty"` +} + +type SMSRegionConfigParameters struct { + + // A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list. + // Structure is documented below. + // +kubebuilder:validation:Optional + AllowByDefault *AllowByDefaultParameters `json:"allowByDefault,omitempty" tf:"allow_by_default,omitempty"` + + // A policy of only allowing regions by explicitly adding them to an allowlist. + // Structure is documented below. + // +kubebuilder:validation:Optional + AllowlistOnly *AllowlistOnlyParameters `json:"allowlistOnly,omitempty" tf:"allowlist_only,omitempty"` +} + +type SignInInitParameters struct { + + // Whether to allow more than one account to have the same email. + AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` + + // Configuration options related to authenticating an anonymous user. + // Structure is documented below. + Anonymous *AnonymousInitParameters `json:"anonymous,omitempty" tf:"anonymous,omitempty"` + + // Configuration options related to authenticating a user by their email address. + // Structure is documented below. + Email *EmailInitParameters `json:"email,omitempty" tf:"email,omitempty"` + + // Configuration options related to authenticated a user by their phone number. + // Structure is documented below. + PhoneNumber *PhoneNumberInitParameters `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type SignInObservation struct { + + // Whether to allow more than one account to have the same email. + AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` + + // Configuration options related to authenticating an anonymous user. + // Structure is documented below. + Anonymous *AnonymousObservation `json:"anonymous,omitempty" tf:"anonymous,omitempty"` + + // Configuration options related to authenticating a user by their email address. + // Structure is documented below. + Email *EmailObservation `json:"email,omitempty" tf:"email,omitempty"` + + // (Output) + // Output only. Hash config information. + // Structure is documented below. + HashConfig []HashConfigObservation `json:"hashConfig,omitempty" tf:"hash_config,omitempty"` + + // Configuration options related to authenticated a user by their phone number. + // Structure is documented below. + PhoneNumber *PhoneNumberObservation `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type SignInParameters struct { + + // Whether to allow more than one account to have the same email. + // +kubebuilder:validation:Optional + AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` + + // Configuration options related to authenticating an anonymous user. + // Structure is documented below. + // +kubebuilder:validation:Optional + Anonymous *AnonymousParameters `json:"anonymous,omitempty" tf:"anonymous,omitempty"` + + // Configuration options related to authenticating a user by their email address. + // Structure is documented below. + // +kubebuilder:validation:Optional + Email *EmailParameters `json:"email,omitempty" tf:"email,omitempty"` + + // Configuration options related to authenticated a user by their phone number. + // Structure is documented below. + // +kubebuilder:validation:Optional + PhoneNumber *PhoneNumberParameters `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` +} + +type SignUpQuotaConfigInitParameters struct { + + // A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. + Quota *float64 `json:"quota,omitempty" tf:"quota,omitempty"` + + // How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". + QuotaDuration *string `json:"quotaDuration,omitempty" tf:"quota_duration,omitempty"` + + // When this quota will take affect. + StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type SignUpQuotaConfigObservation struct { + + // A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. + Quota *float64 `json:"quota,omitempty" tf:"quota,omitempty"` + + // How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". + QuotaDuration *string `json:"quotaDuration,omitempty" tf:"quota_duration,omitempty"` + + // When this quota will take affect. + StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type SignUpQuotaConfigParameters struct { + + // A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. + // +kubebuilder:validation:Optional + Quota *float64 `json:"quota,omitempty" tf:"quota,omitempty"` + + // How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". + // +kubebuilder:validation:Optional + QuotaDuration *string `json:"quotaDuration,omitempty" tf:"quota_duration,omitempty"` + + // When this quota will take affect. + // +kubebuilder:validation:Optional + StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type TotpProviderConfigInitParameters struct { + + // The allowed number of adjacent intervals that will be used for verification to avoid clock skew. + AdjacentIntervals *float64 `json:"adjacentIntervals,omitempty" tf:"adjacent_intervals,omitempty"` +} + +type TotpProviderConfigObservation struct { + + // The allowed number of adjacent intervals that will be used for verification to avoid clock skew. + AdjacentIntervals *float64 `json:"adjacentIntervals,omitempty" tf:"adjacent_intervals,omitempty"` +} + +type TotpProviderConfigParameters struct { + + // The allowed number of adjacent intervals that will be used for verification to avoid clock skew. + // +kubebuilder:validation:Optional + AdjacentIntervals *float64 `json:"adjacentIntervals,omitempty" tf:"adjacent_intervals,omitempty"` +} + +type TriggersInitParameters struct { + + // The identifier for this object. Format specified above. + EventType *string `json:"eventType,omitempty" tf:"event_type,omitempty"` + + // HTTP URI trigger for the Cloud Function. + FunctionURI *string `json:"functionUri,omitempty" tf:"function_uri,omitempty"` +} + +type TriggersObservation struct { + + // The identifier for this object. Format specified above. + EventType *string `json:"eventType,omitempty" tf:"event_type,omitempty"` + + // HTTP URI trigger for the Cloud Function. + FunctionURI *string `json:"functionUri,omitempty" tf:"function_uri,omitempty"` + + // (Output) + // When the trigger was changed. + UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` +} + +type TriggersParameters struct { + + // The identifier for this object. Format specified above. + // +kubebuilder:validation:Optional + EventType *string `json:"eventType" tf:"event_type,omitempty"` + + // HTTP URI trigger for the Cloud Function. + // +kubebuilder:validation:Optional + FunctionURI *string `json:"functionUri" tf:"function_uri,omitempty"` +} + +// ConfigSpec defines the desired state of Config +type ConfigSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider ConfigParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider ConfigInitParameters `json:"initProvider,omitempty"` +} + +// ConfigStatus defines the observed state of Config. +type ConfigStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider ConfigObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// Config is the Schema for the Configs API. Identity Platform configuration for a Cloud project. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} +type Config struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec ConfigSpec `json:"spec"` + Status ConfigStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ConfigList contains a list of Configs +type ConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Config `json:"items"` +} + +// Repository type metadata. +var ( + Config_Kind = "Config" + Config_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Config_Kind}.String() + Config_KindAPIVersion = Config_Kind + "." + CRDGroupVersion.String() + Config_GroupVersionKind = CRDGroupVersion.WithKind(Config_Kind) +) + +func init() { + SchemeBuilder.Register(&Config{}, &ConfigList{}) +} diff --git a/apis/identityplatform/v1beta1/zz_generated.conversion_spokes.go b/apis/identityplatform/v1beta1/zz_generated.conversion_spokes.go index 5c8d76c9f..e634344f0 100755 --- a/apis/identityplatform/v1beta1/zz_generated.conversion_spokes.go +++ b/apis/identityplatform/v1beta1/zz_generated.conversion_spokes.go @@ -33,26 +33,6 @@ func (tr *InboundSAMLConfig) ConvertFrom(srcRaw conversion.Hub) error { return nil } -// ConvertTo converts this ProjectDefaultConfig to the hub type. -func (tr *ProjectDefaultConfig) ConvertTo(dstRaw conversion.Hub) error { - spokeVersion := tr.GetObjectKind().GroupVersionKind().Version - hubVersion := dstRaw.GetObjectKind().GroupVersionKind().Version - if err := ujconversion.RoundTrip(dstRaw.(resource.Terraformed), tr); err != nil { - return errors.Wrapf(err, "cannot convert from the spoke version %q to the hub version %q", spokeVersion, hubVersion) - } - return nil -} - -// ConvertFrom converts from the hub type to the ProjectDefaultConfig type. -func (tr *ProjectDefaultConfig) ConvertFrom(srcRaw conversion.Hub) error { - spokeVersion := tr.GetObjectKind().GroupVersionKind().Version - hubVersion := srcRaw.GetObjectKind().GroupVersionKind().Version - if err := ujconversion.RoundTrip(tr, srcRaw.(resource.Terraformed)); err != nil { - return errors.Wrapf(err, "cannot convert from the hub version %q to the spoke version %q", hubVersion, spokeVersion) - } - return nil -} - // ConvertTo converts this TenantInboundSAMLConfig to the hub type. func (tr *TenantInboundSAMLConfig) ConvertTo(dstRaw conversion.Hub) error { spokeVersion := tr.GetObjectKind().GroupVersionKind().Version diff --git a/apis/identityplatform/v1beta1/zz_generated.deepcopy.go b/apis/identityplatform/v1beta1/zz_generated.deepcopy.go index 95ebee0d6..6c29f1e91 100644 --- a/apis/identityplatform/v1beta1/zz_generated.deepcopy.go +++ b/apis/identityplatform/v1beta1/zz_generated.deepcopy.go @@ -13,6 +13,162 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowByDefaultInitParameters) DeepCopyInto(out *AllowByDefaultInitParameters) { + *out = *in + if in.DisallowedRegions != nil { + in, out := &in.DisallowedRegions, &out.DisallowedRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowByDefaultInitParameters. +func (in *AllowByDefaultInitParameters) DeepCopy() *AllowByDefaultInitParameters { + if in == nil { + return nil + } + out := new(AllowByDefaultInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowByDefaultObservation) DeepCopyInto(out *AllowByDefaultObservation) { + *out = *in + if in.DisallowedRegions != nil { + in, out := &in.DisallowedRegions, &out.DisallowedRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowByDefaultObservation. +func (in *AllowByDefaultObservation) DeepCopy() *AllowByDefaultObservation { + if in == nil { + return nil + } + out := new(AllowByDefaultObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowByDefaultParameters) DeepCopyInto(out *AllowByDefaultParameters) { + *out = *in + if in.DisallowedRegions != nil { + in, out := &in.DisallowedRegions, &out.DisallowedRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowByDefaultParameters. +func (in *AllowByDefaultParameters) DeepCopy() *AllowByDefaultParameters { + if in == nil { + return nil + } + out := new(AllowByDefaultParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowlistOnlyInitParameters) DeepCopyInto(out *AllowlistOnlyInitParameters) { + *out = *in + if in.AllowedRegions != nil { + in, out := &in.AllowedRegions, &out.AllowedRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowlistOnlyInitParameters. +func (in *AllowlistOnlyInitParameters) DeepCopy() *AllowlistOnlyInitParameters { + if in == nil { + return nil + } + out := new(AllowlistOnlyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowlistOnlyObservation) DeepCopyInto(out *AllowlistOnlyObservation) { + *out = *in + if in.AllowedRegions != nil { + in, out := &in.AllowedRegions, &out.AllowedRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowlistOnlyObservation. +func (in *AllowlistOnlyObservation) DeepCopy() *AllowlistOnlyObservation { + if in == nil { + return nil + } + out := new(AllowlistOnlyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AllowlistOnlyParameters) DeepCopyInto(out *AllowlistOnlyParameters) { + *out = *in + if in.AllowedRegions != nil { + in, out := &in.AllowedRegions, &out.AllowedRegions + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowlistOnlyParameters. +func (in *AllowlistOnlyParameters) DeepCopy() *AllowlistOnlyParameters { + if in == nil { + return nil + } + out := new(AllowlistOnlyParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AnonymousInitParameters) DeepCopyInto(out *AnonymousInitParameters) { *out = *in @@ -73,6 +229,504 @@ func (in *AnonymousParameters) DeepCopy() *AnonymousParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BlockingFunctionsInitParameters) DeepCopyInto(out *BlockingFunctionsInitParameters) { + *out = *in + if in.ForwardInboundCredentials != nil { + in, out := &in.ForwardInboundCredentials, &out.ForwardInboundCredentials + *out = new(ForwardInboundCredentialsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Triggers != nil { + in, out := &in.Triggers, &out.Triggers + *out = make([]TriggersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockingFunctionsInitParameters. +func (in *BlockingFunctionsInitParameters) DeepCopy() *BlockingFunctionsInitParameters { + if in == nil { + return nil + } + out := new(BlockingFunctionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BlockingFunctionsObservation) DeepCopyInto(out *BlockingFunctionsObservation) { + *out = *in + if in.ForwardInboundCredentials != nil { + in, out := &in.ForwardInboundCredentials, &out.ForwardInboundCredentials + *out = new(ForwardInboundCredentialsObservation) + (*in).DeepCopyInto(*out) + } + if in.Triggers != nil { + in, out := &in.Triggers, &out.Triggers + *out = make([]TriggersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockingFunctionsObservation. +func (in *BlockingFunctionsObservation) DeepCopy() *BlockingFunctionsObservation { + if in == nil { + return nil + } + out := new(BlockingFunctionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BlockingFunctionsParameters) DeepCopyInto(out *BlockingFunctionsParameters) { + *out = *in + if in.ForwardInboundCredentials != nil { + in, out := &in.ForwardInboundCredentials, &out.ForwardInboundCredentials + *out = new(ForwardInboundCredentialsParameters) + (*in).DeepCopyInto(*out) + } + if in.Triggers != nil { + in, out := &in.Triggers, &out.Triggers + *out = make([]TriggersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockingFunctionsParameters. +func (in *BlockingFunctionsParameters) DeepCopy() *BlockingFunctionsParameters { + if in == nil { + return nil + } + out := new(BlockingFunctionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientInitParameters) DeepCopyInto(out *ClientInitParameters) { + *out = *in + if in.Permissions != nil { + in, out := &in.Permissions, &out.Permissions + *out = new(PermissionsInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientInitParameters. +func (in *ClientInitParameters) DeepCopy() *ClientInitParameters { + if in == nil { + return nil + } + out := new(ClientInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientObservation) DeepCopyInto(out *ClientObservation) { + *out = *in + if in.FirebaseSubdomain != nil { + in, out := &in.FirebaseSubdomain, &out.FirebaseSubdomain + *out = new(string) + **out = **in + } + if in.Permissions != nil { + in, out := &in.Permissions, &out.Permissions + *out = new(PermissionsObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientObservation. +func (in *ClientObservation) DeepCopy() *ClientObservation { + if in == nil { + return nil + } + out := new(ClientObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientParameters) DeepCopyInto(out *ClientParameters) { + *out = *in + if in.Permissions != nil { + in, out := &in.Permissions, &out.Permissions + *out = new(PermissionsParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientParameters. +func (in *ClientParameters) DeepCopy() *ClientParameters { + if in == nil { + return nil + } + out := new(ClientParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Config) DeepCopyInto(out *Config) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config. +func (in *Config) DeepCopy() *Config { + if in == nil { + return nil + } + out := new(Config) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Config) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigInitParameters) DeepCopyInto(out *ConfigInitParameters) { + *out = *in + if in.AuthorizedDomains != nil { + in, out := &in.AuthorizedDomains, &out.AuthorizedDomains + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AutodeleteAnonymousUsers != nil { + in, out := &in.AutodeleteAnonymousUsers, &out.AutodeleteAnonymousUsers + *out = new(bool) + **out = **in + } + if in.BlockingFunctions != nil { + in, out := &in.BlockingFunctions, &out.BlockingFunctions + *out = new(BlockingFunctionsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Client != nil { + in, out := &in.Client, &out.Client + *out = new(ClientInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Mfa != nil { + in, out := &in.Mfa, &out.Mfa + *out = new(MfaInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Monitoring != nil { + in, out := &in.Monitoring, &out.Monitoring + *out = new(MonitoringInitParameters) + (*in).DeepCopyInto(*out) + } + if in.MultiTenant != nil { + in, out := &in.MultiTenant, &out.MultiTenant + *out = new(MultiTenantInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.ProjectRef != nil { + in, out := &in.ProjectRef, &out.ProjectRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ProjectSelector != nil { + in, out := &in.ProjectSelector, &out.ProjectSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Quota != nil { + in, out := &in.Quota, &out.Quota + *out = new(QuotaInitParameters) + (*in).DeepCopyInto(*out) + } + if in.SMSRegionConfig != nil { + in, out := &in.SMSRegionConfig, &out.SMSRegionConfig + *out = new(SMSRegionConfigInitParameters) + (*in).DeepCopyInto(*out) + } + if in.SignIn != nil { + in, out := &in.SignIn, &out.SignIn + *out = new(SignInInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigInitParameters. +func (in *ConfigInitParameters) DeepCopy() *ConfigInitParameters { + if in == nil { + return nil + } + out := new(ConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigList) DeepCopyInto(out *ConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Config, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigList. +func (in *ConfigList) DeepCopy() *ConfigList { + if in == nil { + return nil + } + out := new(ConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigObservation) DeepCopyInto(out *ConfigObservation) { + *out = *in + if in.AuthorizedDomains != nil { + in, out := &in.AuthorizedDomains, &out.AuthorizedDomains + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AutodeleteAnonymousUsers != nil { + in, out := &in.AutodeleteAnonymousUsers, &out.AutodeleteAnonymousUsers + *out = new(bool) + **out = **in + } + if in.BlockingFunctions != nil { + in, out := &in.BlockingFunctions, &out.BlockingFunctions + *out = new(BlockingFunctionsObservation) + (*in).DeepCopyInto(*out) + } + if in.Client != nil { + in, out := &in.Client, &out.Client + *out = new(ClientObservation) + (*in).DeepCopyInto(*out) + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Mfa != nil { + in, out := &in.Mfa, &out.Mfa + *out = new(MfaObservation) + (*in).DeepCopyInto(*out) + } + if in.Monitoring != nil { + in, out := &in.Monitoring, &out.Monitoring + *out = new(MonitoringObservation) + (*in).DeepCopyInto(*out) + } + if in.MultiTenant != nil { + in, out := &in.MultiTenant, &out.MultiTenant + *out = new(MultiTenantObservation) + (*in).DeepCopyInto(*out) + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.Quota != nil { + in, out := &in.Quota, &out.Quota + *out = new(QuotaObservation) + (*in).DeepCopyInto(*out) + } + if in.SMSRegionConfig != nil { + in, out := &in.SMSRegionConfig, &out.SMSRegionConfig + *out = new(SMSRegionConfigObservation) + (*in).DeepCopyInto(*out) + } + if in.SignIn != nil { + in, out := &in.SignIn, &out.SignIn + *out = new(SignInObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigObservation. +func (in *ConfigObservation) DeepCopy() *ConfigObservation { + if in == nil { + return nil + } + out := new(ConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigParameters) DeepCopyInto(out *ConfigParameters) { + *out = *in + if in.AuthorizedDomains != nil { + in, out := &in.AuthorizedDomains, &out.AuthorizedDomains + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.AutodeleteAnonymousUsers != nil { + in, out := &in.AutodeleteAnonymousUsers, &out.AutodeleteAnonymousUsers + *out = new(bool) + **out = **in + } + if in.BlockingFunctions != nil { + in, out := &in.BlockingFunctions, &out.BlockingFunctions + *out = new(BlockingFunctionsParameters) + (*in).DeepCopyInto(*out) + } + if in.Client != nil { + in, out := &in.Client, &out.Client + *out = new(ClientParameters) + (*in).DeepCopyInto(*out) + } + if in.Mfa != nil { + in, out := &in.Mfa, &out.Mfa + *out = new(MfaParameters) + (*in).DeepCopyInto(*out) + } + if in.Monitoring != nil { + in, out := &in.Monitoring, &out.Monitoring + *out = new(MonitoringParameters) + (*in).DeepCopyInto(*out) + } + if in.MultiTenant != nil { + in, out := &in.MultiTenant, &out.MultiTenant + *out = new(MultiTenantParameters) + (*in).DeepCopyInto(*out) + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.ProjectRef != nil { + in, out := &in.ProjectRef, &out.ProjectRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ProjectSelector != nil { + in, out := &in.ProjectSelector, &out.ProjectSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Quota != nil { + in, out := &in.Quota, &out.Quota + *out = new(QuotaParameters) + (*in).DeepCopyInto(*out) + } + if in.SMSRegionConfig != nil { + in, out := &in.SMSRegionConfig, &out.SMSRegionConfig + *out = new(SMSRegionConfigParameters) + (*in).DeepCopyInto(*out) + } + if in.SignIn != nil { + in, out := &in.SignIn, &out.SignIn + *out = new(SignInParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigParameters. +func (in *ConfigParameters) DeepCopy() *ConfigParameters { + if in == nil { + return nil + } + out := new(ConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSpec) DeepCopyInto(out *ConfigSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSpec. +func (in *ConfigSpec) DeepCopy() *ConfigSpec { + if in == nil { + return nil + } + out := new(ConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigStatus) DeepCopyInto(out *ConfigStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigStatus. +func (in *ConfigStatus) DeepCopy() *ConfigStatus { + if in == nil { + return nil + } + out := new(ConfigStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DefaultSupportedIdPConfig) DeepCopyInto(out *DefaultSupportedIdPConfig) { *out = *in @@ -291,57 +945,147 @@ func (in *EmailInitParameters) DeepCopy() *EmailInitParameters { if in == nil { return nil } - out := new(EmailInitParameters) + out := new(EmailInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailObservation) DeepCopyInto(out *EmailObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.PasswordRequired != nil { + in, out := &in.PasswordRequired, &out.PasswordRequired + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailObservation. +func (in *EmailObservation) DeepCopy() *EmailObservation { + if in == nil { + return nil + } + out := new(EmailObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmailParameters) DeepCopyInto(out *EmailParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.PasswordRequired != nil { + in, out := &in.PasswordRequired, &out.PasswordRequired + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailParameters. +func (in *EmailParameters) DeepCopy() *EmailParameters { + if in == nil { + return nil + } + out := new(EmailParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ForwardInboundCredentialsInitParameters) DeepCopyInto(out *ForwardInboundCredentialsInitParameters) { + *out = *in + if in.AccessToken != nil { + in, out := &in.AccessToken, &out.AccessToken + *out = new(bool) + **out = **in + } + if in.IDToken != nil { + in, out := &in.IDToken, &out.IDToken + *out = new(bool) + **out = **in + } + if in.RefreshToken != nil { + in, out := &in.RefreshToken, &out.RefreshToken + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForwardInboundCredentialsInitParameters. +func (in *ForwardInboundCredentialsInitParameters) DeepCopy() *ForwardInboundCredentialsInitParameters { + if in == nil { + return nil + } + out := new(ForwardInboundCredentialsInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EmailObservation) DeepCopyInto(out *EmailObservation) { +func (in *ForwardInboundCredentialsObservation) DeepCopyInto(out *ForwardInboundCredentialsObservation) { *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled + if in.AccessToken != nil { + in, out := &in.AccessToken, &out.AccessToken *out = new(bool) **out = **in } - if in.PasswordRequired != nil { - in, out := &in.PasswordRequired, &out.PasswordRequired + if in.IDToken != nil { + in, out := &in.IDToken, &out.IDToken + *out = new(bool) + **out = **in + } + if in.RefreshToken != nil { + in, out := &in.RefreshToken, &out.RefreshToken *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailObservation. -func (in *EmailObservation) DeepCopy() *EmailObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForwardInboundCredentialsObservation. +func (in *ForwardInboundCredentialsObservation) DeepCopy() *ForwardInboundCredentialsObservation { if in == nil { return nil } - out := new(EmailObservation) + out := new(ForwardInboundCredentialsObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EmailParameters) DeepCopyInto(out *EmailParameters) { +func (in *ForwardInboundCredentialsParameters) DeepCopyInto(out *ForwardInboundCredentialsParameters) { *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled + if in.AccessToken != nil { + in, out := &in.AccessToken, &out.AccessToken *out = new(bool) **out = **in } - if in.PasswordRequired != nil { - in, out := &in.PasswordRequired, &out.PasswordRequired + if in.IDToken != nil { + in, out := &in.IDToken, &out.IDToken + *out = new(bool) + **out = **in + } + if in.RefreshToken != nil { + in, out := &in.RefreshToken, &out.RefreshToken *out = new(bool) **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailParameters. -func (in *EmailParameters) DeepCopy() *EmailParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForwardInboundCredentialsParameters. +func (in *ForwardInboundCredentialsParameters) DeepCopy() *ForwardInboundCredentialsParameters { if in == nil { return nil } - out := new(EmailParameters) + out := new(ForwardInboundCredentialsParameters) in.DeepCopyInto(out) return out } @@ -732,153 +1476,402 @@ func (in *InboundSAMLConfigList) DeepCopy() *InboundSAMLConfigList { if in == nil { return nil } - out := new(InboundSAMLConfigList) + out := new(InboundSAMLConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InboundSAMLConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InboundSAMLConfigObservation) DeepCopyInto(out *InboundSAMLConfigObservation) { + *out = *in + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.IdPConfig != nil { + in, out := &in.IdPConfig, &out.IdPConfig + *out = make([]IdPConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.SpConfig != nil { + in, out := &in.SpConfig, &out.SpConfig + *out = make([]SpConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigObservation. +func (in *InboundSAMLConfigObservation) DeepCopy() *InboundSAMLConfigObservation { + if in == nil { + return nil + } + out := new(InboundSAMLConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InboundSAMLConfigParameters) DeepCopyInto(out *InboundSAMLConfigParameters) { + *out = *in + if in.DisplayName != nil { + in, out := &in.DisplayName, &out.DisplayName + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.IdPConfig != nil { + in, out := &in.IdPConfig, &out.IdPConfig + *out = make([]IdPConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.SpConfig != nil { + in, out := &in.SpConfig, &out.SpConfig + *out = make([]SpConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigParameters. +func (in *InboundSAMLConfigParameters) DeepCopy() *InboundSAMLConfigParameters { + if in == nil { + return nil + } + out := new(InboundSAMLConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InboundSAMLConfigSpec) DeepCopyInto(out *InboundSAMLConfigSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigSpec. +func (in *InboundSAMLConfigSpec) DeepCopy() *InboundSAMLConfigSpec { + if in == nil { + return nil + } + out := new(InboundSAMLConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InboundSAMLConfigStatus) DeepCopyInto(out *InboundSAMLConfigStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigStatus. +func (in *InboundSAMLConfigStatus) DeepCopy() *InboundSAMLConfigStatus { + if in == nil { + return nil + } + out := new(InboundSAMLConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MfaInitParameters) DeepCopyInto(out *MfaInitParameters) { + *out = *in + if in.EnabledProviders != nil { + in, out := &in.EnabledProviders, &out.EnabledProviders + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ProviderConfigs != nil { + in, out := &in.ProviderConfigs, &out.ProviderConfigs + *out = make([]ProviderConfigsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MfaInitParameters. +func (in *MfaInitParameters) DeepCopy() *MfaInitParameters { + if in == nil { + return nil + } + out := new(MfaInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MfaObservation) DeepCopyInto(out *MfaObservation) { + *out = *in + if in.EnabledProviders != nil { + in, out := &in.EnabledProviders, &out.EnabledProviders + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ProviderConfigs != nil { + in, out := &in.ProviderConfigs, &out.ProviderConfigs + *out = make([]ProviderConfigsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MfaObservation. +func (in *MfaObservation) DeepCopy() *MfaObservation { + if in == nil { + return nil + } + out := new(MfaObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MfaParameters) DeepCopyInto(out *MfaParameters) { + *out = *in + if in.EnabledProviders != nil { + in, out := &in.EnabledProviders, &out.EnabledProviders + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ProviderConfigs != nil { + in, out := &in.ProviderConfigs, &out.ProviderConfigs + *out = make([]ProviderConfigsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MfaParameters. +func (in *MfaParameters) DeepCopy() *MfaParameters { + if in == nil { + return nil + } + out := new(MfaParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MonitoringInitParameters) DeepCopyInto(out *MonitoringInitParameters) { + *out = *in + if in.RequestLogging != nil { + in, out := &in.RequestLogging, &out.RequestLogging + *out = new(RequestLoggingInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringInitParameters. +func (in *MonitoringInitParameters) DeepCopy() *MonitoringInitParameters { + if in == nil { + return nil + } + out := new(MonitoringInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InboundSAMLConfigList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MonitoringObservation) DeepCopyInto(out *MonitoringObservation) { + *out = *in + if in.RequestLogging != nil { + in, out := &in.RequestLogging, &out.RequestLogging + *out = new(RequestLoggingObservation) + (*in).DeepCopyInto(*out) } - return nil +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringObservation. +func (in *MonitoringObservation) DeepCopy() *MonitoringObservation { + if in == nil { + return nil + } + out := new(MonitoringObservation) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InboundSAMLConfigObservation) DeepCopyInto(out *InboundSAMLConfigObservation) { +func (in *MonitoringParameters) DeepCopyInto(out *MonitoringParameters) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in - } - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.IdPConfig != nil { - in, out := &in.IdPConfig, &out.IdPConfig - *out = make([]IdPConfigObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.SpConfig != nil { - in, out := &in.SpConfig, &out.SpConfig - *out = make([]SpConfigObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.RequestLogging != nil { + in, out := &in.RequestLogging, &out.RequestLogging + *out = new(RequestLoggingParameters) + (*in).DeepCopyInto(*out) } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigObservation. -func (in *InboundSAMLConfigObservation) DeepCopy() *InboundSAMLConfigObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MonitoringParameters. +func (in *MonitoringParameters) DeepCopy() *MonitoringParameters { if in == nil { return nil } - out := new(InboundSAMLConfigObservation) + out := new(MonitoringParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InboundSAMLConfigParameters) DeepCopyInto(out *InboundSAMLConfigParameters) { +func (in *MultiTenantInitParameters) DeepCopyInto(out *MultiTenantInitParameters) { *out = *in - if in.DisplayName != nil { - in, out := &in.DisplayName, &out.DisplayName - *out = new(string) - **out = **in - } - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled + if in.AllowTenants != nil { + in, out := &in.AllowTenants, &out.AllowTenants *out = new(bool) **out = **in } - if in.IdPConfig != nil { - in, out := &in.IdPConfig, &out.IdPConfig - *out = make([]IdPConfigParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project + if in.DefaultTenantLocation != nil { + in, out := &in.DefaultTenantLocation, &out.DefaultTenantLocation *out = new(string) **out = **in } - if in.SpConfig != nil { - in, out := &in.SpConfig, &out.SpConfig - *out = make([]SpConfigParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigParameters. -func (in *InboundSAMLConfigParameters) DeepCopy() *InboundSAMLConfigParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MultiTenantInitParameters. +func (in *MultiTenantInitParameters) DeepCopy() *MultiTenantInitParameters { if in == nil { return nil } - out := new(InboundSAMLConfigParameters) + out := new(MultiTenantInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InboundSAMLConfigSpec) DeepCopyInto(out *InboundSAMLConfigSpec) { +func (in *MultiTenantObservation) DeepCopyInto(out *MultiTenantObservation) { *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) + if in.AllowTenants != nil { + in, out := &in.AllowTenants, &out.AllowTenants + *out = new(bool) + **out = **in + } + if in.DefaultTenantLocation != nil { + in, out := &in.DefaultTenantLocation, &out.DefaultTenantLocation + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigSpec. -func (in *InboundSAMLConfigSpec) DeepCopy() *InboundSAMLConfigSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MultiTenantObservation. +func (in *MultiTenantObservation) DeepCopy() *MultiTenantObservation { if in == nil { return nil } - out := new(InboundSAMLConfigSpec) + out := new(MultiTenantObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InboundSAMLConfigStatus) DeepCopyInto(out *InboundSAMLConfigStatus) { +func (in *MultiTenantParameters) DeepCopyInto(out *MultiTenantParameters) { *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) + if in.AllowTenants != nil { + in, out := &in.AllowTenants, &out.AllowTenants + *out = new(bool) + **out = **in + } + if in.DefaultTenantLocation != nil { + in, out := &in.DefaultTenantLocation, &out.DefaultTenantLocation + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InboundSAMLConfigStatus. -func (in *InboundSAMLConfigStatus) DeepCopy() *InboundSAMLConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MultiTenantParameters. +func (in *MultiTenantParameters) DeepCopy() *MultiTenantParameters { if in == nil { return nil } - out := new(InboundSAMLConfigStatus) + out := new(MultiTenantParameters) in.DeepCopyInto(out) return out } @@ -1114,6 +2107,81 @@ func (in *OAuthIdPConfigStatus) DeepCopy() *OAuthIdPConfigStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsInitParameters) DeepCopyInto(out *PermissionsInitParameters) { + *out = *in + if in.DisabledUserDeletion != nil { + in, out := &in.DisabledUserDeletion, &out.DisabledUserDeletion + *out = new(bool) + **out = **in + } + if in.DisabledUserSignup != nil { + in, out := &in.DisabledUserSignup, &out.DisabledUserSignup + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsInitParameters. +func (in *PermissionsInitParameters) DeepCopy() *PermissionsInitParameters { + if in == nil { + return nil + } + out := new(PermissionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsObservation) DeepCopyInto(out *PermissionsObservation) { + *out = *in + if in.DisabledUserDeletion != nil { + in, out := &in.DisabledUserDeletion, &out.DisabledUserDeletion + *out = new(bool) + **out = **in + } + if in.DisabledUserSignup != nil { + in, out := &in.DisabledUserSignup, &out.DisabledUserSignup + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsObservation. +func (in *PermissionsObservation) DeepCopy() *PermissionsObservation { + if in == nil { + return nil + } + out := new(PermissionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PermissionsParameters) DeepCopyInto(out *PermissionsParameters) { + *out = *in + if in.DisabledUserDeletion != nil { + in, out := &in.DisabledUserDeletion, &out.DisabledUserDeletion + *out = new(bool) + **out = **in + } + if in.DisabledUserSignup != nil { + in, out := &in.DisabledUserSignup, &out.DisabledUserSignup + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionsParameters. +func (in *PermissionsParameters) DeepCopy() *PermissionsParameters { + if in == nil { + return nil + } + out := new(PermissionsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PhoneNumberInitParameters) DeepCopyInto(out *PhoneNumberInitParameters) { *out = *in @@ -1223,186 +2291,271 @@ func (in *PhoneNumberParameters) DeepCopy() *PhoneNumberParameters { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfig) DeepCopyInto(out *ProjectDefaultConfig) { +func (in *ProviderConfigsInitParameters) DeepCopyInto(out *ProviderConfigsInitParameters) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } + if in.TotpProviderConfig != nil { + in, out := &in.TotpProviderConfig, &out.TotpProviderConfig + *out = new(TotpProviderConfigInitParameters) + (*in).DeepCopyInto(*out) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfig. -func (in *ProjectDefaultConfig) DeepCopy() *ProjectDefaultConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigsInitParameters. +func (in *ProviderConfigsInitParameters) DeepCopy() *ProviderConfigsInitParameters { if in == nil { return nil } - out := new(ProjectDefaultConfig) + out := new(ProviderConfigsInitParameters) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProjectDefaultConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProviderConfigsObservation) DeepCopyInto(out *ProviderConfigsObservation) { + *out = *in + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in } - return nil + if in.TotpProviderConfig != nil { + in, out := &in.TotpProviderConfig, &out.TotpProviderConfig + *out = new(TotpProviderConfigObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigsObservation. +func (in *ProviderConfigsObservation) DeepCopy() *ProviderConfigsObservation { + if in == nil { + return nil + } + out := new(ProviderConfigsObservation) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigInitParameters) DeepCopyInto(out *ProjectDefaultConfigInitParameters) { +func (in *ProviderConfigsParameters) DeepCopyInto(out *ProviderConfigsParameters) { *out = *in - if in.Project != nil { - in, out := &in.Project, &out.Project + if in.State != nil { + in, out := &in.State, &out.State *out = new(string) **out = **in } - if in.SignIn != nil { - in, out := &in.SignIn, &out.SignIn - *out = make([]SignInInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.TotpProviderConfig != nil { + in, out := &in.TotpProviderConfig, &out.TotpProviderConfig + *out = new(TotpProviderConfigParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigsParameters. +func (in *ProviderConfigsParameters) DeepCopy() *ProviderConfigsParameters { + if in == nil { + return nil + } + out := new(ProviderConfigsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuotaInitParameters) DeepCopyInto(out *QuotaInitParameters) { + *out = *in + if in.SignUpQuotaConfig != nil { + in, out := &in.SignUpQuotaConfig, &out.SignUpQuotaConfig + *out = new(SignUpQuotaConfigInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuotaInitParameters. +func (in *QuotaInitParameters) DeepCopy() *QuotaInitParameters { + if in == nil { + return nil + } + out := new(QuotaInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuotaObservation) DeepCopyInto(out *QuotaObservation) { + *out = *in + if in.SignUpQuotaConfig != nil { + in, out := &in.SignUpQuotaConfig, &out.SignUpQuotaConfig + *out = new(SignUpQuotaConfigObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuotaObservation. +func (in *QuotaObservation) DeepCopy() *QuotaObservation { + if in == nil { + return nil + } + out := new(QuotaObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuotaParameters) DeepCopyInto(out *QuotaParameters) { + *out = *in + if in.SignUpQuotaConfig != nil { + in, out := &in.SignUpQuotaConfig, &out.SignUpQuotaConfig + *out = new(SignUpQuotaConfigParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuotaParameters. +func (in *QuotaParameters) DeepCopy() *QuotaParameters { + if in == nil { + return nil + } + out := new(QuotaParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestLoggingInitParameters) DeepCopyInto(out *RequestLoggingInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigInitParameters. -func (in *ProjectDefaultConfigInitParameters) DeepCopy() *ProjectDefaultConfigInitParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestLoggingInitParameters. +func (in *RequestLoggingInitParameters) DeepCopy() *RequestLoggingInitParameters { if in == nil { return nil } - out := new(ProjectDefaultConfigInitParameters) + out := new(RequestLoggingInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigList) DeepCopyInto(out *ProjectDefaultConfigList) { +func (in *RequestLoggingObservation) DeepCopyInto(out *RequestLoggingObservation) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ProjectDefaultConfig, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigList. -func (in *ProjectDefaultConfigList) DeepCopy() *ProjectDefaultConfigList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestLoggingObservation. +func (in *RequestLoggingObservation) DeepCopy() *RequestLoggingObservation { if in == nil { return nil } - out := new(ProjectDefaultConfigList) + out := new(RequestLoggingObservation) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProjectDefaultConfigList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigObservation) DeepCopyInto(out *ProjectDefaultConfigObservation) { +func (in *RequestLoggingParameters) DeepCopyInto(out *RequestLoggingParameters) { *out = *in - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) **out = **in } - if in.SignIn != nil { - in, out := &in.SignIn, &out.SignIn - *out = make([]SignInObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigObservation. -func (in *ProjectDefaultConfigObservation) DeepCopy() *ProjectDefaultConfigObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestLoggingParameters. +func (in *RequestLoggingParameters) DeepCopy() *RequestLoggingParameters { if in == nil { return nil } - out := new(ProjectDefaultConfigObservation) + out := new(RequestLoggingParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigParameters) DeepCopyInto(out *ProjectDefaultConfigParameters) { +func (in *SMSRegionConfigInitParameters) DeepCopyInto(out *SMSRegionConfigInitParameters) { *out = *in - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in + if in.AllowByDefault != nil { + in, out := &in.AllowByDefault, &out.AllowByDefault + *out = new(AllowByDefaultInitParameters) + (*in).DeepCopyInto(*out) } - if in.SignIn != nil { - in, out := &in.SignIn, &out.SignIn - *out = make([]SignInParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.AllowlistOnly != nil { + in, out := &in.AllowlistOnly, &out.AllowlistOnly + *out = new(AllowlistOnlyInitParameters) + (*in).DeepCopyInto(*out) } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigParameters. -func (in *ProjectDefaultConfigParameters) DeepCopy() *ProjectDefaultConfigParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SMSRegionConfigInitParameters. +func (in *SMSRegionConfigInitParameters) DeepCopy() *SMSRegionConfigInitParameters { if in == nil { return nil } - out := new(ProjectDefaultConfigParameters) + out := new(SMSRegionConfigInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigSpec) DeepCopyInto(out *ProjectDefaultConfigSpec) { +func (in *SMSRegionConfigObservation) DeepCopyInto(out *SMSRegionConfigObservation) { *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) + if in.AllowByDefault != nil { + in, out := &in.AllowByDefault, &out.AllowByDefault + *out = new(AllowByDefaultObservation) + (*in).DeepCopyInto(*out) + } + if in.AllowlistOnly != nil { + in, out := &in.AllowlistOnly, &out.AllowlistOnly + *out = new(AllowlistOnlyObservation) + (*in).DeepCopyInto(*out) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigSpec. -func (in *ProjectDefaultConfigSpec) DeepCopy() *ProjectDefaultConfigSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SMSRegionConfigObservation. +func (in *SMSRegionConfigObservation) DeepCopy() *SMSRegionConfigObservation { if in == nil { return nil } - out := new(ProjectDefaultConfigSpec) + out := new(SMSRegionConfigObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigStatus) DeepCopyInto(out *ProjectDefaultConfigStatus) { +func (in *SMSRegionConfigParameters) DeepCopyInto(out *SMSRegionConfigParameters) { *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) + if in.AllowByDefault != nil { + in, out := &in.AllowByDefault, &out.AllowByDefault + *out = new(AllowByDefaultParameters) + (*in).DeepCopyInto(*out) + } + if in.AllowlistOnly != nil { + in, out := &in.AllowlistOnly, &out.AllowlistOnly + *out = new(AllowlistOnlyParameters) + (*in).DeepCopyInto(*out) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigStatus. -func (in *ProjectDefaultConfigStatus) DeepCopy() *ProjectDefaultConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SMSRegionConfigParameters. +func (in *SMSRegionConfigParameters) DeepCopy() *SMSRegionConfigParameters { if in == nil { return nil } - out := new(ProjectDefaultConfigStatus) + out := new(SMSRegionConfigParameters) in.DeepCopyInto(out) return out } @@ -1417,24 +2570,18 @@ func (in *SignInInitParameters) DeepCopyInto(out *SignInInitParameters) { } if in.Anonymous != nil { in, out := &in.Anonymous, &out.Anonymous - *out = make([]AnonymousInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(AnonymousInitParameters) + (*in).DeepCopyInto(*out) } if in.Email != nil { in, out := &in.Email, &out.Email - *out = make([]EmailInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(EmailInitParameters) + (*in).DeepCopyInto(*out) } if in.PhoneNumber != nil { in, out := &in.PhoneNumber, &out.PhoneNumber - *out = make([]PhoneNumberInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(PhoneNumberInitParameters) + (*in).DeepCopyInto(*out) } } @@ -1458,17 +2605,13 @@ func (in *SignInObservation) DeepCopyInto(out *SignInObservation) { } if in.Anonymous != nil { in, out := &in.Anonymous, &out.Anonymous - *out = make([]AnonymousObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(AnonymousObservation) + (*in).DeepCopyInto(*out) } if in.Email != nil { in, out := &in.Email, &out.Email - *out = make([]EmailObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(EmailObservation) + (*in).DeepCopyInto(*out) } if in.HashConfig != nil { in, out := &in.HashConfig, &out.HashConfig @@ -1479,10 +2622,8 @@ func (in *SignInObservation) DeepCopyInto(out *SignInObservation) { } if in.PhoneNumber != nil { in, out := &in.PhoneNumber, &out.PhoneNumber - *out = make([]PhoneNumberObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(PhoneNumberObservation) + (*in).DeepCopyInto(*out) } } @@ -1506,24 +2647,18 @@ func (in *SignInParameters) DeepCopyInto(out *SignInParameters) { } if in.Anonymous != nil { in, out := &in.Anonymous, &out.Anonymous - *out = make([]AnonymousParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(AnonymousParameters) + (*in).DeepCopyInto(*out) } if in.Email != nil { in, out := &in.Email, &out.Email - *out = make([]EmailParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(EmailParameters) + (*in).DeepCopyInto(*out) } if in.PhoneNumber != nil { in, out := &in.PhoneNumber, &out.PhoneNumber - *out = make([]PhoneNumberParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(PhoneNumberParameters) + (*in).DeepCopyInto(*out) } } @@ -1537,6 +2672,96 @@ func (in *SignInParameters) DeepCopy() *SignInParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SignUpQuotaConfigInitParameters) DeepCopyInto(out *SignUpQuotaConfigInitParameters) { + *out = *in + if in.Quota != nil { + in, out := &in.Quota, &out.Quota + *out = new(float64) + **out = **in + } + if in.QuotaDuration != nil { + in, out := &in.QuotaDuration, &out.QuotaDuration + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignUpQuotaConfigInitParameters. +func (in *SignUpQuotaConfigInitParameters) DeepCopy() *SignUpQuotaConfigInitParameters { + if in == nil { + return nil + } + out := new(SignUpQuotaConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SignUpQuotaConfigObservation) DeepCopyInto(out *SignUpQuotaConfigObservation) { + *out = *in + if in.Quota != nil { + in, out := &in.Quota, &out.Quota + *out = new(float64) + **out = **in + } + if in.QuotaDuration != nil { + in, out := &in.QuotaDuration, &out.QuotaDuration + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignUpQuotaConfigObservation. +func (in *SignUpQuotaConfigObservation) DeepCopy() *SignUpQuotaConfigObservation { + if in == nil { + return nil + } + out := new(SignUpQuotaConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SignUpQuotaConfigParameters) DeepCopyInto(out *SignUpQuotaConfigParameters) { + *out = *in + if in.Quota != nil { + in, out := &in.Quota, &out.Quota + *out = new(float64) + **out = **in + } + if in.QuotaDuration != nil { + in, out := &in.QuotaDuration, &out.QuotaDuration + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignUpQuotaConfigParameters. +func (in *SignUpQuotaConfigParameters) DeepCopy() *SignUpQuotaConfigParameters { + if in == nil { + return nil + } + out := new(SignUpQuotaConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SpCertificatesInitParameters) DeepCopyInto(out *SpCertificatesInitParameters) { *out = *in @@ -2915,3 +4140,143 @@ func (in *TenantStatus) DeepCopy() *TenantStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TotpProviderConfigInitParameters) DeepCopyInto(out *TotpProviderConfigInitParameters) { + *out = *in + if in.AdjacentIntervals != nil { + in, out := &in.AdjacentIntervals, &out.AdjacentIntervals + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TotpProviderConfigInitParameters. +func (in *TotpProviderConfigInitParameters) DeepCopy() *TotpProviderConfigInitParameters { + if in == nil { + return nil + } + out := new(TotpProviderConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TotpProviderConfigObservation) DeepCopyInto(out *TotpProviderConfigObservation) { + *out = *in + if in.AdjacentIntervals != nil { + in, out := &in.AdjacentIntervals, &out.AdjacentIntervals + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TotpProviderConfigObservation. +func (in *TotpProviderConfigObservation) DeepCopy() *TotpProviderConfigObservation { + if in == nil { + return nil + } + out := new(TotpProviderConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TotpProviderConfigParameters) DeepCopyInto(out *TotpProviderConfigParameters) { + *out = *in + if in.AdjacentIntervals != nil { + in, out := &in.AdjacentIntervals, &out.AdjacentIntervals + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TotpProviderConfigParameters. +func (in *TotpProviderConfigParameters) DeepCopy() *TotpProviderConfigParameters { + if in == nil { + return nil + } + out := new(TotpProviderConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggersInitParameters) DeepCopyInto(out *TriggersInitParameters) { + *out = *in + if in.EventType != nil { + in, out := &in.EventType, &out.EventType + *out = new(string) + **out = **in + } + if in.FunctionURI != nil { + in, out := &in.FunctionURI, &out.FunctionURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggersInitParameters. +func (in *TriggersInitParameters) DeepCopy() *TriggersInitParameters { + if in == nil { + return nil + } + out := new(TriggersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggersObservation) DeepCopyInto(out *TriggersObservation) { + *out = *in + if in.EventType != nil { + in, out := &in.EventType, &out.EventType + *out = new(string) + **out = **in + } + if in.FunctionURI != nil { + in, out := &in.FunctionURI, &out.FunctionURI + *out = new(string) + **out = **in + } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggersObservation. +func (in *TriggersObservation) DeepCopy() *TriggersObservation { + if in == nil { + return nil + } + out := new(TriggersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TriggersParameters) DeepCopyInto(out *TriggersParameters) { + *out = *in + if in.EventType != nil { + in, out := &in.EventType, &out.EventType + *out = new(string) + **out = **in + } + if in.FunctionURI != nil { + in, out := &in.FunctionURI, &out.FunctionURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TriggersParameters. +func (in *TriggersParameters) DeepCopy() *TriggersParameters { + if in == nil { + return nil + } + out := new(TriggersParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/identityplatform/v1beta1/zz_generated.managed.go b/apis/identityplatform/v1beta1/zz_generated.managed.go index e3296ca7f..1bf0f3462 100644 --- a/apis/identityplatform/v1beta1/zz_generated.managed.go +++ b/apis/identityplatform/v1beta1/zz_generated.managed.go @@ -7,6 +7,66 @@ package v1beta1 import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +// GetCondition of this Config. +func (mg *Config) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Config. +func (mg *Config) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Config. +func (mg *Config) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Config. +func (mg *Config) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Config. +func (mg *Config) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Config. +func (mg *Config) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Config. +func (mg *Config) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Config. +func (mg *Config) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Config. +func (mg *Config) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Config. +func (mg *Config) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Config. +func (mg *Config) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Config. +func (mg *Config) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this DefaultSupportedIdPConfig. func (mg *DefaultSupportedIdPConfig) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) @@ -187,66 +247,6 @@ func (mg *OAuthIdPConfig) SetWriteConnectionSecretToReference(r *xpv1.SecretRefe mg.Spec.WriteConnectionSecretToReference = r } -// GetCondition of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetCondition(ct xpv1.ConditionType) xpv1.Condition { - return mg.Status.GetCondition(ct) -} - -// GetDeletionPolicy of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetDeletionPolicy() xpv1.DeletionPolicy { - return mg.Spec.DeletionPolicy -} - -// GetManagementPolicies of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetManagementPolicies() xpv1.ManagementPolicies { - return mg.Spec.ManagementPolicies -} - -// GetProviderConfigReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetProviderConfigReference() *xpv1.Reference { - return mg.Spec.ProviderConfigReference -} - -// GetPublishConnectionDetailsTo of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { - return mg.Spec.PublishConnectionDetailsTo -} - -// GetWriteConnectionSecretToReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetWriteConnectionSecretToReference() *xpv1.SecretReference { - return mg.Spec.WriteConnectionSecretToReference -} - -// SetConditions of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetConditions(c ...xpv1.Condition) { - mg.Status.SetConditions(c...) -} - -// SetDeletionPolicy of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetDeletionPolicy(r xpv1.DeletionPolicy) { - mg.Spec.DeletionPolicy = r -} - -// SetManagementPolicies of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetManagementPolicies(r xpv1.ManagementPolicies) { - mg.Spec.ManagementPolicies = r -} - -// SetProviderConfigReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetProviderConfigReference(r *xpv1.Reference) { - mg.Spec.ProviderConfigReference = r -} - -// SetPublishConnectionDetailsTo of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { - mg.Spec.PublishConnectionDetailsTo = r -} - -// SetWriteConnectionSecretToReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { - mg.Spec.WriteConnectionSecretToReference = r -} - // GetCondition of this Tenant. func (mg *Tenant) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/identityplatform/v1beta1/zz_generated.managedlist.go b/apis/identityplatform/v1beta1/zz_generated.managedlist.go index e65371738..7e876a8d2 100644 --- a/apis/identityplatform/v1beta1/zz_generated.managedlist.go +++ b/apis/identityplatform/v1beta1/zz_generated.managedlist.go @@ -7,8 +7,8 @@ package v1beta1 import resource "github.com/crossplane/crossplane-runtime/pkg/resource" -// GetItems of this DefaultSupportedIdPConfigList. -func (l *DefaultSupportedIdPConfigList) GetItems() []resource.Managed { +// GetItems of this ConfigList. +func (l *ConfigList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) for i := range l.Items { items[i] = &l.Items[i] @@ -16,8 +16,8 @@ func (l *DefaultSupportedIdPConfigList) GetItems() []resource.Managed { return items } -// GetItems of this InboundSAMLConfigList. -func (l *InboundSAMLConfigList) GetItems() []resource.Managed { +// GetItems of this DefaultSupportedIdPConfigList. +func (l *DefaultSupportedIdPConfigList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) for i := range l.Items { items[i] = &l.Items[i] @@ -25,8 +25,8 @@ func (l *InboundSAMLConfigList) GetItems() []resource.Managed { return items } -// GetItems of this OAuthIdPConfigList. -func (l *OAuthIdPConfigList) GetItems() []resource.Managed { +// GetItems of this InboundSAMLConfigList. +func (l *InboundSAMLConfigList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) for i := range l.Items { items[i] = &l.Items[i] @@ -34,8 +34,8 @@ func (l *OAuthIdPConfigList) GetItems() []resource.Managed { return items } -// GetItems of this ProjectDefaultConfigList. -func (l *ProjectDefaultConfigList) GetItems() []resource.Managed { +// GetItems of this OAuthIdPConfigList. +func (l *OAuthIdPConfigList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) for i := range l.Items { items[i] = &l.Items[i] diff --git a/apis/identityplatform/v1beta1/zz_projectdefaultconfig_types.go b/apis/identityplatform/v1beta1/zz_projectdefaultconfig_types.go deleted file mode 100755 index 4dc60830f..000000000 --- a/apis/identityplatform/v1beta1/zz_projectdefaultconfig_types.go +++ /dev/null @@ -1,294 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - - v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" -) - -type AnonymousInitParameters struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` -} - -type AnonymousObservation struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` -} - -type AnonymousParameters struct { - - // Whether phone number auth is enabled for the project or not. - // +kubebuilder:validation:Optional - Enabled *bool `json:"enabled" tf:"enabled,omitempty"` -} - -type EmailInitParameters struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // Whether a password is required for email auth or not. If true, both an email and - // password must be provided to sign in. If false, a user may sign in via either - // email/password or email link. - PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` -} - -type EmailObservation struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // Whether a password is required for email auth or not. If true, both an email and - // password must be provided to sign in. If false, a user may sign in via either - // email/password or email link. - PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` -} - -type EmailParameters struct { - - // Whether phone number auth is enabled for the project or not. - // +kubebuilder:validation:Optional - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // Whether a password is required for email auth or not. If true, both an email and - // password must be provided to sign in. If false, a user may sign in via either - // email/password or email link. - // +kubebuilder:validation:Optional - PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` -} - -type HashConfigInitParameters struct { -} - -type HashConfigObservation struct { - - // (Output) - // Different password hash algorithms used in Identity Toolkit. - Algorithm *string `json:"algorithm,omitempty" tf:"algorithm,omitempty"` - - // (Output) - // Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. - MemoryCost *float64 `json:"memoryCost,omitempty" tf:"memory_cost,omitempty"` - - // (Output) - // How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. - Rounds *float64 `json:"rounds,omitempty" tf:"rounds,omitempty"` - - // (Output) - // Non-printable character to be inserted between the salt and plain text password in base64. - SaltSeparator *string `json:"saltSeparator,omitempty" tf:"salt_separator,omitempty"` - - // (Output) - // Signer key in base64. - SignerKey *string `json:"signerKey,omitempty" tf:"signer_key,omitempty"` -} - -type HashConfigParameters struct { -} - -type PhoneNumberInitParameters struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // A map of that can be used for phone auth testing. - // +mapType=granular - TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` -} - -type PhoneNumberObservation struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // A map of that can be used for phone auth testing. - // +mapType=granular - TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` -} - -type PhoneNumberParameters struct { - - // Whether phone number auth is enabled for the project or not. - // +kubebuilder:validation:Optional - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // A map of that can be used for phone auth testing. - // +kubebuilder:validation:Optional - // +mapType=granular - TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` -} - -type ProjectDefaultConfigInitParameters struct { - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // Configuration related to local sign in methods. - // Structure is documented below. - SignIn []SignInInitParameters `json:"signIn,omitempty" tf:"sign_in,omitempty"` -} - -type ProjectDefaultConfigObservation struct { - - // an identifier for the resource with format {{project}} - ID *string `json:"id,omitempty" tf:"id,omitempty"` - - // The name of the Config resource. Example: "projects/my-awesome-project/config" - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // Configuration related to local sign in methods. - // Structure is documented below. - SignIn []SignInObservation `json:"signIn,omitempty" tf:"sign_in,omitempty"` -} - -type ProjectDefaultConfigParameters struct { - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - // +kubebuilder:validation:Optional - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // Configuration related to local sign in methods. - // Structure is documented below. - // +kubebuilder:validation:Optional - SignIn []SignInParameters `json:"signIn,omitempty" tf:"sign_in,omitempty"` -} - -type SignInInitParameters struct { - - // Whether to allow more than one account to have the same email. - AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` - - // Configuration options related to authenticating an anonymous user. - // Structure is documented below. - Anonymous []AnonymousInitParameters `json:"anonymous,omitempty" tf:"anonymous,omitempty"` - - // Configuration options related to authenticating a user by their email address. - // Structure is documented below. - Email []EmailInitParameters `json:"email,omitempty" tf:"email,omitempty"` - - // Configuration options related to authenticated a user by their phone number. - // Structure is documented below. - PhoneNumber []PhoneNumberInitParameters `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` -} - -type SignInObservation struct { - - // Whether to allow more than one account to have the same email. - AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` - - // Configuration options related to authenticating an anonymous user. - // Structure is documented below. - Anonymous []AnonymousObservation `json:"anonymous,omitempty" tf:"anonymous,omitempty"` - - // Configuration options related to authenticating a user by their email address. - // Structure is documented below. - Email []EmailObservation `json:"email,omitempty" tf:"email,omitempty"` - - // (Output) - // Output only. Hash config information. - // Structure is documented below. - HashConfig []HashConfigObservation `json:"hashConfig,omitempty" tf:"hash_config,omitempty"` - - // Configuration options related to authenticated a user by their phone number. - // Structure is documented below. - PhoneNumber []PhoneNumberObservation `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` -} - -type SignInParameters struct { - - // Whether to allow more than one account to have the same email. - // +kubebuilder:validation:Optional - AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` - - // Configuration options related to authenticating an anonymous user. - // Structure is documented below. - // +kubebuilder:validation:Optional - Anonymous []AnonymousParameters `json:"anonymous,omitempty" tf:"anonymous,omitempty"` - - // Configuration options related to authenticating a user by their email address. - // Structure is documented below. - // +kubebuilder:validation:Optional - Email []EmailParameters `json:"email,omitempty" tf:"email,omitempty"` - - // Configuration options related to authenticated a user by their phone number. - // Structure is documented below. - // +kubebuilder:validation:Optional - PhoneNumber []PhoneNumberParameters `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` -} - -// ProjectDefaultConfigSpec defines the desired state of ProjectDefaultConfig -type ProjectDefaultConfigSpec struct { - v1.ResourceSpec `json:",inline"` - ForProvider ProjectDefaultConfigParameters `json:"forProvider"` - // THIS IS A BETA FIELD. It will be honored - // unless the Management Policies feature flag is disabled. - // InitProvider holds the same fields as ForProvider, with the exception - // of Identifier and other resource reference fields. The fields that are - // in InitProvider are merged into ForProvider when the resource is created. - // The same fields are also added to the terraform ignore_changes hook, to - // avoid updating them after creation. This is useful for fields that are - // required on creation, but we do not desire to update them after creation, - // for example because of an external controller is managing them, like an - // autoscaler. - InitProvider ProjectDefaultConfigInitParameters `json:"initProvider,omitempty"` -} - -// ProjectDefaultConfigStatus defines the observed state of ProjectDefaultConfig. -type ProjectDefaultConfigStatus struct { - v1.ResourceStatus `json:",inline"` - AtProvider ProjectDefaultConfigObservation `json:"atProvider,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:storageversion - -// ProjectDefaultConfig is the Schema for the ProjectDefaultConfigs API. There is no persistent data associated with this resource. -// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" -// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" -// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" -// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} -type ProjectDefaultConfig struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ProjectDefaultConfigSpec `json:"spec"` - Status ProjectDefaultConfigStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// ProjectDefaultConfigList contains a list of ProjectDefaultConfigs -type ProjectDefaultConfigList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []ProjectDefaultConfig `json:"items"` -} - -// Repository type metadata. -var ( - ProjectDefaultConfig_Kind = "ProjectDefaultConfig" - ProjectDefaultConfig_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: ProjectDefaultConfig_Kind}.String() - ProjectDefaultConfig_KindAPIVersion = ProjectDefaultConfig_Kind + "." + CRDGroupVersion.String() - ProjectDefaultConfig_GroupVersionKind = CRDGroupVersion.WithKind(ProjectDefaultConfig_Kind) -) - -func init() { - SchemeBuilder.Register(&ProjectDefaultConfig{}, &ProjectDefaultConfigList{}) -} diff --git a/apis/identityplatform/v1beta2/zz_generated.deepcopy.go b/apis/identityplatform/v1beta2/zz_generated.deepcopy.go index e14aac6c6..c9c33fa73 100644 --- a/apis/identityplatform/v1beta2/zz_generated.deepcopy.go +++ b/apis/identityplatform/v1beta2/zz_generated.deepcopy.go @@ -13,211 +13,6 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AnonymousInitParameters) DeepCopyInto(out *AnonymousInitParameters) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnonymousInitParameters. -func (in *AnonymousInitParameters) DeepCopy() *AnonymousInitParameters { - if in == nil { - return nil - } - out := new(AnonymousInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AnonymousObservation) DeepCopyInto(out *AnonymousObservation) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnonymousObservation. -func (in *AnonymousObservation) DeepCopy() *AnonymousObservation { - if in == nil { - return nil - } - out := new(AnonymousObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AnonymousParameters) DeepCopyInto(out *AnonymousParameters) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnonymousParameters. -func (in *AnonymousParameters) DeepCopy() *AnonymousParameters { - if in == nil { - return nil - } - out := new(AnonymousParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EmailInitParameters) DeepCopyInto(out *EmailInitParameters) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - if in.PasswordRequired != nil { - in, out := &in.PasswordRequired, &out.PasswordRequired - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailInitParameters. -func (in *EmailInitParameters) DeepCopy() *EmailInitParameters { - if in == nil { - return nil - } - out := new(EmailInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EmailObservation) DeepCopyInto(out *EmailObservation) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - if in.PasswordRequired != nil { - in, out := &in.PasswordRequired, &out.PasswordRequired - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailObservation. -func (in *EmailObservation) DeepCopy() *EmailObservation { - if in == nil { - return nil - } - out := new(EmailObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EmailParameters) DeepCopyInto(out *EmailParameters) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - if in.PasswordRequired != nil { - in, out := &in.PasswordRequired, &out.PasswordRequired - *out = new(bool) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailParameters. -func (in *EmailParameters) DeepCopy() *EmailParameters { - if in == nil { - return nil - } - out := new(EmailParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HashConfigInitParameters) DeepCopyInto(out *HashConfigInitParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashConfigInitParameters. -func (in *HashConfigInitParameters) DeepCopy() *HashConfigInitParameters { - if in == nil { - return nil - } - out := new(HashConfigInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HashConfigObservation) DeepCopyInto(out *HashConfigObservation) { - *out = *in - if in.Algorithm != nil { - in, out := &in.Algorithm, &out.Algorithm - *out = new(string) - **out = **in - } - if in.MemoryCost != nil { - in, out := &in.MemoryCost, &out.MemoryCost - *out = new(float64) - **out = **in - } - if in.Rounds != nil { - in, out := &in.Rounds, &out.Rounds - *out = new(float64) - **out = **in - } - if in.SaltSeparator != nil { - in, out := &in.SaltSeparator, &out.SaltSeparator - *out = new(string) - **out = **in - } - if in.SignerKey != nil { - in, out := &in.SignerKey, &out.SignerKey - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashConfigObservation. -func (in *HashConfigObservation) DeepCopy() *HashConfigObservation { - if in == nil { - return nil - } - out := new(HashConfigObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HashConfigParameters) DeepCopyInto(out *HashConfigParameters) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashConfigParameters. -func (in *HashConfigParameters) DeepCopy() *HashConfigParameters { - if in == nil { - return nil - } - out := new(HashConfigParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IdPCertificatesInitParameters) DeepCopyInto(out *IdPCertificatesInitParameters) { *out = *in @@ -673,405 +468,6 @@ func (in *InboundSAMLConfigStatus) DeepCopy() *InboundSAMLConfigStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PhoneNumberInitParameters) DeepCopyInto(out *PhoneNumberInitParameters) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - if in.TestPhoneNumbers != nil { - in, out := &in.TestPhoneNumbers, &out.TestPhoneNumbers - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumberInitParameters. -func (in *PhoneNumberInitParameters) DeepCopy() *PhoneNumberInitParameters { - if in == nil { - return nil - } - out := new(PhoneNumberInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PhoneNumberObservation) DeepCopyInto(out *PhoneNumberObservation) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - if in.TestPhoneNumbers != nil { - in, out := &in.TestPhoneNumbers, &out.TestPhoneNumbers - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumberObservation. -func (in *PhoneNumberObservation) DeepCopy() *PhoneNumberObservation { - if in == nil { - return nil - } - out := new(PhoneNumberObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PhoneNumberParameters) DeepCopyInto(out *PhoneNumberParameters) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - if in.TestPhoneNumbers != nil { - in, out := &in.TestPhoneNumbers, &out.TestPhoneNumbers - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumberParameters. -func (in *PhoneNumberParameters) DeepCopy() *PhoneNumberParameters { - if in == nil { - return nil - } - out := new(PhoneNumberParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfig) DeepCopyInto(out *ProjectDefaultConfig) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfig. -func (in *ProjectDefaultConfig) DeepCopy() *ProjectDefaultConfig { - if in == nil { - return nil - } - out := new(ProjectDefaultConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProjectDefaultConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigInitParameters) DeepCopyInto(out *ProjectDefaultConfigInitParameters) { - *out = *in - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.SignIn != nil { - in, out := &in.SignIn, &out.SignIn - *out = new(SignInInitParameters) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigInitParameters. -func (in *ProjectDefaultConfigInitParameters) DeepCopy() *ProjectDefaultConfigInitParameters { - if in == nil { - return nil - } - out := new(ProjectDefaultConfigInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigList) DeepCopyInto(out *ProjectDefaultConfigList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ProjectDefaultConfig, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigList. -func (in *ProjectDefaultConfigList) DeepCopy() *ProjectDefaultConfigList { - if in == nil { - return nil - } - out := new(ProjectDefaultConfigList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProjectDefaultConfigList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigObservation) DeepCopyInto(out *ProjectDefaultConfigObservation) { - *out = *in - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.SignIn != nil { - in, out := &in.SignIn, &out.SignIn - *out = new(SignInObservation) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigObservation. -func (in *ProjectDefaultConfigObservation) DeepCopy() *ProjectDefaultConfigObservation { - if in == nil { - return nil - } - out := new(ProjectDefaultConfigObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigParameters) DeepCopyInto(out *ProjectDefaultConfigParameters) { - *out = *in - if in.Project != nil { - in, out := &in.Project, &out.Project - *out = new(string) - **out = **in - } - if in.SignIn != nil { - in, out := &in.SignIn, &out.SignIn - *out = new(SignInParameters) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigParameters. -func (in *ProjectDefaultConfigParameters) DeepCopy() *ProjectDefaultConfigParameters { - if in == nil { - return nil - } - out := new(ProjectDefaultConfigParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigSpec) DeepCopyInto(out *ProjectDefaultConfigSpec) { - *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigSpec. -func (in *ProjectDefaultConfigSpec) DeepCopy() *ProjectDefaultConfigSpec { - if in == nil { - return nil - } - out := new(ProjectDefaultConfigSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectDefaultConfigStatus) DeepCopyInto(out *ProjectDefaultConfigStatus) { - *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectDefaultConfigStatus. -func (in *ProjectDefaultConfigStatus) DeepCopy() *ProjectDefaultConfigStatus { - if in == nil { - return nil - } - out := new(ProjectDefaultConfigStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SignInInitParameters) DeepCopyInto(out *SignInInitParameters) { - *out = *in - if in.AllowDuplicateEmails != nil { - in, out := &in.AllowDuplicateEmails, &out.AllowDuplicateEmails - *out = new(bool) - **out = **in - } - if in.Anonymous != nil { - in, out := &in.Anonymous, &out.Anonymous - *out = new(AnonymousInitParameters) - (*in).DeepCopyInto(*out) - } - if in.Email != nil { - in, out := &in.Email, &out.Email - *out = new(EmailInitParameters) - (*in).DeepCopyInto(*out) - } - if in.PhoneNumber != nil { - in, out := &in.PhoneNumber, &out.PhoneNumber - *out = new(PhoneNumberInitParameters) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignInInitParameters. -func (in *SignInInitParameters) DeepCopy() *SignInInitParameters { - if in == nil { - return nil - } - out := new(SignInInitParameters) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SignInObservation) DeepCopyInto(out *SignInObservation) { - *out = *in - if in.AllowDuplicateEmails != nil { - in, out := &in.AllowDuplicateEmails, &out.AllowDuplicateEmails - *out = new(bool) - **out = **in - } - if in.Anonymous != nil { - in, out := &in.Anonymous, &out.Anonymous - *out = new(AnonymousObservation) - (*in).DeepCopyInto(*out) - } - if in.Email != nil { - in, out := &in.Email, &out.Email - *out = new(EmailObservation) - (*in).DeepCopyInto(*out) - } - if in.HashConfig != nil { - in, out := &in.HashConfig, &out.HashConfig - *out = make([]HashConfigObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.PhoneNumber != nil { - in, out := &in.PhoneNumber, &out.PhoneNumber - *out = new(PhoneNumberObservation) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignInObservation. -func (in *SignInObservation) DeepCopy() *SignInObservation { - if in == nil { - return nil - } - out := new(SignInObservation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SignInParameters) DeepCopyInto(out *SignInParameters) { - *out = *in - if in.AllowDuplicateEmails != nil { - in, out := &in.AllowDuplicateEmails, &out.AllowDuplicateEmails - *out = new(bool) - **out = **in - } - if in.Anonymous != nil { - in, out := &in.Anonymous, &out.Anonymous - *out = new(AnonymousParameters) - (*in).DeepCopyInto(*out) - } - if in.Email != nil { - in, out := &in.Email, &out.Email - *out = new(EmailParameters) - (*in).DeepCopyInto(*out) - } - if in.PhoneNumber != nil { - in, out := &in.PhoneNumber, &out.PhoneNumber - *out = new(PhoneNumberParameters) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignInParameters. -func (in *SignInParameters) DeepCopy() *SignInParameters { - if in == nil { - return nil - } - out := new(SignInParameters) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SpCertificatesInitParameters) DeepCopyInto(out *SpCertificatesInitParameters) { *out = *in diff --git a/apis/identityplatform/v1beta2/zz_generated.managed.go b/apis/identityplatform/v1beta2/zz_generated.managed.go index 45608be77..41c6ccf41 100644 --- a/apis/identityplatform/v1beta2/zz_generated.managed.go +++ b/apis/identityplatform/v1beta2/zz_generated.managed.go @@ -67,66 +67,6 @@ func (mg *InboundSAMLConfig) SetWriteConnectionSecretToReference(r *xpv1.SecretR mg.Spec.WriteConnectionSecretToReference = r } -// GetCondition of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetCondition(ct xpv1.ConditionType) xpv1.Condition { - return mg.Status.GetCondition(ct) -} - -// GetDeletionPolicy of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetDeletionPolicy() xpv1.DeletionPolicy { - return mg.Spec.DeletionPolicy -} - -// GetManagementPolicies of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetManagementPolicies() xpv1.ManagementPolicies { - return mg.Spec.ManagementPolicies -} - -// GetProviderConfigReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetProviderConfigReference() *xpv1.Reference { - return mg.Spec.ProviderConfigReference -} - -// GetPublishConnectionDetailsTo of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { - return mg.Spec.PublishConnectionDetailsTo -} - -// GetWriteConnectionSecretToReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) GetWriteConnectionSecretToReference() *xpv1.SecretReference { - return mg.Spec.WriteConnectionSecretToReference -} - -// SetConditions of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetConditions(c ...xpv1.Condition) { - mg.Status.SetConditions(c...) -} - -// SetDeletionPolicy of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetDeletionPolicy(r xpv1.DeletionPolicy) { - mg.Spec.DeletionPolicy = r -} - -// SetManagementPolicies of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetManagementPolicies(r xpv1.ManagementPolicies) { - mg.Spec.ManagementPolicies = r -} - -// SetProviderConfigReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetProviderConfigReference(r *xpv1.Reference) { - mg.Spec.ProviderConfigReference = r -} - -// SetPublishConnectionDetailsTo of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { - mg.Spec.PublishConnectionDetailsTo = r -} - -// SetWriteConnectionSecretToReference of this ProjectDefaultConfig. -func (mg *ProjectDefaultConfig) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { - mg.Spec.WriteConnectionSecretToReference = r -} - // GetCondition of this TenantInboundSAMLConfig. func (mg *TenantInboundSAMLConfig) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/identityplatform/v1beta2/zz_generated.managedlist.go b/apis/identityplatform/v1beta2/zz_generated.managedlist.go index bd527f912..ffc290db6 100644 --- a/apis/identityplatform/v1beta2/zz_generated.managedlist.go +++ b/apis/identityplatform/v1beta2/zz_generated.managedlist.go @@ -16,15 +16,6 @@ func (l *InboundSAMLConfigList) GetItems() []resource.Managed { return items } -// GetItems of this ProjectDefaultConfigList. -func (l *ProjectDefaultConfigList) GetItems() []resource.Managed { - items := make([]resource.Managed, len(l.Items)) - for i := range l.Items { - items[i] = &l.Items[i] - } - return items -} - // GetItems of this TenantInboundSAMLConfigList. func (l *TenantInboundSAMLConfigList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/apis/identityplatform/v1beta2/zz_projectdefaultconfig_terraformed.go b/apis/identityplatform/v1beta2/zz_projectdefaultconfig_terraformed.go deleted file mode 100755 index 0a5d8fd19..000000000 --- a/apis/identityplatform/v1beta2/zz_projectdefaultconfig_terraformed.go +++ /dev/null @@ -1,129 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -package v1beta2 - -import ( - "dario.cat/mergo" - "github.com/pkg/errors" - - "github.com/crossplane/upjet/pkg/resource" - "github.com/crossplane/upjet/pkg/resource/json" -) - -// GetTerraformResourceType returns Terraform resource type for this ProjectDefaultConfig -func (mg *ProjectDefaultConfig) GetTerraformResourceType() string { - return "google_identity_platform_project_default_config" -} - -// GetConnectionDetailsMapping for this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetConnectionDetailsMapping() map[string]string { - return nil -} - -// GetObservation of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetObservation() (map[string]any, error) { - o, err := json.TFParser.Marshal(tr.Status.AtProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(o, &base) -} - -// SetObservation for this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) SetObservation(obs map[string]any) error { - p, err := json.TFParser.Marshal(obs) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) -} - -// GetID returns ID of underlying Terraform resource of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetID() string { - if tr.Status.AtProvider.ID == nil { - return "" - } - return *tr.Status.AtProvider.ID -} - -// GetParameters of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.ForProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// SetParameters for this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) SetParameters(params map[string]any) error { - p, err := json.TFParser.Marshal(params) - if err != nil { - return err - } - return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) -} - -// GetInitParameters of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetInitParameters() (map[string]any, error) { - p, err := json.TFParser.Marshal(tr.Spec.InitProvider) - if err != nil { - return nil, err - } - base := map[string]any{} - return base, json.TFParser.Unmarshal(p, &base) -} - -// GetInitParameters of this ProjectDefaultConfig -func (tr *ProjectDefaultConfig) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { - params, err := tr.GetParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) - } - if !shouldMergeInitProvider { - return params, nil - } - - initParams, err := tr.GetInitParameters() - if err != nil { - return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) - } - - // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the - // slices from the initProvider to forProvider. As it also sets - // overwrite to true, we need to set it back to false, we don't - // want to overwrite the forProvider fields with the initProvider - // fields. - err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { - c.Overwrite = false - }) - if err != nil { - return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) - } - - return params, nil -} - -// LateInitialize this ProjectDefaultConfig using its observed tfState. -// returns True if there are any spec changes for the resource. -func (tr *ProjectDefaultConfig) LateInitialize(attrs []byte) (bool, error) { - params := &ProjectDefaultConfigParameters{} - if err := json.TFParser.Unmarshal(attrs, params); err != nil { - return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") - } - opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} - - li := resource.NewGenericLateInitializer(opts...) - return li.LateInitialize(&tr.Spec.ForProvider, params) -} - -// GetTerraformSchemaVersion returns the associated Terraform schema version -func (tr *ProjectDefaultConfig) GetTerraformSchemaVersion() int { - return 0 -} diff --git a/apis/identityplatform/v1beta2/zz_projectdefaultconfig_types.go b/apis/identityplatform/v1beta2/zz_projectdefaultconfig_types.go deleted file mode 100755 index 79b7f79d0..000000000 --- a/apis/identityplatform/v1beta2/zz_projectdefaultconfig_types.go +++ /dev/null @@ -1,293 +0,0 @@ -// SPDX-FileCopyrightText: 2024 The Crossplane Authors -// -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by upjet. DO NOT EDIT. - -package v1beta2 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - - v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" -) - -type AnonymousInitParameters struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` -} - -type AnonymousObservation struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` -} - -type AnonymousParameters struct { - - // Whether phone number auth is enabled for the project or not. - // +kubebuilder:validation:Optional - Enabled *bool `json:"enabled" tf:"enabled,omitempty"` -} - -type EmailInitParameters struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // Whether a password is required for email auth or not. If true, both an email and - // password must be provided to sign in. If false, a user may sign in via either - // email/password or email link. - PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` -} - -type EmailObservation struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // Whether a password is required for email auth or not. If true, both an email and - // password must be provided to sign in. If false, a user may sign in via either - // email/password or email link. - PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` -} - -type EmailParameters struct { - - // Whether phone number auth is enabled for the project or not. - // +kubebuilder:validation:Optional - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // Whether a password is required for email auth or not. If true, both an email and - // password must be provided to sign in. If false, a user may sign in via either - // email/password or email link. - // +kubebuilder:validation:Optional - PasswordRequired *bool `json:"passwordRequired,omitempty" tf:"password_required,omitempty"` -} - -type HashConfigInitParameters struct { -} - -type HashConfigObservation struct { - - // (Output) - // Different password hash algorithms used in Identity Toolkit. - Algorithm *string `json:"algorithm,omitempty" tf:"algorithm,omitempty"` - - // (Output) - // Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. - MemoryCost *float64 `json:"memoryCost,omitempty" tf:"memory_cost,omitempty"` - - // (Output) - // How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. - Rounds *float64 `json:"rounds,omitempty" tf:"rounds,omitempty"` - - // (Output) - // Non-printable character to be inserted between the salt and plain text password in base64. - SaltSeparator *string `json:"saltSeparator,omitempty" tf:"salt_separator,omitempty"` - - // (Output) - // Signer key in base64. - SignerKey *string `json:"signerKey,omitempty" tf:"signer_key,omitempty"` -} - -type HashConfigParameters struct { -} - -type PhoneNumberInitParameters struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // A map of that can be used for phone auth testing. - // +mapType=granular - TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` -} - -type PhoneNumberObservation struct { - - // Whether phone number auth is enabled for the project or not. - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // A map of that can be used for phone auth testing. - // +mapType=granular - TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` -} - -type PhoneNumberParameters struct { - - // Whether phone number auth is enabled for the project or not. - // +kubebuilder:validation:Optional - Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` - - // A map of that can be used for phone auth testing. - // +kubebuilder:validation:Optional - // +mapType=granular - TestPhoneNumbers map[string]*string `json:"testPhoneNumbers,omitempty" tf:"test_phone_numbers,omitempty"` -} - -type ProjectDefaultConfigInitParameters struct { - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // Configuration related to local sign in methods. - // Structure is documented below. - SignIn *SignInInitParameters `json:"signIn,omitempty" tf:"sign_in,omitempty"` -} - -type ProjectDefaultConfigObservation struct { - - // an identifier for the resource with format {{project}} - ID *string `json:"id,omitempty" tf:"id,omitempty"` - - // The name of the Config resource. Example: "projects/my-awesome-project/config" - Name *string `json:"name,omitempty" tf:"name,omitempty"` - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // Configuration related to local sign in methods. - // Structure is documented below. - SignIn *SignInObservation `json:"signIn,omitempty" tf:"sign_in,omitempty"` -} - -type ProjectDefaultConfigParameters struct { - - // The ID of the project in which the resource belongs. - // If it is not provided, the provider project is used. - // +kubebuilder:validation:Optional - Project *string `json:"project,omitempty" tf:"project,omitempty"` - - // Configuration related to local sign in methods. - // Structure is documented below. - // +kubebuilder:validation:Optional - SignIn *SignInParameters `json:"signIn,omitempty" tf:"sign_in,omitempty"` -} - -type SignInInitParameters struct { - - // Whether to allow more than one account to have the same email. - AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` - - // Configuration options related to authenticating an anonymous user. - // Structure is documented below. - Anonymous *AnonymousInitParameters `json:"anonymous,omitempty" tf:"anonymous,omitempty"` - - // Configuration options related to authenticating a user by their email address. - // Structure is documented below. - Email *EmailInitParameters `json:"email,omitempty" tf:"email,omitempty"` - - // Configuration options related to authenticated a user by their phone number. - // Structure is documented below. - PhoneNumber *PhoneNumberInitParameters `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` -} - -type SignInObservation struct { - - // Whether to allow more than one account to have the same email. - AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` - - // Configuration options related to authenticating an anonymous user. - // Structure is documented below. - Anonymous *AnonymousObservation `json:"anonymous,omitempty" tf:"anonymous,omitempty"` - - // Configuration options related to authenticating a user by their email address. - // Structure is documented below. - Email *EmailObservation `json:"email,omitempty" tf:"email,omitempty"` - - // (Output) - // Output only. Hash config information. - // Structure is documented below. - HashConfig []HashConfigObservation `json:"hashConfig,omitempty" tf:"hash_config,omitempty"` - - // Configuration options related to authenticated a user by their phone number. - // Structure is documented below. - PhoneNumber *PhoneNumberObservation `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` -} - -type SignInParameters struct { - - // Whether to allow more than one account to have the same email. - // +kubebuilder:validation:Optional - AllowDuplicateEmails *bool `json:"allowDuplicateEmails,omitempty" tf:"allow_duplicate_emails,omitempty"` - - // Configuration options related to authenticating an anonymous user. - // Structure is documented below. - // +kubebuilder:validation:Optional - Anonymous *AnonymousParameters `json:"anonymous,omitempty" tf:"anonymous,omitempty"` - - // Configuration options related to authenticating a user by their email address. - // Structure is documented below. - // +kubebuilder:validation:Optional - Email *EmailParameters `json:"email,omitempty" tf:"email,omitempty"` - - // Configuration options related to authenticated a user by their phone number. - // Structure is documented below. - // +kubebuilder:validation:Optional - PhoneNumber *PhoneNumberParameters `json:"phoneNumber,omitempty" tf:"phone_number,omitempty"` -} - -// ProjectDefaultConfigSpec defines the desired state of ProjectDefaultConfig -type ProjectDefaultConfigSpec struct { - v1.ResourceSpec `json:",inline"` - ForProvider ProjectDefaultConfigParameters `json:"forProvider"` - // THIS IS A BETA FIELD. It will be honored - // unless the Management Policies feature flag is disabled. - // InitProvider holds the same fields as ForProvider, with the exception - // of Identifier and other resource reference fields. The fields that are - // in InitProvider are merged into ForProvider when the resource is created. - // The same fields are also added to the terraform ignore_changes hook, to - // avoid updating them after creation. This is useful for fields that are - // required on creation, but we do not desire to update them after creation, - // for example because of an external controller is managing them, like an - // autoscaler. - InitProvider ProjectDefaultConfigInitParameters `json:"initProvider,omitempty"` -} - -// ProjectDefaultConfigStatus defines the observed state of ProjectDefaultConfig. -type ProjectDefaultConfigStatus struct { - v1.ResourceStatus `json:",inline"` - AtProvider ProjectDefaultConfigObservation `json:"atProvider,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status - -// ProjectDefaultConfig is the Schema for the ProjectDefaultConfigs API. There is no persistent data associated with this resource. -// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" -// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" -// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" -// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp} -type ProjectDefaultConfig struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ProjectDefaultConfigSpec `json:"spec"` - Status ProjectDefaultConfigStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// ProjectDefaultConfigList contains a list of ProjectDefaultConfigs -type ProjectDefaultConfigList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []ProjectDefaultConfig `json:"items"` -} - -// Repository type metadata. -var ( - ProjectDefaultConfig_Kind = "ProjectDefaultConfig" - ProjectDefaultConfig_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: ProjectDefaultConfig_Kind}.String() - ProjectDefaultConfig_KindAPIVersion = ProjectDefaultConfig_Kind + "." + CRDGroupVersion.String() - ProjectDefaultConfig_GroupVersionKind = CRDGroupVersion.WithKind(ProjectDefaultConfig_Kind) -) - -func init() { - SchemeBuilder.Register(&ProjectDefaultConfig{}, &ProjectDefaultConfigList{}) -} diff --git a/config/externalname.go b/config/externalname.go index 7a534ba39..a75b6f134 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -555,6 +555,8 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // identityplatform // + // Imported by using the following projects/{{project}}/config + "google_identity_platform_config": config.TemplatedStringAsIdentifier("", "projects/{{ .setup.configuration.project }}/config"), // Imported by using the following format: projects/{{project}}/defaultSupportedIdpConfigs/{{idp_id}} "google_identity_platform_default_supported_idp_config": config.IdentifierFromProvider, // Imported by using the following format: projects/{{project}}/inboundSamlConfigs/{{name}} @@ -569,8 +571,6 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ "google_identity_platform_tenant_inbound_saml_config": config.IdentifierFromProvider, // Imported by using the following: projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs/{{name}} "google_identity_platform_tenant_oauth_idp_config": config.IdentifierFromProvider, - // Imported by using the following projects/{{project}}/config/{{name}} - "google_identity_platform_project_default_config": config.IdentifierFromProvider, // kms // diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index 43aa53520..846be5605 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -377,11 +377,7 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ "google_iam_workload_identity_pool_provider": config.TemplatedStringAsIdentifier("workload_identity_pool_provider_id", "projects/{{ .setup.configuration.project }}/locations/global/workloadIdentityPools/{{ .parameters.workload_identity_pool_id }}/providers/{{ .external_name }}"), // identityplatform - // - // Imported by using the following projects/{{project}}/config - "google_identity_platform_config": config.TemplatedStringAsIdentifier("", "projects/{{ .setup.configuration.project }}/config"), - // Imported by using the following projects/{{project}}/config/{{name}} - "google_identity_platform_project_default_config": config.IdentifierFromProvider, + // // kms // diff --git a/config/old-singleton-list-apis.txt b/config/old-singleton-list-apis.txt index e89ef7bc7..499115b63 100644 --- a/config/old-singleton-list-apis.txt +++ b/config/old-singleton-list-apis.txt @@ -144,7 +144,6 @@ google_iap_web_iam_member google_iap_web_type_app_engine_iam_member google_iap_web_type_compute_iam_member google_identity_platform_inbound_saml_config -google_identity_platform_project_default_config google_identity_platform_tenant_inbound_saml_config google_kms_crypto_key google_kms_crypto_key_iam_member diff --git a/examples-generated/identityplatform/v1beta1/config.yaml b/examples-generated/identityplatform/v1beta1/config.yaml new file mode 100644 index 000000000..94e143108 --- /dev/null +++ b/examples-generated/identityplatform/v1beta1/config.yaml @@ -0,0 +1,84 @@ +apiVersion: identityplatform.gcp.upbound.io/v1beta1 +kind: Config +metadata: + annotations: + meta.upbound.io/example-id: identityplatform/v1beta1/config + labels: + testing.upbound.io/example-name: default + name: default +spec: + forProvider: + authorizedDomains: + - localhost + - my-project.firebaseapp.com + - my-project.web.app + autodeleteAnonymousUsers: true + blockingFunctions: + - forwardInboundCredentials: + - accessToken: true + idToken: true + refreshToken: true + triggers: + - eventType: beforeSignIn + functionUri: https://us-east1-my-project.cloudfunctions.net/before-sign-in + projectSelector: + matchLabels: + testing.upbound.io/example-name: default + quota: + - signUpQuotaConfig: + - quota: 1000 + quotaDuration: 7200s + startTime: "2014-10-02T15:01:23Z" + signIn: + - allowDuplicateEmails: true + anonymous: + - enabled: true + email: + - enabled: true + passwordRequired: false + phoneNumber: + - enabled: true + testPhoneNumbers: + "+11231231234": "000000" + smsRegionConfig: + - allowlistOnly: + - allowedRegions: + - US + - CA + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: Project +metadata: + annotations: + meta.upbound.io/example-id: identityplatform/v1beta1/config + labels: + testing.upbound.io/example-name: default + name: default +spec: + forProvider: + billingAccount: 000000-0000000-0000000-000000 + deletionPolicy: DELETE + labels: + firebase: enabled + name: my-project + orgId: "123456789" + projectId: my-project + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: ProjectService +metadata: + annotations: + meta.upbound.io/example-id: identityplatform/v1beta1/config + labels: + testing.upbound.io/example-name: identitytoolkit + name: identitytoolkit +spec: + forProvider: + projectSelector: + matchLabels: + testing.upbound.io/example-name: default + service: identitytoolkit.googleapis.com diff --git a/examples-generated/identityplatform/v1beta2/projectdefaultconfig.yaml b/examples-generated/identityplatform/v1beta2/projectdefaultconfig.yaml deleted file mode 100644 index 1f5964032..000000000 --- a/examples-generated/identityplatform/v1beta2/projectdefaultconfig.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: identityplatform.gcp.upbound.io/v1beta2 -kind: ProjectDefaultConfig -metadata: - annotations: - meta.upbound.io/example-id: identityplatform/v1beta2/projectdefaultconfig - labels: - testing.upbound.io/example-name: default - name: default -spec: - forProvider: - signIn: - - allowDuplicateEmails: true - anonymous: - - enabled: true - email: - - enabled: true - passwordRequired: false - phoneNumber: - - enabled: true - testPhoneNumbers: - "+11231231234": "000000" diff --git a/examples-generated/identityplatform/v1beta1/projectdefaultconfig.yaml b/examples/identityplatform/v1beta1/config.yaml similarity index 67% rename from examples-generated/identityplatform/v1beta1/projectdefaultconfig.yaml rename to examples/identityplatform/v1beta1/config.yaml index 5e2cb04e0..55009e854 100644 --- a/examples-generated/identityplatform/v1beta1/projectdefaultconfig.yaml +++ b/examples/identityplatform/v1beta1/config.yaml @@ -1,8 +1,8 @@ apiVersion: identityplatform.gcp.upbound.io/v1beta1 -kind: ProjectDefaultConfig +kind: Config metadata: annotations: - meta.upbound.io/example-id: identityplatform/v1beta1/projectdefaultconfig + meta.upbound.io/example-id: identityplatform/v1beta1/config labels: testing.upbound.io/example-name: default name: default @@ -11,11 +11,11 @@ spec: signIn: - allowDuplicateEmails: true anonymous: - - enabled: true + enabled: true email: - - enabled: true + enabled: true passwordRequired: false phoneNumber: - - enabled: true + enabled: true testPhoneNumbers: "+11231231234": "000000" diff --git a/examples/identityplatform/v1beta1/projectdefaultconfig.yaml b/examples/identityplatform/v1beta1/projectdefaultconfig.yaml deleted file mode 100644 index 80f4e26f8..000000000 --- a/examples/identityplatform/v1beta1/projectdefaultconfig.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# SPDX-FileCopyrightText: 2024 The Crossplane Authors -# -# SPDX-License-Identifier: CC0-1.0 - -apiVersion: identityplatform.gcp.upbound.io/v1beta1 -kind: ProjectDefaultConfig -metadata: - annotations: - meta.upbound.io/example-id: identityplatform/v1beta1/projectdefaultconfig - labels: - testing.upbound.io/example-name: default - name: default -spec: - forProvider: - signIn: - - allowDuplicateEmails: true - anonymous: - - enabled: true - email: - - enabled: true - passwordRequired: false - phoneNumber: - - enabled: true - testPhoneNumbers: - "+11231231234": "0000000" diff --git a/examples/identityplatform/v1beta2/projectdefaultconfig.yaml b/examples/identityplatform/v1beta2/projectdefaultconfig.yaml deleted file mode 100644 index 91b372155..000000000 --- a/examples/identityplatform/v1beta2/projectdefaultconfig.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# SPDX-FileCopyrightText: 2024 The Crossplane Authors -# -# SPDX-License-Identifier: Apache-2.0 - -apiVersion: identityplatform.gcp.upbound.io/v1beta2 -kind: ProjectDefaultConfig -metadata: - annotations: - meta.upbound.io/example-id: identityplatform/v1beta2/projectdefaultconfig - labels: - testing.upbound.io/example-name: default - name: default -spec: - forProvider: - signIn: - allowDuplicateEmails: true - anonymous: - enabled: true - email: - enabled: true - passwordRequired: false - phoneNumber: - enabled: true - testPhoneNumbers: - "+11231231234": "0000000" diff --git a/internal/controller/identityplatform/projectdefaultconfig/zz_controller.go b/internal/controller/identityplatform/config/zz_controller.go similarity index 79% rename from internal/controller/identityplatform/projectdefaultconfig/zz_controller.go rename to internal/controller/identityplatform/config/zz_controller.go index 70b605fda..a0c4a8c95 100755 --- a/internal/controller/identityplatform/projectdefaultconfig/zz_controller.go +++ b/internal/controller/identityplatform/config/zz_controller.go @@ -4,7 +4,7 @@ // Code generated by upjet. DO NOT EDIT. -package projectdefaultconfig +package config import ( "time" @@ -25,23 +25,24 @@ import ( features "github.com/upbound/provider-gcp/internal/features" ) -// Setup adds a controller that reconciles ProjectDefaultConfig managed resources. +// Setup adds a controller that reconciles Config managed resources. func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { - name := managed.ControllerName(v1beta1.ProjectDefaultConfig_GroupVersionKind.String()) + name := managed.ControllerName(v1beta1.Config_GroupVersionKind.String()) var initializers managed.InitializerChain + initializers = append(initializers, managed.NewNameAsExternalName(mgr.GetClient())) cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} if o.SecretStoreConfigGVK != nil { cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) } - eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.ProjectDefaultConfig_GroupVersionKind))) - ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.ProjectDefaultConfig_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1beta1.Config_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1beta1.Config_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler), tjcontroller.WithStatusUpdates(false)) opts := []managed.ReconcilerOption{ managed.WithExternalConnecter( - tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_identity_platform_project_default_config"], + tjcontroller.NewTerraformPluginSDKAsyncConnector(mgr.GetClient(), o.OperationTrackerStore, o.SetupFn, o.Provider.Resources["google_identity_platform_config"], tjcontroller.WithTerraformPluginSDKAsyncLogger(o.Logger), tjcontroller.WithTerraformPluginSDKAsyncConnectorEventHandler(eventHandler), tjcontroller.WithTerraformPluginSDKAsyncCallbackProvider(ac), - tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.ProjectDefaultConfig_GroupVersionKind, mgr, o.PollInterval)), + tjcontroller.WithTerraformPluginSDKAsyncMetricRecorder(metrics.NewMetricRecorder(v1beta1.Config_GroupVersionKind, mgr, o.PollInterval)), tjcontroller.WithTerraformPluginSDKAsyncManagementPolicies(o.Features.Enabled(features.EnableBetaManagementPolicies)))), managed.WithLogger(o.Logger.WithValues("controller", name)), managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), @@ -61,31 +62,31 @@ func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) } - // register webhooks for the kind v1beta1.ProjectDefaultConfig + // register webhooks for the kind v1beta1.Config // if they're enabled. if o.StartWebhooks { if err := ctrl.NewWebhookManagedBy(mgr). - For(&v1beta1.ProjectDefaultConfig{}). + For(&v1beta1.Config{}). Complete(); err != nil { - return errors.Wrap(err, "cannot register webhook for the kind v1beta1.ProjectDefaultConfig") + return errors.Wrap(err, "cannot register webhook for the kind v1beta1.Config") } } if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { stateMetricsRecorder := statemetrics.NewMRStateRecorder( - mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.ProjectDefaultConfigList{}, o.MetricOptions.PollStateMetricInterval, + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1beta1.ConfigList{}, o.MetricOptions.PollStateMetricInterval, ) if err := mgr.Add(stateMetricsRecorder); err != nil { - return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.ProjectDefaultConfigList") + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1beta1.ConfigList") } } - r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.ProjectDefaultConfig_GroupVersionKind), opts...) + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1beta1.Config_GroupVersionKind), opts...) return ctrl.NewControllerManagedBy(mgr). Named(name). WithOptions(o.ForControllerRuntime()). WithEventFilter(xpresource.DesiredStateChanged()). - Watches(&v1beta1.ProjectDefaultConfig{}, eventHandler). + Watches(&v1beta1.Config{}, eventHandler). Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) } diff --git a/internal/controller/zz_identityplatform_setup.go b/internal/controller/zz_identityplatform_setup.go index 755fc6e20..fefdf34ba 100755 --- a/internal/controller/zz_identityplatform_setup.go +++ b/internal/controller/zz_identityplatform_setup.go @@ -9,10 +9,10 @@ import ( "github.com/crossplane/upjet/pkg/controller" + config "github.com/upbound/provider-gcp/internal/controller/identityplatform/config" defaultsupportedidpconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/defaultsupportedidpconfig" inboundsamlconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/inboundsamlconfig" oauthidpconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/oauthidpconfig" - projectdefaultconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/projectdefaultconfig" tenant "github.com/upbound/provider-gcp/internal/controller/identityplatform/tenant" tenantdefaultsupportedidpconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/tenantdefaultsupportedidpconfig" tenantinboundsamlconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/tenantinboundsamlconfig" @@ -23,10 +23,10 @@ import ( // the supplied manager. func Setup_identityplatform(mgr ctrl.Manager, o controller.Options) error { for _, setup := range []func(ctrl.Manager, controller.Options) error{ + config.Setup, defaultsupportedidpconfig.Setup, inboundsamlconfig.Setup, oauthidpconfig.Setup, - projectdefaultconfig.Setup, tenant.Setup, tenantdefaultsupportedidpconfig.Setup, tenantinboundsamlconfig.Setup, diff --git a/package/crds/identityplatform.gcp.upbound.io_projectdefaultconfigs.yaml b/package/crds/identityplatform.gcp.upbound.io_projectdefaultconfigs.yaml deleted file mode 100644 index cd2d50cf3..000000000 --- a/package/crds/identityplatform.gcp.upbound.io_projectdefaultconfigs.yaml +++ /dev/null @@ -1,1082 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: projectdefaultconfigs.identityplatform.gcp.upbound.io -spec: - group: identityplatform.gcp.upbound.io - names: - categories: - - crossplane - - managed - - gcp - kind: ProjectDefaultConfig - listKind: ProjectDefaultConfigList - plural: projectdefaultconfigs - singular: projectdefaultconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Synced')].status - name: SYNCED - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .metadata.annotations.crossplane\.io/external-name - name: EXTERNAL-NAME - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ProjectDefaultConfig is the Schema for the ProjectDefaultConfigs - API. There is no persistent data associated with this resource. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ProjectDefaultConfigSpec defines the desired state of ProjectDefaultConfig - properties: - deletionPolicy: - default: Delete - description: |- - DeletionPolicy specifies what will happen to the underlying external - when this managed resource is deleted - either "Delete" or "Orphan" the - external resource. - This field is planned to be deprecated in favor of the ManagementPolicies - field in a future release. Currently, both could be set independently and - non-default values would be honored if the feature flag is enabled. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - enum: - - Orphan - - Delete - type: string - forProvider: - properties: - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - signIn: - description: |- - Configuration related to local sign in methods. - Structure is documented below. - items: - properties: - allowDuplicateEmails: - description: Whether to allow more than one account to have - the same email. - type: boolean - anonymous: - description: |- - Configuration options related to authenticating an anonymous user. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - type: object - type: array - email: - description: |- - Configuration options related to authenticating a user by their email address. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - passwordRequired: - description: |- - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - type: boolean - type: object - type: array - phoneNumber: - description: |- - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - testPhoneNumbers: - additionalProperties: - type: string - description: A map of - that can be used for phone auth testing. - type: object - x-kubernetes-map-type: granular - type: object - type: array - type: object - type: array - type: object - initProvider: - description: |- - THIS IS A BETA FIELD. It will be honored - unless the Management Policies feature flag is disabled. - InitProvider holds the same fields as ForProvider, with the exception - of Identifier and other resource reference fields. The fields that are - in InitProvider are merged into ForProvider when the resource is created. - The same fields are also added to the terraform ignore_changes hook, to - avoid updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after creation, - for example because of an external controller is managing them, like an - autoscaler. - properties: - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - signIn: - description: |- - Configuration related to local sign in methods. - Structure is documented below. - items: - properties: - allowDuplicateEmails: - description: Whether to allow more than one account to have - the same email. - type: boolean - anonymous: - description: |- - Configuration options related to authenticating an anonymous user. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - type: object - type: array - email: - description: |- - Configuration options related to authenticating a user by their email address. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - passwordRequired: - description: |- - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - type: boolean - type: object - type: array - phoneNumber: - description: |- - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - testPhoneNumbers: - additionalProperties: - type: string - description: A map of - that can be used for phone auth testing. - type: object - x-kubernetes-map-type: granular - type: object - type: array - type: object - type: array - type: object - managementPolicies: - default: - - '*' - description: |- - THIS IS A BETA FIELD. It is on by default but can be opted out - through a Crossplane feature flag. - ManagementPolicies specify the array of actions Crossplane is allowed to - take on the managed and external resources. - This field is planned to replace the DeletionPolicy field in a future - release. Currently, both could be set independently and non-default - values would be honored if the feature flag is enabled. If both are - custom, the DeletionPolicy field will be ignored. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md - items: - description: |- - A ManagementAction represents an action that the Crossplane controllers - can take on an external resource. - enum: - - Observe - - Create - - Update - - Delete - - LateInitialize - - '*' - type: string - type: array - providerConfigRef: - default: - name: default - description: |- - ProviderConfigReference specifies how the provider that will be used to - create, observe, update, and delete this managed resource should be - configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - publishConnectionDetailsTo: - description: |- - PublishConnectionDetailsTo specifies the connection secret config which - contains a name, metadata and a reference to secret store config to - which any connection details for this managed resource should be written. - Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - properties: - configRef: - default: - name: default - description: |- - SecretStoreConfigRef specifies which secret store config should be used - for this ConnectionSecret. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - metadata: - description: Metadata is the metadata for connection secret. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations are the annotations to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.annotations". - - It is up to Secret Store implementation for others store types. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels are the labels/tags to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store types. - type: object - type: - description: |- - Type is the SecretType for the connection secret. - - Only valid for Kubernetes Secret Stores. - type: string - type: object - name: - description: Name is the name of the connection secret. - type: string - required: - - name - type: object - writeConnectionSecretToRef: - description: |- - WriteConnectionSecretToReference specifies the namespace and name of a - Secret to which any connection details for this managed resource should - be written. Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsTo. Currently, both could be set independently - and connection details would be published to both without affecting - each other. - properties: - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - name - - namespace - type: object - required: - - forProvider - type: object - status: - description: ProjectDefaultConfigStatus defines the observed state of - ProjectDefaultConfig. - properties: - atProvider: - properties: - id: - description: an identifier for the resource with format {{project}} - type: string - name: - description: 'The name of the Config resource. Example: "projects/my-awesome-project/config"' - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - signIn: - description: |- - Configuration related to local sign in methods. - Structure is documented below. - items: - properties: - allowDuplicateEmails: - description: Whether to allow more than one account to have - the same email. - type: boolean - anonymous: - description: |- - Configuration options related to authenticating an anonymous user. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - type: object - type: array - email: - description: |- - Configuration options related to authenticating a user by their email address. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - passwordRequired: - description: |- - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - type: boolean - type: object - type: array - hashConfig: - description: |- - (Output) - Output only. Hash config information. - Structure is documented below. - items: - properties: - algorithm: - description: |- - (Output) - Different password hash algorithms used in Identity Toolkit. - type: string - memoryCost: - description: |- - (Output) - Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. - type: number - rounds: - description: |- - (Output) - How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. - type: number - saltSeparator: - description: |- - (Output) - Non-printable character to be inserted between the salt and plain text password in base64. - type: string - signerKey: - description: |- - (Output) - Signer key in base64. - type: string - type: object - type: array - phoneNumber: - description: |- - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - items: - properties: - enabled: - description: Whether phone number auth is enabled - for the project or not. - type: boolean - testPhoneNumbers: - additionalProperties: - type: string - description: A map of - that can be used for phone auth testing. - type: object - x-kubernetes-map-type: granular - type: object - type: array - type: object - type: array - type: object - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: |- - LastTransitionTime is the last time this condition transitioned from one - status to another. - format: date-time - type: string - message: - description: |- - A Message containing details about this condition's last transition from - one status to another, if any. - type: string - observedGeneration: - description: |- - ObservedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: |- - Type of this condition. At most one of each condition type may apply to - a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: |- - ObservedGeneration is the latest metadata.generation - which resulted in either a ready state, or stalled due to error - it can not recover from without human intervention. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Synced')].status - name: SYNCED - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: READY - type: string - - jsonPath: .metadata.annotations.crossplane\.io/external-name - name: EXTERNAL-NAME - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: ProjectDefaultConfig is the Schema for the ProjectDefaultConfigs - API. There is no persistent data associated with this resource. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ProjectDefaultConfigSpec defines the desired state of ProjectDefaultConfig - properties: - deletionPolicy: - default: Delete - description: |- - DeletionPolicy specifies what will happen to the underlying external - when this managed resource is deleted - either "Delete" or "Orphan" the - external resource. - This field is planned to be deprecated in favor of the ManagementPolicies - field in a future release. Currently, both could be set independently and - non-default values would be honored if the feature flag is enabled. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - enum: - - Orphan - - Delete - type: string - forProvider: - properties: - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - signIn: - description: |- - Configuration related to local sign in methods. - Structure is documented below. - properties: - allowDuplicateEmails: - description: Whether to allow more than one account to have - the same email. - type: boolean - anonymous: - description: |- - Configuration options related to authenticating an anonymous user. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - type: object - email: - description: |- - Configuration options related to authenticating a user by their email address. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - passwordRequired: - description: |- - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - type: boolean - type: object - phoneNumber: - description: |- - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - testPhoneNumbers: - additionalProperties: - type: string - description: A map of that - can be used for phone auth testing. - type: object - x-kubernetes-map-type: granular - type: object - type: object - type: object - initProvider: - description: |- - THIS IS A BETA FIELD. It will be honored - unless the Management Policies feature flag is disabled. - InitProvider holds the same fields as ForProvider, with the exception - of Identifier and other resource reference fields. The fields that are - in InitProvider are merged into ForProvider when the resource is created. - The same fields are also added to the terraform ignore_changes hook, to - avoid updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after creation, - for example because of an external controller is managing them, like an - autoscaler. - properties: - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - signIn: - description: |- - Configuration related to local sign in methods. - Structure is documented below. - properties: - allowDuplicateEmails: - description: Whether to allow more than one account to have - the same email. - type: boolean - anonymous: - description: |- - Configuration options related to authenticating an anonymous user. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - type: object - email: - description: |- - Configuration options related to authenticating a user by their email address. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - passwordRequired: - description: |- - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - type: boolean - type: object - phoneNumber: - description: |- - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - testPhoneNumbers: - additionalProperties: - type: string - description: A map of that - can be used for phone auth testing. - type: object - x-kubernetes-map-type: granular - type: object - type: object - type: object - managementPolicies: - default: - - '*' - description: |- - THIS IS A BETA FIELD. It is on by default but can be opted out - through a Crossplane feature flag. - ManagementPolicies specify the array of actions Crossplane is allowed to - take on the managed and external resources. - This field is planned to replace the DeletionPolicy field in a future - release. Currently, both could be set independently and non-default - values would be honored if the feature flag is enabled. If both are - custom, the DeletionPolicy field will be ignored. - See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md - items: - description: |- - A ManagementAction represents an action that the Crossplane controllers - can take on an external resource. - enum: - - Observe - - Create - - Update - - Delete - - LateInitialize - - '*' - type: string - type: array - providerConfigRef: - default: - name: default - description: |- - ProviderConfigReference specifies how the provider that will be used to - create, observe, update, and delete this managed resource should be - configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - publishConnectionDetailsTo: - description: |- - PublishConnectionDetailsTo specifies the connection secret config which - contains a name, metadata and a reference to secret store config to - which any connection details for this managed resource should be written. - Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - properties: - configRef: - default: - name: default - description: |- - SecretStoreConfigRef specifies which secret store config should be used - for this ConnectionSecret. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - metadata: - description: Metadata is the metadata for connection secret. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations are the annotations to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.annotations". - - It is up to Secret Store implementation for others store types. - type: object - labels: - additionalProperties: - type: string - description: |- - Labels are the labels/tags to be added to connection secret. - - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store types. - type: object - type: - description: |- - Type is the SecretType for the connection secret. - - Only valid for Kubernetes Secret Stores. - type: string - type: object - name: - description: Name is the name of the connection secret. - type: string - required: - - name - type: object - writeConnectionSecretToRef: - description: |- - WriteConnectionSecretToReference specifies the namespace and name of a - Secret to which any connection details for this managed resource should - be written. Connection details frequently include the endpoint, username, - and password required to connect to the managed resource. - This field is planned to be replaced in a future release in favor of - PublishConnectionDetailsTo. Currently, both could be set independently - and connection details would be published to both without affecting - each other. - properties: - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - name - - namespace - type: object - required: - - forProvider - type: object - status: - description: ProjectDefaultConfigStatus defines the observed state of - ProjectDefaultConfig. - properties: - atProvider: - properties: - id: - description: an identifier for the resource with format {{project}} - type: string - name: - description: 'The name of the Config resource. Example: "projects/my-awesome-project/config"' - type: string - project: - description: |- - The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - type: string - signIn: - description: |- - Configuration related to local sign in methods. - Structure is documented below. - properties: - allowDuplicateEmails: - description: Whether to allow more than one account to have - the same email. - type: boolean - anonymous: - description: |- - Configuration options related to authenticating an anonymous user. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - type: object - email: - description: |- - Configuration options related to authenticating a user by their email address. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - passwordRequired: - description: |- - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - type: boolean - type: object - hashConfig: - description: |- - (Output) - Output only. Hash config information. - Structure is documented below. - items: - properties: - algorithm: - description: |- - (Output) - Different password hash algorithms used in Identity Toolkit. - type: string - memoryCost: - description: |- - (Output) - Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. - type: number - rounds: - description: |- - (Output) - How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. - type: number - saltSeparator: - description: |- - (Output) - Non-printable character to be inserted between the salt and plain text password in base64. - type: string - signerKey: - description: |- - (Output) - Signer key in base64. - type: string - type: object - type: array - phoneNumber: - description: |- - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - properties: - enabled: - description: Whether phone number auth is enabled for - the project or not. - type: boolean - testPhoneNumbers: - additionalProperties: - type: string - description: A map of that - can be used for phone auth testing. - type: object - x-kubernetes-map-type: granular - type: object - type: object - type: object - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. - properties: - lastTransitionTime: - description: |- - LastTransitionTime is the last time this condition transitioned from one - status to another. - format: date-time - type: string - message: - description: |- - A Message containing details about this condition's last transition from - one status to another, if any. - type: string - observedGeneration: - description: |- - ObservedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: A Reason for this condition's last transition from - one status to another. - type: string - status: - description: Status of this condition; is it currently True, - False, or Unknown? - type: string - type: - description: |- - Type of this condition. At most one of each condition type may apply to - a resource at any point in time. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: |- - ObservedGeneration is the latest metadata.generation - which resulted in either a ready state, or stalled due to error - it can not recover from without human intervention. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} From 7d77f534447dd3b29c2b64d154cc46b66392b563 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 19:42:09 +0100 Subject: [PATCH 05/47] Updates adding identityplatform_config and removing identityplatform_project_default_config, and datastore Signed-off-by: Rickard von Essen --- apis/zz_register.go | 2 -- config/generated.lst | 2 +- internal/controller/zz_monolith_setup.go | 6 ++---- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/apis/zz_register.go b/apis/zz_register.go index b685c7d97..5a9aa9ed6 100755 --- a/apis/zz_register.go +++ b/apis/zz_register.go @@ -71,7 +71,6 @@ import ( v1beta2dataplex "github.com/upbound/provider-gcp/apis/dataplex/v1beta2" v1beta1dataproc "github.com/upbound/provider-gcp/apis/dataproc/v1beta1" v1beta2dataproc "github.com/upbound/provider-gcp/apis/dataproc/v1beta2" - v1beta1datastore "github.com/upbound/provider-gcp/apis/datastore/v1beta1" v1beta1datastream "github.com/upbound/provider-gcp/apis/datastream/v1beta1" v1beta2datastream "github.com/upbound/provider-gcp/apis/datastream/v1beta2" v1beta1dialogflowcx "github.com/upbound/provider-gcp/apis/dialogflowcx/v1beta1" @@ -213,7 +212,6 @@ func init() { v1beta2dataplex.SchemeBuilder.AddToScheme, v1beta1dataproc.SchemeBuilder.AddToScheme, v1beta2dataproc.SchemeBuilder.AddToScheme, - v1beta1datastore.SchemeBuilder.AddToScheme, v1beta1datastream.SchemeBuilder.AddToScheme, v1beta2datastream.SchemeBuilder.AddToScheme, v1beta1dialogflowcx.SchemeBuilder.AddToScheme, diff --git a/config/generated.lst b/config/generated.lst index 052fb1e56..25ba77d46 100644 --- a/config/generated.lst +++ b/config/generated.lst @@ -1 +1 @@ -["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_addons_config","google_apigee_endpoint_attachment","google_apigee_envgroup","google_apigee_envgroup_attachment","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_instance_attachment","google_apigee_nat_address","google_apigee_organization","google_apigee_sync_authorization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_certificate_manager_trust_config","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_attached_cluster","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_policy_tag","google_data_catalog_tag","google_data_catalog_tag_template","google_data_catalog_taxonomy","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_aspect_type","google_dataplex_asset","google_dataplex_lake","google_dataplex_lake_iam_policy","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastore_index","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_dns_response_policy","google_dns_response_policy_rule","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_project_default_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_service_connection_policy","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_org_policy_policy","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_cluster","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_hmac_key","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tags_location_tag_binding","google_tags_tag_binding","google_tags_tag_key","google_tags_tag_value","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file +["google_access_context_manager_access_level","google_access_context_manager_access_level_condition","google_access_context_manager_access_policy","google_access_context_manager_access_policy_iam_member","google_access_context_manager_service_perimeter","google_access_context_manager_service_perimeter_resource","google_active_directory_domain","google_alloydb_backup","google_alloydb_cluster","google_alloydb_instance","google_apigee_addons_config","google_apigee_endpoint_attachment","google_apigee_envgroup","google_apigee_envgroup_attachment","google_apigee_environment","google_apigee_environment_iam_member","google_apigee_instance","google_apigee_instance_attachment","google_apigee_nat_address","google_apigee_organization","google_apigee_sync_authorization","google_app_engine_application","google_app_engine_application_url_dispatch_rules","google_app_engine_firewall_rule","google_app_engine_service_network_settings","google_app_engine_standard_app_version","google_artifact_registry_repository","google_artifact_registry_repository_iam_member","google_beyondcorp_app_connection","google_beyondcorp_app_connector","google_beyondcorp_app_gateway","google_bigquery_analytics_hub_data_exchange","google_bigquery_analytics_hub_data_exchange_iam_member","google_bigquery_analytics_hub_listing","google_bigquery_connection","google_bigquery_data_transfer_config","google_bigquery_dataset","google_bigquery_dataset_access","google_bigquery_dataset_iam_binding","google_bigquery_dataset_iam_member","google_bigquery_dataset_iam_policy","google_bigquery_job","google_bigquery_reservation","google_bigquery_reservation_assignment","google_bigquery_routine","google_bigquery_table","google_bigquery_table_iam_binding","google_bigquery_table_iam_member","google_bigquery_table_iam_policy","google_bigtable_app_profile","google_bigtable_gc_policy","google_bigtable_instance","google_bigtable_instance_iam_binding","google_bigtable_instance_iam_member","google_bigtable_instance_iam_policy","google_bigtable_table","google_bigtable_table_iam_binding","google_bigtable_table_iam_member","google_bigtable_table_iam_policy","google_binary_authorization_attestor","google_binary_authorization_policy","google_certificate_manager_certificate","google_certificate_manager_certificate_map","google_certificate_manager_certificate_map_entry","google_certificate_manager_dns_authorization","google_certificate_manager_trust_config","google_cloud_ids_endpoint","google_cloud_run_domain_mapping","google_cloud_run_service","google_cloud_run_service_iam_member","google_cloud_run_v2_job","google_cloud_run_v2_service","google_cloud_scheduler_job","google_cloud_tasks_queue","google_cloudbuild_trigger","google_cloudbuild_worker_pool","google_cloudfunctions2_function","google_cloudfunctions_function","google_cloudfunctions_function_iam_member","google_composer_environment","google_compute_address","google_compute_attached_disk","google_compute_autoscaler","google_compute_backend_bucket","google_compute_backend_bucket_signed_url_key","google_compute_backend_service","google_compute_backend_service_signed_url_key","google_compute_disk","google_compute_disk_iam_member","google_compute_disk_resource_policy_attachment","google_compute_external_vpn_gateway","google_compute_firewall","google_compute_firewall_policy","google_compute_firewall_policy_association","google_compute_firewall_policy_rule","google_compute_forwarding_rule","google_compute_global_address","google_compute_global_forwarding_rule","google_compute_global_network_endpoint","google_compute_global_network_endpoint_group","google_compute_ha_vpn_gateway","google_compute_health_check","google_compute_http_health_check","google_compute_https_health_check","google_compute_image","google_compute_image_iam_member","google_compute_instance","google_compute_instance_from_template","google_compute_instance_group","google_compute_instance_group_manager","google_compute_instance_group_named_port","google_compute_instance_iam_member","google_compute_instance_template","google_compute_interconnect_attachment","google_compute_managed_ssl_certificate","google_compute_network","google_compute_network_endpoint","google_compute_network_endpoint_group","google_compute_network_firewall_policy","google_compute_network_firewall_policy_association","google_compute_network_peering","google_compute_network_peering_routes_config","google_compute_node_group","google_compute_node_template","google_compute_packet_mirroring","google_compute_per_instance_config","google_compute_project_default_network_tier","google_compute_project_metadata","google_compute_project_metadata_item","google_compute_region_autoscaler","google_compute_region_backend_service","google_compute_region_disk","google_compute_region_disk_iam_member","google_compute_region_disk_resource_policy_attachment","google_compute_region_health_check","google_compute_region_instance_group_manager","google_compute_region_network_endpoint","google_compute_region_network_endpoint_group","google_compute_region_network_firewall_policy","google_compute_region_network_firewall_policy_association","google_compute_region_per_instance_config","google_compute_region_ssl_certificate","google_compute_region_target_http_proxy","google_compute_region_target_https_proxy","google_compute_region_target_tcp_proxy","google_compute_region_url_map","google_compute_reservation","google_compute_resource_policy","google_compute_route","google_compute_router","google_compute_router_interface","google_compute_router_nat","google_compute_router_peer","google_compute_security_policy","google_compute_service_attachment","google_compute_shared_vpc_host_project","google_compute_shared_vpc_service_project","google_compute_snapshot","google_compute_snapshot_iam_member","google_compute_ssl_certificate","google_compute_ssl_policy","google_compute_subnetwork","google_compute_subnetwork_iam_member","google_compute_target_grpc_proxy","google_compute_target_http_proxy","google_compute_target_https_proxy","google_compute_target_instance","google_compute_target_pool","google_compute_target_ssl_proxy","google_compute_target_tcp_proxy","google_compute_url_map","google_compute_vpn_gateway","google_compute_vpn_tunnel","google_container_analysis_note","google_container_attached_cluster","google_container_aws_cluster","google_container_aws_node_pool","google_container_azure_client","google_container_azure_cluster","google_container_azure_node_pool","google_container_cluster","google_container_node_pool","google_container_registry","google_data_catalog_entry","google_data_catalog_entry_group","google_data_catalog_policy_tag","google_data_catalog_tag","google_data_catalog_tag_template","google_data_catalog_taxonomy","google_data_fusion_instance","google_data_loss_prevention_deidentify_template","google_data_loss_prevention_inspect_template","google_data_loss_prevention_job_trigger","google_data_loss_prevention_stored_info_type","google_dataflow_job","google_dataplex_aspect_type","google_dataplex_asset","google_dataplex_lake","google_dataplex_lake_iam_policy","google_dataplex_zone","google_dataproc_autoscaling_policy","google_dataproc_cluster","google_dataproc_job","google_dataproc_metastore_service","google_dataproc_workflow_template","google_datastream_connection_profile","google_datastream_private_connection","google_dialogflow_cx_agent","google_dialogflow_cx_entity_type","google_dialogflow_cx_environment","google_dialogflow_cx_flow","google_dialogflow_cx_intent","google_dialogflow_cx_page","google_dialogflow_cx_version","google_dialogflow_cx_webhook","google_dns_managed_zone","google_dns_managed_zone_iam_member","google_dns_policy","google_dns_record_set","google_dns_response_policy","google_dns_response_policy_rule","google_document_ai_processor","google_essential_contacts_contact","google_eventarc_channel","google_eventarc_google_channel_config","google_eventarc_trigger","google_filestore_backup","google_filestore_instance","google_filestore_snapshot","google_firebaserules_release","google_firebaserules_ruleset","google_folder","google_folder_iam_member","google_gke_backup_backup_plan","google_gke_hub_membership","google_gke_hub_membership_iam_member","google_healthcare_consent_store","google_healthcare_dataset","google_healthcare_dataset_iam_member","google_iam_workload_identity_pool","google_iam_workload_identity_pool_provider","google_iap_app_engine_service_iam_member","google_iap_app_engine_version_iam_member","google_iap_tunnel_iam_member","google_iap_web_backend_service_iam_member","google_iap_web_iam_member","google_iap_web_type_app_engine_iam_member","google_iap_web_type_compute_iam_member","google_identity_platform_config","google_identity_platform_default_supported_idp_config","google_identity_platform_inbound_saml_config","google_identity_platform_oauth_idp_config","google_identity_platform_tenant","google_identity_platform_tenant_default_supported_idp_config","google_identity_platform_tenant_inbound_saml_config","google_identity_platform_tenant_oauth_idp_config","google_kms_crypto_key","google_kms_crypto_key_iam_member","google_kms_crypto_key_version","google_kms_key_ring","google_kms_key_ring_iam_member","google_kms_key_ring_import_job","google_kms_secret_ciphertext","google_logging_folder_bucket_config","google_logging_folder_exclusion","google_logging_folder_sink","google_logging_log_view","google_logging_metric","google_logging_project_bucket_config","google_logging_project_exclusion","google_logging_project_sink","google_memcache_instance","google_ml_engine_model","google_monitoring_alert_policy","google_monitoring_custom_service","google_monitoring_dashboard","google_monitoring_group","google_monitoring_metric_descriptor","google_monitoring_notification_channel","google_monitoring_service","google_monitoring_slo","google_monitoring_uptime_check_config","google_network_connectivity_hub","google_network_connectivity_service_connection_policy","google_network_connectivity_spoke","google_network_management_connectivity_test","google_notebooks_environment","google_notebooks_instance","google_notebooks_instance_iam_member","google_notebooks_runtime","google_notebooks_runtime_iam_member","google_org_policy_policy","google_organization_iam_audit_config","google_organization_iam_custom_role","google_organization_iam_member","google_os_config_os_policy_assignment","google_os_config_patch_deployment","google_os_login_ssh_public_key","google_privateca_ca_pool","google_privateca_ca_pool_iam_member","google_privateca_certificate","google_privateca_certificate_authority","google_privateca_certificate_template","google_privateca_certificate_template_iam_member","google_project","google_project_default_service_accounts","google_project_iam_audit_config","google_project_iam_custom_role","google_project_iam_member","google_project_service","google_project_usage_export_bucket","google_pubsub_lite_reservation","google_pubsub_lite_subscription","google_pubsub_lite_topic","google_pubsub_schema","google_pubsub_subscription","google_pubsub_subscription_iam_member","google_pubsub_topic","google_pubsub_topic_iam_member","google_redis_cluster","google_redis_instance","google_secret_manager_secret","google_secret_manager_secret_iam_member","google_secret_manager_secret_version","google_service_account","google_service_account_iam_member","google_service_account_key","google_service_networking_connection","google_service_networking_peered_dns_domain","google_sourcerepo_repository","google_sourcerepo_repository_iam_member","google_spanner_database","google_spanner_database_iam_member","google_spanner_instance","google_spanner_instance_iam_member","google_sql_database","google_sql_database_instance","google_sql_source_representation_instance","google_sql_ssl_cert","google_sql_user","google_storage_bucket","google_storage_bucket_access_control","google_storage_bucket_acl","google_storage_bucket_iam_member","google_storage_bucket_object","google_storage_default_object_access_control","google_storage_default_object_acl","google_storage_hmac_key","google_storage_notification","google_storage_object_access_control","google_storage_object_acl","google_storage_transfer_agent_pool","google_tags_location_tag_binding","google_tags_tag_binding","google_tags_tag_key","google_tags_tag_value","google_tpu_node","google_vertex_ai_dataset","google_vertex_ai_featurestore","google_vertex_ai_featurestore_entitytype","google_vertex_ai_tensorboard","google_vpc_access_connector","google_workflows_workflow"] \ No newline at end of file diff --git a/internal/controller/zz_monolith_setup.go b/internal/controller/zz_monolith_setup.go index 773694f43..c7130280c 100755 --- a/internal/controller/zz_monolith_setup.go +++ b/internal/controller/zz_monolith_setup.go @@ -230,7 +230,6 @@ import ( jobdataproc "github.com/upbound/provider-gcp/internal/controller/dataproc/job" metastoreservice "github.com/upbound/provider-gcp/internal/controller/dataproc/metastoreservice" workflowtemplate "github.com/upbound/provider-gcp/internal/controller/dataproc/workflowtemplate" - index "github.com/upbound/provider-gcp/internal/controller/datastore/index" connectionprofile "github.com/upbound/provider-gcp/internal/controller/datastream/connectionprofile" privateconnection "github.com/upbound/provider-gcp/internal/controller/datastream/privateconnection" agent "github.com/upbound/provider-gcp/internal/controller/dialogflowcx/agent" @@ -272,10 +271,10 @@ import ( webiammember "github.com/upbound/provider-gcp/internal/controller/iap/webiammember" webtypeappengineiammember "github.com/upbound/provider-gcp/internal/controller/iap/webtypeappengineiammember" webtypecomputeiammember "github.com/upbound/provider-gcp/internal/controller/iap/webtypecomputeiammember" + config "github.com/upbound/provider-gcp/internal/controller/identityplatform/config" defaultsupportedidpconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/defaultsupportedidpconfig" inboundsamlconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/inboundsamlconfig" oauthidpconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/oauthidpconfig" - projectdefaultconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/projectdefaultconfig" tenant "github.com/upbound/provider-gcp/internal/controller/identityplatform/tenant" tenantdefaultsupportedidpconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/tenantdefaultsupportedidpconfig" tenantinboundsamlconfig "github.com/upbound/provider-gcp/internal/controller/identityplatform/tenantinboundsamlconfig" @@ -601,7 +600,6 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { jobdataproc.Setup, metastoreservice.Setup, workflowtemplate.Setup, - index.Setup, connectionprofile.Setup, privateconnection.Setup, agent.Setup, @@ -643,10 +641,10 @@ func Setup_monolith(mgr ctrl.Manager, o controller.Options) error { webiammember.Setup, webtypeappengineiammember.Setup, webtypecomputeiammember.Setup, + config.Setup, defaultsupportedidpconfig.Setup, inboundsamlconfig.Setup, oauthidpconfig.Setup, - projectdefaultconfig.Setup, tenant.Setup, tenantdefaultsupportedidpconfig.Setup, tenantinboundsamlconfig.Setup, From 7840017de4617f5f052eea1376efbf2d10ecdfe3 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 11:52:24 +0100 Subject: [PATCH 06/47] activedirectory: Added deletionProtection Signed-off-by: Rickard von Essen --- apis/activedirectory/v1beta1/zz_domain_types.go | 13 +++++++++++++ .../v1beta1/zz_generated.deepcopy.go | 15 +++++++++++++++ .../activedirectory/v1beta1/domain.yaml | 1 + examples/activedirectory/v1beta1/domain.yaml | 1 + .../activedirectory.gcp.upbound.io_domains.yaml | 15 +++++++++++++++ 5 files changed, 45 insertions(+) diff --git a/apis/activedirectory/v1beta1/zz_domain_types.go b/apis/activedirectory/v1beta1/zz_domain_types.go index cabc07e80..a159bcfe3 100755 --- a/apis/activedirectory/v1beta1/zz_domain_types.go +++ b/apis/activedirectory/v1beta1/zz_domain_types.go @@ -24,6 +24,10 @@ type DomainInitParameters struct { // +listType=set AuthorizedNetworks []*string `json:"authorizedNetworks,omitempty" tf:"authorized_networks,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the domain is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions // of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. DomainName *string `json:"domainName,omitempty" tf:"domain_name,omitempty"` @@ -58,6 +62,10 @@ type DomainObservation struct { // +listType=set AuthorizedNetworks []*string `json:"authorizedNetworks,omitempty" tf:"authorized_networks,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the domain is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions // of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. DomainName *string `json:"domainName,omitempty" tf:"domain_name,omitempty"` @@ -112,6 +120,11 @@ type DomainParameters struct { // +listType=set AuthorizedNetworks []*string `json:"authorizedNetworks,omitempty" tf:"authorized_networks,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the domain is allowed. + // +kubebuilder:validation:Optional + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions // of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. // +kubebuilder:validation:Optional diff --git a/apis/activedirectory/v1beta1/zz_generated.deepcopy.go b/apis/activedirectory/v1beta1/zz_generated.deepcopy.go index a6599e805..7fc6a0659 100644 --- a/apis/activedirectory/v1beta1/zz_generated.deepcopy.go +++ b/apis/activedirectory/v1beta1/zz_generated.deepcopy.go @@ -58,6 +58,11 @@ func (in *DomainInitParameters) DeepCopyInto(out *DomainInitParameters) { } } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.DomainName != nil { in, out := &in.DomainName, &out.DomainName *out = new(string) @@ -163,6 +168,11 @@ func (in *DomainObservation) DeepCopyInto(out *DomainObservation) { } } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.DomainName != nil { in, out := &in.DomainName, &out.DomainName *out = new(string) @@ -283,6 +293,11 @@ func (in *DomainParameters) DeepCopyInto(out *DomainParameters) { } } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.DomainName != nil { in, out := &in.DomainName, &out.DomainName *out = new(string) diff --git a/examples-generated/activedirectory/v1beta1/domain.yaml b/examples-generated/activedirectory/v1beta1/domain.yaml index ce8806cdc..ddb5f7d11 100644 --- a/examples-generated/activedirectory/v1beta1/domain.yaml +++ b/examples-generated/activedirectory/v1beta1/domain.yaml @@ -8,6 +8,7 @@ metadata: name: ad-domain spec: forProvider: + deletionProtection: false domainName: tfgen.org.com locations: - us-central1 diff --git a/examples/activedirectory/v1beta1/domain.yaml b/examples/activedirectory/v1beta1/domain.yaml index 3a239d57c..ca49b5757 100644 --- a/examples/activedirectory/v1beta1/domain.yaml +++ b/examples/activedirectory/v1beta1/domain.yaml @@ -13,6 +13,7 @@ metadata: name: domain spec: forProvider: + deletionProtection: false domainName: "fndomain.org.com" locations: - us-central1 diff --git a/package/crds/activedirectory.gcp.upbound.io_domains.yaml b/package/crds/activedirectory.gcp.upbound.io_domains.yaml index 6cfb61909..71583fc24 100644 --- a/package/crds/activedirectory.gcp.upbound.io_domains.yaml +++ b/package/crds/activedirectory.gcp.upbound.io_domains.yaml @@ -86,6 +86,11 @@ spec: type: string type: array x-kubernetes-list-type: set + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the domain is allowed. + type: boolean domainName: description: |- The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions @@ -144,6 +149,11 @@ spec: type: string type: array x-kubernetes-list-type: set + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the domain is allowed. + type: boolean domainName: description: |- The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions @@ -374,6 +384,11 @@ spec: type: string type: array x-kubernetes-list-type: set + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the domain is allowed. + type: boolean domainName: description: |- The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions From fafa6665afd6ab740e42b65562c67ae52056af5d Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 13:23:01 +0100 Subject: [PATCH 07/47] apigee: Added activate flag to apigee_nataddresses Signed-off-by: Rickard von Essen --- apis/apigee/v1beta1/zz_generated.deepcopy.go | 17 ++++++++++++++++- apis/apigee/v1beta1/zz_nataddress_types.go | 10 ++++++++++ .../apigee/v1beta1/envgroupattachment.yaml | 1 + .../apigee/v1beta1/instanceattachment.yaml | 1 + .../apigee/v1beta1/syncauthorization.yaml | 1 + .../apigee.gcp.upbound.io_nataddresses.yaml | 13 +++++++++++++ 6 files changed, 42 insertions(+), 1 deletion(-) diff --git a/apis/apigee/v1beta1/zz_generated.deepcopy.go b/apis/apigee/v1beta1/zz_generated.deepcopy.go index f8c7380ad..f03fd8b7a 100644 --- a/apis/apigee/v1beta1/zz_generated.deepcopy.go +++ b/apis/apigee/v1beta1/zz_generated.deepcopy.go @@ -2448,6 +2448,11 @@ func (in *NATAddress) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NATAddressInitParameters) DeepCopyInto(out *NATAddressInitParameters) { *out = *in + if in.Activate != nil { + in, out := &in.Activate, &out.Activate + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NATAddressInitParameters. @@ -2495,6 +2500,11 @@ func (in *NATAddressList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NATAddressObservation) DeepCopyInto(out *NATAddressObservation) { *out = *in + if in.Activate != nil { + in, out := &in.Activate, &out.Activate + *out = new(bool) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -2530,6 +2540,11 @@ func (in *NATAddressObservation) DeepCopy() *NATAddressObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NATAddressParameters) DeepCopyInto(out *NATAddressParameters) { *out = *in + if in.Activate != nil { + in, out := &in.Activate, &out.Activate + *out = new(bool) + **out = **in + } if in.InstanceID != nil { in, out := &in.InstanceID, &out.InstanceID *out = new(string) @@ -2562,7 +2577,7 @@ func (in *NATAddressSpec) DeepCopyInto(out *NATAddressSpec) { *out = *in in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) in.ForProvider.DeepCopyInto(&out.ForProvider) - out.InitProvider = in.InitProvider + in.InitProvider.DeepCopyInto(&out.InitProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NATAddressSpec. diff --git a/apis/apigee/v1beta1/zz_nataddress_types.go b/apis/apigee/v1beta1/zz_nataddress_types.go index 848da38ff..0ca6d49e2 100755 --- a/apis/apigee/v1beta1/zz_nataddress_types.go +++ b/apis/apigee/v1beta1/zz_nataddress_types.go @@ -14,10 +14,16 @@ import ( ) type NATAddressInitParameters struct { + + // Flag that specifies whether the reserved NAT address should be activate. + Activate *bool `json:"activate,omitempty" tf:"activate,omitempty"` } type NATAddressObservation struct { + // Flag that specifies whether the reserved NAT address should be activate. + Activate *bool `json:"activate,omitempty" tf:"activate,omitempty"` + // an identifier for the resource with format {{instance_id}}/natAddresses/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -34,6 +40,10 @@ type NATAddressObservation struct { type NATAddressParameters struct { + // Flag that specifies whether the reserved NAT address should be activate. + // +kubebuilder:validation:Optional + Activate *bool `json:"activate,omitempty" tf:"activate,omitempty"` + // The Apigee instance associated with the Apigee environment, // in the format organizations/{{org_name}}/instances/{{instance_name}}. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/apigee/v1beta1.Instance diff --git a/examples-generated/apigee/v1beta1/envgroupattachment.yaml b/examples-generated/apigee/v1beta1/envgroupattachment.yaml index 128a80964..19e3e62be 100644 --- a/examples-generated/apigee/v1beta1/envgroupattachment.yaml +++ b/examples-generated/apigee/v1beta1/envgroupattachment.yaml @@ -116,6 +116,7 @@ metadata: spec: forProvider: billingAccount: "" + deletionPolicy: DELETE name: my-project orgId: "" projectId: my-project diff --git a/examples-generated/apigee/v1beta1/instanceattachment.yaml b/examples-generated/apigee/v1beta1/instanceattachment.yaml index 2a2e3cfb3..8512918a3 100644 --- a/examples-generated/apigee/v1beta1/instanceattachment.yaml +++ b/examples-generated/apigee/v1beta1/instanceattachment.yaml @@ -115,6 +115,7 @@ metadata: spec: forProvider: billingAccount: "" + deletionPolicy: DELETE name: my-project orgId: "" projectId: my-project diff --git a/examples-generated/apigee/v1beta1/syncauthorization.yaml b/examples-generated/apigee/v1beta1/syncauthorization.yaml index b8506a8f4..2b4791a6c 100644 --- a/examples-generated/apigee/v1beta1/syncauthorization.yaml +++ b/examples-generated/apigee/v1beta1/syncauthorization.yaml @@ -43,6 +43,7 @@ metadata: spec: forProvider: billingAccount: 000000-0000000-0000000-000000 + deletionPolicy: DELETE name: my-project orgId: "123456789" projectId: my-project diff --git a/package/crds/apigee.gcp.upbound.io_nataddresses.yaml b/package/crds/apigee.gcp.upbound.io_nataddresses.yaml index 0d028a4d3..2ba8eb9ef 100644 --- a/package/crds/apigee.gcp.upbound.io_nataddresses.yaml +++ b/package/crds/apigee.gcp.upbound.io_nataddresses.yaml @@ -73,6 +73,10 @@ spec: type: string forProvider: properties: + activate: + description: Flag that specifies whether the reserved NAT address + should be activate. + type: boolean instanceId: description: |- The Apigee instance associated with the Apigee environment, @@ -165,6 +169,11 @@ spec: required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler. + properties: + activate: + description: Flag that specifies whether the reserved NAT address + should be activate. + type: boolean type: object managementPolicies: default: @@ -338,6 +347,10 @@ spec: properties: atProvider: properties: + activate: + description: Flag that specifies whether the reserved NAT address + should be activate. + type: boolean id: description: an identifier for the resource with format {{instance_id}}/natAddresses/{{name}} type: string From 335a1f131b8d79ff9a812d9f75c2a3a8dc840b7c Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 13:27:04 +0100 Subject: [PATCH 08/47] appengine: Updated examples-generated Signed-off-by: Rickard von Essen --- examples-generated/appengine/v1beta1/firewallrule.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/examples-generated/appengine/v1beta1/firewallrule.yaml b/examples-generated/appengine/v1beta1/firewallrule.yaml index 4dd6bd337..a56fa2eac 100644 --- a/examples-generated/appengine/v1beta1/firewallrule.yaml +++ b/examples-generated/appengine/v1beta1/firewallrule.yaml @@ -45,6 +45,7 @@ metadata: spec: forProvider: billingAccount: 000000-0000000-0000000-000000 + deletionPolicy: DELETE name: tf-test-project orgId: "123456789" projectId: ae-project From 8a66b7edaff68d3dac956f5c0b415110ee2a6f22 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 13:40:16 +0100 Subject: [PATCH 09/47] bigtable: Added bigtable_table columnFamily.type Signed-off-by: Rickard von Essen --- apis/bigtable/v1beta1/zz_generated.deepcopy.go | 15 +++++++++++++++ apis/bigtable/v1beta1/zz_table_types.go | 10 ++++++++++ apis/bigtable/v1beta2/zz_appprofile_types.go | 7 +++++++ apis/bigtable/v1beta2/zz_generated.deepcopy.go | 15 +++++++++++++++ examples-generated/bigtable/v1beta1/table.yaml | 5 +++++ .../bigtable/v1beta2/appprofile.yaml | 2 +- examples/bigtable/v1beta1/table.yaml | 18 ++++++++++++++++++ .../bigtable.gcp.upbound.io_appprofiles.yaml | 6 ++++++ .../crds/bigtable.gcp.upbound.io_tables.yaml | 9 +++++++++ 9 files changed, 86 insertions(+), 1 deletion(-) diff --git a/apis/bigtable/v1beta1/zz_generated.deepcopy.go b/apis/bigtable/v1beta1/zz_generated.deepcopy.go index a00f457a2..841d39d01 100644 --- a/apis/bigtable/v1beta1/zz_generated.deepcopy.go +++ b/apis/bigtable/v1beta1/zz_generated.deepcopy.go @@ -672,6 +672,11 @@ func (in *ColumnFamilyInitParameters) DeepCopyInto(out *ColumnFamilyInitParamete *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ColumnFamilyInitParameters. @@ -692,6 +697,11 @@ func (in *ColumnFamilyObservation) DeepCopyInto(out *ColumnFamilyObservation) { *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ColumnFamilyObservation. @@ -712,6 +722,11 @@ func (in *ColumnFamilyParameters) DeepCopyInto(out *ColumnFamilyParameters) { *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ColumnFamilyParameters. diff --git a/apis/bigtable/v1beta1/zz_table_types.go b/apis/bigtable/v1beta1/zz_table_types.go index 87fcc0653..558dcf431 100755 --- a/apis/bigtable/v1beta1/zz_table_types.go +++ b/apis/bigtable/v1beta1/zz_table_types.go @@ -38,12 +38,18 @@ type ColumnFamilyInitParameters struct { // The name of the column family. Family *string `json:"family,omitempty" tf:"family,omitempty"` + + // The type of the column family. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type ColumnFamilyObservation struct { // The name of the column family. Family *string `json:"family,omitempty" tf:"family,omitempty"` + + // The type of the column family. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type ColumnFamilyParameters struct { @@ -51,6 +57,10 @@ type ColumnFamilyParameters struct { // The name of the column family. // +kubebuilder:validation:Optional Family *string `json:"family" tf:"family,omitempty"` + + // The type of the column family. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type TableInitParameters struct { diff --git a/apis/bigtable/v1beta2/zz_appprofile_types.go b/apis/bigtable/v1beta2/zz_appprofile_types.go index a07c41b9d..153f4913e 100755 --- a/apis/bigtable/v1beta2/zz_appprofile_types.go +++ b/apis/bigtable/v1beta2/zz_appprofile_types.go @@ -36,6 +36,8 @@ type AppProfileInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + RowAffinity *bool `json:"rowAffinity,omitempty" tf:"row_affinity,omitempty"` + // Use a single-cluster routing policy. // Structure is documented below. SingleClusterRouting *SingleClusterRoutingInitParameters `json:"singleClusterRouting,omitempty" tf:"single_cluster_routing,omitempty"` @@ -77,6 +79,8 @@ type AppProfileObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + RowAffinity *bool `json:"rowAffinity,omitempty" tf:"row_affinity,omitempty"` + // Use a single-cluster routing policy. // Structure is documented below. SingleClusterRouting *SingleClusterRoutingObservation `json:"singleClusterRouting,omitempty" tf:"single_cluster_routing,omitempty"` @@ -128,6 +132,9 @@ type AppProfileParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // +kubebuilder:validation:Optional + RowAffinity *bool `json:"rowAffinity,omitempty" tf:"row_affinity,omitempty"` + // Use a single-cluster routing policy. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/bigtable/v1beta2/zz_generated.deepcopy.go b/apis/bigtable/v1beta2/zz_generated.deepcopy.go index eb273897e..49e5989fd 100644 --- a/apis/bigtable/v1beta2/zz_generated.deepcopy.go +++ b/apis/bigtable/v1beta2/zz_generated.deepcopy.go @@ -79,6 +79,11 @@ func (in *AppProfileInitParameters) DeepCopyInto(out *AppProfileInitParameters) *out = new(string) **out = **in } + if in.RowAffinity != nil { + in, out := &in.RowAffinity, &out.RowAffinity + *out = new(bool) + **out = **in + } if in.SingleClusterRouting != nil { in, out := &in.SingleClusterRouting, &out.SingleClusterRouting *out = new(SingleClusterRoutingInitParameters) @@ -187,6 +192,11 @@ func (in *AppProfileObservation) DeepCopyInto(out *AppProfileObservation) { *out = new(string) **out = **in } + if in.RowAffinity != nil { + in, out := &in.RowAffinity, &out.RowAffinity + *out = new(bool) + **out = **in + } if in.SingleClusterRouting != nil { in, out := &in.SingleClusterRouting, &out.SingleClusterRouting *out = new(SingleClusterRoutingObservation) @@ -263,6 +273,11 @@ func (in *AppProfileParameters) DeepCopyInto(out *AppProfileParameters) { *out = new(string) **out = **in } + if in.RowAffinity != nil { + in, out := &in.RowAffinity, &out.RowAffinity + *out = new(bool) + **out = **in + } if in.SingleClusterRouting != nil { in, out := &in.SingleClusterRouting, &out.SingleClusterRouting *out = new(SingleClusterRoutingParameters) diff --git a/examples-generated/bigtable/v1beta1/table.yaml b/examples-generated/bigtable/v1beta1/table.yaml index f3ea9bc41..e07d83aa5 100644 --- a/examples-generated/bigtable/v1beta1/table.yaml +++ b/examples-generated/bigtable/v1beta1/table.yaml @@ -15,6 +15,11 @@ spec: columnFamily: - family: family-first - family: family-second + type: intsum + - family: family-third + type: " {\n\t\t\t\t\t\"aggregateType\": {\n\t\t\t\t\t\t\"max\": {},\n\t\t\t\t\t\t\"inputType\": + {\n\t\t\t\t\t\t\t\"int64Type\": {\n\t\t\t\t\t\t\t\t\"encoding\": {\n\t\t\t\t\t\t\t\t\t\"bigEndianBytes\": + {}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n" instanceNameSelector: matchLabels: testing.upbound.io/example-name: instance diff --git a/examples-generated/bigtable/v1beta2/appprofile.yaml b/examples-generated/bigtable/v1beta2/appprofile.yaml index 8e41f6fd7..d13b50f7a 100644 --- a/examples-generated/bigtable/v1beta2/appprofile.yaml +++ b/examples-generated/bigtable/v1beta2/appprofile.yaml @@ -39,4 +39,4 @@ spec: numNodes: 3 storageType: HDD zone: us-central1-c - deletionProtection: "true" + deletionProtection: true diff --git a/examples/bigtable/v1beta1/table.yaml b/examples/bigtable/v1beta1/table.yaml index a7a58aed1..1625a28b7 100644 --- a/examples/bigtable/v1beta1/table.yaml +++ b/examples/bigtable/v1beta1/table.yaml @@ -12,6 +12,24 @@ metadata: name: table spec: forProvider: + columnFamily: + - family: family-first + - family: family-second + type: intsum + - family: family-third + type: | + { + "aggregateType": { + "max": {}, + "inputType": { + "int64Type": { + "encoding": { + "bigEndianBytes": {} + } + } + } + } + } instanceNameSelector: matchLabels: testing.upbound.io/example-name: instance diff --git a/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml b/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml index 983cfc986..6e77ad907 100644 --- a/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml +++ b/package/crds/bigtable.gcp.upbound.io_appprofiles.yaml @@ -778,6 +778,8 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + rowAffinity: + type: boolean singleClusterRouting: description: |- Use a single-cluster routing policy. @@ -852,6 +854,8 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + rowAffinity: + type: boolean singleClusterRouting: description: |- Use a single-cluster routing policy. @@ -1096,6 +1100,8 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + rowAffinity: + type: boolean singleClusterRouting: description: |- Use a single-cluster routing policy. diff --git a/package/crds/bigtable.gcp.upbound.io_tables.yaml b/package/crds/bigtable.gcp.upbound.io_tables.yaml index a3fe8b950..4e1513566 100644 --- a/package/crds/bigtable.gcp.upbound.io_tables.yaml +++ b/package/crds/bigtable.gcp.upbound.io_tables.yaml @@ -96,6 +96,9 @@ spec: family: description: The name of the column family. type: string + type: + description: The type of the column family. + type: string type: object type: array deletionProtection: @@ -229,6 +232,9 @@ spec: family: description: The name of the column family. type: string + type: + description: The type of the column family. + type: string type: object type: array deletionProtection: @@ -444,6 +450,9 @@ spec: family: description: The name of the column family. type: string + type: + description: The type of the column family. + type: string type: object type: array deletionProtection: From d3fd33bbac9363b572f8c5d14b34c2110403460c Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 14:07:32 +0100 Subject: [PATCH 10/47] cloudrun: multiple changes Signed-off-by: Rickard von Essen --- .../cloudrun/v1beta2/zz_generated.deepcopy.go | 943 +++++++++++++++++- apis/cloudrun/v1beta2/zz_service_types.go | 152 +++ apis/cloudrun/v1beta2/zz_v2job_types.go | 157 ++- apis/cloudrun/v1beta2/zz_v2service_types.go | 339 ++++--- .../cloudrun/v1beta2/v2job.yaml | 1 + .../cloudrun/v1beta2/v2service.yaml | 1 + examples/cloudrun/v1beta2/v2job.yaml | 1 + examples/cloudrun/v1beta2/v2service.yaml | 1 + .../cloudrun.gcp.upbound.io_services.yaml | 195 ++++ .../crds/cloudrun.gcp.upbound.io_v2jobs.yaml | 188 +++- .../cloudrun.gcp.upbound.io_v2services.yaml | 211 +++- 11 files changed, 1986 insertions(+), 203 deletions(-) diff --git a/apis/cloudrun/v1beta2/zz_generated.deepcopy.go b/apis/cloudrun/v1beta2/zz_generated.deepcopy.go index dac166684..d1c797b36 100644 --- a/apis/cloudrun/v1beta2/zz_generated.deepcopy.go +++ b/apis/cloudrun/v1beta2/zz_generated.deepcopy.go @@ -1524,6 +1524,129 @@ func (in *ContainersVolumeMountsParameters) DeepCopy() *ContainersVolumeMountsPa return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CsiInitParameters) DeepCopyInto(out *CsiInitParameters) { + *out = *in + if in.Driver != nil { + in, out := &in.Driver, &out.Driver + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.VolumeAttributes != nil { + in, out := &in.VolumeAttributes, &out.VolumeAttributes + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CsiInitParameters. +func (in *CsiInitParameters) DeepCopy() *CsiInitParameters { + if in == nil { + return nil + } + out := new(CsiInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CsiObservation) DeepCopyInto(out *CsiObservation) { + *out = *in + if in.Driver != nil { + in, out := &in.Driver, &out.Driver + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.VolumeAttributes != nil { + in, out := &in.VolumeAttributes, &out.VolumeAttributes + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CsiObservation. +func (in *CsiObservation) DeepCopy() *CsiObservation { + if in == nil { + return nil + } + out := new(CsiObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CsiParameters) DeepCopyInto(out *CsiParameters) { + *out = *in + if in.Driver != nil { + in, out := &in.Driver, &out.Driver + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.VolumeAttributes != nil { + in, out := &in.VolumeAttributes, &out.VolumeAttributes + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CsiParameters. +func (in *CsiParameters) DeepCopy() *CsiParameters { + if in == nil { + return nil + } + out := new(CsiParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DomainMapping) DeepCopyInto(out *DomainMapping) { *out = *in @@ -1750,6 +1873,81 @@ func (in *DomainMappingStatus) DeepCopy() *DomainMappingStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmptyDirInitParameters) DeepCopyInto(out *EmptyDirInitParameters) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmptyDirInitParameters. +func (in *EmptyDirInitParameters) DeepCopy() *EmptyDirInitParameters { + if in == nil { + return nil + } + out := new(EmptyDirInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmptyDirObservation) DeepCopyInto(out *EmptyDirObservation) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmptyDirObservation. +func (in *EmptyDirObservation) DeepCopy() *EmptyDirObservation { + if in == nil { + return nil + } + out := new(EmptyDirObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EmptyDirParameters) DeepCopyInto(out *EmptyDirParameters) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmptyDirParameters. +func (in *EmptyDirParameters) DeepCopy() *EmptyDirParameters { + if in == nil { + return nil + } + out := new(EmptyDirParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EnvFromInitParameters) DeepCopyInto(out *EnvFromInitParameters) { *out = *in @@ -2168,16 +2366,6 @@ func (in *GcsInitParameters) DeepCopyInto(out *GcsInitParameters) { *out = new(string) **out = **in } - if in.BucketRef != nil { - in, out := &in.BucketRef, &out.BucketRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.BucketSelector != nil { - in, out := &in.BucketSelector, &out.BucketSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.ReadOnly != nil { in, out := &in.ReadOnly, &out.ReadOnly *out = new(bool) @@ -2228,16 +2416,6 @@ func (in *GcsParameters) DeepCopyInto(out *GcsParameters) { *out = new(string) **out = **in } - if in.BucketRef != nil { - in, out := &in.BucketRef, &out.BucketRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.BucketSelector != nil { - in, out := &in.BucketSelector, &out.BucketSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.ReadOnly != nil { in, out := &in.ReadOnly, &out.ReadOnly *out = new(bool) @@ -3888,11 +4066,6 @@ func (in *ResourcesParameters) DeepCopy() *ResourcesParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScalingInitParameters) DeepCopyInto(out *ScalingInitParameters) { *out = *in - if in.MaxInstanceCount != nil { - in, out := &in.MaxInstanceCount, &out.MaxInstanceCount - *out = new(float64) - **out = **in - } if in.MinInstanceCount != nil { in, out := &in.MinInstanceCount, &out.MinInstanceCount *out = new(float64) @@ -3913,11 +4086,6 @@ func (in *ScalingInitParameters) DeepCopy() *ScalingInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScalingObservation) DeepCopyInto(out *ScalingObservation) { *out = *in - if in.MaxInstanceCount != nil { - in, out := &in.MaxInstanceCount, &out.MaxInstanceCount - *out = new(float64) - **out = **in - } if in.MinInstanceCount != nil { in, out := &in.MinInstanceCount, &out.MinInstanceCount *out = new(float64) @@ -3938,11 +4106,6 @@ func (in *ScalingObservation) DeepCopy() *ScalingObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScalingParameters) DeepCopyInto(out *ScalingParameters) { *out = *in - if in.MaxInstanceCount != nil { - in, out := &in.MaxInstanceCount, &out.MaxInstanceCount - *out = new(float64) - **out = **in - } if in.MinInstanceCount != nil { in, out := &in.MinInstanceCount, &out.MinInstanceCount *out = new(float64) @@ -6973,6 +7136,81 @@ func (in *TemplateParameters) DeepCopy() *TemplateParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateScalingInitParameters) DeepCopyInto(out *TemplateScalingInitParameters) { + *out = *in + if in.MaxInstanceCount != nil { + in, out := &in.MaxInstanceCount, &out.MaxInstanceCount + *out = new(float64) + **out = **in + } + if in.MinInstanceCount != nil { + in, out := &in.MinInstanceCount, &out.MinInstanceCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateScalingInitParameters. +func (in *TemplateScalingInitParameters) DeepCopy() *TemplateScalingInitParameters { + if in == nil { + return nil + } + out := new(TemplateScalingInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateScalingObservation) DeepCopyInto(out *TemplateScalingObservation) { + *out = *in + if in.MaxInstanceCount != nil { + in, out := &in.MaxInstanceCount, &out.MaxInstanceCount + *out = new(float64) + **out = **in + } + if in.MinInstanceCount != nil { + in, out := &in.MinInstanceCount, &out.MinInstanceCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateScalingObservation. +func (in *TemplateScalingObservation) DeepCopy() *TemplateScalingObservation { + if in == nil { + return nil + } + out := new(TemplateScalingObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateScalingParameters) DeepCopyInto(out *TemplateScalingParameters) { + *out = *in + if in.MaxInstanceCount != nil { + in, out := &in.MaxInstanceCount, &out.MaxInstanceCount + *out = new(float64) + **out = **in + } + if in.MinInstanceCount != nil { + in, out := &in.MinInstanceCount, &out.MinInstanceCount + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateScalingParameters. +func (in *TemplateScalingParameters) DeepCopy() *TemplateScalingParameters { + if in == nil { + return nil + } + out := new(TemplateScalingParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TemplateSpecInitParameters) DeepCopyInto(out *TemplateSpecInitParameters) { *out = *in @@ -7384,15 +7622,105 @@ func (in *TemplateVPCAccessParameters) DeepCopy() *TemplateVPCAccessParameters { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateVolumesInitParameters) DeepCopyInto(out *TemplateVolumesInitParameters) { +func (in *TemplateVolumesEmptyDirInitParameters) DeepCopyInto(out *TemplateVolumesEmptyDirInitParameters) { *out = *in - if in.CloudSQLInstance != nil { - in, out := &in.CloudSQLInstance, &out.CloudSQLInstance - *out = new(CloudSQLInstanceInitParameters) - (*in).DeepCopyInto(*out) - } - if in.Name != nil { - in, out := &in.Name, &out.Name + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVolumesEmptyDirInitParameters. +func (in *TemplateVolumesEmptyDirInitParameters) DeepCopy() *TemplateVolumesEmptyDirInitParameters { + if in == nil { + return nil + } + out := new(TemplateVolumesEmptyDirInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateVolumesEmptyDirObservation) DeepCopyInto(out *TemplateVolumesEmptyDirObservation) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVolumesEmptyDirObservation. +func (in *TemplateVolumesEmptyDirObservation) DeepCopy() *TemplateVolumesEmptyDirObservation { + if in == nil { + return nil + } + out := new(TemplateVolumesEmptyDirObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateVolumesEmptyDirParameters) DeepCopyInto(out *TemplateVolumesEmptyDirParameters) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVolumesEmptyDirParameters. +func (in *TemplateVolumesEmptyDirParameters) DeepCopy() *TemplateVolumesEmptyDirParameters { + if in == nil { + return nil + } + out := new(TemplateVolumesEmptyDirParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateVolumesInitParameters) DeepCopyInto(out *TemplateVolumesInitParameters) { + *out = *in + if in.CloudSQLInstance != nil { + in, out := &in.CloudSQLInstance, &out.CloudSQLInstance + *out = new(CloudSQLInstanceInitParameters) + (*in).DeepCopyInto(*out) + } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(VolumesEmptyDirInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Gcs != nil { + in, out := &in.Gcs, &out.Gcs + *out = new(GcsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = new(VolumesNFSInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Name != nil { + in, out := &in.Name, &out.Name *out = new(string) **out = **in } @@ -7413,6 +7741,96 @@ func (in *TemplateVolumesInitParameters) DeepCopy() *TemplateVolumesInitParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateVolumesNFSInitParameters) DeepCopyInto(out *TemplateVolumesNFSInitParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVolumesNFSInitParameters. +func (in *TemplateVolumesNFSInitParameters) DeepCopy() *TemplateVolumesNFSInitParameters { + if in == nil { + return nil + } + out := new(TemplateVolumesNFSInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateVolumesNFSObservation) DeepCopyInto(out *TemplateVolumesNFSObservation) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVolumesNFSObservation. +func (in *TemplateVolumesNFSObservation) DeepCopy() *TemplateVolumesNFSObservation { + if in == nil { + return nil + } + out := new(TemplateVolumesNFSObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateVolumesNFSParameters) DeepCopyInto(out *TemplateVolumesNFSParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateVolumesNFSParameters. +func (in *TemplateVolumesNFSParameters) DeepCopy() *TemplateVolumesNFSParameters { + if in == nil { + return nil + } + out := new(TemplateVolumesNFSParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TemplateVolumesObservation) DeepCopyInto(out *TemplateVolumesObservation) { *out = *in @@ -7421,6 +7839,21 @@ func (in *TemplateVolumesObservation) DeepCopyInto(out *TemplateVolumesObservati *out = new(CloudSQLInstanceObservation) (*in).DeepCopyInto(*out) } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(VolumesEmptyDirObservation) + (*in).DeepCopyInto(*out) + } + if in.Gcs != nil { + in, out := &in.Gcs, &out.Gcs + *out = new(GcsObservation) + (*in).DeepCopyInto(*out) + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = new(VolumesNFSObservation) + (*in).DeepCopyInto(*out) + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -7451,6 +7884,21 @@ func (in *TemplateVolumesParameters) DeepCopyInto(out *TemplateVolumesParameters *out = new(CloudSQLInstanceParameters) (*in).DeepCopyInto(*out) } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(VolumesEmptyDirParameters) + (*in).DeepCopyInto(*out) + } + if in.Gcs != nil { + in, out := &in.Gcs, &out.Gcs + *out = new(GcsParameters) + (*in).DeepCopyInto(*out) + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = new(VolumesNFSParameters) + (*in).DeepCopyInto(*out) + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -7960,6 +8408,11 @@ func (in *V2JobInitParameters) DeepCopyInto(out *V2JobInitParameters) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -8091,6 +8544,11 @@ func (in *V2JobObservation) DeepCopyInto(out *V2JobObservation) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.EffectiveAnnotations != nil { in, out := &in.EffectiveAnnotations, &out.EffectiveAnnotations *out = make(map[string]*string, len(*in)) @@ -8285,6 +8743,11 @@ func (in *V2JobParameters) DeepCopyInto(out *V2JobParameters) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -8801,6 +9264,11 @@ func (in *V2ServiceInitParameters) DeepCopyInto(out *V2ServiceInitParameters) { } } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -8811,6 +9279,11 @@ func (in *V2ServiceInitParameters) DeepCopyInto(out *V2ServiceInitParameters) { *out = new(string) **out = **in } + if in.InvokerIAMDisabled != nil { + in, out := &in.InvokerIAMDisabled, &out.InvokerIAMDisabled + *out = new(bool) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -8837,6 +9310,11 @@ func (in *V2ServiceInitParameters) DeepCopyInto(out *V2ServiceInitParameters) { *out = new(string) **out = **in } + if in.Scaling != nil { + in, out := &in.Scaling, &out.Scaling + *out = new(ScalingInitParameters) + (*in).DeepCopyInto(*out) + } if in.Template != nil { in, out := &in.Template, &out.Template *out = new(V2ServiceTemplateInitParameters) @@ -8960,6 +9438,11 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -9022,6 +9505,11 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { *out = new(string) **out = **in } + if in.InvokerIAMDisabled != nil { + in, out := &in.InvokerIAMDisabled, &out.InvokerIAMDisabled + *out = new(bool) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -9078,6 +9566,11 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { *out = new(bool) **out = **in } + if in.Scaling != nil { + in, out := &in.Scaling, &out.Scaling + *out = new(ScalingObservation) + (*in).DeepCopyInto(*out) + } if in.Template != nil { in, out := &in.Template, &out.Template *out = new(V2ServiceTemplateObservation) @@ -9135,6 +9628,17 @@ func (in *V2ServiceObservation) DeepCopyInto(out *V2ServiceObservation) { *out = new(string) **out = **in } + if in.Urls != nil { + in, out := &in.Urls, &out.Urls + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new V2ServiceObservation. @@ -9192,6 +9696,11 @@ func (in *V2ServiceParameters) DeepCopyInto(out *V2ServiceParameters) { } } } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -9202,6 +9711,11 @@ func (in *V2ServiceParameters) DeepCopyInto(out *V2ServiceParameters) { *out = new(string) **out = **in } + if in.InvokerIAMDisabled != nil { + in, out := &in.InvokerIAMDisabled, &out.InvokerIAMDisabled + *out = new(bool) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -9233,6 +9747,11 @@ func (in *V2ServiceParameters) DeepCopyInto(out *V2ServiceParameters) { *out = new(string) **out = **in } + if in.Scaling != nil { + in, out := &in.Scaling, &out.Scaling + *out = new(ScalingParameters) + (*in).DeepCopyInto(*out) + } if in.Template != nil { in, out := &in.Template, &out.Template *out = new(V2ServiceTemplateParameters) @@ -9647,7 +10166,7 @@ func (in *V2ServiceTemplateInitParameters) DeepCopyInto(out *V2ServiceTemplateIn } if in.Scaling != nil { in, out := &in.Scaling, &out.Scaling - *out = new(ScalingInitParameters) + *out = new(TemplateScalingInitParameters) (*in).DeepCopyInto(*out) } if in.ServiceAccount != nil { @@ -9753,7 +10272,7 @@ func (in *V2ServiceTemplateObservation) DeepCopyInto(out *V2ServiceTemplateObser } if in.Scaling != nil { in, out := &in.Scaling, &out.Scaling - *out = new(ScalingObservation) + *out = new(TemplateScalingObservation) (*in).DeepCopyInto(*out) } if in.ServiceAccount != nil { @@ -9859,7 +10378,7 @@ func (in *V2ServiceTemplateParameters) DeepCopyInto(out *V2ServiceTemplateParame } if in.Scaling != nil { in, out := &in.Scaling, &out.Scaling - *out = new(ScalingParameters) + *out = new(TemplateScalingParameters) (*in).DeepCopyInto(*out) } if in.ServiceAccount != nil { @@ -9909,14 +10428,19 @@ func (in *V2ServiceTemplateVolumesInitParameters) DeepCopyInto(out *V2ServiceTem *out = new(VolumesCloudSQLInstanceInitParameters) (*in).DeepCopyInto(*out) } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(TemplateVolumesEmptyDirInitParameters) + (*in).DeepCopyInto(*out) + } if in.Gcs != nil { in, out := &in.Gcs, &out.Gcs - *out = new(GcsInitParameters) + *out = new(VolumesGcsInitParameters) (*in).DeepCopyInto(*out) } if in.NFS != nil { in, out := &in.NFS, &out.NFS - *out = new(NFSInitParameters) + *out = new(TemplateVolumesNFSInitParameters) (*in).DeepCopyInto(*out) } if in.Name != nil { @@ -9949,14 +10473,19 @@ func (in *V2ServiceTemplateVolumesObservation) DeepCopyInto(out *V2ServiceTempla *out = new(VolumesCloudSQLInstanceObservation) (*in).DeepCopyInto(*out) } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(TemplateVolumesEmptyDirObservation) + (*in).DeepCopyInto(*out) + } if in.Gcs != nil { in, out := &in.Gcs, &out.Gcs - *out = new(GcsObservation) + *out = new(VolumesGcsObservation) (*in).DeepCopyInto(*out) } if in.NFS != nil { in, out := &in.NFS, &out.NFS - *out = new(NFSObservation) + *out = new(TemplateVolumesNFSObservation) (*in).DeepCopyInto(*out) } if in.Name != nil { @@ -9989,14 +10518,19 @@ func (in *V2ServiceTemplateVolumesParameters) DeepCopyInto(out *V2ServiceTemplat *out = new(VolumesCloudSQLInstanceParameters) (*in).DeepCopyInto(*out) } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(TemplateVolumesEmptyDirParameters) + (*in).DeepCopyInto(*out) + } if in.Gcs != nil { in, out := &in.Gcs, &out.Gcs - *out = new(GcsParameters) + *out = new(VolumesGcsParameters) (*in).DeepCopyInto(*out) } if in.NFS != nil { in, out := &in.NFS, &out.NFS - *out = new(NFSParameters) + *out = new(TemplateVolumesNFSParameters) (*in).DeepCopyInto(*out) } if in.Name != nil { @@ -10807,9 +11341,194 @@ func (in *VolumesCloudSQLInstanceParameters) DeepCopy() *VolumesCloudSQLInstance return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesEmptyDirInitParameters) DeepCopyInto(out *VolumesEmptyDirInitParameters) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesEmptyDirInitParameters. +func (in *VolumesEmptyDirInitParameters) DeepCopy() *VolumesEmptyDirInitParameters { + if in == nil { + return nil + } + out := new(VolumesEmptyDirInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesEmptyDirObservation) DeepCopyInto(out *VolumesEmptyDirObservation) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesEmptyDirObservation. +func (in *VolumesEmptyDirObservation) DeepCopy() *VolumesEmptyDirObservation { + if in == nil { + return nil + } + out := new(VolumesEmptyDirObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesEmptyDirParameters) DeepCopyInto(out *VolumesEmptyDirParameters) { + *out = *in + if in.Medium != nil { + in, out := &in.Medium, &out.Medium + *out = new(string) + **out = **in + } + if in.SizeLimit != nil { + in, out := &in.SizeLimit, &out.SizeLimit + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesEmptyDirParameters. +func (in *VolumesEmptyDirParameters) DeepCopy() *VolumesEmptyDirParameters { + if in == nil { + return nil + } + out := new(VolumesEmptyDirParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesGcsInitParameters) DeepCopyInto(out *VolumesGcsInitParameters) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.BucketRef != nil { + in, out := &in.BucketRef, &out.BucketRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BucketSelector != nil { + in, out := &in.BucketSelector, &out.BucketSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesGcsInitParameters. +func (in *VolumesGcsInitParameters) DeepCopy() *VolumesGcsInitParameters { + if in == nil { + return nil + } + out := new(VolumesGcsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesGcsObservation) DeepCopyInto(out *VolumesGcsObservation) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesGcsObservation. +func (in *VolumesGcsObservation) DeepCopy() *VolumesGcsObservation { + if in == nil { + return nil + } + out := new(VolumesGcsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesGcsParameters) DeepCopyInto(out *VolumesGcsParameters) { + *out = *in + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.BucketRef != nil { + in, out := &in.BucketRef, &out.BucketRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BucketSelector != nil { + in, out := &in.BucketSelector, &out.BucketSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesGcsParameters. +func (in *VolumesGcsParameters) DeepCopy() *VolumesGcsParameters { + if in == nil { + return nil + } + out := new(VolumesGcsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumesInitParameters) DeepCopyInto(out *VolumesInitParameters) { *out = *in + if in.Csi != nil { + in, out := &in.Csi, &out.Csi + *out = new(CsiInitParameters) + (*in).DeepCopyInto(*out) + } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(EmptyDirInitParameters) + (*in).DeepCopyInto(*out) + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = new(NFSInitParameters) + (*in).DeepCopyInto(*out) + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -10832,9 +11551,114 @@ func (in *VolumesInitParameters) DeepCopy() *VolumesInitParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesNFSInitParameters) DeepCopyInto(out *VolumesNFSInitParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesNFSInitParameters. +func (in *VolumesNFSInitParameters) DeepCopy() *VolumesNFSInitParameters { + if in == nil { + return nil + } + out := new(VolumesNFSInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesNFSObservation) DeepCopyInto(out *VolumesNFSObservation) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesNFSObservation. +func (in *VolumesNFSObservation) DeepCopy() *VolumesNFSObservation { + if in == nil { + return nil + } + out := new(VolumesNFSObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumesNFSParameters) DeepCopyInto(out *VolumesNFSParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.ReadOnly != nil { + in, out := &in.ReadOnly, &out.ReadOnly + *out = new(bool) + **out = **in + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumesNFSParameters. +func (in *VolumesNFSParameters) DeepCopy() *VolumesNFSParameters { + if in == nil { + return nil + } + out := new(VolumesNFSParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumesObservation) DeepCopyInto(out *VolumesObservation) { *out = *in + if in.Csi != nil { + in, out := &in.Csi, &out.Csi + *out = new(CsiObservation) + (*in).DeepCopyInto(*out) + } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(EmptyDirObservation) + (*in).DeepCopyInto(*out) + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = new(NFSObservation) + (*in).DeepCopyInto(*out) + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) @@ -10860,6 +11684,21 @@ func (in *VolumesObservation) DeepCopy() *VolumesObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumesParameters) DeepCopyInto(out *VolumesParameters) { *out = *in + if in.Csi != nil { + in, out := &in.Csi, &out.Csi + *out = new(CsiParameters) + (*in).DeepCopyInto(*out) + } + if in.EmptyDir != nil { + in, out := &in.EmptyDir, &out.EmptyDir + *out = new(EmptyDirParameters) + (*in).DeepCopyInto(*out) + } + if in.NFS != nil { + in, out := &in.NFS, &out.NFS + *out = new(NFSParameters) + (*in).DeepCopyInto(*out) + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) diff --git a/apis/cloudrun/v1beta2/zz_service_types.go b/apis/cloudrun/v1beta2/zz_service_types.go index 4bdd29aec..d59339a34 100755 --- a/apis/cloudrun/v1beta2/zz_service_types.go +++ b/apis/cloudrun/v1beta2/zz_service_types.go @@ -231,6 +231,77 @@ type ContainersParameters struct { WorkingDir *string `json:"workingDir,omitempty" tf:"working_dir,omitempty"` } +type CsiInitParameters struct { + + // Unique name representing the type of file system to be created. Cloud Run supports the following values: + Driver *string `json:"driver,omitempty" tf:"driver,omitempty"` + + // If true, mount the NFS volume as read only in all mounts. Defaults to false. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Driver-specific attributes. The following options are supported for available drivers: + // +mapType=granular + VolumeAttributes map[string]*string `json:"volumeAttributes,omitempty" tf:"volume_attributes,omitempty"` +} + +type CsiObservation struct { + + // Unique name representing the type of file system to be created. Cloud Run supports the following values: + Driver *string `json:"driver,omitempty" tf:"driver,omitempty"` + + // If true, mount the NFS volume as read only in all mounts. Defaults to false. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Driver-specific attributes. The following options are supported for available drivers: + // +mapType=granular + VolumeAttributes map[string]*string `json:"volumeAttributes,omitempty" tf:"volume_attributes,omitempty"` +} + +type CsiParameters struct { + + // Unique name representing the type of file system to be created. Cloud Run supports the following values: + // +kubebuilder:validation:Optional + Driver *string `json:"driver" tf:"driver,omitempty"` + + // If true, mount the NFS volume as read only in all mounts. Defaults to false. + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Driver-specific attributes. The following options are supported for available drivers: + // +kubebuilder:validation:Optional + // +mapType=granular + VolumeAttributes map[string]*string `json:"volumeAttributes,omitempty" tf:"volume_attributes,omitempty"` +} + +type EmptyDirInitParameters struct { + + // The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type EmptyDirObservation struct { + + // The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type EmptyDirParameters struct { + + // The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. + // +kubebuilder:validation:Optional + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + // +kubebuilder:validation:Optional + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + type EnvFromInitParameters struct { // The ConfigMap to select from. @@ -622,6 +693,45 @@ type LocalObjectReferenceParameters struct { Name *string `json:"name" tf:"name,omitempty"` } +type NFSInitParameters struct { + + // Path exported by the NFS server + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only in all mounts. Defaults to false. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // IP address or hostname of the NFS server + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type NFSObservation struct { + + // Path exported by the NFS server + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only in all mounts. Defaults to false. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // IP address or hostname of the NFS server + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type NFSParameters struct { + + // Path exported by the NFS server + // +kubebuilder:validation:Optional + Path *string `json:"path" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only in all mounts. Defaults to false. + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // IP address or hostname of the NFS server + // +kubebuilder:validation:Optional + Server *string `json:"server" tf:"server,omitempty"` +} + type PortsInitParameters struct { // Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to "8080". @@ -1856,6 +1966,19 @@ type VolumeMountsParameters struct { type VolumesInitParameters struct { + // A filesystem specified by the Container Storage Interface (CSI). + // Structure is documented below. + Csi *CsiInitParameters `json:"csi,omitempty" tf:"csi,omitempty"` + + // Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). + // Structure is documented below. + EmptyDir *EmptyDirInitParameters `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // A filesystem backed by a Network File System share. This filesystem requires the + // run.googleapis.com/execution-environment annotation to be unset or set to "gen2" + // Structure is documented below. + NFS *NFSInitParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1868,6 +1991,19 @@ type VolumesInitParameters struct { type VolumesObservation struct { + // A filesystem specified by the Container Storage Interface (CSI). + // Structure is documented below. + Csi *CsiObservation `json:"csi,omitempty" tf:"csi,omitempty"` + + // Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). + // Structure is documented below. + EmptyDir *EmptyDirObservation `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // A filesystem backed by a Network File System share. This filesystem requires the + // run.googleapis.com/execution-environment annotation to be unset or set to "gen2" + // Structure is documented below. + NFS *NFSObservation `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1880,6 +2016,22 @@ type VolumesObservation struct { type VolumesParameters struct { + // A filesystem specified by the Container Storage Interface (CSI). + // Structure is documented below. + // +kubebuilder:validation:Optional + Csi *CsiParameters `json:"csi,omitempty" tf:"csi,omitempty"` + + // Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). + // Structure is documented below. + // +kubebuilder:validation:Optional + EmptyDir *EmptyDirParameters `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // A filesystem backed by a Network File System share. This filesystem requires the + // run.googleapis.com/execution-environment annotation to be unset or set to "gen2" + // Structure is documented below. + // +kubebuilder:validation:Optional + NFS *NFSParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` diff --git a/apis/cloudrun/v1beta2/zz_v2job_types.go b/apis/cloudrun/v1beta2/zz_v2job_types.go index cae5ab573..86b4e4f77 100755 --- a/apis/cloudrun/v1beta2/zz_v2job_types.go +++ b/apis/cloudrun/v1beta2/zz_v2job_types.go @@ -213,6 +213,35 @@ type ContainersVolumeMountsParameters struct { Name *string `json:"name" tf:"name,omitempty"` } +type GcsInitParameters struct { + + // Name of the cloud storage bucket to back the volume. The resource service account must have permission to access the bucket. + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // If true, mount this volume as read-only in all mounts. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + +type GcsObservation struct { + + // Name of the cloud storage bucket to back the volume. The resource service account must have permission to access the bucket. + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // If true, mount this volume as read-only in all mounts. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + +type GcsParameters struct { + + // Name of the cloud storage bucket to back the volume. The resource service account must have permission to access the bucket. + // +kubebuilder:validation:Optional + Bucket *string `json:"bucket" tf:"bucket,omitempty"` + + // If true, mount this volume as read-only in all mounts. + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + type LatestCreatedExecutionInitParameters struct { } @@ -550,6 +579,18 @@ type TemplateVolumesInitParameters struct { // Structure is documented below. CloudSQLInstance *CloudSQLInstanceInitParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` + // Ephemeral storage used as a shared volume. + // Structure is documented below. + EmptyDir *VolumesEmptyDirInitParameters `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // Cloud Storage bucket mounted as a volume using GCSFuse. + // Structure is documented below. + Gcs *GcsInitParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` + + // NFS share mounted as a volume. + // Structure is documented below. + NFS *VolumesNFSInitParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -564,6 +605,18 @@ type TemplateVolumesObservation struct { // Structure is documented below. CloudSQLInstance *CloudSQLInstanceObservation `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` + // Ephemeral storage used as a shared volume. + // Structure is documented below. + EmptyDir *VolumesEmptyDirObservation `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // Cloud Storage bucket mounted as a volume using GCSFuse. + // Structure is documented below. + Gcs *GcsObservation `json:"gcs,omitempty" tf:"gcs,omitempty"` + + // NFS share mounted as a volume. + // Structure is documented below. + NFS *VolumesNFSObservation `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -579,6 +632,21 @@ type TemplateVolumesParameters struct { // +kubebuilder:validation:Optional CloudSQLInstance *CloudSQLInstanceParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` + // Ephemeral storage used as a shared volume. + // Structure is documented below. + // +kubebuilder:validation:Optional + EmptyDir *VolumesEmptyDirParameters `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // Cloud Storage bucket mounted as a volume using GCSFuse. + // Structure is documented below. + // +kubebuilder:validation:Optional + Gcs *GcsParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` + + // NFS share mounted as a volume. + // Structure is documented below. + // +kubebuilder:validation:Optional + NFS *VolumesNFSParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + // Volume's name. // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` @@ -692,6 +760,10 @@ type V2JobInitParameters struct { // Arbitrary version identifier for the API client. ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the job is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, // or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or // https://cloud.google.com/run/docs/configuring/labels. @@ -747,6 +819,10 @@ type V2JobObservation struct { // The deletion time. DeleteTime *string `json:"deleteTime,omitempty" tf:"delete_time,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the job is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // +mapType=granular EffectiveAnnotations map[string]*string `json:"effectiveAnnotations,omitempty" tf:"effective_annotations,omitempty"` @@ -759,7 +835,7 @@ type V2JobObservation struct { // Number of executions created for this job. ExecutionCount *float64 `json:"executionCount,omitempty" tf:"execution_count,omitempty"` - // For a deleted resource, the time after which it will be permamently deleted. + // For a deleted resource, the time after which it will be permanently deleted. ExpireTime *string `json:"expireTime,omitempty" tf:"expire_time,omitempty"` // A number that monotonically increases every time the user modifies the desired state. @@ -848,6 +924,11 @@ type V2JobParameters struct { // +kubebuilder:validation:Optional ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the job is allowed. + // +kubebuilder:validation:Optional + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, // or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or // https://cloud.google.com/run/docs/configuring/labels. @@ -1085,6 +1166,80 @@ type ValueSourceSecretKeyRefParameters struct { Version *string `json:"version" tf:"version,omitempty"` } +type VolumesEmptyDirInitParameters struct { + + // The different types of medium supported for EmptyDir. + // Default value is MEMORY. + // Possible values are: MEMORY. + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type VolumesEmptyDirObservation struct { + + // The different types of medium supported for EmptyDir. + // Default value is MEMORY. + // Possible values are: MEMORY. + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type VolumesEmptyDirParameters struct { + + // The different types of medium supported for EmptyDir. + // Default value is MEMORY. + // Possible values are: MEMORY. + // +kubebuilder:validation:Optional + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + // +kubebuilder:validation:Optional + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type VolumesNFSInitParameters struct { + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount this volume as read-only in all mounts. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server. + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type VolumesNFSObservation struct { + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount this volume as read-only in all mounts. + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server. + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type VolumesNFSParameters struct { + + // Path that is exported by the NFS server. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount this volume as read-only in all mounts. + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server. + // +kubebuilder:validation:Optional + Server *string `json:"server" tf:"server,omitempty"` +} + type VolumesSecretInitParameters struct { // Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. diff --git a/apis/cloudrun/v1beta2/zz_v2service_types.go b/apis/cloudrun/v1beta2/zz_v2service_types.go index 2c04f178f..99765f3c1 100755 --- a/apis/cloudrun/v1beta2/zz_v2service_types.go +++ b/apis/cloudrun/v1beta2/zz_v2service_types.go @@ -350,53 +350,6 @@ type EnvValueSourceSecretKeyRefParameters struct { Version *string `json:"version,omitempty" tf:"version,omitempty"` } -type GcsInitParameters struct { - - // GCS Bucket name - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/storage/v1beta2.Bucket - Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` - - // Reference to a Bucket in storage to populate bucket. - // +kubebuilder:validation:Optional - BucketRef *v1.Reference `json:"bucketRef,omitempty" tf:"-"` - - // Selector for a Bucket in storage to populate bucket. - // +kubebuilder:validation:Optional - BucketSelector *v1.Selector `json:"bucketSelector,omitempty" tf:"-"` - - // If true, mount the NFS volume as read only - ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` -} - -type GcsObservation struct { - - // GCS Bucket name - Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` - - // If true, mount the NFS volume as read only - ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` -} - -type GcsParameters struct { - - // GCS Bucket name - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/storage/v1beta2.Bucket - // +kubebuilder:validation:Optional - Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` - - // Reference to a Bucket in storage to populate bucket. - // +kubebuilder:validation:Optional - BucketRef *v1.Reference `json:"bucketRef,omitempty" tf:"-"` - - // Selector for a Bucket in storage to populate bucket. - // +kubebuilder:validation:Optional - BucketSelector *v1.Selector `json:"bucketSelector,omitempty" tf:"-"` - - // If true, mount the NFS volume as read only - // +kubebuilder:validation:Optional - ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` -} - type LivenessProbeGRPCInitParameters struct { // Port number to access on the container. Must be in the range 1 to 65535. @@ -540,70 +493,21 @@ type LivenessProbeTCPSocketParameters struct { Port *float64 `json:"port" tf:"port,omitempty"` } -type NFSInitParameters struct { - - // Path that is exported by the NFS server. - Path *string `json:"path,omitempty" tf:"path,omitempty"` - - // If true, mount the NFS volume as read only - ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` - - // Hostname or IP address of the NFS server - Server *string `json:"server,omitempty" tf:"server,omitempty"` -} - -type NFSObservation struct { - - // Path that is exported by the NFS server. - Path *string `json:"path,omitempty" tf:"path,omitempty"` - - // If true, mount the NFS volume as read only - ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` - - // Hostname or IP address of the NFS server - Server *string `json:"server,omitempty" tf:"server,omitempty"` -} - -type NFSParameters struct { - - // Path that is exported by the NFS server. - // +kubebuilder:validation:Optional - Path *string `json:"path" tf:"path,omitempty"` - - // If true, mount the NFS volume as read only - // +kubebuilder:validation:Optional - ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` - - // Hostname or IP address of the NFS server - // +kubebuilder:validation:Optional - Server *string `json:"server" tf:"server,omitempty"` -} - type ScalingInitParameters struct { - // Maximum number of serving instances that this resource should have. - MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` - - // Minimum number of serving instances that this resource should have. + // Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` } type ScalingObservation struct { - // Maximum number of serving instances that this resource should have. - MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` - - // Minimum number of serving instances that this resource should have. + // Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` } type ScalingParameters struct { - // Maximum number of serving instances that this resource should have. - // +kubebuilder:validation:Optional - MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` - - // Minimum number of serving instances that this resource should have. + // Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. // +kubebuilder:validation:Optional MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` } @@ -739,7 +643,7 @@ type TemplateContainersResourcesInitParameters struct { // resources is set, this field must be explicitly set to true to preserve the default behavior. CPUIdle *bool `json:"cpuIdle,omitempty" tf:"cpu_idle,omitempty"` - // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory, CPU, and nvidia.com/gpu are supported. Use key cpu for CPU limit, memory for memory limit, nvidia.com/gpu for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` @@ -753,7 +657,7 @@ type TemplateContainersResourcesObservation struct { // resources is set, this field must be explicitly set to true to preserve the default behavior. CPUIdle *bool `json:"cpuIdle,omitempty" tf:"cpu_idle,omitempty"` - // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory, CPU, and nvidia.com/gpu are supported. Use key cpu for CPU limit, memory for memory limit, nvidia.com/gpu for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` @@ -768,7 +672,7 @@ type TemplateContainersResourcesParameters struct { // +kubebuilder:validation:Optional CPUIdle *bool `json:"cpuIdle,omitempty" tf:"cpu_idle,omitempty"` - // Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + // Only memory, CPU, and nvidia.com/gpu are supported. Use key cpu for CPU limit, memory for memory limit, nvidia.com/gpu for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go // +kubebuilder:validation:Optional // +mapType=granular Limits map[string]*string `json:"limits,omitempty" tf:"limits,omitempty"` @@ -807,6 +711,38 @@ type TemplateContainersVolumeMountsParameters struct { Name *string `json:"name" tf:"name,omitempty"` } +type TemplateScalingInitParameters struct { + + // Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate + // a default value based on the project's available container instances quota in the region and specified instance size. + MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` + + // Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. + MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` +} + +type TemplateScalingObservation struct { + + // Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate + // a default value based on the project's available container instances quota in the region and specified instance size. + MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` + + // Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. + MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` +} + +type TemplateScalingParameters struct { + + // Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate + // a default value based on the project's available container instances quota in the region and specified instance size. + // +kubebuilder:validation:Optional + MaxInstanceCount *float64 `json:"maxInstanceCount,omitempty" tf:"max_instance_count,omitempty"` + + // Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. + // +kubebuilder:validation:Optional + MinInstanceCount *float64 `json:"minInstanceCount,omitempty" tf:"min_instance_count,omitempty"` +} + type TemplateVPCAccessInitParameters struct { // VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. @@ -852,6 +788,80 @@ type TemplateVPCAccessParameters struct { NetworkInterfaces []VPCAccessNetworkInterfacesParameters `json:"networkInterfaces,omitempty" tf:"network_interfaces,omitempty"` } +type TemplateVolumesEmptyDirInitParameters struct { + + // The different types of medium supported for EmptyDir. + // Default value is MEMORY. + // Possible values are: MEMORY. + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type TemplateVolumesEmptyDirObservation struct { + + // The different types of medium supported for EmptyDir. + // Default value is MEMORY. + // Possible values are: MEMORY. + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type TemplateVolumesEmptyDirParameters struct { + + // The different types of medium supported for EmptyDir. + // Default value is MEMORY. + // Possible values are: MEMORY. + // +kubebuilder:validation:Optional + Medium *string `json:"medium,omitempty" tf:"medium,omitempty"` + + // Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. + // +kubebuilder:validation:Optional + SizeLimit *string `json:"sizeLimit,omitempty" tf:"size_limit,omitempty"` +} + +type TemplateVolumesNFSInitParameters struct { + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type TemplateVolumesNFSObservation struct { + + // Path that is exported by the NFS server. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server + Server *string `json:"server,omitempty" tf:"server,omitempty"` +} + +type TemplateVolumesNFSParameters struct { + + // Path that is exported by the NFS server. + // +kubebuilder:validation:Optional + Path *string `json:"path" tf:"path,omitempty"` + + // If true, mount the NFS volume as read only + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` + + // Hostname or IP address of the NFS server + // +kubebuilder:validation:Optional + Server *string `json:"server" tf:"server,omitempty"` +} + type TemplateVolumesSecretInitParameters struct { // Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. @@ -1048,6 +1058,10 @@ type V2ServiceInitParameters struct { // For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. CustomAudiences []*string `json:"customAudiences,omitempty" tf:"custom_audiences,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the service is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // User-provided description of the Service. This field currently has a 512-character limit. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1055,6 +1069,9 @@ type V2ServiceInitParameters struct { // Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. Ingress *string `json:"ingress,omitempty" tf:"ingress,omitempty"` + // Disables IAM permission check for run.routes.invoke for callers of this service. This feature is available by invitation only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. + InvokerIAMDisabled *bool `json:"invokerIamDisabled,omitempty" tf:"invoker_iam_disabled,omitempty"` + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. // For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. // Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. @@ -1072,6 +1089,10 @@ type V2ServiceInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Scaling settings for this Revision. + // Structure is documented below. + Scaling *ScalingInitParameters `json:"scaling,omitempty" tf:"scaling,omitempty"` + // The template used to create revisions for this Service. // Structure is documented below. Template *V2ServiceTemplateInitParameters `json:"template,omitempty" tf:"template,omitempty"` @@ -1117,6 +1138,10 @@ type V2ServiceObservation struct { // The deletion time. DeleteTime *string `json:"deleteTime,omitempty" tf:"delete_time,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the service is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // User-provided description of the Service. This field currently has a 512-character limit. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1129,7 +1154,7 @@ type V2ServiceObservation struct { // A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` - // For a deleted resource, the time after which it will be permamently deleted. + // For a deleted resource, the time after which it will be permanently deleted. ExpireTime *string `json:"expireTime,omitempty" tf:"expire_time,omitempty"` // A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. @@ -1142,6 +1167,9 @@ type V2ServiceObservation struct { // Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. Ingress *string `json:"ingress,omitempty" tf:"ingress,omitempty"` + // Disables IAM permission check for run.routes.invoke for callers of this service. This feature is available by invitation only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. + InvokerIAMDisabled *bool `json:"invokerIamDisabled,omitempty" tf:"invoker_iam_disabled,omitempty"` + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. // For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. // Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. @@ -1180,6 +1208,10 @@ type V2ServiceObservation struct { // If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. Reconciling *bool `json:"reconciling,omitempty" tf:"reconciling,omitempty"` + // Scaling settings for this Revision. + // Structure is documented below. + Scaling *ScalingObservation `json:"scaling,omitempty" tf:"scaling,omitempty"` + // The template used to create revisions for this Service. // Structure is documented below. Template *V2ServiceTemplateObservation `json:"template,omitempty" tf:"template,omitempty"` @@ -1209,6 +1241,9 @@ type V2ServiceObservation struct { // The last-modified time. UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` + + // All URLs serving traffic for this Service. + Urls []*string `json:"urls,omitempty" tf:"urls,omitempty"` } type V2ServiceParameters struct { @@ -1239,6 +1274,11 @@ type V2ServiceParameters struct { // +kubebuilder:validation:Optional CustomAudiences []*string `json:"customAudiences,omitempty" tf:"custom_audiences,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the service is allowed. + // +kubebuilder:validation:Optional + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // User-provided description of the Service. This field currently has a 512-character limit. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1248,6 +1288,10 @@ type V2ServiceParameters struct { // +kubebuilder:validation:Optional Ingress *string `json:"ingress,omitempty" tf:"ingress,omitempty"` + // Disables IAM permission check for run.routes.invoke for callers of this service. This feature is available by invitation only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. + // +kubebuilder:validation:Optional + InvokerIAMDisabled *bool `json:"invokerIamDisabled,omitempty" tf:"invoker_iam_disabled,omitempty"` + // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. // For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. // Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. @@ -1272,6 +1316,11 @@ type V2ServiceParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Scaling settings for this Revision. + // Structure is documented below. + // +kubebuilder:validation:Optional + Scaling *ScalingParameters `json:"scaling,omitempty" tf:"scaling,omitempty"` + // The template used to create revisions for this Service. // Structure is documented below. // +kubebuilder:validation:Optional @@ -1469,7 +1518,7 @@ type V2ServiceTemplateInitParameters struct { // Scaling settings for this Revision. // Structure is documented below. - Scaling *ScalingInitParameters `json:"scaling,omitempty" tf:"scaling,omitempty"` + Scaling *TemplateScalingInitParameters `json:"scaling,omitempty" tf:"scaling,omitempty"` // Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -1526,7 +1575,7 @@ type V2ServiceTemplateObservation struct { // Scaling settings for this Revision. // Structure is documented below. - Scaling *ScalingObservation `json:"scaling,omitempty" tf:"scaling,omitempty"` + Scaling *TemplateScalingObservation `json:"scaling,omitempty" tf:"scaling,omitempty"` // Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -1591,7 +1640,7 @@ type V2ServiceTemplateParameters struct { // Scaling settings for this Revision. // Structure is documented below. // +kubebuilder:validation:Optional - Scaling *ScalingParameters `json:"scaling,omitempty" tf:"scaling,omitempty"` + Scaling *TemplateScalingParameters `json:"scaling,omitempty" tf:"scaling,omitempty"` // Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. // +kubebuilder:validation:Optional @@ -1623,13 +1672,17 @@ type V2ServiceTemplateVolumesInitParameters struct { // Structure is documented below. CloudSQLInstance *VolumesCloudSQLInstanceInitParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` - // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + // Ephemeral storage used as a shared volume. // Structure is documented below. - Gcs *GcsInitParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` + EmptyDir *TemplateVolumesEmptyDirInitParameters `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. + // Structure is documented below. + Gcs *VolumesGcsInitParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` // Represents an NFS mount. // Structure is documented below. - NFS *NFSInitParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + NFS *TemplateVolumesNFSInitParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1645,13 +1698,17 @@ type V2ServiceTemplateVolumesObservation struct { // Structure is documented below. CloudSQLInstance *VolumesCloudSQLInstanceObservation `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` - // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + // Ephemeral storage used as a shared volume. + // Structure is documented below. + EmptyDir *TemplateVolumesEmptyDirObservation `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. // Structure is documented below. - Gcs *GcsObservation `json:"gcs,omitempty" tf:"gcs,omitempty"` + Gcs *VolumesGcsObservation `json:"gcs,omitempty" tf:"gcs,omitempty"` // Represents an NFS mount. // Structure is documented below. - NFS *NFSObservation `json:"nfs,omitempty" tf:"nfs,omitempty"` + NFS *TemplateVolumesNFSObservation `json:"nfs,omitempty" tf:"nfs,omitempty"` // Volume's name. Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1668,15 +1725,20 @@ type V2ServiceTemplateVolumesParameters struct { // +kubebuilder:validation:Optional CloudSQLInstance *VolumesCloudSQLInstanceParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` - // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + // Ephemeral storage used as a shared volume. // Structure is documented below. // +kubebuilder:validation:Optional - Gcs *GcsParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` + EmptyDir *TemplateVolumesEmptyDirParameters `json:"emptyDir,omitempty" tf:"empty_dir,omitempty"` + + // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. + // Structure is documented below. + // +kubebuilder:validation:Optional + Gcs *VolumesGcsParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` // Represents an NFS mount. // Structure is documented below. // +kubebuilder:validation:Optional - NFS *NFSParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` + NFS *TemplateVolumesNFSParameters `json:"nfs,omitempty" tf:"nfs,omitempty"` // Volume's name. // +kubebuilder:validation:Optional @@ -1874,6 +1936,53 @@ type VolumesCloudSQLInstanceParameters struct { InstancesSelector *v1.Selector `json:"instancesSelector,omitempty" tf:"-"` } +type VolumesGcsInitParameters struct { + + // GCS Bucket name + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/storage/v1beta2.Bucket + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // Reference to a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketRef *v1.Reference `json:"bucketRef,omitempty" tf:"-"` + + // Selector for a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketSelector *v1.Selector `json:"bucketSelector,omitempty" tf:"-"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + +type VolumesGcsObservation struct { + + // GCS Bucket name + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // If true, mount the NFS volume as read only + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + +type VolumesGcsParameters struct { + + // GCS Bucket name + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/storage/v1beta2.Bucket + // +kubebuilder:validation:Optional + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // Reference to a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketRef *v1.Reference `json:"bucketRef,omitempty" tf:"-"` + + // Selector for a Bucket in storage to populate bucket. + // +kubebuilder:validation:Optional + BucketSelector *v1.Selector `json:"bucketSelector,omitempty" tf:"-"` + + // If true, mount the NFS volume as read only + // +kubebuilder:validation:Optional + ReadOnly *bool `json:"readOnly,omitempty" tf:"read_only,omitempty"` +} + type VolumesSecretItemsInitParameters struct { // Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. diff --git a/examples-generated/cloudrun/v1beta2/v2job.yaml b/examples-generated/cloudrun/v1beta2/v2job.yaml index d5758d243..ff083b403 100644 --- a/examples-generated/cloudrun/v1beta2/v2job.yaml +++ b/examples-generated/cloudrun/v1beta2/v2job.yaml @@ -8,6 +8,7 @@ metadata: name: default spec: forProvider: + deletionProtection: false location: us-central1 template: - template: diff --git a/examples-generated/cloudrun/v1beta2/v2service.yaml b/examples-generated/cloudrun/v1beta2/v2service.yaml index 2a2ba1ec0..34e763a2d 100644 --- a/examples-generated/cloudrun/v1beta2/v2service.yaml +++ b/examples-generated/cloudrun/v1beta2/v2service.yaml @@ -8,6 +8,7 @@ metadata: name: default spec: forProvider: + deletionProtection: false ingress: INGRESS_TRAFFIC_ALL location: us-central1 template: diff --git a/examples/cloudrun/v1beta2/v2job.yaml b/examples/cloudrun/v1beta2/v2job.yaml index bf515b23f..9913663f3 100644 --- a/examples/cloudrun/v1beta2/v2job.yaml +++ b/examples/cloudrun/v1beta2/v2job.yaml @@ -12,6 +12,7 @@ metadata: name: default spec: forProvider: + deletionProtection: false launchStage: BETA location: us-central1 template: diff --git a/examples/cloudrun/v1beta2/v2service.yaml b/examples/cloudrun/v1beta2/v2service.yaml index 47a970370..249883788 100644 --- a/examples/cloudrun/v1beta2/v2service.yaml +++ b/examples/cloudrun/v1beta2/v2service.yaml @@ -12,6 +12,7 @@ metadata: name: default spec: forProvider: + deletionProtection: false binaryAuthorization: breakglassJustification: Some justification useDefault: true diff --git a/package/crds/cloudrun.gcp.upbound.io_services.yaml b/package/crds/cloudrun.gcp.upbound.io_services.yaml index fc4e3b917..bb4814922 100644 --- a/package/crds/cloudrun.gcp.upbound.io_services.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_services.yaml @@ -3543,9 +3543,74 @@ spec: Structure is documented below. items: properties: + csi: + description: |- + A filesystem specified by the Container Storage Interface (CSI). + Structure is documented below. + properties: + driver: + description: 'Unique name representing the type + of file system to be created. Cloud Run supports + the following values:' + type: string + readOnly: + description: If true, mount the NFS volume as + read only in all mounts. Defaults to false. + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: 'Driver-specific attributes. The + following options are supported for available + drivers:' + type: object + x-kubernetes-map-type: granular + type: object + emptyDir: + description: |- + Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). + Structure is documented below. + properties: + medium: + description: The medium on which the data is + stored. The default is "" which means to use + the node's default medium. Must be an empty + string (default) or Memory. + type: string + sizeLimit: + description: 'Limit on the storage usable by + this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the + ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object name: description: Volume's name. type: string + nfs: + description: |- + A filesystem backed by a Network File System share. This filesystem requires the + run.googleapis.com/execution-environment annotation to be unset or set to "gen2" + Structure is documented below. + properties: + path: + description: Path exported by the NFS server + type: string + readOnly: + description: If true, mount the NFS volume as + read only in all mounts. Defaults to false. + type: boolean + server: + description: IP address or hostname of the NFS + server + type: string + type: object secret: description: |- The secret's value will be presented as the content of a file whose @@ -4359,9 +4424,74 @@ spec: Structure is documented below. items: properties: + csi: + description: |- + A filesystem specified by the Container Storage Interface (CSI). + Structure is documented below. + properties: + driver: + description: 'Unique name representing the type + of file system to be created. Cloud Run supports + the following values:' + type: string + readOnly: + description: If true, mount the NFS volume as + read only in all mounts. Defaults to false. + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: 'Driver-specific attributes. The + following options are supported for available + drivers:' + type: object + x-kubernetes-map-type: granular + type: object + emptyDir: + description: |- + Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). + Structure is documented below. + properties: + medium: + description: The medium on which the data is + stored. The default is "" which means to use + the node's default medium. Must be an empty + string (default) or Memory. + type: string + sizeLimit: + description: 'Limit on the storage usable by + this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the + ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object name: description: Volume's name. type: string + nfs: + description: |- + A filesystem backed by a Network File System share. This filesystem requires the + run.googleapis.com/execution-environment annotation to be unset or set to "gen2" + Structure is documented below. + properties: + path: + description: Path exported by the NFS server + type: string + readOnly: + description: If true, mount the NFS volume as + read only in all mounts. Defaults to false. + type: boolean + server: + description: IP address or hostname of the NFS + server + type: string + type: object secret: description: |- The secret's value will be presented as the content of a file whose @@ -5363,9 +5493,74 @@ spec: Structure is documented below. items: properties: + csi: + description: |- + A filesystem specified by the Container Storage Interface (CSI). + Structure is documented below. + properties: + driver: + description: 'Unique name representing the type + of file system to be created. Cloud Run supports + the following values:' + type: string + readOnly: + description: If true, mount the NFS volume as + read only in all mounts. Defaults to false. + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: 'Driver-specific attributes. The + following options are supported for available + drivers:' + type: object + x-kubernetes-map-type: granular + type: object + emptyDir: + description: |- + Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). + Structure is documented below. + properties: + medium: + description: The medium on which the data is + stored. The default is "" which means to use + the node's default medium. Must be an empty + string (default) or Memory. + type: string + sizeLimit: + description: 'Limit on the storage usable by + this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the + ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object name: description: Volume's name. type: string + nfs: + description: |- + A filesystem backed by a Network File System share. This filesystem requires the + run.googleapis.com/execution-environment annotation to be unset or set to "gen2" + Structure is documented below. + properties: + path: + description: Path exported by the NFS server + type: string + readOnly: + description: If true, mount the NFS volume as + read only in all mounts. Defaults to false. + type: boolean + server: + description: IP address or hostname of the NFS + server + type: string + type: object secret: description: |- The secret's value will be presented as the content of a file whose diff --git a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml index 1018aa2e3..e7d33f9f4 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml @@ -2367,6 +2367,11 @@ spec: clientVersion: description: Arbitrary version identifier for the API client. type: string + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the job is allowed. + type: boolean labels: additionalProperties: type: string @@ -2783,9 +2788,66 @@ spec: type: object type: object type: object + emptyDir: + description: |- + Ephemeral storage used as a shared volume. + Structure is documented below. + properties: + medium: + description: |- + The different types of medium supported for EmptyDir. + Default value is MEMORY. + Possible values are: MEMORY. + type: string + sizeLimit: + description: 'Limit on the storage usable by + this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the + ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object + gcs: + description: |- + Cloud Storage bucket mounted as a volume using GCSFuse. + Structure is documented below. + properties: + bucket: + description: Name of the cloud storage bucket + to back the volume. The resource service account + must have permission to access the bucket. + type: string + readOnly: + description: If true, mount this volume as read-only + in all mounts. + type: boolean + type: object name: description: Volume's name. type: string + nfs: + description: |- + NFS share mounted as a volume. + Structure is documented below. + properties: + path: + description: Path that is exported by the NFS + server. + type: string + readOnly: + description: If true, mount this volume as read-only + in all mounts. + type: boolean + server: + description: Hostname or IP address of the NFS + server. + type: string + type: object secret: description: |- Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -3001,6 +3063,11 @@ spec: clientVersion: description: Arbitrary version identifier for the API client. type: string + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the job is allowed. + type: boolean labels: additionalProperties: type: string @@ -3414,9 +3481,66 @@ spec: type: object type: object type: object + emptyDir: + description: |- + Ephemeral storage used as a shared volume. + Structure is documented below. + properties: + medium: + description: |- + The different types of medium supported for EmptyDir. + Default value is MEMORY. + Possible values are: MEMORY. + type: string + sizeLimit: + description: 'Limit on the storage usable by + this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the + ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object + gcs: + description: |- + Cloud Storage bucket mounted as a volume using GCSFuse. + Structure is documented below. + properties: + bucket: + description: Name of the cloud storage bucket + to back the volume. The resource service account + must have permission to access the bucket. + type: string + readOnly: + description: If true, mount this volume as read-only + in all mounts. + type: boolean + type: object name: description: Volume's name. type: string + nfs: + description: |- + NFS share mounted as a volume. + Structure is documented below. + properties: + path: + description: Path that is exported by the NFS + server. + type: string + readOnly: + description: If true, mount this volume as read-only + in all mounts. + type: boolean + server: + description: Hostname or IP address of the NFS + server. + type: string + type: object secret: description: |- Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -3852,6 +3976,11 @@ spec: deleteTime: description: The deletion time. type: string + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the job is allowed. + type: boolean effectiveAnnotations: additionalProperties: type: string @@ -3872,7 +4001,7 @@ spec: type: number expireTime: description: For a deleted resource, the time after which it will - be permamently deleted. + be permanently deleted. type: string generation: description: A number that monotonically increases every time @@ -4180,9 +4309,66 @@ spec: type: string type: array type: object + emptyDir: + description: |- + Ephemeral storage used as a shared volume. + Structure is documented below. + properties: + medium: + description: |- + The different types of medium supported for EmptyDir. + Default value is MEMORY. + Possible values are: MEMORY. + type: string + sizeLimit: + description: 'Limit on the storage usable by + this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the + ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object + gcs: + description: |- + Cloud Storage bucket mounted as a volume using GCSFuse. + Structure is documented below. + properties: + bucket: + description: Name of the cloud storage bucket + to back the volume. The resource service account + must have permission to access the bucket. + type: string + readOnly: + description: If true, mount this volume as read-only + in all mounts. + type: boolean + type: object name: description: Volume's name. type: string + nfs: + description: |- + NFS share mounted as a volume. + Structure is documented below. + properties: + path: + description: Path that is exported by the NFS + server. + type: string + readOnly: + description: If true, mount this volume as read-only + in all mounts. + type: boolean + server: + description: Hostname or IP address of the NFS + server. + type: string + type: object secret: description: |- Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret diff --git a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml index 6b7966d3a..9cb396581 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml @@ -3369,6 +3369,11 @@ spec: items: type: string type: array + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the service is allowed. + type: boolean description: description: User-provided description of the Service. This field currently has a 512-character limit. @@ -3378,6 +3383,11 @@ spec: Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. type: string + invokerIamDisabled: + description: Disables IAM permission check for run.routes.invoke + for callers of this service. This feature is available by invitation + only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. + type: boolean labels: additionalProperties: type: string @@ -3403,6 +3413,17 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + scaling: + description: |- + Scaling settings for this Revision. + Structure is documented below. + properties: + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. Defaults to 0. Must not be greater + than maximum instance count. + type: number + type: object template: description: |- The template used to create revisions for this Service. @@ -3693,13 +3714,13 @@ spec: limits: additionalProperties: type: string - description: 'Only memory and CPU are supported. - Use key cpu for CPU limit and memory for memory - limit. Note: The only supported values for CPU - are ''1'', ''2'', ''4'', and ''8''. Setting 4 - CPU requires at least 2Gi of memory. The values - of the map is string form of the ''quantity'' - k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + description: 'Only memory, CPU, and nvidia.com/gpu + are supported. Use key cpu for CPU limit, memory + for memory limit, nvidia.com/gpu for gpu limit. + Note: The only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU requires + at least 2Gi of memory. The values of the map + is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular startupCpuBoost: @@ -3863,12 +3884,14 @@ spec: Structure is documented below. properties: maxInstanceCount: - description: Maximum number of serving instances that - this resource should have. + description: |- + Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate + a default value based on the project's available container instances quota in the region and specified instance size. type: number minInstanceCount: description: Minimum number of serving instances that - this resource should have. + this resource should have. Defaults to 0. Must not be + greater than maximum instance count. type: number type: object serviceAccount: @@ -3988,9 +4011,32 @@ spec: type: object type: object type: object + emptyDir: + description: |- + Ephemeral storage used as a shared volume. + Structure is documented below. + properties: + medium: + description: |- + The different types of medium supported for EmptyDir. + Default value is MEMORY. + Possible values are: MEMORY. + type: string + sizeLimit: + description: 'Limit on the storage usable by this + EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory + limits of all containers in a pod. This field''s + values are of the ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object gcs: description: |- - Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. Structure is documented below. properties: bucket: @@ -4341,6 +4387,11 @@ spec: items: type: string type: array + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the service is allowed. + type: boolean description: description: User-provided description of the Service. This field currently has a 512-character limit. @@ -4350,6 +4401,11 @@ spec: Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. type: string + invokerIamDisabled: + description: Disables IAM permission check for run.routes.invoke + for callers of this service. This feature is available by invitation + only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. + type: boolean labels: additionalProperties: type: string @@ -4372,6 +4428,17 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + scaling: + description: |- + Scaling settings for this Revision. + Structure is documented below. + properties: + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. Defaults to 0. Must not be greater + than maximum instance count. + type: number + type: object template: description: |- The template used to create revisions for this Service. @@ -4662,13 +4729,13 @@ spec: limits: additionalProperties: type: string - description: 'Only memory and CPU are supported. - Use key cpu for CPU limit and memory for memory - limit. Note: The only supported values for CPU - are ''1'', ''2'', ''4'', and ''8''. Setting 4 - CPU requires at least 2Gi of memory. The values - of the map is string form of the ''quantity'' - k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + description: 'Only memory, CPU, and nvidia.com/gpu + are supported. Use key cpu for CPU limit, memory + for memory limit, nvidia.com/gpu for gpu limit. + Note: The only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU requires + at least 2Gi of memory. The values of the map + is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular startupCpuBoost: @@ -4832,12 +4899,14 @@ spec: Structure is documented below. properties: maxInstanceCount: - description: Maximum number of serving instances that - this resource should have. + description: |- + Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate + a default value based on the project's available container instances quota in the region and specified instance size. type: number minInstanceCount: description: Minimum number of serving instances that - this resource should have. + this resource should have. Defaults to 0. Must not be + greater than maximum instance count. type: number type: object serviceAccount: @@ -4957,9 +5026,32 @@ spec: type: object type: object type: object + emptyDir: + description: |- + Ephemeral storage used as a shared volume. + Structure is documented below. + properties: + medium: + description: |- + The different types of medium supported for EmptyDir. + Default value is MEMORY. + Possible values are: MEMORY. + type: string + sizeLimit: + description: 'Limit on the storage usable by this + EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory + limits of all containers in a pod. This field''s + values are of the ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object gcs: description: |- - Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. Structure is documented below. properties: bucket: @@ -5530,6 +5622,11 @@ spec: deleteTime: description: The deletion time. type: string + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the service is allowed. + type: boolean description: description: User-provided description of the Service. This field currently has a 512-character limit. @@ -5551,7 +5648,7 @@ spec: type: string expireTime: description: For a deleted resource, the time after which it will - be permamently deleted. + be permanently deleted. type: string generation: description: A number that monotonically increases every time @@ -5567,6 +5664,11 @@ spec: Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. type: string + invokerIamDisabled: + description: Disables IAM permission check for run.routes.invoke + for callers of this service. This feature is available by invitation + only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. + type: boolean labels: additionalProperties: type: string @@ -5619,6 +5721,17 @@ spec: If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. type: boolean + scaling: + description: |- + Scaling settings for this Revision. + Structure is documented below. + properties: + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. Defaults to 0. Must not be greater + than maximum instance count. + type: number + type: object template: description: |- The template used to create revisions for this Service. @@ -5832,13 +5945,13 @@ spec: limits: additionalProperties: type: string - description: 'Only memory and CPU are supported. - Use key cpu for CPU limit and memory for memory - limit. Note: The only supported values for CPU - are ''1'', ''2'', ''4'', and ''8''. Setting 4 - CPU requires at least 2Gi of memory. The values - of the map is string form of the ''quantity'' - k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + description: 'Only memory, CPU, and nvidia.com/gpu + are supported. Use key cpu for CPU limit, memory + for memory limit, nvidia.com/gpu for gpu limit. + Note: The only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU requires + at least 2Gi of memory. The values of the map + is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' type: object x-kubernetes-map-type: granular startupCpuBoost: @@ -6002,12 +6115,14 @@ spec: Structure is documented below. properties: maxInstanceCount: - description: Maximum number of serving instances that - this resource should have. + description: |- + Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate + a default value based on the project's available container instances quota in the region and specified instance size. type: number minInstanceCount: description: Minimum number of serving instances that - this resource should have. + this resource should have. Defaults to 0. Must not be + greater than maximum instance count. type: number type: object serviceAccount: @@ -6048,9 +6163,32 @@ spec: type: array x-kubernetes-list-type: set type: object + emptyDir: + description: |- + Ephemeral storage used as a shared volume. + Structure is documented below. + properties: + medium: + description: |- + The different types of medium supported for EmptyDir. + Default value is MEMORY. + Possible values are: MEMORY. + type: string + sizeLimit: + description: 'Limit on the storage usable by this + EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory + limits of all containers in a pod. This field''s + values are of the ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object gcs: description: |- - Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. Structure is documented below. properties: bucket: @@ -6290,6 +6428,11 @@ spec: uri: description: The main URI in which this Service is serving traffic. type: string + urls: + description: All URLs serving traffic for this Service. + items: + type: string + type: array type: object conditions: description: Conditions of the resource. From d3e783809a89b34bf1dc8904d725d1a01779fcd4 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 14:33:07 +0100 Subject: [PATCH 11/47] compute: multiple changes Signed-off-by: Rickard von Essen --- apis/compute/v1beta1/zz_attacheddisk_types.go | 10 + .../v1beta1/zz_externalvpngateway_types.go | 25 + .../zz_firewallpolicyassociation_types.go | 8 +- apis/compute/v1beta1/zz_generated.deepcopy.go | 100 + .../compute/v1beta1/zz_generated.resolvers.go | 4 +- .../v1beta1/zz_havpngateway_terraformed.go | 2 +- apis/compute/v1beta1/zz_network_types.go | 4 + ..._networkfirewallpolicyassociation_types.go | 14 +- .../v1beta1/zz_regionnetworkendpoint_types.go | 3 + ...nnetworkfirewallpolicyassociation_types.go | 14 +- .../v1beta1/zz_regiontargethttpproxy_types.go | 22 + .../zz_regiontargethttpsproxy_types.go | 22 + .../v1beta1/zz_serviceattachment_types.go | 34 + .../v1beta1/zz_targethttpproxy_types.go | 33 +- .../v1beta1/zz_targethttpsproxy_types.go | 45 +- apis/compute/v1beta2/zz_autoscaler_types.go | 6 +- .../v1beta2/zz_backendservice_types.go | 245 +- apis/compute/v1beta2/zz_disk_types.go | 12 +- apis/compute/v1beta2/zz_firewall_types.go | 12 +- .../v1beta2/zz_firewallpolicyrule_types.go | 161 +- apis/compute/v1beta2/zz_generated.deepcopy.go | 2622 ++++++++++++++++- .../compute/v1beta2/zz_generated.resolvers.go | 50 + .../v1beta2/zz_globalforwardingrule_types.go | 40 + apis/compute/v1beta2/zz_healthcheck_types.go | 36 +- apis/compute/v1beta2/zz_image_types.go | 26 +- apis/compute/v1beta2/zz_instance_types.go | 152 +- .../zz_instancefromtemplate_terraformed.go | 2 +- .../v1beta2/zz_instancefromtemplate_types.go | 126 +- .../v1beta2/zz_instancegroupmanager_types.go | 62 + .../v1beta2/zz_instancetemplate_types.go | 90 +- .../v1beta2/zz_managedsslcertificate_types.go | 7 - apis/compute/v1beta2/zz_nodetemplate_types.go | 106 + .../v1beta2/zz_regionautoscaler_types.go | 6 +- .../v1beta2/zz_regionbackendservice_types.go | 185 +- apis/compute/v1beta2/zz_regiondisk_types.go | 6 +- .../v1beta2/zz_regionhealthcheck_types.go | 39 +- .../zz_regioninstancegroupmanager_types.go | 133 + .../zz_regionnetworkendpointgroup_types.go | 41 + apis/compute/v1beta2/zz_routernat_types.go | 25 + apis/compute/v1beta2/zz_routerpeer_types.go | 30 +- .../v1beta2/zz_securitypolicy_types.go | 404 +++ apis/compute/v1beta2/zz_subnetwork_types.go | 60 +- .../v1beta1/firewallpolicyassociation.yaml | 26 +- .../v1beta1/instancegroupnamedport.yaml | 2 +- .../networkfirewallpolicyassociation.yaml | 13 +- ...egionnetworkfirewallpolicyassociation.yaml | 19 +- .../compute/v1beta2/firewallpolicyrule.yaml | 7 +- examples-generated/compute/v1beta2/image.yaml | 22 +- .../v1beta1/firewallpolicyassociation.yaml | 1 + .../v1beta1/instancegroupnamedport.yaml | 1 + .../networkfirewallpolicyassociation.yaml | 4 +- ...egionnetworkfirewallpolicyassociation.yaml | 3 +- .../compute.gcp.upbound.io_attacheddisks.yaml | 9 + .../compute.gcp.upbound.io_autoscalers.yaml | 6 +- ...ompute.gcp.upbound.io_backendservices.yaml | 248 +- .../crds/compute.gcp.upbound.io_disks.yaml | 12 +- ...te.gcp.upbound.io_externalvpngateways.yaml | 27 + ...upbound.io_firewallpolicyassociations.yaml | 9 +- ...te.gcp.upbound.io_firewallpolicyrules.yaml | 358 +-- .../compute.gcp.upbound.io_firewalls.yaml | 12 +- ....gcp.upbound.io_globalforwardingrules.yaml | 43 + .../compute.gcp.upbound.io_healthchecks.yaml | 36 +- .../crds/compute.gcp.upbound.io_images.yaml | 154 +- ....gcp.upbound.io_instancefromtemplates.yaml | 96 +- ....gcp.upbound.io_instancegroupmanagers.yaml | 99 + .../compute.gcp.upbound.io_instances.yaml | 188 +- ...pute.gcp.upbound.io_instancetemplates.yaml | 114 +- ...gcp.upbound.io_managedsslcertificates.yaml | 6 - .../compute.gcp.upbound.io_nodetemplates.yaml | 120 + ...pute.gcp.upbound.io_regionautoscalers.yaml | 6 +- ....gcp.upbound.io_regionbackendservices.yaml | 182 +- .../compute.gcp.upbound.io_regiondisks.yaml | 6 +- ...ute.gcp.upbound.io_regionhealthchecks.yaml | 40 +- ...pbound.io_regioninstancegroupmanagers.yaml | 216 ++ ...pbound.io_regionnetworkendpointgroups.yaml | 39 + ...gcp.upbound.io_regionnetworkendpoints.yaml | 4 + ...cp.upbound.io_regiontargethttpproxies.yaml | 24 + ...p.upbound.io_regiontargethttpsproxies.yaml | 24 + .../compute.gcp.upbound.io_routernats.yaml | 33 + .../compute.gcp.upbound.io_routerpeers.yaml | 36 +- ...mpute.gcp.upbound.io_securitypolicies.yaml | 555 ++++ ...ute.gcp.upbound.io_serviceattachments.yaml | 39 + .../compute.gcp.upbound.io_subnetworks.yaml | 57 +- ...pute.gcp.upbound.io_targethttpproxies.yaml | 33 +- ...ute.gcp.upbound.io_targethttpsproxies.yaml | 45 +- 85 files changed, 7018 insertions(+), 980 deletions(-) diff --git a/apis/compute/v1beta1/zz_attacheddisk_types.go b/apis/compute/v1beta1/zz_attacheddisk_types.go index edbe86e91..adeb57526 100755 --- a/apis/compute/v1beta1/zz_attacheddisk_types.go +++ b/apis/compute/v1beta1/zz_attacheddisk_types.go @@ -51,6 +51,9 @@ type AttachedDiskInitParameters struct { // +kubebuilder:validation:Optional InstanceSelector *v1.Selector `json:"instanceSelector,omitempty" tf:"-"` + // The disk interface used for attaching this disk. + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + // The mode in which to attach this disk, either READ_WRITE or // READ_ONLY. If not specified, the default is to attach the disk in // READ_WRITE mode. @@ -86,6 +89,9 @@ type AttachedDiskObservation struct { // as properties on the resource or provider. Instance *string `json:"instance,omitempty" tf:"instance,omitempty"` + // The disk interface used for attaching this disk. + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + // The mode in which to attach this disk, either READ_WRITE or // READ_ONLY. If not specified, the default is to attach the disk in // READ_WRITE mode. @@ -141,6 +147,10 @@ type AttachedDiskParameters struct { // +kubebuilder:validation:Optional InstanceSelector *v1.Selector `json:"instanceSelector,omitempty" tf:"-"` + // The disk interface used for attaching this disk. + // +kubebuilder:validation:Optional + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + // The mode in which to attach this disk, either READ_WRITE or // READ_ONLY. If not specified, the default is to attach the disk in // READ_WRITE mode. diff --git a/apis/compute/v1beta1/zz_externalvpngateway_types.go b/apis/compute/v1beta1/zz_externalvpngateway_types.go index 2bfc33e85..8dddd2138 100755 --- a/apis/compute/v1beta1/zz_externalvpngateway_types.go +++ b/apis/compute/v1beta1/zz_externalvpngateway_types.go @@ -119,6 +119,14 @@ type InterfaceInitParameters struct { // your on-premise gateway or another Cloud provider's VPN gateway, // it cannot be an IP address from Google Compute Engine. IPAddress *string `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // IPv6 address of the interface in the external VPN gateway. This IPv6 + // address can be either from your on-premise gateway or another Cloud + // provider's VPN gateway, it cannot be an IP address from Google Compute + // Engine. Must specify an IPv6 address (not IPV4-mapped) using any format + // described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format + // is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` } type InterfaceObservation struct { @@ -132,6 +140,14 @@ type InterfaceObservation struct { // your on-premise gateway or another Cloud provider's VPN gateway, // it cannot be an IP address from Google Compute Engine. IPAddress *string `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // IPv6 address of the interface in the external VPN gateway. This IPv6 + // address can be either from your on-premise gateway or another Cloud + // provider's VPN gateway, it cannot be an IP address from Google Compute + // Engine. Must specify an IPv6 address (not IPV4-mapped) using any format + // described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format + // is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` } type InterfaceParameters struct { @@ -147,6 +163,15 @@ type InterfaceParameters struct { // it cannot be an IP address from Google Compute Engine. // +kubebuilder:validation:Optional IPAddress *string `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + + // IPv6 address of the interface in the external VPN gateway. This IPv6 + // address can be either from your on-premise gateway or another Cloud + // provider's VPN gateway, it cannot be an IP address from Google Compute + // Engine. Must specify an IPv6 address (not IPV4-mapped) using any format + // described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format + // is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). + // +kubebuilder:validation:Optional + IPv6Address *string `json:"ipv6Address,omitempty" tf:"ipv6_address,omitempty"` } // ExternalVPNGatewaySpec defines the desired state of ExternalVPNGateway diff --git a/apis/compute/v1beta1/zz_firewallpolicyassociation_types.go b/apis/compute/v1beta1/zz_firewallpolicyassociation_types.go index ddf909aa8..5526a4992 100755 --- a/apis/compute/v1beta1/zz_firewallpolicyassociation_types.go +++ b/apis/compute/v1beta1/zz_firewallpolicyassociation_types.go @@ -28,7 +28,7 @@ type FirewallPolicyAssociationInitParameters struct { // +kubebuilder:validation:Optional AttachmentTargetSelector *v1.Selector `json:"attachmentTargetSelector,omitempty" tf:"-"` - // The firewall policy ID of the association. + // The firewall policy of the resource. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.FirewallPolicy // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() FirewallPolicy *string `json:"firewallPolicy,omitempty" tf:"firewall_policy,omitempty"` @@ -50,7 +50,7 @@ type FirewallPolicyAssociationObservation struct { // The target that the firewall policy is attached to. AttachmentTarget *string `json:"attachmentTarget,omitempty" tf:"attachment_target,omitempty"` - // The firewall policy ID of the association. + // The firewall policy of the resource. FirewallPolicy *string `json:"firewallPolicy,omitempty" tf:"firewall_policy,omitempty"` // an identifier for the resource with format locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}} @@ -79,7 +79,7 @@ type FirewallPolicyAssociationParameters struct { // +kubebuilder:validation:Optional AttachmentTargetSelector *v1.Selector `json:"attachmentTargetSelector,omitempty" tf:"-"` - // The firewall policy ID of the association. + // The firewall policy of the resource. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.FirewallPolicy // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional @@ -125,7 +125,7 @@ type FirewallPolicyAssociationStatus struct { // +kubebuilder:subresource:status // +kubebuilder:storageversion -// FirewallPolicyAssociation is the Schema for the FirewallPolicyAssociations API. Applies a hierarchical firewall policy to a target resource +// FirewallPolicyAssociation is the Schema for the FirewallPolicyAssociations API. Allows associating hierarchical firewall policies with the target where they are applied. // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/compute/v1beta1/zz_generated.deepcopy.go b/apis/compute/v1beta1/zz_generated.deepcopy.go index feab25b27..ad9b50493 100644 --- a/apis/compute/v1beta1/zz_generated.deepcopy.go +++ b/apis/compute/v1beta1/zz_generated.deepcopy.go @@ -1682,6 +1682,11 @@ func (in *AttachedDiskInitParameters) DeepCopyInto(out *AttachedDiskInitParamete *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.Mode != nil { in, out := &in.Mode, &out.Mode *out = new(string) @@ -1764,6 +1769,11 @@ func (in *AttachedDiskObservation) DeepCopyInto(out *AttachedDiskObservation) { *out = new(string) **out = **in } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.Mode != nil { in, out := &in.Mode, &out.Mode *out = new(string) @@ -1829,6 +1839,11 @@ func (in *AttachedDiskParameters) DeepCopyInto(out *AttachedDiskParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.Mode != nil { in, out := &in.Mode, &out.Mode *out = new(string) @@ -7222,11 +7237,26 @@ func (in *ConnectedEndpointsInitParameters) DeepCopy() *ConnectedEndpointsInitPa // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConnectedEndpointsObservation) DeepCopyInto(out *ConnectedEndpointsObservation) { *out = *in + if in.ConsumerNetwork != nil { + in, out := &in.ConsumerNetwork, &out.ConsumerNetwork + *out = new(string) + **out = **in + } if in.Endpoint != nil { in, out := &in.Endpoint, &out.Endpoint *out = new(string) **out = **in } + if in.PropagatedConnectionCount != nil { + in, out := &in.PropagatedConnectionCount, &out.PropagatedConnectionCount + *out = new(float64) + **out = **in + } + if in.PscConnectionID != nil { + in, out := &in.PscConnectionID, &out.PscConnectionID + *out = new(string) + **out = **in + } if in.Status != nil { in, out := &in.Status, &out.Status *out = new(string) @@ -29893,6 +29923,11 @@ func (in *InterfaceInitParameters) DeepCopyInto(out *InterfaceInitParameters) { *out = new(string) **out = **in } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfaceInitParameters. @@ -29918,6 +29953,11 @@ func (in *InterfaceObservation) DeepCopyInto(out *InterfaceObservation) { *out = new(string) **out = **in } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfaceObservation. @@ -29943,6 +29983,11 @@ func (in *InterfaceParameters) DeepCopyInto(out *InterfaceParameters) { *out = new(string) **out = **in } + if in.IPv6Address != nil { + in, out := &in.IPv6Address, &out.IPv6Address + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfaceParameters. @@ -34667,6 +34712,11 @@ func (in *NetworkObservation) DeepCopyInto(out *NetworkObservation) { *out = new(string) **out = **in } + if in.NetworkID != nil { + in, out := &in.NetworkID, &out.NetworkID + *out = new(string) + **out = **in + } if in.NumericID != nil { in, out := &in.NumericID, &out.NumericID *out = new(string) @@ -52590,6 +52640,11 @@ func (in *RegionNetworkEndpointObservation) DeepCopyInto(out *RegionNetworkEndpo *out = new(string) **out = **in } + if in.NetworkEndpointID != nil { + in, out := &in.NetworkEndpointID, &out.NetworkEndpointID + *out = new(float64) + **out = **in + } if in.Port != nil { in, out := &in.Port, &out.Port *out = new(float64) @@ -54004,6 +54059,11 @@ func (in *RegionTargetHTTPProxyInitParameters) DeepCopyInto(out *RegionTargetHTT *out = new(string) **out = **in } + if in.HTTPKeepAliveTimeoutSec != nil { + in, out := &in.HTTPKeepAliveTimeoutSec, &out.HTTPKeepAliveTimeoutSec + *out = new(float64) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -54081,6 +54141,11 @@ func (in *RegionTargetHTTPProxyObservation) DeepCopyInto(out *RegionTargetHTTPPr *out = new(string) **out = **in } + if in.HTTPKeepAliveTimeoutSec != nil { + in, out := &in.HTTPKeepAliveTimeoutSec, &out.HTTPKeepAliveTimeoutSec + *out = new(float64) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -54131,6 +54196,11 @@ func (in *RegionTargetHTTPProxyParameters) DeepCopyInto(out *RegionTargetHTTPPro *out = new(string) **out = **in } + if in.HTTPKeepAliveTimeoutSec != nil { + in, out := &in.HTTPKeepAliveTimeoutSec, &out.HTTPKeepAliveTimeoutSec + *out = new(float64) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -54249,6 +54319,11 @@ func (in *RegionTargetHTTPSProxyInitParameters) DeepCopyInto(out *RegionTargetHT *out = new(string) **out = **in } + if in.HTTPKeepAliveTimeoutSec != nil { + in, out := &in.HTTPKeepAliveTimeoutSec, &out.HTTPKeepAliveTimeoutSec + *out = new(float64) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -54370,6 +54445,11 @@ func (in *RegionTargetHTTPSProxyObservation) DeepCopyInto(out *RegionTargetHTTPS *out = new(string) **out = **in } + if in.HTTPKeepAliveTimeoutSec != nil { + in, out := &in.HTTPKeepAliveTimeoutSec, &out.HTTPKeepAliveTimeoutSec + *out = new(float64) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -54452,6 +54532,11 @@ func (in *RegionTargetHTTPSProxyParameters) DeepCopyInto(out *RegionTargetHTTPSP *out = new(string) **out = **in } + if in.HTTPKeepAliveTimeoutSec != nil { + in, out := &in.HTTPKeepAliveTimeoutSec, &out.HTTPKeepAliveTimeoutSec + *out = new(float64) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -66016,6 +66101,11 @@ func (in *ServiceAttachmentInitParameters) DeepCopyInto(out *ServiceAttachmentIn *out = new(string) **out = **in } + if in.PropagatedConnectionLimit != nil { + in, out := &in.PropagatedConnectionLimit, &out.PropagatedConnectionLimit + *out = new(float64) + **out = **in + } if in.ReconcileConnections != nil { in, out := &in.ReconcileConnections, &out.ReconcileConnections *out = new(bool) @@ -66160,6 +66250,11 @@ func (in *ServiceAttachmentObservation) DeepCopyInto(out *ServiceAttachmentObser *out = new(string) **out = **in } + if in.PropagatedConnectionLimit != nil { + in, out := &in.PropagatedConnectionLimit, &out.PropagatedConnectionLimit + *out = new(float64) + **out = **in + } if in.ReconcileConnections != nil { in, out := &in.ReconcileConnections, &out.ReconcileConnections *out = new(bool) @@ -66267,6 +66362,11 @@ func (in *ServiceAttachmentParameters) DeepCopyInto(out *ServiceAttachmentParame *out = new(string) **out = **in } + if in.PropagatedConnectionLimit != nil { + in, out := &in.PropagatedConnectionLimit, &out.PropagatedConnectionLimit + *out = new(float64) + **out = **in + } if in.ReconcileConnections != nil { in, out := &in.ReconcileConnections, &out.ReconcileConnections *out = new(bool) diff --git a/apis/compute/v1beta1/zz_generated.resolvers.go b/apis/compute/v1beta1/zz_generated.resolvers.go index f043d29da..da40dc8b6 100644 --- a/apis/compute/v1beta1/zz_generated.resolvers.go +++ b/apis/compute/v1beta1/zz_generated.resolvers.go @@ -2673,7 +2673,7 @@ func (mg *NetworkFirewallPolicyAssociation) ResolveReferences(ctx context.Contex rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.FirewallPolicy), - Extract: reference.ExternalName(), + Extract: resource.ExtractResourceID(), Reference: mg.Spec.ForProvider.FirewallPolicyRef, Selector: mg.Spec.ForProvider.FirewallPolicySelector, To: reference.To{List: l, Managed: m}, @@ -4088,7 +4088,7 @@ func (mg *RegionNetworkFirewallPolicyAssociation) ResolveReferences(ctx context. rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.FirewallPolicy), - Extract: reference.ExternalName(), + Extract: resource.ExtractResourceID(), Reference: mg.Spec.ForProvider.FirewallPolicyRef, Selector: mg.Spec.ForProvider.FirewallPolicySelector, To: reference.To{List: l, Managed: m}, diff --git a/apis/compute/v1beta1/zz_havpngateway_terraformed.go b/apis/compute/v1beta1/zz_havpngateway_terraformed.go index 249f787be..513b0b0c2 100755 --- a/apis/compute/v1beta1/zz_havpngateway_terraformed.go +++ b/apis/compute/v1beta1/zz_havpngateway_terraformed.go @@ -125,5 +125,5 @@ func (tr *HaVPNGateway) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *HaVPNGateway) GetTerraformSchemaVersion() int { - return 0 + return 1 } diff --git a/apis/compute/v1beta1/zz_network_types.go b/apis/compute/v1beta1/zz_network_types.go index a5778f1cb..089898190 100755 --- a/apis/compute/v1beta1/zz_network_types.go +++ b/apis/compute/v1beta1/zz_network_types.go @@ -113,6 +113,10 @@ type NetworkObservation struct { // Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL. NetworkFirewallPolicyEnforcementOrder *string `json:"networkFirewallPolicyEnforcementOrder,omitempty" tf:"network_firewall_policy_enforcement_order,omitempty"` + // The unique identifier for the resource. This identifier is defined by the server. + NetworkID *string `json:"networkId,omitempty" tf:"network_id,omitempty"` + + // (Deprecated) // The unique identifier for the resource. This identifier is defined by the server. NumericID *string `json:"numericId,omitempty" tf:"numeric_id,omitempty"` diff --git a/apis/compute/v1beta1/zz_networkfirewallpolicyassociation_types.go b/apis/compute/v1beta1/zz_networkfirewallpolicyassociation_types.go index 2f35721dc..db757f613 100755 --- a/apis/compute/v1beta1/zz_networkfirewallpolicyassociation_types.go +++ b/apis/compute/v1beta1/zz_networkfirewallpolicyassociation_types.go @@ -28,7 +28,8 @@ type NetworkFirewallPolicyAssociationInitParameters struct { // +kubebuilder:validation:Optional AttachmentTargetSelector *v1.Selector `json:"attachmentTargetSelector,omitempty" tf:"-"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` } @@ -37,13 +38,14 @@ type NetworkFirewallPolicyAssociationObservation struct { // The target that the firewall policy is attached to. AttachmentTarget *string `json:"attachmentTarget,omitempty" tf:"attachment_target,omitempty"` - // The firewall policy ID of the association. + // The firewall policy of the resource. FirewallPolicy *string `json:"firewallPolicy,omitempty" tf:"firewall_policy,omitempty"` // an identifier for the resource with format projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/associations/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` // The short name of the firewall policy of the association. @@ -66,8 +68,9 @@ type NetworkFirewallPolicyAssociationParameters struct { // +kubebuilder:validation:Optional AttachmentTargetSelector *v1.Selector `json:"attachmentTargetSelector,omitempty" tf:"-"` - // The firewall policy ID of the association. + // The firewall policy of the resource. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.NetworkFirewallPolicy + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional FirewallPolicy *string `json:"firewallPolicy,omitempty" tf:"firewall_policy,omitempty"` @@ -79,7 +82,8 @@ type NetworkFirewallPolicyAssociationParameters struct { // +kubebuilder:validation:Optional FirewallPolicySelector *v1.Selector `json:"firewallPolicySelector,omitempty" tf:"-"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` } diff --git a/apis/compute/v1beta1/zz_regionnetworkendpoint_types.go b/apis/compute/v1beta1/zz_regionnetworkendpoint_types.go index 540622b7b..1858b75f1 100755 --- a/apis/compute/v1beta1/zz_regionnetworkendpoint_types.go +++ b/apis/compute/v1beta1/zz_regionnetworkendpoint_types.go @@ -59,6 +59,9 @@ type RegionNetworkEndpointObservation struct { // This can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT. IPAddress *string `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + // The unique identifier number for the resource. This identifier is defined by the server. + NetworkEndpointID *float64 `json:"networkEndpointId,omitempty" tf:"network_endpoint_id,omitempty"` + // Port number of network endpoint. Port *float64 `json:"port,omitempty" tf:"port,omitempty"` diff --git a/apis/compute/v1beta1/zz_regionnetworkfirewallpolicyassociation_types.go b/apis/compute/v1beta1/zz_regionnetworkfirewallpolicyassociation_types.go index afe1bcf58..ba2e79f40 100755 --- a/apis/compute/v1beta1/zz_regionnetworkfirewallpolicyassociation_types.go +++ b/apis/compute/v1beta1/zz_regionnetworkfirewallpolicyassociation_types.go @@ -28,7 +28,8 @@ type RegionNetworkFirewallPolicyAssociationInitParameters struct { // +kubebuilder:validation:Optional AttachmentTargetSelector *v1.Selector `json:"attachmentTargetSelector,omitempty" tf:"-"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` } @@ -37,13 +38,14 @@ type RegionNetworkFirewallPolicyAssociationObservation struct { // The target that the firewall policy is attached to. AttachmentTarget *string `json:"attachmentTarget,omitempty" tf:"attachment_target,omitempty"` - // The firewall policy ID of the association. + // The firewall policy of the resource. FirewallPolicy *string `json:"firewallPolicy,omitempty" tf:"firewall_policy,omitempty"` // an identifier for the resource with format projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/associations/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` // The location of this resource. @@ -69,8 +71,9 @@ type RegionNetworkFirewallPolicyAssociationParameters struct { // +kubebuilder:validation:Optional AttachmentTargetSelector *v1.Selector `json:"attachmentTargetSelector,omitempty" tf:"-"` - // The firewall policy ID of the association. + // The firewall policy of the resource. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.RegionNetworkFirewallPolicy + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional FirewallPolicy *string `json:"firewallPolicy,omitempty" tf:"firewall_policy,omitempty"` @@ -82,7 +85,8 @@ type RegionNetworkFirewallPolicyAssociationParameters struct { // +kubebuilder:validation:Optional FirewallPolicySelector *v1.Selector `json:"firewallPolicySelector,omitempty" tf:"-"` - // The project for the resource + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/apis/compute/v1beta1/zz_regiontargethttpproxy_types.go b/apis/compute/v1beta1/zz_regiontargethttpproxy_types.go index b740b7dd1..ce72c86dd 100755 --- a/apis/compute/v1beta1/zz_regiontargethttpproxy_types.go +++ b/apis/compute/v1beta1/zz_regiontargethttpproxy_types.go @@ -18,6 +18,13 @@ type RegionTargetHTTPProxyInitParameters struct { // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Specifies how long to keep a connection open, after completing a response, + // while there is no matching traffic (in seconds). If an HTTP keepalive is + // not specified, a default value (600 seconds) will be used. For Regional + // HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + // maximum allowed value is 600 seconds. + HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -45,6 +52,13 @@ type RegionTargetHTTPProxyObservation struct { // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Specifies how long to keep a connection open, after completing a response, + // while there is no matching traffic (in seconds). If an HTTP keepalive is + // not specified, a default value (600 seconds) will be used. For Regional + // HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + // maximum allowed value is 600 seconds. + HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -73,6 +87,14 @@ type RegionTargetHTTPProxyParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Specifies how long to keep a connection open, after completing a response, + // while there is no matching traffic (in seconds). If an HTTP keepalive is + // not specified, a default value (600 seconds) will be used. For Regional + // HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + // maximum allowed value is 600 seconds. + // +kubebuilder:validation:Optional + HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional diff --git a/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go b/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go index 952d34791..4e6a52dc4 100755 --- a/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go +++ b/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go @@ -23,6 +23,13 @@ type RegionTargetHTTPSProxyInitParameters struct { // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Specifies how long to keep a connection open, after completing a response, + // while there is no matching traffic (in seconds). If an HTTP keepalive is + // not specified, a default value (600 seconds) will be used. For Regioanl + // HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + // maximum allowed value is 600 seconds. + HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -89,6 +96,13 @@ type RegionTargetHTTPSProxyObservation struct { // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Specifies how long to keep a connection open, after completing a response, + // while there is no matching traffic (in seconds). If an HTTP keepalive is + // not specified, a default value (600 seconds) will be used. For Regioanl + // HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + // maximum allowed value is 600 seconds. + HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -148,6 +162,14 @@ type RegionTargetHTTPSProxyParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Specifies how long to keep a connection open, after completing a response, + // while there is no matching traffic (in seconds). If an HTTP keepalive is + // not specified, a default value (600 seconds) will be used. For Regioanl + // HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + // maximum allowed value is 600 seconds. + // +kubebuilder:validation:Optional + HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional diff --git a/apis/compute/v1beta1/zz_serviceattachment_types.go b/apis/compute/v1beta1/zz_serviceattachment_types.go index f6d8207b8..136b199c9 100755 --- a/apis/compute/v1beta1/zz_serviceattachment_types.go +++ b/apis/compute/v1beta1/zz_serviceattachment_types.go @@ -18,10 +18,22 @@ type ConnectedEndpointsInitParameters struct { type ConnectedEndpointsObservation struct { + // (Output) + // The url of the consumer network. + ConsumerNetwork *string `json:"consumerNetwork,omitempty" tf:"consumer_network,omitempty"` + // (Output) // The URL of the consumer forwarding rule. Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` + // (Output) + // The number of consumer Network Connectivity Center spokes that the connected Private Service Connect endpoint has propagated to. + PropagatedConnectionCount *float64 `json:"propagatedConnectionCount,omitempty" tf:"propagated_connection_count,omitempty"` + + // (Output) + // The PSC connection id of the connected endpoint. + PscConnectionID *string `json:"pscConnectionId,omitempty" tf:"psc_connection_id,omitempty"` + // (Output) // The status of the connection from the consumer forwarding rule to // this service attachment. @@ -144,6 +156,13 @@ type ServiceAttachmentInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center. + // This limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer. + // If the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list. + // If the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint. + // If unspecified, the default propagated connection limit is 250. + PropagatedConnectionLimit *float64 `json:"propagatedConnectionLimit,omitempty" tf:"propagated_connection_limit,omitempty"` + // This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. // If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . // If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. @@ -211,6 +230,13 @@ type ServiceAttachmentObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center. + // This limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer. + // If the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list. + // If the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint. + // If unspecified, the default propagated connection limit is 250. + PropagatedConnectionLimit *float64 `json:"propagatedConnectionLimit,omitempty" tf:"propagated_connection_limit,omitempty"` + // This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. // If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . // If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. @@ -279,6 +305,14 @@ type ServiceAttachmentParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center. + // This limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer. + // If the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list. + // If the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint. + // If unspecified, the default propagated connection limit is 250. + // +kubebuilder:validation:Optional + PropagatedConnectionLimit *float64 `json:"propagatedConnectionLimit,omitempty" tf:"propagated_connection_limit,omitempty"` + // This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. // If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . // If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. diff --git a/apis/compute/v1beta1/zz_targethttpproxy_types.go b/apis/compute/v1beta1/zz_targethttpproxy_types.go index 39dfe9689..fe8f3905f 100755 --- a/apis/compute/v1beta1/zz_targethttpproxy_types.go +++ b/apis/compute/v1beta1/zz_targethttpproxy_types.go @@ -20,10 +20,13 @@ type TargetHTTPProxyInitParameters struct { // Specifies how long to keep a connection open, after completing a response, // while there is no matching traffic (in seconds). If an HTTP keepalive is - // not specified, a default value (610 seconds) will be used. For Global - // external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - // the maximum allowed value is 1200 seconds. For Global external HTTP(S) - // load balancer (classic), this option is not available publicly. + // not specified, a default value will be used. For Global + // external HTTP(S) load balancer, the default value is 610 seconds, the + // minimum allowed value is 5 seconds and the maximum allowed value is 1200 + // seconds. For cross-region internal HTTP(S) load balancer, the default + // value is 600 seconds, the minimum allowed value is 5 seconds, and the + // maximum allowed value is 600 seconds. For Global external HTTP(S) load + // balancer (classic), this option is not available publicly. HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` // The ID of the project in which the resource belongs. @@ -59,10 +62,13 @@ type TargetHTTPProxyObservation struct { // Specifies how long to keep a connection open, after completing a response, // while there is no matching traffic (in seconds). If an HTTP keepalive is - // not specified, a default value (610 seconds) will be used. For Global - // external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - // the maximum allowed value is 1200 seconds. For Global external HTTP(S) - // load balancer (classic), this option is not available publicly. + // not specified, a default value will be used. For Global + // external HTTP(S) load balancer, the default value is 610 seconds, the + // minimum allowed value is 5 seconds and the maximum allowed value is 1200 + // seconds. For cross-region internal HTTP(S) load balancer, the default + // value is 600 seconds, the minimum allowed value is 5 seconds, and the + // maximum allowed value is 600 seconds. For Global external HTTP(S) load + // balancer (classic), this option is not available publicly. HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` // an identifier for the resource with format projects/{{project}}/global/targetHttpProxies/{{name}} @@ -95,10 +101,13 @@ type TargetHTTPProxyParameters struct { // Specifies how long to keep a connection open, after completing a response, // while there is no matching traffic (in seconds). If an HTTP keepalive is - // not specified, a default value (610 seconds) will be used. For Global - // external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - // the maximum allowed value is 1200 seconds. For Global external HTTP(S) - // load balancer (classic), this option is not available publicly. + // not specified, a default value will be used. For Global + // external HTTP(S) load balancer, the default value is 610 seconds, the + // minimum allowed value is 5 seconds and the maximum allowed value is 1200 + // seconds. For cross-region internal HTTP(S) load balancer, the default + // value is 600 seconds, the minimum allowed value is 5 seconds, and the + // maximum allowed value is 600 seconds. For Global external HTTP(S) load + // balancer (classic), this option is not available publicly. // +kubebuilder:validation:Optional HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` diff --git a/apis/compute/v1beta1/zz_targethttpsproxy_types.go b/apis/compute/v1beta1/zz_targethttpsproxy_types.go index 713d3ad9f..7097d3e28 100755 --- a/apis/compute/v1beta1/zz_targethttpsproxy_types.go +++ b/apis/compute/v1beta1/zz_targethttpsproxy_types.go @@ -33,10 +33,13 @@ type TargetHTTPSProxyInitParameters struct { // Specifies how long to keep a connection open, after completing a response, // while there is no matching traffic (in seconds). If an HTTP keepalive is - // not specified, a default value (610 seconds) will be used. For Global - // external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - // the maximum allowed value is 1200 seconds. For Global external HTTP(S) - // load balancer (classic), this option is not available publicly. + // not specified, a default value will be used. For Global + // external HTTP(S) load balancer, the default value is 610 seconds, the + // minimum allowed value is 5 seconds and the maximum allowed value is 1200 + // seconds. For cross-region internal HTTP(S) load balancer, the default + // value is 600 seconds, the minimum allowed value is 5 seconds, and the + // maximum allowed value is 600 seconds. For Global external HTTP(S) load + // balancer (classic), this option is not available publicly. HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` // The ID of the project in which the resource belongs. @@ -83,6 +86,10 @@ type TargetHTTPSProxyInitParameters struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` // Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service. @@ -130,10 +137,13 @@ type TargetHTTPSProxyObservation struct { // Specifies how long to keep a connection open, after completing a response, // while there is no matching traffic (in seconds). If an HTTP keepalive is - // not specified, a default value (610 seconds) will be used. For Global - // external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - // the maximum allowed value is 1200 seconds. For Global external HTTP(S) - // load balancer (classic), this option is not available publicly. + // not specified, a default value will be used. For Global + // external HTTP(S) load balancer, the default value is 610 seconds, the + // minimum allowed value is 5 seconds and the maximum allowed value is 1200 + // seconds. For cross-region internal HTTP(S) load balancer, the default + // value is 600 seconds, the minimum allowed value is 5 seconds, and the + // maximum allowed value is 600 seconds. For Global external HTTP(S) load + // balancer (classic), this option is not available publicly. HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` // an identifier for the resource with format projects/{{project}}/global/targetHttpsProxies/{{name}} @@ -180,6 +190,10 @@ type TargetHTTPSProxyObservation struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` // Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service. @@ -217,10 +231,13 @@ type TargetHTTPSProxyParameters struct { // Specifies how long to keep a connection open, after completing a response, // while there is no matching traffic (in seconds). If an HTTP keepalive is - // not specified, a default value (610 seconds) will be used. For Global - // external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - // the maximum allowed value is 1200 seconds. For Global external HTTP(S) - // load balancer (classic), this option is not available publicly. + // not specified, a default value will be used. For Global + // external HTTP(S) load balancer, the default value is 610 seconds, the + // minimum allowed value is 5 seconds and the maximum allowed value is 1200 + // seconds. For cross-region internal HTTP(S) load balancer, the default + // value is 600 seconds, the minimum allowed value is 5 seconds, and the + // maximum allowed value is 600 seconds. For Global external HTTP(S) load + // balancer (classic), this option is not available publicly. // +kubebuilder:validation:Optional HTTPKeepAliveTimeoutSec *float64 `json:"httpKeepAliveTimeoutSec,omitempty" tf:"http_keep_alive_timeout_sec,omitempty"` @@ -273,6 +290,10 @@ type TargetHTTPSProxyParameters struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. // +kubebuilder:validation:Optional ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` diff --git a/apis/compute/v1beta2/zz_autoscaler_types.go b/apis/compute/v1beta2/zz_autoscaler_types.go index 1cecff90a..1c6c58fc4 100755 --- a/apis/compute/v1beta2/zz_autoscaler_types.go +++ b/apis/compute/v1beta2/zz_autoscaler_types.go @@ -411,7 +411,7 @@ type MetricParameters struct { type ScaleInControlInitParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. MaxScaledInReplicas *MaxScaledInReplicasInitParameters `json:"maxScaledInReplicas,omitempty" tf:"max_scaled_in_replicas,omitempty"` @@ -422,7 +422,7 @@ type ScaleInControlInitParameters struct { type ScaleInControlObservation struct { - // A nested object resource + // A nested object resource. // Structure is documented below. MaxScaledInReplicas *MaxScaledInReplicasObservation `json:"maxScaledInReplicas,omitempty" tf:"max_scaled_in_replicas,omitempty"` @@ -433,7 +433,7 @@ type ScaleInControlObservation struct { type ScaleInControlParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional MaxScaledInReplicas *MaxScaledInReplicasParameters `json:"maxScaledInReplicas,omitempty" tf:"max_scaled_in_replicas,omitempty"` diff --git a/apis/compute/v1beta2/zz_backendservice_types.go b/apis/compute/v1beta2/zz_backendservice_types.go index a6381443c..46fc67545 100755 --- a/apis/compute/v1beta2/zz_backendservice_types.go +++ b/apis/compute/v1beta2/zz_backendservice_types.go @@ -74,7 +74,6 @@ type BackendInitParameters struct { // and CONNECTION (for TCP/SSL). // See the Backend Services Overview // for an explanation of load balancing modes. - // From version 6.0.0 default value will be UTILIZATION to match default GCP value. // Default value is UTILIZATION. // Possible values are: UTILIZATION, RATE, CONNECTION. BalancingMode *string `json:"balancingMode,omitempty" tf:"balancing_mode,omitempty"` @@ -172,7 +171,6 @@ type BackendObservation struct { // and CONNECTION (for TCP/SSL). // See the Backend Services Overview // for an explanation of load balancing modes. - // From version 6.0.0 default value will be UTILIZATION to match default GCP value. // Default value is UTILIZATION. // Possible values are: UTILIZATION, RATE, CONNECTION. BalancingMode *string `json:"balancingMode,omitempty" tf:"balancing_mode,omitempty"` @@ -260,7 +258,6 @@ type BackendParameters struct { // and CONNECTION (for TCP/SSL). // See the Backend Services Overview // for an explanation of load balancing modes. - // From version 6.0.0 default value will be UTILIZATION to match default GCP value. // Default value is UTILIZATION. // Possible values are: UTILIZATION, RATE, CONNECTION. // +kubebuilder:validation:Optional @@ -597,6 +594,10 @@ type BackendServiceInitParameters struct { // +kubebuilder:validation:Optional HealthChecksSelector *v1.Selector `json:"healthChecksSelector,omitempty" tf:"-"` + // Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + // Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + IPAddressSelectionPolicy *string `json:"ipAddressSelectionPolicy,omitempty" tf:"ip_address_selection_policy,omitempty"` + // Settings for enabling Cloud Identity Aware Proxy // Structure is documented below. Iap *IapInitParameters `json:"iap,omitempty" tf:"iap,omitempty"` @@ -630,8 +631,6 @@ type BackendServiceInitParameters struct { // Settings controlling eviction of unhealthy hosts from the load balancing pool. // Applicable backend service types can be a global backend service with the // loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - // From version 6.0. - // Default values are enforce by GCP without providing them. // Structure is documented below. OutlierDetection *OutlierDetectionInitParameters `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -668,9 +667,13 @@ type BackendServiceInitParameters struct { // Type of session affinity to use. The default is NONE. Session affinity is // not applicable if the protocol is UDP. - // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE. + // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. SessionAffinity *string `json:"sessionAffinity,omitempty" tf:"session_affinity,omitempty"` + // Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + // Structure is documented below. + StrongSessionAffinityCookie *StrongSessionAffinityCookieInitParameters `json:"strongSessionAffinityCookie,omitempty" tf:"strong_session_affinity_cookie,omitempty"` + // The backend service timeout has a different meaning depending on the type of load balancer. // For more information see, Backend service settings. // The default is 30 seconds. @@ -760,6 +763,10 @@ type BackendServiceObservation struct { // an identifier for the resource with format projects/{{project}}/global/backendServices/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + // Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + IPAddressSelectionPolicy *string `json:"ipAddressSelectionPolicy,omitempty" tf:"ip_address_selection_policy,omitempty"` + // Settings for enabling Cloud Identity Aware Proxy // Structure is documented below. Iap *IapObservation `json:"iap,omitempty" tf:"iap,omitempty"` @@ -793,8 +800,6 @@ type BackendServiceObservation struct { // Settings controlling eviction of unhealthy hosts from the load balancing pool. // Applicable backend service types can be a global backend service with the // loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - // From version 6.0. - // Default values are enforce by GCP without providing them. // Structure is documented below. OutlierDetection *OutlierDetectionObservation `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -834,9 +839,13 @@ type BackendServiceObservation struct { // Type of session affinity to use. The default is NONE. Session affinity is // not applicable if the protocol is UDP. - // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE. + // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. SessionAffinity *string `json:"sessionAffinity,omitempty" tf:"session_affinity,omitempty"` + // Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + // Structure is documented below. + StrongSessionAffinityCookie *StrongSessionAffinityCookieObservation `json:"strongSessionAffinityCookie,omitempty" tf:"strong_session_affinity_cookie,omitempty"` + // The backend service timeout has a different meaning depending on the type of load balancer. // For more information see, Backend service settings. // The default is 30 seconds. @@ -936,6 +945,11 @@ type BackendServiceParameters struct { // +kubebuilder:validation:Optional HealthChecksSelector *v1.Selector `json:"healthChecksSelector,omitempty" tf:"-"` + // Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + // Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + // +kubebuilder:validation:Optional + IPAddressSelectionPolicy *string `json:"ipAddressSelectionPolicy,omitempty" tf:"ip_address_selection_policy,omitempty"` + // Settings for enabling Cloud Identity Aware Proxy // Structure is documented below. // +kubebuilder:validation:Optional @@ -974,8 +988,6 @@ type BackendServiceParameters struct { // Settings controlling eviction of unhealthy hosts from the load balancing pool. // Applicable backend service types can be a global backend service with the // loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - // From version 6.0. - // Default values are enforce by GCP without providing them. // Structure is documented below. // +kubebuilder:validation:Optional OutlierDetection *OutlierDetectionParameters `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -1019,10 +1031,15 @@ type BackendServiceParameters struct { // Type of session affinity to use. The default is NONE. Session affinity is // not applicable if the protocol is UDP. - // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE. + // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. // +kubebuilder:validation:Optional SessionAffinity *string `json:"sessionAffinity,omitempty" tf:"session_affinity,omitempty"` + // Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + // Structure is documented below. + // +kubebuilder:validation:Optional + StrongSessionAffinityCookie *StrongSessionAffinityCookieParameters `json:"strongSessionAffinityCookie,omitempty" tf:"strong_session_affinity_cookie,omitempty"` + // The backend service timeout has a different meaning depending on the type of load balancer. // For more information see, Backend service settings. // The default is 30 seconds. @@ -1224,8 +1241,8 @@ type CdnPolicyNegativeCachingPolicyInitParameters struct { // can be specified as values, and you cannot specify a status code more than once. Code *float64 `json:"code,omitempty" tf:"code,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` } @@ -1235,8 +1252,8 @@ type CdnPolicyNegativeCachingPolicyObservation struct { // can be specified as values, and you cannot specify a status code more than once. Code *float64 `json:"code,omitempty" tf:"code,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` } @@ -1247,8 +1264,8 @@ type CdnPolicyNegativeCachingPolicyParameters struct { // +kubebuilder:validation:Optional Code *float64 `json:"code,omitempty" tf:"code,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. // +kubebuilder:validation:Optional TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` } @@ -1408,14 +1425,7 @@ type CustomPolicyInitParameters struct { // by a locally installed custom policy implementation. Data *string `json:"data,omitempty" tf:"data,omitempty"` - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` } @@ -1425,14 +1435,7 @@ type CustomPolicyObservation struct { // by a locally installed custom policy implementation. Data *string `json:"data,omitempty" tf:"data,omitempty"` - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` } @@ -1443,68 +1446,40 @@ type CustomPolicyParameters struct { // +kubebuilder:validation:Optional Data *string `json:"data,omitempty" tf:"data,omitempty"` - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` } type HTTPCookieInitParameters struct { - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` // Path to set for the cookie. Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. TTL *TTLInitParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` } type HTTPCookieObservation struct { - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` // Path to set for the cookie. Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. TTL *TTLObservation `json:"ttl,omitempty" tf:"ttl,omitempty"` } type HTTPCookieParameters struct { - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. // +kubebuilder:validation:Optional Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -1512,38 +1487,48 @@ type HTTPCookieParameters struct { // +kubebuilder:validation:Optional Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. // +kubebuilder:validation:Optional TTL *TTLParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` } type IapInitParameters struct { + // Whether the serving infrastructure will authenticate and authorize all incoming requests. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // OAuth2 Client ID for IAP Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` // OAuth2 Client Secret for IAP // Note: This property is sensitive and will not be displayed in the plan. - Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` + Oauth2ClientSecretSecretRef *v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef,omitempty" tf:"-"` } type IapObservation struct { + // Whether the serving infrastructure will authenticate and authorize all incoming requests. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // OAuth2 Client ID for IAP Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` } type IapParameters struct { + // Whether the serving infrastructure will authenticate and authorize all incoming requests. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` + // OAuth2 Client ID for IAP // +kubebuilder:validation:Optional - Oauth2ClientID *string `json:"oauth2ClientId" tf:"oauth2_client_id,omitempty"` + Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` // OAuth2 Client Secret for IAP // Note: This property is sensitive and will not be displayed in the plan. // +kubebuilder:validation:Optional - Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` + Oauth2ClientSecretSecretRef *v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef,omitempty" tf:"-"` } type IntervalInitParameters struct { @@ -1868,40 +1853,19 @@ type OutlierDetectionParameters struct { type PolicyInitParameters struct { - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` } type PolicyObservation struct { - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` } type PolicyParameters struct { - // The name of a locality load balancer policy to be used. The value - // should be one of the predefined ones as supported by localityLbPolicy, - // although at the moment only ROUND_ROBIN is supported. - // This field should only be populated when the customPolicy field is not - // used. - // Note that specifying the same policy more than once for a backend is - // not a valid configuration and will be rejected. - // The possible values are: + // Name of the cookie. // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` } @@ -1963,6 +1927,89 @@ type SecuritySettingsParameters struct { SubjectAltNames []*string `json:"subjectAltNames,omitempty" tf:"subject_alt_names,omitempty"` } +type StrongSessionAffinityCookieInitParameters struct { + + // Name of the cookie. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Path to set for the cookie. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Lifetime of the cookie. + // Structure is documented below. + TTL *StrongSessionAffinityCookieTTLInitParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` +} + +type StrongSessionAffinityCookieObservation struct { + + // Name of the cookie. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Path to set for the cookie. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Lifetime of the cookie. + // Structure is documented below. + TTL *StrongSessionAffinityCookieTTLObservation `json:"ttl,omitempty" tf:"ttl,omitempty"` +} + +type StrongSessionAffinityCookieParameters struct { + + // Name of the cookie. + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Path to set for the cookie. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Lifetime of the cookie. + // Structure is documented below. + // +kubebuilder:validation:Optional + TTL *StrongSessionAffinityCookieTTLParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` +} + +type StrongSessionAffinityCookieTTLInitParameters struct { + + // Span of time that's a fraction of a second at nanosecond + // resolution. Durations less than one second are represented + // with a 0 seconds field and a positive nanos field. Must + // be from 0 to 999,999,999 inclusive. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Span of time at a resolution of a second. + // Must be from 0 to 315,576,000,000 inclusive. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type StrongSessionAffinityCookieTTLObservation struct { + + // Span of time that's a fraction of a second at nanosecond + // resolution. Durations less than one second are represented + // with a 0 seconds field and a positive nanos field. Must + // be from 0 to 999,999,999 inclusive. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Span of time at a resolution of a second. + // Must be from 0 to 315,576,000,000 inclusive. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type StrongSessionAffinityCookieTTLParameters struct { + + // Span of time that's a fraction of a second at nanosecond + // resolution. Durations less than one second are represented + // with a 0 seconds field and a positive nanos field. Must + // be from 0 to 999,999,999 inclusive. + // +kubebuilder:validation:Optional + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Span of time at a resolution of a second. + // Must be from 0 to 315,576,000,000 inclusive. + // +kubebuilder:validation:Optional + Seconds *float64 `json:"seconds" tf:"seconds,omitempty"` +} + type TTLInitParameters struct { // Span of time that's a fraction of a second at nanosecond diff --git a/apis/compute/v1beta2/zz_disk_types.go b/apis/compute/v1beta2/zz_disk_types.go index 83ae9d482..17a70634e 100755 --- a/apis/compute/v1beta2/zz_disk_types.go +++ b/apis/compute/v1beta2/zz_disk_types.go @@ -131,7 +131,7 @@ type DiskInitParameters struct { // For example: AccessMode *string `json:"accessMode,omitempty" tf:"access_mode,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. AsyncPrimaryDisk *AsyncPrimaryDiskInitParameters `json:"asyncPrimaryDisk,omitempty" tf:"async_primary_disk,omitempty"` @@ -231,7 +231,7 @@ type DiskInitParameters struct { // Structure is documented below. SourceSnapshotEncryptionKey *SourceSnapshotEncryptionKeyInitParameters `json:"sourceSnapshotEncryptionKey,omitempty" tf:"source_snapshot_encryption_key,omitempty"` - // The URL of the storage pool in which the new disk is created. + // The URL or the name of the storage pool in which the new disk is created. // For example: StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` @@ -246,7 +246,7 @@ type DiskObservation struct { // For example: AccessMode *string `json:"accessMode,omitempty" tf:"access_mode,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. AsyncPrimaryDisk *AsyncPrimaryDiskObservation `json:"asyncPrimaryDisk,omitempty" tf:"async_primary_disk,omitempty"` @@ -392,7 +392,7 @@ type DiskObservation struct { // used. SourceSnapshotID *string `json:"sourceSnapshotId,omitempty" tf:"source_snapshot_id,omitempty"` - // The URL of the storage pool in which the new disk is created. + // The URL or the name of the storage pool in which the new disk is created. // For example: StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` @@ -420,7 +420,7 @@ type DiskParameters struct { // +kubebuilder:validation:Optional AccessMode *string `json:"accessMode,omitempty" tf:"access_mode,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional AsyncPrimaryDisk *AsyncPrimaryDiskParameters `json:"asyncPrimaryDisk,omitempty" tf:"async_primary_disk,omitempty"` @@ -537,7 +537,7 @@ type DiskParameters struct { // +kubebuilder:validation:Optional SourceSnapshotEncryptionKey *SourceSnapshotEncryptionKeyParameters `json:"sourceSnapshotEncryptionKey,omitempty" tf:"source_snapshot_encryption_key,omitempty"` - // The URL of the storage pool in which the new disk is created. + // The URL or the name of the storage pool in which the new disk is created. // For example: // +kubebuilder:validation:Optional StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` diff --git a/apis/compute/v1beta2/zz_firewall_types.go b/apis/compute/v1beta2/zz_firewall_types.go index 0cfed1878..2411d6584 100755 --- a/apis/compute/v1beta2/zz_firewall_types.go +++ b/apis/compute/v1beta2/zz_firewall_types.go @@ -19,7 +19,7 @@ type AllowInitParameters struct { // is only applicable for UDP or TCP protocol. Each entry must be // either an integer or a range. If not specified, this rule // applies to connections through any port. - // Example inputs include: ["22"], ["80","443"], and + // Example inputs include: [22], [80, 443], and // ["12345-12349"]. Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -36,7 +36,7 @@ type AllowObservation struct { // is only applicable for UDP or TCP protocol. Each entry must be // either an integer or a range. If not specified, this rule // applies to connections through any port. - // Example inputs include: ["22"], ["80","443"], and + // Example inputs include: [22], [80, 443], and // ["12345-12349"]. Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -53,7 +53,7 @@ type AllowParameters struct { // is only applicable for UDP or TCP protocol. Each entry must be // either an integer or a range. If not specified, this rule // applies to connections through any port. - // Example inputs include: ["22"], ["80","443"], and + // Example inputs include: [22], [80, 443], and // ["12345-12349"]. // +kubebuilder:validation:Optional Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -72,7 +72,7 @@ type DenyInitParameters struct { // is only applicable for UDP or TCP protocol. Each entry must be // either an integer or a range. If not specified, this rule // applies to connections through any port. - // Example inputs include: ["22"], ["80","443"], and + // Example inputs include: [22], [80, 443], and // ["12345-12349"]. Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -89,7 +89,7 @@ type DenyObservation struct { // is only applicable for UDP or TCP protocol. Each entry must be // either an integer or a range. If not specified, this rule // applies to connections through any port. - // Example inputs include: ["22"], ["80","443"], and + // Example inputs include: [22], [80, 443], and // ["12345-12349"]. Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` @@ -106,7 +106,7 @@ type DenyParameters struct { // is only applicable for UDP or TCP protocol. Each entry must be // either an integer or a range. If not specified, this rule // applies to connections through any port. - // Example inputs include: ["22"], ["80","443"], and + // Example inputs include: [22], [80, 443], and // ["12345-12349"]. // +kubebuilder:validation:Optional Ports []*string `json:"ports,omitempty" tf:"ports,omitempty"` diff --git a/apis/compute/v1beta2/zz_firewallpolicyrule_types.go b/apis/compute/v1beta2/zz_firewallpolicyrule_types.go index 6b594120b..9510f8bdc 100755 --- a/apis/compute/v1beta2/zz_firewallpolicyrule_types.go +++ b/apis/compute/v1beta2/zz_firewallpolicyrule_types.go @@ -21,13 +21,19 @@ type FirewallPolicyRuleInitParameters struct { // An optional description for this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The direction in which this rule applies. Possible values: INGRESS, EGRESS + // The direction in which this rule applies. + // Possible values are: INGRESS, EGRESS. Direction *string `json:"direction,omitempty" tf:"direction,omitempty"` - // Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled. + // Denotes whether the firewall policy rule is disabled. + // When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + // If this is unspecified, the firewall policy rule will be enabled. Disabled *bool `json:"disabled,omitempty" tf:"disabled,omitempty"` - // Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules. + // Denotes whether to enable logging for a particular rule. + // If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + // Logs may be exported to BigQuery or Pub/Sub. + // Note: you cannot enable logging on "goto_next" rules. EnableLogging *bool `json:"enableLogging,omitempty" tf:"enable_logging,omitempty"` // The firewall policy of the resource. @@ -44,18 +50,26 @@ type FirewallPolicyRuleInitParameters struct { FirewallPolicySelector *v1.Selector `json:"firewallPolicySelector,omitempty" tf:"-"` // A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + // Structure is documented below. Match *MatchInitParameters `json:"match,omitempty" tf:"match,omitempty"` - // An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. + // An integer indicating the priority of a rule in the list. + // The priority must be a positive value between 0 and 2147483647. + // Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. Priority *float64 `json:"priority,omitempty" tf:"priority,omitempty"` - // A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. + // A fully-qualified URL of a SecurityProfile resource instance. + // Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + // Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. SecurityProfileGroup *string `json:"securityProfileGroup,omitempty" tf:"security_profile_group,omitempty"` - // Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + // Boolean flag indicating if the traffic should be TLS decrypted. + // Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. TLSInspect *bool `json:"tlsInspect,omitempty" tf:"tls_inspect,omitempty"` - // A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. + // A list of network resource URLs to which this rule applies. + // This field allows you to control which network's VMs get this rule. + // If this field is left blank, all VMs within the organization will receive the rule. TargetResources []*string `json:"targetResources,omitempty" tf:"target_resources,omitempty"` // A list of service accounts indicating the sets of instances that are applied with this rule. @@ -67,16 +81,25 @@ type FirewallPolicyRuleObservation struct { // The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group". Action *string `json:"action,omitempty" tf:"action,omitempty"` + // Creation timestamp in RFC3339 text format. + CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` + // An optional description for this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The direction in which this rule applies. Possible values: INGRESS, EGRESS + // The direction in which this rule applies. + // Possible values are: INGRESS, EGRESS. Direction *string `json:"direction,omitempty" tf:"direction,omitempty"` - // Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled. + // Denotes whether the firewall policy rule is disabled. + // When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + // If this is unspecified, the firewall policy rule will be enabled. Disabled *bool `json:"disabled,omitempty" tf:"disabled,omitempty"` - // Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules. + // Denotes whether to enable logging for a particular rule. + // If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + // Logs may be exported to BigQuery or Pub/Sub. + // Note: you cannot enable logging on "goto_next" rules. EnableLogging *bool `json:"enableLogging,omitempty" tf:"enable_logging,omitempty"` // The firewall policy of the resource. @@ -89,21 +112,29 @@ type FirewallPolicyRuleObservation struct { Kind *string `json:"kind,omitempty" tf:"kind,omitempty"` // A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + // Structure is documented below. Match *MatchObservation `json:"match,omitempty" tf:"match,omitempty"` - // An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. + // An integer indicating the priority of a rule in the list. + // The priority must be a positive value between 0 and 2147483647. + // Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. Priority *float64 `json:"priority,omitempty" tf:"priority,omitempty"` // Calculation of the complexity of a single firewall policy rule. RuleTupleCount *float64 `json:"ruleTupleCount,omitempty" tf:"rule_tuple_count,omitempty"` - // A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. + // A fully-qualified URL of a SecurityProfile resource instance. + // Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + // Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. SecurityProfileGroup *string `json:"securityProfileGroup,omitempty" tf:"security_profile_group,omitempty"` - // Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + // Boolean flag indicating if the traffic should be TLS decrypted. + // Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. TLSInspect *bool `json:"tlsInspect,omitempty" tf:"tls_inspect,omitempty"` - // A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. + // A list of network resource URLs to which this rule applies. + // This field allows you to control which network's VMs get this rule. + // If this field is left blank, all VMs within the organization will receive the rule. TargetResources []*string `json:"targetResources,omitempty" tf:"target_resources,omitempty"` // A list of service accounts indicating the sets of instances that are applied with this rule. @@ -120,15 +151,21 @@ type FirewallPolicyRuleParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // The direction in which this rule applies. Possible values: INGRESS, EGRESS + // The direction in which this rule applies. + // Possible values are: INGRESS, EGRESS. // +kubebuilder:validation:Optional Direction *string `json:"direction,omitempty" tf:"direction,omitempty"` - // Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled. + // Denotes whether the firewall policy rule is disabled. + // When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + // If this is unspecified, the firewall policy rule will be enabled. // +kubebuilder:validation:Optional Disabled *bool `json:"disabled,omitempty" tf:"disabled,omitempty"` - // Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules. + // Denotes whether to enable logging for a particular rule. + // If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + // Logs may be exported to BigQuery or Pub/Sub. + // Note: you cannot enable logging on "goto_next" rules. // +kubebuilder:validation:Optional EnableLogging *bool `json:"enableLogging,omitempty" tf:"enable_logging,omitempty"` @@ -147,22 +184,30 @@ type FirewallPolicyRuleParameters struct { FirewallPolicySelector *v1.Selector `json:"firewallPolicySelector,omitempty" tf:"-"` // A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + // Structure is documented below. // +kubebuilder:validation:Optional Match *MatchParameters `json:"match,omitempty" tf:"match,omitempty"` - // An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. + // An integer indicating the priority of a rule in the list. + // The priority must be a positive value between 0 and 2147483647. + // Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. // +kubebuilder:validation:Optional Priority *float64 `json:"priority,omitempty" tf:"priority,omitempty"` - // A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. + // A fully-qualified URL of a SecurityProfile resource instance. + // Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + // Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. // +kubebuilder:validation:Optional SecurityProfileGroup *string `json:"securityProfileGroup,omitempty" tf:"security_profile_group,omitempty"` - // Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + // Boolean flag indicating if the traffic should be TLS decrypted. + // Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. // +kubebuilder:validation:Optional TLSInspect *bool `json:"tlsInspect,omitempty" tf:"tls_inspect,omitempty"` - // A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. + // A list of network resource URLs to which this rule applies. + // This field allows you to control which network's VMs get this rule. + // If this field is left blank, all VMs within the organization will receive the rule. // +kubebuilder:validation:Optional TargetResources []*string `json:"targetResources,omitempty" tf:"target_resources,omitempty"` @@ -173,7 +218,8 @@ type FirewallPolicyRuleParameters struct { type Layer4ConfigsInitParameters struct { - // The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. + // The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + // This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` // An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. @@ -182,7 +228,8 @@ type Layer4ConfigsInitParameters struct { type Layer4ConfigsObservation struct { - // The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. + // The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + // This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. IPProtocol *string `json:"ipProtocol,omitempty" tf:"ip_protocol,omitempty"` // An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. @@ -191,7 +238,8 @@ type Layer4ConfigsObservation struct { type Layer4ConfigsParameters struct { - // The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. + // The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + // This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. // +kubebuilder:validation:Optional IPProtocol *string `json:"ipProtocol" tf:"ip_protocol,omitempty"` @@ -202,119 +250,122 @@ type Layer4ConfigsParameters struct { type MatchInitParameters struct { - // Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules. + // Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. DestAddressGroups []*string `json:"destAddressGroups,omitempty" tf:"dest_address_groups,omitempty"` - // Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress. + // Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100. DestFqdns []*string `json:"destFqdns,omitempty" tf:"dest_fqdns,omitempty"` - // CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256. + // CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. DestIPRanges []*string `json:"destIpRanges,omitempty" tf:"dest_ip_ranges,omitempty"` - // The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress. + // Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000. DestRegionCodes []*string `json:"destRegionCodes,omitempty" tf:"dest_region_codes,omitempty"` - // Name of the Google Cloud Threat Intelligence list. + // Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination. DestThreatIntelligences []*string `json:"destThreatIntelligences,omitempty" tf:"dest_threat_intelligences,omitempty"` // Pairs of IP protocols and ports that the rule should match. + // Structure is documented below. Layer4Configs []Layer4ConfigsInitParameters `json:"layer4Configs,omitempty" tf:"layer4_configs,omitempty"` - // Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules. + // Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. SrcAddressGroups []*string `json:"srcAddressGroups,omitempty" tf:"src_address_groups,omitempty"` - // Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress. + // Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100. SrcFqdns []*string `json:"srcFqdns,omitempty" tf:"src_fqdns,omitempty"` - // CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256. + // CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. SrcIPRanges []*string `json:"srcIpRanges,omitempty" tf:"src_ip_ranges,omitempty"` - // The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress. + // Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000. SrcRegionCodes []*string `json:"srcRegionCodes,omitempty" tf:"src_region_codes,omitempty"` - // Name of the Google Cloud Threat Intelligence list. + // Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source. SrcThreatIntelligences []*string `json:"srcThreatIntelligences,omitempty" tf:"src_threat_intelligences,omitempty"` } type MatchObservation struct { - // Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules. + // Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. DestAddressGroups []*string `json:"destAddressGroups,omitempty" tf:"dest_address_groups,omitempty"` - // Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress. + // Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100. DestFqdns []*string `json:"destFqdns,omitempty" tf:"dest_fqdns,omitempty"` - // CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256. + // CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. DestIPRanges []*string `json:"destIpRanges,omitempty" tf:"dest_ip_ranges,omitempty"` - // The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress. + // Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000. DestRegionCodes []*string `json:"destRegionCodes,omitempty" tf:"dest_region_codes,omitempty"` - // Name of the Google Cloud Threat Intelligence list. + // Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination. DestThreatIntelligences []*string `json:"destThreatIntelligences,omitempty" tf:"dest_threat_intelligences,omitempty"` // Pairs of IP protocols and ports that the rule should match. + // Structure is documented below. Layer4Configs []Layer4ConfigsObservation `json:"layer4Configs,omitempty" tf:"layer4_configs,omitempty"` - // Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules. + // Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. SrcAddressGroups []*string `json:"srcAddressGroups,omitempty" tf:"src_address_groups,omitempty"` - // Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress. + // Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100. SrcFqdns []*string `json:"srcFqdns,omitempty" tf:"src_fqdns,omitempty"` - // CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256. + // CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. SrcIPRanges []*string `json:"srcIpRanges,omitempty" tf:"src_ip_ranges,omitempty"` - // The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress. + // Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000. SrcRegionCodes []*string `json:"srcRegionCodes,omitempty" tf:"src_region_codes,omitempty"` - // Name of the Google Cloud Threat Intelligence list. + // Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source. SrcThreatIntelligences []*string `json:"srcThreatIntelligences,omitempty" tf:"src_threat_intelligences,omitempty"` } type MatchParameters struct { - // Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules. + // Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. // +kubebuilder:validation:Optional DestAddressGroups []*string `json:"destAddressGroups,omitempty" tf:"dest_address_groups,omitempty"` - // Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress. + // Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100. // +kubebuilder:validation:Optional DestFqdns []*string `json:"destFqdns,omitempty" tf:"dest_fqdns,omitempty"` - // CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256. + // CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. // +kubebuilder:validation:Optional DestIPRanges []*string `json:"destIpRanges,omitempty" tf:"dest_ip_ranges,omitempty"` - // The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress. + // Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000. // +kubebuilder:validation:Optional DestRegionCodes []*string `json:"destRegionCodes,omitempty" tf:"dest_region_codes,omitempty"` - // Name of the Google Cloud Threat Intelligence list. + // Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination. // +kubebuilder:validation:Optional DestThreatIntelligences []*string `json:"destThreatIntelligences,omitempty" tf:"dest_threat_intelligences,omitempty"` // Pairs of IP protocols and ports that the rule should match. + // Structure is documented below. // +kubebuilder:validation:Optional Layer4Configs []Layer4ConfigsParameters `json:"layer4Configs" tf:"layer4_configs,omitempty"` - // Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules. + // Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. // +kubebuilder:validation:Optional SrcAddressGroups []*string `json:"srcAddressGroups,omitempty" tf:"src_address_groups,omitempty"` - // Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress. + // Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100. // +kubebuilder:validation:Optional SrcFqdns []*string `json:"srcFqdns,omitempty" tf:"src_fqdns,omitempty"` - // CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256. + // CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. // +kubebuilder:validation:Optional SrcIPRanges []*string `json:"srcIpRanges,omitempty" tf:"src_ip_ranges,omitempty"` - // The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress. + // Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000. // +kubebuilder:validation:Optional SrcRegionCodes []*string `json:"srcRegionCodes,omitempty" tf:"src_region_codes,omitempty"` - // Name of the Google Cloud Threat Intelligence list. + // Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source. // +kubebuilder:validation:Optional SrcThreatIntelligences []*string `json:"srcThreatIntelligences,omitempty" tf:"src_threat_intelligences,omitempty"` } @@ -345,7 +396,7 @@ type FirewallPolicyRuleStatus struct { // +kubebuilder:object:root=true // +kubebuilder:subresource:status -// FirewallPolicyRule is the Schema for the FirewallPolicyRules API. The Compute FirewallPolicyRule resource +// FirewallPolicyRule is the Schema for the FirewallPolicyRules API. Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny). // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/compute/v1beta2/zz_generated.deepcopy.go b/apis/compute/v1beta2/zz_generated.deepcopy.go index 76a0176c9..97ca8e4be 100644 --- a/apis/compute/v1beta2/zz_generated.deepcopy.go +++ b/apis/compute/v1beta2/zz_generated.deepcopy.go @@ -88,6 +88,81 @@ func (in *AbortParameters) DeepCopy() *AbortParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AcceleratorsInitParameters) DeepCopyInto(out *AcceleratorsInitParameters) { + *out = *in + if in.AcceleratorCount != nil { + in, out := &in.AcceleratorCount, &out.AcceleratorCount + *out = new(float64) + **out = **in + } + if in.AcceleratorType != nil { + in, out := &in.AcceleratorType, &out.AcceleratorType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AcceleratorsInitParameters. +func (in *AcceleratorsInitParameters) DeepCopy() *AcceleratorsInitParameters { + if in == nil { + return nil + } + out := new(AcceleratorsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AcceleratorsObservation) DeepCopyInto(out *AcceleratorsObservation) { + *out = *in + if in.AcceleratorCount != nil { + in, out := &in.AcceleratorCount, &out.AcceleratorCount + *out = new(float64) + **out = **in + } + if in.AcceleratorType != nil { + in, out := &in.AcceleratorType, &out.AcceleratorType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AcceleratorsObservation. +func (in *AcceleratorsObservation) DeepCopy() *AcceleratorsObservation { + if in == nil { + return nil + } + out := new(AcceleratorsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AcceleratorsParameters) DeepCopyInto(out *AcceleratorsParameters) { + *out = *in + if in.AcceleratorCount != nil { + in, out := &in.AcceleratorCount, &out.AcceleratorCount + *out = new(float64) + **out = **in + } + if in.AcceleratorType != nil { + in, out := &in.AcceleratorType, &out.AcceleratorType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AcceleratorsParameters. +func (in *AcceleratorsParameters) DeepCopy() *AcceleratorsParameters { + if in == nil { + return nil + } + out := new(AcceleratorsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessConfigInitParameters) DeepCopyInto(out *AccessConfigInitParameters) { *out = *in @@ -381,11 +456,26 @@ func (in *AdvancedMachineFeaturesInitParameters) DeepCopyInto(out *AdvancedMachi *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -411,11 +501,26 @@ func (in *AdvancedMachineFeaturesObservation) DeepCopyInto(out *AdvancedMachineF *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -441,11 +546,26 @@ func (in *AdvancedMachineFeaturesParameters) DeepCopyInto(out *AdvancedMachineFe *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -3426,6 +3546,11 @@ func (in *BackendServiceInitParameters) DeepCopyInto(out *BackendServiceInitPara *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.IPAddressSelectionPolicy != nil { + in, out := &in.IPAddressSelectionPolicy, &out.IPAddressSelectionPolicy + *out = new(string) + **out = **in + } if in.Iap != nil { in, out := &in.Iap, &out.Iap *out = new(IapInitParameters) @@ -3493,6 +3618,11 @@ func (in *BackendServiceInitParameters) DeepCopyInto(out *BackendServiceInitPara *out = new(string) **out = **in } + if in.StrongSessionAffinityCookie != nil { + in, out := &in.StrongSessionAffinityCookie, &out.StrongSessionAffinityCookie + *out = new(StrongSessionAffinityCookieInitParameters) + (*in).DeepCopyInto(*out) + } if in.TimeoutSec != nil { in, out := &in.TimeoutSec, &out.TimeoutSec *out = new(float64) @@ -3650,6 +3780,11 @@ func (in *BackendServiceObservation) DeepCopyInto(out *BackendServiceObservation *out = new(string) **out = **in } + if in.IPAddressSelectionPolicy != nil { + in, out := &in.IPAddressSelectionPolicy, &out.IPAddressSelectionPolicy + *out = new(string) + **out = **in + } if in.Iap != nil { in, out := &in.Iap, &out.Iap *out = new(IapObservation) @@ -3722,6 +3857,11 @@ func (in *BackendServiceObservation) DeepCopyInto(out *BackendServiceObservation *out = new(string) **out = **in } + if in.StrongSessionAffinityCookie != nil { + in, out := &in.StrongSessionAffinityCookie, &out.StrongSessionAffinityCookie + *out = new(StrongSessionAffinityCookieObservation) + (*in).DeepCopyInto(*out) + } if in.TimeoutSec != nil { in, out := &in.TimeoutSec, &out.TimeoutSec *out = new(float64) @@ -3839,6 +3979,11 @@ func (in *BackendServiceParameters) DeepCopyInto(out *BackendServiceParameters) *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.IPAddressSelectionPolicy != nil { + in, out := &in.IPAddressSelectionPolicy, &out.IPAddressSelectionPolicy + *out = new(string) + **out = **in + } if in.Iap != nil { in, out := &in.Iap, &out.Iap *out = new(IapParameters) @@ -3906,6 +4051,11 @@ func (in *BackendServiceParameters) DeepCopyInto(out *BackendServiceParameters) *out = new(string) **out = **in } + if in.StrongSessionAffinityCookie != nil { + in, out := &in.StrongSessionAffinityCookie, &out.StrongSessionAffinityCookie + *out = new(StrongSessionAffinityCookieParameters) + (*in).DeepCopyInto(*out) + } if in.TimeoutSec != nil { in, out := &in.TimeoutSec, &out.TimeoutSec *out = new(float64) @@ -4236,6 +4386,11 @@ func (in *BootDiskInitParameters) DeepCopyInto(out *BootDiskInitParameters) { *out = new(InitializeParamsInitParameters) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.KMSKeySelfLink != nil { in, out := &in.KMSKeySelfLink, &out.KMSKeySelfLink *out = new(string) @@ -4309,6 +4464,17 @@ func (in *BootDiskInitializeParamsInitParameters) DeepCopyInto(out *BootDiskInit (*out)[key] = outVal } } + if in.ResourcePolicies != nil { + in, out := &in.ResourcePolicies, &out.ResourcePolicies + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Size != nil { in, out := &in.Size, &out.Size *out = new(float64) @@ -4382,6 +4548,17 @@ func (in *BootDiskInitializeParamsObservation) DeepCopyInto(out *BootDiskInitial (*out)[key] = outVal } } + if in.ResourcePolicies != nil { + in, out := &in.ResourcePolicies, &out.ResourcePolicies + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Size != nil { in, out := &in.Size, &out.Size *out = new(float64) @@ -4455,6 +4632,17 @@ func (in *BootDiskInitializeParamsParameters) DeepCopyInto(out *BootDiskInitiali (*out)[key] = outVal } } + if in.ResourcePolicies != nil { + in, out := &in.ResourcePolicies, &out.ResourcePolicies + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Size != nil { in, out := &in.Size, &out.Size *out = new(float64) @@ -4505,6 +4693,11 @@ func (in *BootDiskObservation) DeepCopyInto(out *BootDiskObservation) { *out = new(InitializeParamsObservation) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.KMSKeySelfLink != nil { in, out := &in.KMSKeySelfLink, &out.KMSKeySelfLink *out = new(string) @@ -4555,6 +4748,11 @@ func (in *BootDiskParameters) DeepCopyInto(out *BootDiskParameters) { *out = new(InitializeParamsParameters) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.KMSKeySelfLink != nil { in, out := &in.KMSKeySelfLink, &out.KMSKeySelfLink *out = new(string) @@ -9908,6 +10106,171 @@ func (in *DiskStatus) DeepCopy() *DiskStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DisksInitParameters) DeepCopyInto(out *DisksInitParameters) { + *out = *in + if in.DiskCount != nil { + in, out := &in.DiskCount, &out.DiskCount + *out = new(float64) + **out = **in + } + if in.DiskSizeGb != nil { + in, out := &in.DiskSizeGb, &out.DiskSizeGb + *out = new(float64) + **out = **in + } + if in.DiskType != nil { + in, out := &in.DiskType, &out.DiskType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DisksInitParameters. +func (in *DisksInitParameters) DeepCopy() *DisksInitParameters { + if in == nil { + return nil + } + out := new(DisksInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DisksObservation) DeepCopyInto(out *DisksObservation) { + *out = *in + if in.DiskCount != nil { + in, out := &in.DiskCount, &out.DiskCount + *out = new(float64) + **out = **in + } + if in.DiskSizeGb != nil { + in, out := &in.DiskSizeGb, &out.DiskSizeGb + *out = new(float64) + **out = **in + } + if in.DiskType != nil { + in, out := &in.DiskType, &out.DiskType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DisksObservation. +func (in *DisksObservation) DeepCopy() *DisksObservation { + if in == nil { + return nil + } + out := new(DisksObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DisksParameters) DeepCopyInto(out *DisksParameters) { + *out = *in + if in.DiskCount != nil { + in, out := &in.DiskCount, &out.DiskCount + *out = new(float64) + **out = **in + } + if in.DiskSizeGb != nil { + in, out := &in.DiskSizeGb, &out.DiskSizeGb + *out = new(float64) + **out = **in + } + if in.DiskType != nil { + in, out := &in.DiskType, &out.DiskType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DisksParameters. +func (in *DisksParameters) DeepCopy() *DisksParameters { + if in == nil { + return nil + } + out := new(DisksParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnforceOnKeyConfigsInitParameters) DeepCopyInto(out *EnforceOnKeyConfigsInitParameters) { + *out = *in + if in.EnforceOnKeyName != nil { + in, out := &in.EnforceOnKeyName, &out.EnforceOnKeyName + *out = new(string) + **out = **in + } + if in.EnforceOnKeyType != nil { + in, out := &in.EnforceOnKeyType, &out.EnforceOnKeyType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnforceOnKeyConfigsInitParameters. +func (in *EnforceOnKeyConfigsInitParameters) DeepCopy() *EnforceOnKeyConfigsInitParameters { + if in == nil { + return nil + } + out := new(EnforceOnKeyConfigsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnforceOnKeyConfigsObservation) DeepCopyInto(out *EnforceOnKeyConfigsObservation) { + *out = *in + if in.EnforceOnKeyName != nil { + in, out := &in.EnforceOnKeyName, &out.EnforceOnKeyName + *out = new(string) + **out = **in + } + if in.EnforceOnKeyType != nil { + in, out := &in.EnforceOnKeyType, &out.EnforceOnKeyType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnforceOnKeyConfigsObservation. +func (in *EnforceOnKeyConfigsObservation) DeepCopy() *EnforceOnKeyConfigsObservation { + if in == nil { + return nil + } + out := new(EnforceOnKeyConfigsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnforceOnKeyConfigsParameters) DeepCopyInto(out *EnforceOnKeyConfigsParameters) { + *out = *in + if in.EnforceOnKeyName != nil { + in, out := &in.EnforceOnKeyName, &out.EnforceOnKeyName + *out = new(string) + **out = **in + } + if in.EnforceOnKeyType != nil { + in, out := &in.EnforceOnKeyType, &out.EnforceOnKeyType + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnforceOnKeyConfigsParameters. +func (in *EnforceOnKeyConfigsParameters) DeepCopy() *EnforceOnKeyConfigsParameters { + if in == nil { + return nil + } + out := new(EnforceOnKeyConfigsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExceedRedirectOptionsInitParameters) DeepCopyInto(out *ExceedRedirectOptionsInitParameters) { *out = *in @@ -9983,6 +10346,183 @@ func (in *ExceedRedirectOptionsParameters) DeepCopy() *ExceedRedirectOptionsPara return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExclusionInitParameters) DeepCopyInto(out *ExclusionInitParameters) { + *out = *in + if in.RequestCookie != nil { + in, out := &in.RequestCookie, &out.RequestCookie + *out = make([]RequestCookieInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestHeader != nil { + in, out := &in.RequestHeader, &out.RequestHeader + *out = make([]RequestHeaderInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestQueryParam != nil { + in, out := &in.RequestQueryParam, &out.RequestQueryParam + *out = make([]RequestQueryParamInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestURI != nil { + in, out := &in.RequestURI, &out.RequestURI + *out = make([]RequestURIInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TargetRuleIds != nil { + in, out := &in.TargetRuleIds, &out.TargetRuleIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TargetRuleSet != nil { + in, out := &in.TargetRuleSet, &out.TargetRuleSet + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExclusionInitParameters. +func (in *ExclusionInitParameters) DeepCopy() *ExclusionInitParameters { + if in == nil { + return nil + } + out := new(ExclusionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExclusionObservation) DeepCopyInto(out *ExclusionObservation) { + *out = *in + if in.RequestCookie != nil { + in, out := &in.RequestCookie, &out.RequestCookie + *out = make([]RequestCookieObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestHeader != nil { + in, out := &in.RequestHeader, &out.RequestHeader + *out = make([]RequestHeaderObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestQueryParam != nil { + in, out := &in.RequestQueryParam, &out.RequestQueryParam + *out = make([]RequestQueryParamObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestURI != nil { + in, out := &in.RequestURI, &out.RequestURI + *out = make([]RequestURIObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TargetRuleIds != nil { + in, out := &in.TargetRuleIds, &out.TargetRuleIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TargetRuleSet != nil { + in, out := &in.TargetRuleSet, &out.TargetRuleSet + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExclusionObservation. +func (in *ExclusionObservation) DeepCopy() *ExclusionObservation { + if in == nil { + return nil + } + out := new(ExclusionObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExclusionParameters) DeepCopyInto(out *ExclusionParameters) { + *out = *in + if in.RequestCookie != nil { + in, out := &in.RequestCookie, &out.RequestCookie + *out = make([]RequestCookieParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestHeader != nil { + in, out := &in.RequestHeader, &out.RequestHeader + *out = make([]RequestHeaderParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestQueryParam != nil { + in, out := &in.RequestQueryParam, &out.RequestQueryParam + *out = make([]RequestQueryParamParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RequestURI != nil { + in, out := &in.RequestURI, &out.RequestURI + *out = make([]RequestURIParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TargetRuleIds != nil { + in, out := &in.TargetRuleIds, &out.TargetRuleIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.TargetRuleSet != nil { + in, out := &in.TargetRuleSet, &out.TargetRuleSet + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExclusionParameters. +func (in *ExclusionParameters) DeepCopy() *ExclusionParameters { + if in == nil { + return nil + } + out := new(ExclusionParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExprInitParameters) DeepCopyInto(out *ExprInitParameters) { *out = *in @@ -11567,6 +12107,11 @@ func (in *FirewallPolicyRuleObservation) DeepCopyInto(out *FirewallPolicyRuleObs *out = new(string) **out = **in } + if in.CreationTimestamp != nil { + in, out := &in.CreationTimestamp, &out.CreationTimestamp + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -12851,6 +13396,11 @@ func (in *GlobalForwardingRuleInitParameters) DeepCopyInto(out *GlobalForwarding *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.NetworkTier != nil { + in, out := &in.NetworkTier, &out.NetworkTier + *out = new(string) + **out = **in + } if in.NoAutomateDNSZone != nil { in, out := &in.NoAutomateDNSZone, &out.NoAutomateDNSZone *out = new(bool) @@ -12995,6 +13545,11 @@ func (in *GlobalForwardingRuleObservation) DeepCopyInto(out *GlobalForwardingRul (*out)[key] = outVal } } + if in.ForwardingRuleID != nil { + in, out := &in.ForwardingRuleID, &out.ForwardingRuleID + *out = new(float64) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -13053,6 +13608,11 @@ func (in *GlobalForwardingRuleObservation) DeepCopyInto(out *GlobalForwardingRul *out = new(string) **out = **in } + if in.NetworkTier != nil { + in, out := &in.NetworkTier, &out.NetworkTier + *out = new(string) + **out = **in + } if in.NoAutomateDNSZone != nil { in, out := &in.NoAutomateDNSZone, &out.NoAutomateDNSZone *out = new(bool) @@ -13213,6 +13773,11 @@ func (in *GlobalForwardingRuleParameters) DeepCopyInto(out *GlobalForwardingRule *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.NetworkTier != nil { + in, out := &in.NetworkTier, &out.NetworkTier + *out = new(string) + **out = **in + } if in.NoAutomateDNSZone != nil { in, out := &in.NoAutomateDNSZone, &out.NoAutomateDNSZone *out = new(bool) @@ -15707,12 +16272,21 @@ func (in *IPv6AccessConfigParameters) DeepCopy() *IPv6AccessConfigParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IapInitParameters) DeepCopyInto(out *IapInitParameters) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.Oauth2ClientID != nil { in, out := &in.Oauth2ClientID, &out.Oauth2ClientID *out = new(string) **out = **in } - out.Oauth2ClientSecretSecretRef = in.Oauth2ClientSecretSecretRef + if in.Oauth2ClientSecretSecretRef != nil { + in, out := &in.Oauth2ClientSecretSecretRef, &out.Oauth2ClientSecretSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IapInitParameters. @@ -15728,6 +16302,11 @@ func (in *IapInitParameters) DeepCopy() *IapInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IapObservation) DeepCopyInto(out *IapObservation) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.Oauth2ClientID != nil { in, out := &in.Oauth2ClientID, &out.Oauth2ClientID *out = new(string) @@ -15748,12 +16327,21 @@ func (in *IapObservation) DeepCopy() *IapObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IapParameters) DeepCopyInto(out *IapParameters) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.Oauth2ClientID != nil { in, out := &in.Oauth2ClientID, &out.Oauth2ClientID *out = new(string) **out = **in } - out.Oauth2ClientSecretSecretRef = in.Oauth2ClientSecretSecretRef + if in.Oauth2ClientSecretSecretRef != nil { + in, out := &in.Oauth2ClientSecretSecretRef, &out.Oauth2ClientSecretSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IapParameters. @@ -16334,6 +16922,16 @@ func (in *ImageInitParameters) DeepCopyInto(out *ImageInitParameters) { *out = new(string) **out = **in } + if in.SourceDiskRef != nil { + in, out := &in.SourceDiskRef, &out.SourceDiskRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SourceDiskSelector != nil { + in, out := &in.SourceDiskSelector, &out.SourceDiskSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.SourceImage != nil { in, out := &in.SourceImage, &out.SourceImage *out = new(string) @@ -16633,6 +17231,16 @@ func (in *ImageParameters) DeepCopyInto(out *ImageParameters) { *out = new(string) **out = **in } + if in.SourceDiskRef != nil { + in, out := &in.SourceDiskRef, &out.SourceDiskRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SourceDiskSelector != nil { + in, out := &in.SourceDiskSelector, &out.SourceDiskSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.SourceImage != nil { in, out := &in.SourceImage, &out.SourceImage *out = new(string) @@ -16757,6 +17365,17 @@ func (in *InitializeParamsInitParameters) DeepCopyInto(out *InitializeParamsInit (*out)[key] = outVal } } + if in.ResourcePolicies != nil { + in, out := &in.ResourcePolicies, &out.ResourcePolicies + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Size != nil { in, out := &in.Size, &out.Size *out = new(float64) @@ -16830,6 +17449,17 @@ func (in *InitializeParamsObservation) DeepCopyInto(out *InitializeParamsObserva (*out)[key] = outVal } } + if in.ResourcePolicies != nil { + in, out := &in.ResourcePolicies, &out.ResourcePolicies + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Size != nil { in, out := &in.Size, &out.Size *out = new(float64) @@ -16913,6 +17543,17 @@ func (in *InitializeParamsParameters) DeepCopyInto(out *InitializeParamsParamete (*out)[key] = outVal } } + if in.ResourcePolicies != nil { + in, out := &in.ResourcePolicies, &out.ResourcePolicies + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Size != nil { in, out := &in.Size, &out.Size *out = new(float64) @@ -16967,6 +17608,72 @@ func (in *Instance) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceFlexibilityPolicyInitParameters) DeepCopyInto(out *InstanceFlexibilityPolicyInitParameters) { + *out = *in + if in.InstanceSelections != nil { + in, out := &in.InstanceSelections, &out.InstanceSelections + *out = make([]InstanceSelectionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyInitParameters. +func (in *InstanceFlexibilityPolicyInitParameters) DeepCopy() *InstanceFlexibilityPolicyInitParameters { + if in == nil { + return nil + } + out := new(InstanceFlexibilityPolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceFlexibilityPolicyObservation) DeepCopyInto(out *InstanceFlexibilityPolicyObservation) { + *out = *in + if in.InstanceSelections != nil { + in, out := &in.InstanceSelections, &out.InstanceSelections + *out = make([]InstanceSelectionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyObservation. +func (in *InstanceFlexibilityPolicyObservation) DeepCopy() *InstanceFlexibilityPolicyObservation { + if in == nil { + return nil + } + out := new(InstanceFlexibilityPolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceFlexibilityPolicyParameters) DeepCopyInto(out *InstanceFlexibilityPolicyParameters) { + *out = *in + if in.InstanceSelections != nil { + in, out := &in.InstanceSelections, &out.InstanceSelections + *out = make([]InstanceSelectionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyParameters. +func (in *InstanceFlexibilityPolicyParameters) DeepCopy() *InstanceFlexibilityPolicyParameters { + if in == nil { + return nil + } + out := new(InstanceFlexibilityPolicyParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceFromTemplate) DeepCopyInto(out *InstanceFromTemplate) { *out = *in @@ -17002,11 +17709,26 @@ func (in *InstanceFromTemplateAdvancedMachineFeaturesInitParameters) DeepCopyInt *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -17032,11 +17754,26 @@ func (in *InstanceFromTemplateAdvancedMachineFeaturesObservation) DeepCopyInto(o *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -17062,11 +17799,26 @@ func (in *InstanceFromTemplateAdvancedMachineFeaturesParameters) DeepCopyInto(ou *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -17092,14 +17844,9 @@ func (in *InstanceFromTemplateAttachedDiskInitParameters) DeepCopyInto(out *Inst *out = new(string) **out = **in } - if in.DiskEncryptionKeyRaw != nil { - in, out := &in.DiskEncryptionKeyRaw, &out.DiskEncryptionKeyRaw - *out = new(string) - **out = **in - } - if in.DiskEncryptionKeySha256 != nil { - in, out := &in.DiskEncryptionKeySha256, &out.DiskEncryptionKeySha256 - *out = new(string) + if in.DiskEncryptionKeyRawSecretRef != nil { + in, out := &in.DiskEncryptionKeyRawSecretRef, &out.DiskEncryptionKeyRawSecretRef + *out = new(v1.SecretKeySelector) **out = **in } if in.KMSKeySelfLink != nil { @@ -17137,11 +17884,6 @@ func (in *InstanceFromTemplateAttachedDiskObservation) DeepCopyInto(out *Instanc *out = new(string) **out = **in } - if in.DiskEncryptionKeyRaw != nil { - in, out := &in.DiskEncryptionKeyRaw, &out.DiskEncryptionKeyRaw - *out = new(string) - **out = **in - } if in.DiskEncryptionKeySha256 != nil { in, out := &in.DiskEncryptionKeySha256, &out.DiskEncryptionKeySha256 *out = new(string) @@ -17182,14 +17924,9 @@ func (in *InstanceFromTemplateAttachedDiskParameters) DeepCopyInto(out *Instance *out = new(string) **out = **in } - if in.DiskEncryptionKeyRaw != nil { - in, out := &in.DiskEncryptionKeyRaw, &out.DiskEncryptionKeyRaw - *out = new(string) - **out = **in - } - if in.DiskEncryptionKeySha256 != nil { - in, out := &in.DiskEncryptionKeySha256, &out.DiskEncryptionKeySha256 - *out = new(string) + if in.DiskEncryptionKeyRawSecretRef != nil { + in, out := &in.DiskEncryptionKeyRawSecretRef, &out.DiskEncryptionKeyRawSecretRef + *out = new(v1.SecretKeySelector) **out = **in } if in.KMSKeySelfLink != nil { @@ -17242,6 +17979,11 @@ func (in *InstanceFromTemplateBootDiskInitParameters) DeepCopyInto(out *Instance *out = new(BootDiskInitializeParamsInitParameters) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.KMSKeySelfLink != nil { in, out := &in.KMSKeySelfLink, &out.KMSKeySelfLink *out = new(string) @@ -17292,6 +18034,11 @@ func (in *InstanceFromTemplateBootDiskObservation) DeepCopyInto(out *InstanceFro *out = new(BootDiskInitializeParamsObservation) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.KMSKeySelfLink != nil { in, out := &in.KMSKeySelfLink, &out.KMSKeySelfLink *out = new(string) @@ -17342,6 +18089,11 @@ func (in *InstanceFromTemplateBootDiskParameters) DeepCopyInto(out *InstanceFrom *out = new(BootDiskInitializeParamsParameters) (*in).DeepCopyInto(*out) } + if in.Interface != nil { + in, out := &in.Interface, &out.Interface + *out = new(string) + **out = **in + } if in.KMSKeySelfLink != nil { in, out := &in.KMSKeySelfLink, &out.KMSKeySelfLink *out = new(string) @@ -17586,6 +18338,11 @@ func (in *InstanceFromTemplateInitParameters) DeepCopyInto(out *InstanceFromTemp *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -18157,6 +18914,11 @@ func (in *InstanceFromTemplateObservation) DeepCopyInto(out *InstanceFromTemplat *out = new(InstanceFromTemplateConfidentialInstanceConfigObservation) (*in).DeepCopyInto(*out) } + if in.CreationTimestamp != nil { + in, out := &in.CreationTimestamp, &out.CreationTimestamp + *out = new(string) + **out = **in + } if in.CurrentStatus != nil { in, out := &in.CurrentStatus, &out.CurrentStatus *out = new(string) @@ -18220,6 +18982,11 @@ func (in *InstanceFromTemplateObservation) DeepCopyInto(out *InstanceFromTemplat *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.LabelFingerprint != nil { in, out := &in.LabelFingerprint, &out.LabelFingerprint *out = new(string) @@ -18459,6 +19226,11 @@ func (in *InstanceFromTemplateParameters) DeepCopyInto(out *InstanceFromTemplate *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -18781,6 +19553,11 @@ func (in *InstanceFromTemplateSchedulingInitParameters) DeepCopyInto(out *Instan *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -18848,6 +19625,11 @@ func (in *InstanceFromTemplateSchedulingObservation) DeepCopyInto(out *InstanceF *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -18915,6 +19697,11 @@ func (in *InstanceFromTemplateSchedulingParameters) DeepCopyInto(out *InstanceFr *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -19354,6 +20141,11 @@ func (in *InstanceGroupManagerInitParameters) DeepCopyInto(out *InstanceGroupMan *out = new(string) **out = **in } + if in.StandbyPolicy != nil { + in, out := &in.StandbyPolicy, &out.StandbyPolicy + *out = new(StandbyPolicyInitParameters) + (*in).DeepCopyInto(*out) + } if in.StatefulDisk != nil { in, out := &in.StatefulDisk, &out.StatefulDisk *out = make([]StatefulDiskInitParameters, len(*in)) @@ -19403,6 +20195,16 @@ func (in *InstanceGroupManagerInitParameters) DeepCopyInto(out *InstanceGroupMan *out = new(float64) **out = **in } + if in.TargetStoppedSize != nil { + in, out := &in.TargetStoppedSize, &out.TargetStoppedSize + *out = new(float64) + **out = **in + } + if in.TargetSuspendedSize != nil { + in, out := &in.TargetSuspendedSize, &out.TargetSuspendedSize + *out = new(float64) + **out = **in + } if in.UpdatePolicy != nil { in, out := &in.UpdatePolicy, &out.UpdatePolicy *out = new(UpdatePolicyInitParameters) @@ -19512,6 +20314,11 @@ func (in *InstanceGroupManagerObservation) DeepCopyInto(out *InstanceGroupManage *out = new(string) **out = **in } + if in.InstanceGroupManagerID != nil { + in, out := &in.InstanceGroupManagerID, &out.InstanceGroupManagerID + *out = new(float64) + **out = **in + } if in.InstanceLifecyclePolicy != nil { in, out := &in.InstanceLifecyclePolicy, &out.InstanceLifecyclePolicy *out = new(InstanceLifecyclePolicyObservation) @@ -19544,6 +20351,11 @@ func (in *InstanceGroupManagerObservation) DeepCopyInto(out *InstanceGroupManage *out = new(string) **out = **in } + if in.StandbyPolicy != nil { + in, out := &in.StandbyPolicy, &out.StandbyPolicy + *out = new(StandbyPolicyObservation) + (*in).DeepCopyInto(*out) + } if in.StatefulDisk != nil { in, out := &in.StatefulDisk, &out.StatefulDisk *out = make([]StatefulDiskObservation, len(*in)) @@ -19588,6 +20400,16 @@ func (in *InstanceGroupManagerObservation) DeepCopyInto(out *InstanceGroupManage *out = new(float64) **out = **in } + if in.TargetStoppedSize != nil { + in, out := &in.TargetStoppedSize, &out.TargetStoppedSize + *out = new(float64) + **out = **in + } + if in.TargetSuspendedSize != nil { + in, out := &in.TargetSuspendedSize, &out.TargetSuspendedSize + *out = new(float64) + **out = **in + } if in.UpdatePolicy != nil { in, out := &in.UpdatePolicy, &out.UpdatePolicy *out = new(UpdatePolicyObservation) @@ -19672,6 +20494,11 @@ func (in *InstanceGroupManagerParameters) DeepCopyInto(out *InstanceGroupManager *out = new(string) **out = **in } + if in.StandbyPolicy != nil { + in, out := &in.StandbyPolicy, &out.StandbyPolicy + *out = new(StandbyPolicyParameters) + (*in).DeepCopyInto(*out) + } if in.StatefulDisk != nil { in, out := &in.StatefulDisk, &out.StatefulDisk *out = make([]StatefulDiskParameters, len(*in)) @@ -19721,6 +20548,16 @@ func (in *InstanceGroupManagerParameters) DeepCopyInto(out *InstanceGroupManager *out = new(float64) **out = **in } + if in.TargetStoppedSize != nil { + in, out := &in.TargetStoppedSize, &out.TargetStoppedSize + *out = new(float64) + **out = **in + } + if in.TargetSuspendedSize != nil { + in, out := &in.TargetSuspendedSize, &out.TargetSuspendedSize + *out = new(float64) + **out = **in + } if in.UpdatePolicy != nil { in, out := &in.UpdatePolicy, &out.UpdatePolicy *out = new(UpdatePolicyParameters) @@ -20211,6 +21048,11 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -20488,6 +21330,11 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(ConfidentialInstanceConfigObservation) (*in).DeepCopyInto(*out) } + if in.CreationTimestamp != nil { + in, out := &in.CreationTimestamp, &out.CreationTimestamp + *out = new(string) + **out = **in + } if in.CurrentStatus != nil { in, out := &in.CurrentStatus, &out.CurrentStatus *out = new(string) @@ -20551,6 +21398,11 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.LabelFingerprint != nil { in, out := &in.LabelFingerprint, &out.LabelFingerprint *out = new(string) @@ -20789,6 +21641,11 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -21161,6 +22018,114 @@ func (in *InstanceSchedulePolicyParameters) DeepCopy() *InstanceSchedulePolicyPa return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionsInitParameters) DeepCopyInto(out *InstanceSelectionsInitParameters) { + *out = *in + if in.MachineTypes != nil { + in, out := &in.MachineTypes, &out.MachineTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Rank != nil { + in, out := &in.Rank, &out.Rank + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionsInitParameters. +func (in *InstanceSelectionsInitParameters) DeepCopy() *InstanceSelectionsInitParameters { + if in == nil { + return nil + } + out := new(InstanceSelectionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionsObservation) DeepCopyInto(out *InstanceSelectionsObservation) { + *out = *in + if in.MachineTypes != nil { + in, out := &in.MachineTypes, &out.MachineTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Rank != nil { + in, out := &in.Rank, &out.Rank + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionsObservation. +func (in *InstanceSelectionsObservation) DeepCopy() *InstanceSelectionsObservation { + if in == nil { + return nil + } + out := new(InstanceSelectionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceSelectionsParameters) DeepCopyInto(out *InstanceSelectionsParameters) { + *out = *in + if in.MachineTypes != nil { + in, out := &in.MachineTypes, &out.MachineTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Rank != nil { + in, out := &in.Rank, &out.Rank + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSelectionsParameters. +func (in *InstanceSelectionsParameters) DeepCopy() *InstanceSelectionsParameters { + if in == nil { + return nil + } + out := new(InstanceSelectionsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceSpec) DeepCopyInto(out *InstanceSpec) { *out = *in @@ -21231,11 +22196,26 @@ func (in *InstanceTemplateAdvancedMachineFeaturesInitParameters) DeepCopyInto(ou *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -21261,11 +22241,26 @@ func (in *InstanceTemplateAdvancedMachineFeaturesObservation) DeepCopyInto(out * *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -21291,11 +22286,26 @@ func (in *InstanceTemplateAdvancedMachineFeaturesParameters) DeepCopyInto(out *I *out = new(bool) **out = **in } + if in.EnableUefiNetworking != nil { + in, out := &in.EnableUefiNetworking, &out.EnableUefiNetworking + *out = new(bool) + **out = **in + } + if in.PerformanceMonitoringUnit != nil { + in, out := &in.PerformanceMonitoringUnit, &out.PerformanceMonitoringUnit + *out = new(string) + **out = **in + } if in.ThreadsPerCore != nil { in, out := &in.ThreadsPerCore, &out.ThreadsPerCore *out = new(float64) **out = **in } + if in.TurboMode != nil { + in, out := &in.TurboMode, &out.TurboMode + *out = new(string) + **out = **in + } if in.VisibleCoreCount != nil { in, out := &in.VisibleCoreCount, &out.VisibleCoreCount *out = new(float64) @@ -21457,6 +22467,11 @@ func (in *InstanceTemplateDiskInitParameters) DeepCopyInto(out *InstanceTemplate *out = new(float64) **out = **in } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -21617,6 +22632,11 @@ func (in *InstanceTemplateDiskObservation) DeepCopyInto(out *InstanceTemplateDis *out = new(float64) **out = **in } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -21755,6 +22775,11 @@ func (in *InstanceTemplateDiskParameters) DeepCopyInto(out *InstanceTemplateDisk *out = new(float64) **out = **in } + if in.ProvisionedThroughput != nil { + in, out := &in.ProvisionedThroughput, &out.ProvisionedThroughput + *out = new(float64) + **out = **in + } if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags *out = make(map[string]*string, len(*in)) @@ -21963,6 +22988,11 @@ func (in *InstanceTemplateInitParameters) DeepCopyInto(out *InstanceTemplateInit *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -22741,6 +23771,11 @@ func (in *InstanceTemplateObservation) DeepCopyInto(out *InstanceTemplateObserva *out = new(InstanceTemplateConfidentialInstanceConfigObservation) (*in).DeepCopyInto(*out) } + if in.CreationTimestamp != nil { + in, out := &in.CreationTimestamp, &out.CreationTimestamp + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -22786,6 +23821,11 @@ func (in *InstanceTemplateObservation) DeepCopyInto(out *InstanceTemplateObserva *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -23004,6 +24044,11 @@ func (in *InstanceTemplateParameters) DeepCopyInto(out *InstanceTemplateParamete *out = new(string) **out = **in } + if in.KeyRevocationActionType != nil { + in, out := &in.KeyRevocationActionType, &out.KeyRevocationActionType + *out = new(string) + **out = **in + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -23320,6 +24365,11 @@ func (in *InstanceTemplateSchedulingInitParameters) DeepCopyInto(out *InstanceTe *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -23647,6 +24697,11 @@ func (in *InstanceTemplateSchedulingObservation) DeepCopyInto(out *InstanceTempl *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -23776,6 +24831,11 @@ func (in *InstanceTemplateSchedulingParameters) DeepCopyInto(out *InstanceTempla *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -24564,6 +25624,13 @@ func (in *Layer7DdosDefenseConfigInitParameters) DeepCopyInto(out *Layer7DdosDef *out = new(string) **out = **in } + if in.ThresholdConfigs != nil { + in, out := &in.ThresholdConfigs, &out.ThresholdConfigs + *out = make([]ThresholdConfigsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Layer7DdosDefenseConfigInitParameters. @@ -24589,6 +25656,13 @@ func (in *Layer7DdosDefenseConfigObservation) DeepCopyInto(out *Layer7DdosDefens *out = new(string) **out = **in } + if in.ThresholdConfigs != nil { + in, out := &in.ThresholdConfigs, &out.ThresholdConfigs + *out = make([]ThresholdConfigsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Layer7DdosDefenseConfigObservation. @@ -24614,6 +25688,13 @@ func (in *Layer7DdosDefenseConfigParameters) DeepCopyInto(out *Layer7DdosDefense *out = new(string) **out = **in } + if in.ThresholdConfigs != nil { + in, out := &in.ThresholdConfigs, &out.ThresholdConfigs + *out = make([]ThresholdConfigsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Layer7DdosDefenseConfigParameters. @@ -25154,11 +26235,6 @@ func (in *ManagedSSLCertificate) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ManagedSSLCertificateInitParameters) DeepCopyInto(out *ManagedSSLCertificateInitParameters) { *out = *in - if in.CertificateID != nil { - in, out := &in.CertificateID, &out.CertificateID - *out = new(float64) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -25297,11 +26373,6 @@ func (in *ManagedSSLCertificateObservation) DeepCopy() *ManagedSSLCertificateObs // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ManagedSSLCertificateParameters) DeepCopyInto(out *ManagedSSLCertificateParameters) { *out = *in - if in.CertificateID != nil { - in, out := &in.CertificateID, &out.CertificateID - *out = new(float64) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -28357,6 +29428,13 @@ func (in *NodeTemplate) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeTemplateInitParameters) DeepCopyInto(out *NodeTemplateInitParameters) { *out = *in + if in.Accelerators != nil { + in, out := &in.Accelerators, &out.Accelerators + *out = make([]AcceleratorsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.CPUOvercommitType != nil { in, out := &in.CPUOvercommitType, &out.CPUOvercommitType *out = new(string) @@ -28367,6 +29445,13 @@ func (in *NodeTemplateInitParameters) DeepCopyInto(out *NodeTemplateInitParamete *out = new(string) **out = **in } + if in.Disks != nil { + in, out := &in.Disks, &out.Disks + *out = make([]DisksInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NodeAffinityLabels != nil { in, out := &in.NodeAffinityLabels, &out.NodeAffinityLabels *out = make(map[string]*string, len(*in)) @@ -28450,6 +29535,13 @@ func (in *NodeTemplateList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeTemplateObservation) DeepCopyInto(out *NodeTemplateObservation) { *out = *in + if in.Accelerators != nil { + in, out := &in.Accelerators, &out.Accelerators + *out = make([]AcceleratorsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.CPUOvercommitType != nil { in, out := &in.CPUOvercommitType, &out.CPUOvercommitType *out = new(string) @@ -28465,6 +29557,13 @@ func (in *NodeTemplateObservation) DeepCopyInto(out *NodeTemplateObservation) { *out = new(string) **out = **in } + if in.Disks != nil { + in, out := &in.Disks, &out.Disks + *out = make([]DisksObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -28531,6 +29630,13 @@ func (in *NodeTemplateObservation) DeepCopy() *NodeTemplateObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeTemplateParameters) DeepCopyInto(out *NodeTemplateParameters) { *out = *in + if in.Accelerators != nil { + in, out := &in.Accelerators, &out.Accelerators + *out = make([]AcceleratorsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.CPUOvercommitType != nil { in, out := &in.CPUOvercommitType, &out.CPUOvercommitType *out = new(string) @@ -28541,6 +29647,13 @@ func (in *NodeTemplateParameters) DeepCopyInto(out *NodeTemplateParameters) { *out = new(string) **out = **in } + if in.Disks != nil { + in, out := &in.Disks, &out.Disks + *out = make([]DisksParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NodeAffinityLabels != nil { in, out := &in.NodeAffinityLabels, &out.NodeAffinityLabels *out = make(map[string]*string, len(*in)) @@ -35418,6 +36531,72 @@ func (in *PolicyParameters) DeepCopy() *PolicyParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreconfiguredWafConfigInitParameters) DeepCopyInto(out *PreconfiguredWafConfigInitParameters) { + *out = *in + if in.Exclusion != nil { + in, out := &in.Exclusion, &out.Exclusion + *out = make([]ExclusionInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreconfiguredWafConfigInitParameters. +func (in *PreconfiguredWafConfigInitParameters) DeepCopy() *PreconfiguredWafConfigInitParameters { + if in == nil { + return nil + } + out := new(PreconfiguredWafConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreconfiguredWafConfigObservation) DeepCopyInto(out *PreconfiguredWafConfigObservation) { + *out = *in + if in.Exclusion != nil { + in, out := &in.Exclusion, &out.Exclusion + *out = make([]ExclusionObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreconfiguredWafConfigObservation. +func (in *PreconfiguredWafConfigObservation) DeepCopy() *PreconfiguredWafConfigObservation { + if in == nil { + return nil + } + out := new(PreconfiguredWafConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreconfiguredWafConfigParameters) DeepCopyInto(out *PreconfiguredWafConfigParameters) { + *out = *in + if in.Exclusion != nil { + in, out := &in.Exclusion, &out.Exclusion + *out = make([]ExclusionParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreconfiguredWafConfigParameters. +func (in *PreconfiguredWafConfigParameters) DeepCopy() *PreconfiguredWafConfigParameters { + if in == nil { + return nil + } + out := new(PreconfiguredWafConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PreservedStateDiskInitParameters) DeepCopyInto(out *PreservedStateDiskInitParameters) { *out = *in @@ -36054,6 +37233,66 @@ func (in *ProjectMapParameters) DeepCopy() *ProjectMapParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscDataInitParameters) DeepCopyInto(out *PscDataInitParameters) { + *out = *in + if in.ProducerPort != nil { + in, out := &in.ProducerPort, &out.ProducerPort + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscDataInitParameters. +func (in *PscDataInitParameters) DeepCopy() *PscDataInitParameters { + if in == nil { + return nil + } + out := new(PscDataInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscDataObservation) DeepCopyInto(out *PscDataObservation) { + *out = *in + if in.ProducerPort != nil { + in, out := &in.ProducerPort, &out.ProducerPort + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscDataObservation. +func (in *PscDataObservation) DeepCopy() *PscDataObservation { + if in == nil { + return nil + } + out := new(PscDataObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscDataParameters) DeepCopyInto(out *PscDataParameters) { + *out = *in + if in.ProducerPort != nil { + in, out := &in.ProducerPort, &out.ProducerPort + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscDataParameters. +func (in *PscDataParameters) DeepCopy() *PscDataParameters { + if in == nil { + return nil + } + out := new(PscDataParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *QueryParameterMatchesInitParameters) DeepCopyInto(out *QueryParameterMatchesInitParameters) { *out = *in @@ -36257,6 +37496,13 @@ func (in *RateLimitOptionsInitParameters) DeepCopyInto(out *RateLimitOptionsInit *out = new(string) **out = **in } + if in.EnforceOnKeyConfigs != nil { + in, out := &in.EnforceOnKeyConfigs, &out.EnforceOnKeyConfigs + *out = make([]EnforceOnKeyConfigsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.EnforceOnKeyName != nil { in, out := &in.EnforceOnKeyName, &out.EnforceOnKeyName *out = new(string) @@ -36312,6 +37558,13 @@ func (in *RateLimitOptionsObservation) DeepCopyInto(out *RateLimitOptionsObserva *out = new(string) **out = **in } + if in.EnforceOnKeyConfigs != nil { + in, out := &in.EnforceOnKeyConfigs, &out.EnforceOnKeyConfigs + *out = make([]EnforceOnKeyConfigsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.EnforceOnKeyName != nil { in, out := &in.EnforceOnKeyName, &out.EnforceOnKeyName *out = new(string) @@ -36367,6 +37620,13 @@ func (in *RateLimitOptionsParameters) DeepCopyInto(out *RateLimitOptionsParamete *out = new(string) **out = **in } + if in.EnforceOnKeyConfigs != nil { + in, out := &in.EnforceOnKeyConfigs, &out.EnforceOnKeyConfigs + *out = make([]EnforceOnKeyConfigsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.EnforceOnKeyName != nil { in, out := &in.EnforceOnKeyName, &out.EnforceOnKeyName *out = new(string) @@ -38166,12 +39426,21 @@ func (in *RegionBackendServiceConsistentHashParameters) DeepCopy() *RegionBacken // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionBackendServiceIapInitParameters) DeepCopyInto(out *RegionBackendServiceIapInitParameters) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.Oauth2ClientID != nil { in, out := &in.Oauth2ClientID, &out.Oauth2ClientID *out = new(string) **out = **in } - out.Oauth2ClientSecretSecretRef = in.Oauth2ClientSecretSecretRef + if in.Oauth2ClientSecretSecretRef != nil { + in, out := &in.Oauth2ClientSecretSecretRef, &out.Oauth2ClientSecretSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceIapInitParameters. @@ -38187,6 +39456,11 @@ func (in *RegionBackendServiceIapInitParameters) DeepCopy() *RegionBackendServic // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionBackendServiceIapObservation) DeepCopyInto(out *RegionBackendServiceIapObservation) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.Oauth2ClientID != nil { in, out := &in.Oauth2ClientID, &out.Oauth2ClientID *out = new(string) @@ -38207,12 +39481,21 @@ func (in *RegionBackendServiceIapObservation) DeepCopy() *RegionBackendServiceIa // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionBackendServiceIapParameters) DeepCopyInto(out *RegionBackendServiceIapParameters) { *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } if in.Oauth2ClientID != nil { in, out := &in.Oauth2ClientID, &out.Oauth2ClientID *out = new(string) **out = **in } - out.Oauth2ClientSecretSecretRef = in.Oauth2ClientSecretSecretRef + if in.Oauth2ClientSecretSecretRef != nil { + in, out := &in.Oauth2ClientSecretSecretRef, &out.Oauth2ClientSecretSecretRef + *out = new(v1.SecretKeySelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceIapParameters. @@ -38298,6 +39581,11 @@ func (in *RegionBackendServiceInitParameters) DeepCopyInto(out *RegionBackendSer *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.IPAddressSelectionPolicy != nil { + in, out := &in.IPAddressSelectionPolicy, &out.IPAddressSelectionPolicy + *out = new(string) + **out = **in + } if in.Iap != nil { in, out := &in.Iap, &out.Iap *out = new(RegionBackendServiceIapInitParameters) @@ -38348,6 +39636,11 @@ func (in *RegionBackendServiceInitParameters) DeepCopyInto(out *RegionBackendSer *out = new(string) **out = **in } + if in.StrongSessionAffinityCookie != nil { + in, out := &in.StrongSessionAffinityCookie, &out.StrongSessionAffinityCookie + *out = new(RegionBackendServiceStrongSessionAffinityCookieInitParameters) + (*in).DeepCopyInto(*out) + } if in.TimeoutSec != nil { in, out := &in.TimeoutSec, &out.TimeoutSec *out = new(float64) @@ -38553,6 +39846,11 @@ func (in *RegionBackendServiceObservation) DeepCopyInto(out *RegionBackendServic *out = new(string) **out = **in } + if in.IPAddressSelectionPolicy != nil { + in, out := &in.IPAddressSelectionPolicy, &out.IPAddressSelectionPolicy + *out = new(string) + **out = **in + } if in.Iap != nil { in, out := &in.Iap, &out.Iap *out = new(RegionBackendServiceIapObservation) @@ -38613,6 +39911,11 @@ func (in *RegionBackendServiceObservation) DeepCopyInto(out *RegionBackendServic *out = new(string) **out = **in } + if in.StrongSessionAffinityCookie != nil { + in, out := &in.StrongSessionAffinityCookie, &out.StrongSessionAffinityCookie + *out = new(RegionBackendServiceStrongSessionAffinityCookieObservation) + (*in).DeepCopyInto(*out) + } if in.TimeoutSec != nil { in, out := &in.TimeoutSec, &out.TimeoutSec *out = new(float64) @@ -38913,6 +40216,11 @@ func (in *RegionBackendServiceParameters) DeepCopyInto(out *RegionBackendService *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.IPAddressSelectionPolicy != nil { + in, out := &in.IPAddressSelectionPolicy, &out.IPAddressSelectionPolicy + *out = new(string) + **out = **in + } if in.Iap != nil { in, out := &in.Iap, &out.Iap *out = new(RegionBackendServiceIapParameters) @@ -38968,6 +40276,11 @@ func (in *RegionBackendServiceParameters) DeepCopyInto(out *RegionBackendService *out = new(string) **out = **in } + if in.StrongSessionAffinityCookie != nil { + in, out := &in.StrongSessionAffinityCookie, &out.StrongSessionAffinityCookie + *out = new(RegionBackendServiceStrongSessionAffinityCookieParameters) + (*in).DeepCopyInto(*out) + } if in.TimeoutSec != nil { in, out := &in.TimeoutSec, &out.TimeoutSec *out = new(float64) @@ -39020,6 +40333,171 @@ func (in *RegionBackendServiceStatus) DeepCopy() *RegionBackendServiceStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionBackendServiceStrongSessionAffinityCookieInitParameters) DeepCopyInto(out *RegionBackendServiceStrongSessionAffinityCookieInitParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.TTL != nil { + in, out := &in.TTL, &out.TTL + *out = new(RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceStrongSessionAffinityCookieInitParameters. +func (in *RegionBackendServiceStrongSessionAffinityCookieInitParameters) DeepCopy() *RegionBackendServiceStrongSessionAffinityCookieInitParameters { + if in == nil { + return nil + } + out := new(RegionBackendServiceStrongSessionAffinityCookieInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionBackendServiceStrongSessionAffinityCookieObservation) DeepCopyInto(out *RegionBackendServiceStrongSessionAffinityCookieObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.TTL != nil { + in, out := &in.TTL, &out.TTL + *out = new(RegionBackendServiceStrongSessionAffinityCookieTTLObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceStrongSessionAffinityCookieObservation. +func (in *RegionBackendServiceStrongSessionAffinityCookieObservation) DeepCopy() *RegionBackendServiceStrongSessionAffinityCookieObservation { + if in == nil { + return nil + } + out := new(RegionBackendServiceStrongSessionAffinityCookieObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionBackendServiceStrongSessionAffinityCookieParameters) DeepCopyInto(out *RegionBackendServiceStrongSessionAffinityCookieParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.TTL != nil { + in, out := &in.TTL, &out.TTL + *out = new(RegionBackendServiceStrongSessionAffinityCookieTTLParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceStrongSessionAffinityCookieParameters. +func (in *RegionBackendServiceStrongSessionAffinityCookieParameters) DeepCopy() *RegionBackendServiceStrongSessionAffinityCookieParameters { + if in == nil { + return nil + } + out := new(RegionBackendServiceStrongSessionAffinityCookieParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters) DeepCopyInto(out *RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters) { + *out = *in + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters. +func (in *RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters) DeepCopy() *RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters { + if in == nil { + return nil + } + out := new(RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionBackendServiceStrongSessionAffinityCookieTTLObservation) DeepCopyInto(out *RegionBackendServiceStrongSessionAffinityCookieTTLObservation) { + *out = *in + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceStrongSessionAffinityCookieTTLObservation. +func (in *RegionBackendServiceStrongSessionAffinityCookieTTLObservation) DeepCopy() *RegionBackendServiceStrongSessionAffinityCookieTTLObservation { + if in == nil { + return nil + } + out := new(RegionBackendServiceStrongSessionAffinityCookieTTLObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionBackendServiceStrongSessionAffinityCookieTTLParameters) DeepCopyInto(out *RegionBackendServiceStrongSessionAffinityCookieTTLParameters) { + *out = *in + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionBackendServiceStrongSessionAffinityCookieTTLParameters. +func (in *RegionBackendServiceStrongSessionAffinityCookieTTLParameters) DeepCopy() *RegionBackendServiceStrongSessionAffinityCookieTTLParameters { + if in == nil { + return nil + } + out := new(RegionBackendServiceStrongSessionAffinityCookieTTLParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionDisk) DeepCopyInto(out *RegionDisk) { *out = *in @@ -40973,6 +42451,11 @@ func (in *RegionHealthCheckObservation) DeepCopyInto(out *RegionHealthCheckObser *out = new(RegionHealthCheckHTTPSHealthCheckObservation) (*in).DeepCopyInto(*out) } + if in.HealthCheckID != nil { + in, out := &in.HealthCheckID, &out.HealthCheckID + *out = new(float64) + **out = **in + } if in.HealthyThreshold != nil { in, out := &in.HealthyThreshold, &out.HealthyThreshold *out = new(float64) @@ -41737,6 +43220,11 @@ func (in *RegionInstanceGroupManagerInitParameters) DeepCopyInto(out *RegionInst } } } + if in.InstanceFlexibilityPolicy != nil { + in, out := &in.InstanceFlexibilityPolicy, &out.InstanceFlexibilityPolicy + *out = new(InstanceFlexibilityPolicyInitParameters) + (*in).DeepCopyInto(*out) + } if in.InstanceLifecyclePolicy != nil { in, out := &in.InstanceLifecyclePolicy, &out.InstanceLifecyclePolicy *out = new(RegionInstanceGroupManagerInstanceLifecyclePolicyInitParameters) @@ -41769,6 +43257,11 @@ func (in *RegionInstanceGroupManagerInitParameters) DeepCopyInto(out *RegionInst *out = new(string) **out = **in } + if in.StandbyPolicy != nil { + in, out := &in.StandbyPolicy, &out.StandbyPolicy + *out = new(RegionInstanceGroupManagerStandbyPolicyInitParameters) + (*in).DeepCopyInto(*out) + } if in.StatefulDisk != nil { in, out := &in.StatefulDisk, &out.StatefulDisk *out = make([]RegionInstanceGroupManagerStatefulDiskInitParameters, len(*in)) @@ -41818,6 +43311,16 @@ func (in *RegionInstanceGroupManagerInitParameters) DeepCopyInto(out *RegionInst *out = new(float64) **out = **in } + if in.TargetStoppedSize != nil { + in, out := &in.TargetStoppedSize, &out.TargetStoppedSize + *out = new(float64) + **out = **in + } + if in.TargetSuspendedSize != nil { + in, out := &in.TargetSuspendedSize, &out.TargetSuspendedSize + *out = new(float64) + **out = **in + } if in.UpdatePolicy != nil { in, out := &in.UpdatePolicy, &out.UpdatePolicy *out = new(RegionInstanceGroupManagerUpdatePolicyInitParameters) @@ -42088,11 +43591,21 @@ func (in *RegionInstanceGroupManagerObservation) DeepCopyInto(out *RegionInstanc *out = new(string) **out = **in } + if in.InstanceFlexibilityPolicy != nil { + in, out := &in.InstanceFlexibilityPolicy, &out.InstanceFlexibilityPolicy + *out = new(InstanceFlexibilityPolicyObservation) + (*in).DeepCopyInto(*out) + } if in.InstanceGroup != nil { in, out := &in.InstanceGroup, &out.InstanceGroup *out = new(string) **out = **in } + if in.InstanceGroupManagerID != nil { + in, out := &in.InstanceGroupManagerID, &out.InstanceGroupManagerID + *out = new(float64) + **out = **in + } if in.InstanceLifecyclePolicy != nil { in, out := &in.InstanceLifecyclePolicy, &out.InstanceLifecyclePolicy *out = new(RegionInstanceGroupManagerInstanceLifecyclePolicyObservation) @@ -42130,6 +43643,11 @@ func (in *RegionInstanceGroupManagerObservation) DeepCopyInto(out *RegionInstanc *out = new(string) **out = **in } + if in.StandbyPolicy != nil { + in, out := &in.StandbyPolicy, &out.StandbyPolicy + *out = new(RegionInstanceGroupManagerStandbyPolicyObservation) + (*in).DeepCopyInto(*out) + } if in.StatefulDisk != nil { in, out := &in.StatefulDisk, &out.StatefulDisk *out = make([]RegionInstanceGroupManagerStatefulDiskObservation, len(*in)) @@ -42174,6 +43692,16 @@ func (in *RegionInstanceGroupManagerObservation) DeepCopyInto(out *RegionInstanc *out = new(float64) **out = **in } + if in.TargetStoppedSize != nil { + in, out := &in.TargetStoppedSize, &out.TargetStoppedSize + *out = new(float64) + **out = **in + } + if in.TargetSuspendedSize != nil { + in, out := &in.TargetSuspendedSize, &out.TargetSuspendedSize + *out = new(float64) + **out = **in + } if in.UpdatePolicy != nil { in, out := &in.UpdatePolicy, &out.UpdatePolicy *out = new(RegionInstanceGroupManagerUpdatePolicyObservation) @@ -42247,6 +43775,11 @@ func (in *RegionInstanceGroupManagerParameters) DeepCopyInto(out *RegionInstance } } } + if in.InstanceFlexibilityPolicy != nil { + in, out := &in.InstanceFlexibilityPolicy, &out.InstanceFlexibilityPolicy + *out = new(InstanceFlexibilityPolicyParameters) + (*in).DeepCopyInto(*out) + } if in.InstanceLifecyclePolicy != nil { in, out := &in.InstanceLifecyclePolicy, &out.InstanceLifecyclePolicy *out = new(RegionInstanceGroupManagerInstanceLifecyclePolicyParameters) @@ -42279,6 +43812,11 @@ func (in *RegionInstanceGroupManagerParameters) DeepCopyInto(out *RegionInstance *out = new(string) **out = **in } + if in.StandbyPolicy != nil { + in, out := &in.StandbyPolicy, &out.StandbyPolicy + *out = new(RegionInstanceGroupManagerStandbyPolicyParameters) + (*in).DeepCopyInto(*out) + } if in.StatefulDisk != nil { in, out := &in.StatefulDisk, &out.StatefulDisk *out = make([]RegionInstanceGroupManagerStatefulDiskParameters, len(*in)) @@ -42328,6 +43866,16 @@ func (in *RegionInstanceGroupManagerParameters) DeepCopyInto(out *RegionInstance *out = new(float64) **out = **in } + if in.TargetStoppedSize != nil { + in, out := &in.TargetStoppedSize, &out.TargetStoppedSize + *out = new(float64) + **out = **in + } + if in.TargetSuspendedSize != nil { + in, out := &in.TargetSuspendedSize, &out.TargetSuspendedSize + *out = new(float64) + **out = **in + } if in.UpdatePolicy != nil { in, out := &in.UpdatePolicy, &out.UpdatePolicy *out = new(RegionInstanceGroupManagerUpdatePolicyParameters) @@ -42380,6 +43928,81 @@ func (in *RegionInstanceGroupManagerSpec) DeepCopy() *RegionInstanceGroupManager return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStandbyPolicyInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerStandbyPolicyInitParameters) { + *out = *in + if in.InitialDelaySec != nil { + in, out := &in.InitialDelaySec, &out.InitialDelaySec + *out = new(float64) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStandbyPolicyInitParameters. +func (in *RegionInstanceGroupManagerStandbyPolicyInitParameters) DeepCopy() *RegionInstanceGroupManagerStandbyPolicyInitParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStandbyPolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStandbyPolicyObservation) DeepCopyInto(out *RegionInstanceGroupManagerStandbyPolicyObservation) { + *out = *in + if in.InitialDelaySec != nil { + in, out := &in.InitialDelaySec, &out.InitialDelaySec + *out = new(float64) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStandbyPolicyObservation. +func (in *RegionInstanceGroupManagerStandbyPolicyObservation) DeepCopy() *RegionInstanceGroupManagerStandbyPolicyObservation { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStandbyPolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegionInstanceGroupManagerStandbyPolicyParameters) DeepCopyInto(out *RegionInstanceGroupManagerStandbyPolicyParameters) { + *out = *in + if in.InitialDelaySec != nil { + in, out := &in.InitialDelaySec, &out.InitialDelaySec + *out = new(float64) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegionInstanceGroupManagerStandbyPolicyParameters. +func (in *RegionInstanceGroupManagerStandbyPolicyParameters) DeepCopy() *RegionInstanceGroupManagerStandbyPolicyParameters { + if in == nil { + return nil + } + out := new(RegionInstanceGroupManagerStandbyPolicyParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerStatefulDiskInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerStatefulDiskInitParameters) { *out = *in @@ -43113,6 +44736,11 @@ func (in *RegionNetworkEndpointGroupInitParameters) DeepCopyInto(out *RegionNetw *out = new(string) **out = **in } + if in.PscData != nil { + in, out := &in.PscData, &out.PscData + *out = new(PscDataInitParameters) + (*in).DeepCopyInto(*out) + } if in.PscTargetService != nil { in, out := &in.PscTargetService, &out.PscTargetService *out = new(string) @@ -43230,6 +44858,11 @@ func (in *RegionNetworkEndpointGroupObservation) DeepCopyInto(out *RegionNetwork *out = new(string) **out = **in } + if in.PscData != nil { + in, out := &in.PscData, &out.PscData + *out = new(PscDataObservation) + (*in).DeepCopyInto(*out) + } if in.PscTargetService != nil { in, out := &in.PscTargetService, &out.PscTargetService *out = new(string) @@ -43310,6 +44943,11 @@ func (in *RegionNetworkEndpointGroupParameters) DeepCopyInto(out *RegionNetworkE *out = new(string) **out = **in } + if in.PscData != nil { + in, out := &in.PscData, &out.PscData + *out = new(PscDataParameters) + (*in).DeepCopyInto(*out) + } if in.PscTargetService != nil { in, out := &in.PscTargetService, &out.PscTargetService *out = new(string) @@ -44324,6 +45962,156 @@ func (in *RegionURLMapStatus) DeepCopy() *RegionURLMapStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestCookieInitParameters) DeepCopyInto(out *RequestCookieInitParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestCookieInitParameters. +func (in *RequestCookieInitParameters) DeepCopy() *RequestCookieInitParameters { + if in == nil { + return nil + } + out := new(RequestCookieInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestCookieObservation) DeepCopyInto(out *RequestCookieObservation) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestCookieObservation. +func (in *RequestCookieObservation) DeepCopy() *RequestCookieObservation { + if in == nil { + return nil + } + out := new(RequestCookieObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestCookieParameters) DeepCopyInto(out *RequestCookieParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestCookieParameters. +func (in *RequestCookieParameters) DeepCopy() *RequestCookieParameters { + if in == nil { + return nil + } + out := new(RequestCookieParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestHeaderInitParameters) DeepCopyInto(out *RequestHeaderInitParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderInitParameters. +func (in *RequestHeaderInitParameters) DeepCopy() *RequestHeaderInitParameters { + if in == nil { + return nil + } + out := new(RequestHeaderInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestHeaderObservation) DeepCopyInto(out *RequestHeaderObservation) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderObservation. +func (in *RequestHeaderObservation) DeepCopy() *RequestHeaderObservation { + if in == nil { + return nil + } + out := new(RequestHeaderObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestHeaderParameters) DeepCopyInto(out *RequestHeaderParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderParameters. +func (in *RequestHeaderParameters) DeepCopy() *RequestHeaderParameters { + if in == nil { + return nil + } + out := new(RequestHeaderParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RequestHeadersToAddInitParameters) DeepCopyInto(out *RequestHeadersToAddInitParameters) { *out = *in @@ -44569,6 +46357,156 @@ func (in *RequestMirrorPolicyParameters) DeepCopy() *RequestMirrorPolicyParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestQueryParamInitParameters) DeepCopyInto(out *RequestQueryParamInitParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestQueryParamInitParameters. +func (in *RequestQueryParamInitParameters) DeepCopy() *RequestQueryParamInitParameters { + if in == nil { + return nil + } + out := new(RequestQueryParamInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestQueryParamObservation) DeepCopyInto(out *RequestQueryParamObservation) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestQueryParamObservation. +func (in *RequestQueryParamObservation) DeepCopy() *RequestQueryParamObservation { + if in == nil { + return nil + } + out := new(RequestQueryParamObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestQueryParamParameters) DeepCopyInto(out *RequestQueryParamParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestQueryParamParameters. +func (in *RequestQueryParamParameters) DeepCopy() *RequestQueryParamParameters { + if in == nil { + return nil + } + out := new(RequestQueryParamParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestURIInitParameters) DeepCopyInto(out *RequestURIInitParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestURIInitParameters. +func (in *RequestURIInitParameters) DeepCopy() *RequestURIInitParameters { + if in == nil { + return nil + } + out := new(RequestURIInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestURIObservation) DeepCopyInto(out *RequestURIObservation) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestURIObservation. +func (in *RequestURIObservation) DeepCopy() *RequestURIObservation { + if in == nil { + return nil + } + out := new(RequestURIObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestURIParameters) DeepCopyInto(out *RequestURIParameters) { + *out = *in + if in.Operator != nil { + in, out := &in.Operator, &out.Operator + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestURIParameters. +func (in *RequestURIParameters) DeepCopy() *RequestURIParameters { + if in == nil { + return nil + } + out := new(RequestURIParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Reservation) DeepCopyInto(out *Reservation) { *out = *in @@ -49927,6 +51865,17 @@ func (in *RouterNATInitParameters) DeepCopyInto(out *RouterNATInitParameters) { *out = new(float64) **out = **in } + if in.InitialNATIps != nil { + in, out := &in.InitialNATIps, &out.InitialNATIps + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.LogConfig != nil { in, out := &in.LogConfig, &out.LogConfig *out = new(RouterNATLogConfigInitParameters) @@ -50183,6 +52132,17 @@ func (in *RouterNATObservation) DeepCopyInto(out *RouterNATObservation) { *out = new(float64) **out = **in } + if in.InitialNATIps != nil { + in, out := &in.InitialNATIps, &out.InitialNATIps + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.LogConfig != nil { in, out := &in.LogConfig, &out.LogConfig *out = new(RouterNATLogConfigObservation) @@ -50325,6 +52285,17 @@ func (in *RouterNATParameters) DeepCopyInto(out *RouterNATParameters) { *out = new(float64) **out = **in } + if in.InitialNATIps != nil { + in, out := &in.InitialNATIps, &out.InitialNATIps + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.LogConfig != nil { in, out := &in.LogConfig, &out.LogConfig *out = new(RouterNATLogConfigParameters) @@ -51402,6 +53373,11 @@ func (in *RuleInitParameters) DeepCopyInto(out *RuleInitParameters) { *out = new(RuleMatchInitParameters) (*in).DeepCopyInto(*out) } + if in.PreconfiguredWafConfig != nil { + in, out := &in.PreconfiguredWafConfig, &out.PreconfiguredWafConfig + *out = new(PreconfiguredWafConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.Preview != nil { in, out := &in.Preview, &out.Preview *out = new(bool) @@ -51562,6 +53538,11 @@ func (in *RuleObservation) DeepCopyInto(out *RuleObservation) { *out = new(RuleMatchObservation) (*in).DeepCopyInto(*out) } + if in.PreconfiguredWafConfig != nil { + in, out := &in.PreconfiguredWafConfig, &out.PreconfiguredWafConfig + *out = new(PreconfiguredWafConfigObservation) + (*in).DeepCopyInto(*out) + } if in.Preview != nil { in, out := &in.Preview, &out.Preview *out = new(bool) @@ -51617,6 +53598,11 @@ func (in *RuleParameters) DeepCopyInto(out *RuleParameters) { *out = new(RuleMatchParameters) (*in).DeepCopyInto(*out) } + if in.PreconfiguredWafConfig != nil { + in, out := &in.PreconfiguredWafConfig, &out.PreconfiguredWafConfig + *out = new(PreconfiguredWafConfigParameters) + (*in).DeepCopyInto(*out) + } if in.Preview != nil { in, out := &in.Preview, &out.Preview *out = new(bool) @@ -52287,6 +54273,11 @@ func (in *SchedulingInitParameters) DeepCopyInto(out *SchedulingInitParameters) *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -52612,6 +54603,11 @@ func (in *SchedulingObservation) DeepCopyInto(out *SchedulingObservation) { *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -52739,6 +54735,11 @@ func (in *SchedulingParameters) DeepCopyInto(out *SchedulingParameters) { *out = new(bool) **out = **in } + if in.AvailabilityDomain != nil { + in, out := &in.AvailabilityDomain, &out.AvailabilityDomain + *out = new(float64) + **out = **in + } if in.InstanceTerminationAction != nil { in, out := &in.InstanceTerminationAction, &out.InstanceTerminationAction *out = new(string) @@ -52901,6 +54902,11 @@ func (in *SecondaryIPRangeInitParameters) DeepCopyInto(out *SecondaryIPRangeInit *out = new(string) **out = **in } + if in.ReservedInternalRange != nil { + in, out := &in.ReservedInternalRange, &out.ReservedInternalRange + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryIPRangeInitParameters. @@ -52926,6 +54932,11 @@ func (in *SecondaryIPRangeObservation) DeepCopyInto(out *SecondaryIPRangeObserva *out = new(string) **out = **in } + if in.ReservedInternalRange != nil { + in, out := &in.ReservedInternalRange, &out.ReservedInternalRange + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryIPRangeObservation. @@ -52951,6 +54962,11 @@ func (in *SecondaryIPRangeParameters) DeepCopyInto(out *SecondaryIPRangeParamete *out = new(string) **out = **in } + if in.ReservedInternalRange != nil { + in, out := &in.ReservedInternalRange, &out.ReservedInternalRange + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryIPRangeParameters. @@ -55256,6 +57272,81 @@ func (in *SpecificReservationParameters) DeepCopy() *SpecificReservationParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StandbyPolicyInitParameters) DeepCopyInto(out *StandbyPolicyInitParameters) { + *out = *in + if in.InitialDelaySec != nil { + in, out := &in.InitialDelaySec, &out.InitialDelaySec + *out = new(float64) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StandbyPolicyInitParameters. +func (in *StandbyPolicyInitParameters) DeepCopy() *StandbyPolicyInitParameters { + if in == nil { + return nil + } + out := new(StandbyPolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StandbyPolicyObservation) DeepCopyInto(out *StandbyPolicyObservation) { + *out = *in + if in.InitialDelaySec != nil { + in, out := &in.InitialDelaySec, &out.InitialDelaySec + *out = new(float64) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StandbyPolicyObservation. +func (in *StandbyPolicyObservation) DeepCopy() *StandbyPolicyObservation { + if in == nil { + return nil + } + out := new(StandbyPolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StandbyPolicyParameters) DeepCopyInto(out *StandbyPolicyParameters) { + *out = *in + if in.InitialDelaySec != nil { + in, out := &in.InitialDelaySec, &out.InitialDelaySec + *out = new(float64) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StandbyPolicyParameters. +func (in *StandbyPolicyParameters) DeepCopy() *StandbyPolicyParameters { + if in == nil { + return nil + } + out := new(StandbyPolicyParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StatefulDiskInitParameters) DeepCopyInto(out *StatefulDiskInitParameters) { *out = *in @@ -55821,6 +57912,171 @@ func (in *StatusVersionTargetParameters) DeepCopy() *StatusVersionTargetParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StrongSessionAffinityCookieInitParameters) DeepCopyInto(out *StrongSessionAffinityCookieInitParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.TTL != nil { + in, out := &in.TTL, &out.TTL + *out = new(StrongSessionAffinityCookieTTLInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrongSessionAffinityCookieInitParameters. +func (in *StrongSessionAffinityCookieInitParameters) DeepCopy() *StrongSessionAffinityCookieInitParameters { + if in == nil { + return nil + } + out := new(StrongSessionAffinityCookieInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StrongSessionAffinityCookieObservation) DeepCopyInto(out *StrongSessionAffinityCookieObservation) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.TTL != nil { + in, out := &in.TTL, &out.TTL + *out = new(StrongSessionAffinityCookieTTLObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrongSessionAffinityCookieObservation. +func (in *StrongSessionAffinityCookieObservation) DeepCopy() *StrongSessionAffinityCookieObservation { + if in == nil { + return nil + } + out := new(StrongSessionAffinityCookieObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StrongSessionAffinityCookieParameters) DeepCopyInto(out *StrongSessionAffinityCookieParameters) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } + if in.TTL != nil { + in, out := &in.TTL, &out.TTL + *out = new(StrongSessionAffinityCookieTTLParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrongSessionAffinityCookieParameters. +func (in *StrongSessionAffinityCookieParameters) DeepCopy() *StrongSessionAffinityCookieParameters { + if in == nil { + return nil + } + out := new(StrongSessionAffinityCookieParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StrongSessionAffinityCookieTTLInitParameters) DeepCopyInto(out *StrongSessionAffinityCookieTTLInitParameters) { + *out = *in + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrongSessionAffinityCookieTTLInitParameters. +func (in *StrongSessionAffinityCookieTTLInitParameters) DeepCopy() *StrongSessionAffinityCookieTTLInitParameters { + if in == nil { + return nil + } + out := new(StrongSessionAffinityCookieTTLInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StrongSessionAffinityCookieTTLObservation) DeepCopyInto(out *StrongSessionAffinityCookieTTLObservation) { + *out = *in + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrongSessionAffinityCookieTTLObservation. +func (in *StrongSessionAffinityCookieTTLObservation) DeepCopy() *StrongSessionAffinityCookieTTLObservation { + if in == nil { + return nil + } + out := new(StrongSessionAffinityCookieTTLObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StrongSessionAffinityCookieTTLParameters) DeepCopyInto(out *StrongSessionAffinityCookieTTLParameters) { + *out = *in + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrongSessionAffinityCookieTTLParameters. +func (in *StrongSessionAffinityCookieTTLParameters) DeepCopy() *StrongSessionAffinityCookieTTLParameters { + if in == nil { + return nil + } + out := new(StrongSessionAffinityCookieTTLParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Subnetwork) DeepCopyInto(out *Subnetwork) { *out = *in @@ -56312,6 +58568,11 @@ func (in *SubnetworkInitParameters_2) DeepCopyInto(out *SubnetworkInitParameters *out = new(string) **out = **in } + if in.ReservedInternalRange != nil { + in, out := &in.ReservedInternalRange, &out.ReservedInternalRange + *out = new(string) + **out = **in + } if in.Role != nil { in, out := &in.Role, &out.Role *out = new(string) @@ -56646,6 +58907,11 @@ func (in *SubnetworkObservation_2) DeepCopyInto(out *SubnetworkObservation_2) { *out = new(string) **out = **in } + if in.ReservedInternalRange != nil { + in, out := &in.ReservedInternalRange, &out.ReservedInternalRange + *out = new(string) + **out = **in + } if in.Role != nil { in, out := &in.Role, &out.Role *out = new(string) @@ -56673,6 +58939,11 @@ func (in *SubnetworkObservation_2) DeepCopyInto(out *SubnetworkObservation_2) { *out = new(string) **out = **in } + if in.SubnetworkID != nil { + in, out := &in.SubnetworkID, &out.SubnetworkID + *out = new(float64) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetworkObservation_2. @@ -56805,6 +59076,11 @@ func (in *SubnetworkParameters_2) DeepCopyInto(out *SubnetworkParameters_2) { *out = new(string) **out = **in } + if in.ReservedInternalRange != nil { + in, out := &in.ReservedInternalRange, &out.ReservedInternalRange + *out = new(string) + **out = **in + } if in.Role != nil { in, out := &in.Role, &out.Role *out = new(string) @@ -57344,6 +59620,192 @@ func (in *TestParameters) DeepCopy() *TestParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ThresholdConfigsInitParameters) DeepCopyInto(out *ThresholdConfigsInitParameters) { + *out = *in + if in.AutoDeployConfidenceThreshold != nil { + in, out := &in.AutoDeployConfidenceThreshold, &out.AutoDeployConfidenceThreshold + *out = new(float64) + **out = **in + } + if in.AutoDeployExpirationSec != nil { + in, out := &in.AutoDeployExpirationSec, &out.AutoDeployExpirationSec + *out = new(float64) + **out = **in + } + if in.AutoDeployImpactedBaselineThreshold != nil { + in, out := &in.AutoDeployImpactedBaselineThreshold, &out.AutoDeployImpactedBaselineThreshold + *out = new(float64) + **out = **in + } + if in.AutoDeployLoadThreshold != nil { + in, out := &in.AutoDeployLoadThreshold, &out.AutoDeployLoadThreshold + *out = new(float64) + **out = **in + } + if in.DetectionAbsoluteQPS != nil { + in, out := &in.DetectionAbsoluteQPS, &out.DetectionAbsoluteQPS + *out = new(float64) + **out = **in + } + if in.DetectionLoadThreshold != nil { + in, out := &in.DetectionLoadThreshold, &out.DetectionLoadThreshold + *out = new(float64) + **out = **in + } + if in.DetectionRelativeToBaselineQPS != nil { + in, out := &in.DetectionRelativeToBaselineQPS, &out.DetectionRelativeToBaselineQPS + *out = new(float64) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.TrafficGranularityConfigs != nil { + in, out := &in.TrafficGranularityConfigs, &out.TrafficGranularityConfigs + *out = make([]TrafficGranularityConfigsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThresholdConfigsInitParameters. +func (in *ThresholdConfigsInitParameters) DeepCopy() *ThresholdConfigsInitParameters { + if in == nil { + return nil + } + out := new(ThresholdConfigsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ThresholdConfigsObservation) DeepCopyInto(out *ThresholdConfigsObservation) { + *out = *in + if in.AutoDeployConfidenceThreshold != nil { + in, out := &in.AutoDeployConfidenceThreshold, &out.AutoDeployConfidenceThreshold + *out = new(float64) + **out = **in + } + if in.AutoDeployExpirationSec != nil { + in, out := &in.AutoDeployExpirationSec, &out.AutoDeployExpirationSec + *out = new(float64) + **out = **in + } + if in.AutoDeployImpactedBaselineThreshold != nil { + in, out := &in.AutoDeployImpactedBaselineThreshold, &out.AutoDeployImpactedBaselineThreshold + *out = new(float64) + **out = **in + } + if in.AutoDeployLoadThreshold != nil { + in, out := &in.AutoDeployLoadThreshold, &out.AutoDeployLoadThreshold + *out = new(float64) + **out = **in + } + if in.DetectionAbsoluteQPS != nil { + in, out := &in.DetectionAbsoluteQPS, &out.DetectionAbsoluteQPS + *out = new(float64) + **out = **in + } + if in.DetectionLoadThreshold != nil { + in, out := &in.DetectionLoadThreshold, &out.DetectionLoadThreshold + *out = new(float64) + **out = **in + } + if in.DetectionRelativeToBaselineQPS != nil { + in, out := &in.DetectionRelativeToBaselineQPS, &out.DetectionRelativeToBaselineQPS + *out = new(float64) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.TrafficGranularityConfigs != nil { + in, out := &in.TrafficGranularityConfigs, &out.TrafficGranularityConfigs + *out = make([]TrafficGranularityConfigsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThresholdConfigsObservation. +func (in *ThresholdConfigsObservation) DeepCopy() *ThresholdConfigsObservation { + if in == nil { + return nil + } + out := new(ThresholdConfigsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ThresholdConfigsParameters) DeepCopyInto(out *ThresholdConfigsParameters) { + *out = *in + if in.AutoDeployConfidenceThreshold != nil { + in, out := &in.AutoDeployConfidenceThreshold, &out.AutoDeployConfidenceThreshold + *out = new(float64) + **out = **in + } + if in.AutoDeployExpirationSec != nil { + in, out := &in.AutoDeployExpirationSec, &out.AutoDeployExpirationSec + *out = new(float64) + **out = **in + } + if in.AutoDeployImpactedBaselineThreshold != nil { + in, out := &in.AutoDeployImpactedBaselineThreshold, &out.AutoDeployImpactedBaselineThreshold + *out = new(float64) + **out = **in + } + if in.AutoDeployLoadThreshold != nil { + in, out := &in.AutoDeployLoadThreshold, &out.AutoDeployLoadThreshold + *out = new(float64) + **out = **in + } + if in.DetectionAbsoluteQPS != nil { + in, out := &in.DetectionAbsoluteQPS, &out.DetectionAbsoluteQPS + *out = new(float64) + **out = **in + } + if in.DetectionLoadThreshold != nil { + in, out := &in.DetectionLoadThreshold, &out.DetectionLoadThreshold + *out = new(float64) + **out = **in + } + if in.DetectionRelativeToBaselineQPS != nil { + in, out := &in.DetectionRelativeToBaselineQPS, &out.DetectionRelativeToBaselineQPS + *out = new(float64) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.TrafficGranularityConfigs != nil { + in, out := &in.TrafficGranularityConfigs, &out.TrafficGranularityConfigs + *out = make([]TrafficGranularityConfigsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThresholdConfigsParameters. +func (in *ThresholdConfigsParameters) DeepCopy() *ThresholdConfigsParameters { + if in == nil { + return nil + } + out := new(ThresholdConfigsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TimeoutInitParameters) DeepCopyInto(out *TimeoutInitParameters) { *out = *in @@ -57419,6 +59881,96 @@ func (in *TimeoutParameters) DeepCopy() *TimeoutParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficGranularityConfigsInitParameters) DeepCopyInto(out *TrafficGranularityConfigsInitParameters) { + *out = *in + if in.EnableEachUniqueValue != nil { + in, out := &in.EnableEachUniqueValue, &out.EnableEachUniqueValue + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficGranularityConfigsInitParameters. +func (in *TrafficGranularityConfigsInitParameters) DeepCopy() *TrafficGranularityConfigsInitParameters { + if in == nil { + return nil + } + out := new(TrafficGranularityConfigsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficGranularityConfigsObservation) DeepCopyInto(out *TrafficGranularityConfigsObservation) { + *out = *in + if in.EnableEachUniqueValue != nil { + in, out := &in.EnableEachUniqueValue, &out.EnableEachUniqueValue + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficGranularityConfigsObservation. +func (in *TrafficGranularityConfigsObservation) DeepCopy() *TrafficGranularityConfigsObservation { + if in == nil { + return nil + } + out := new(TrafficGranularityConfigsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficGranularityConfigsParameters) DeepCopyInto(out *TrafficGranularityConfigsParameters) { + *out = *in + if in.EnableEachUniqueValue != nil { + in, out := &in.EnableEachUniqueValue, &out.EnableEachUniqueValue + *out = new(bool) + **out = **in + } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficGranularityConfigsParameters. +func (in *TrafficGranularityConfigsParameters) DeepCopy() *TrafficGranularityConfigsParameters { + if in == nil { + return nil + } + out := new(TrafficGranularityConfigsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *URLMap) DeepCopyInto(out *URLMap) { *out = *in diff --git a/apis/compute/v1beta2/zz_generated.resolvers.go b/apis/compute/v1beta2/zz_generated.resolvers.go index 5c181eabd..1df64b0b8 100644 --- a/apis/compute/v1beta2/zz_generated.resolvers.go +++ b/apis/compute/v1beta2/zz_generated.resolvers.go @@ -859,6 +859,56 @@ func (mg *GlobalForwardingRule) ResolveReferences(ctx context.Context, c client. return nil } +// ResolveReferences of this Image. +func (mg *Image) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Disk", "DiskList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SourceDisk), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.SourceDiskRef, + Selector: mg.Spec.ForProvider.SourceDiskSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SourceDisk") + } + mg.Spec.ForProvider.SourceDisk = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SourceDiskRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Disk", "DiskList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SourceDisk), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.SourceDiskRef, + Selector: mg.Spec.InitProvider.SourceDiskSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SourceDisk") + } + mg.Spec.InitProvider.SourceDisk = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SourceDiskRef = rsp.ResolvedReference + + return nil +} + // ResolveReferences of this ImageIAMMember. func (mg *ImageIAMMember) ResolveReferences(ctx context.Context, c client.Reader) error { var m xpresource.Managed diff --git a/apis/compute/v1beta2/zz_globalforwardingrule_types.go b/apis/compute/v1beta2/zz_globalforwardingrule_types.go index 397184552..faabc4875 100755 --- a/apis/compute/v1beta2/zz_globalforwardingrule_types.go +++ b/apis/compute/v1beta2/zz_globalforwardingrule_types.go @@ -161,6 +161,18 @@ type GlobalForwardingRuleInitParameters struct { // +kubebuilder:validation:Optional NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // PREMIUM, STANDARD. + // For regional ForwardingRule, the valid values are PREMIUM and + // STANDARD. For GlobalForwardingRule, the valid value is + // PREMIUM. + // If this field is not specified, it is assumed to be PREMIUM. + // If IPAddress is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: PREMIUM, STANDARD. + NetworkTier *string `json:"networkTier,omitempty" tf:"network_tier,omitempty"` + // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` @@ -238,6 +250,9 @@ type GlobalForwardingRuleObservation struct { // +mapType=granular EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The unique identifier number for the resource. This identifier is defined by the server. + ForwardingRuleID *float64 `json:"forwardingRuleId,omitempty" tf:"forwarding_rule_id,omitempty"` + // an identifier for the resource with format projects/{{project}}/global/forwardingRules/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -305,6 +320,18 @@ type GlobalForwardingRuleObservation struct { // APIs, a network must be provided. Network *string `json:"network,omitempty" tf:"network,omitempty"` + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // PREMIUM, STANDARD. + // For regional ForwardingRule, the valid values are PREMIUM and + // STANDARD. For GlobalForwardingRule, the valid value is + // PREMIUM. + // If this field is not specified, it is assumed to be PREMIUM. + // If IPAddress is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: PREMIUM, STANDARD. + NetworkTier *string `json:"networkTier,omitempty" tf:"network_tier,omitempty"` + // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` @@ -447,6 +474,19 @@ type GlobalForwardingRuleParameters struct { // +kubebuilder:validation:Optional NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // PREMIUM, STANDARD. + // For regional ForwardingRule, the valid values are PREMIUM and + // STANDARD. For GlobalForwardingRule, the valid value is + // PREMIUM. + // If this field is not specified, it is assumed to be PREMIUM. + // If IPAddress is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: PREMIUM, STANDARD. + // +kubebuilder:validation:Optional + NetworkTier *string `json:"networkTier,omitempty" tf:"network_tier,omitempty"` + // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. // +kubebuilder:validation:Optional NoAutomateDNSZone *bool `json:"noAutomateDnsZone,omitempty" tf:"no_automate_dns_zone,omitempty"` diff --git a/apis/compute/v1beta2/zz_healthcheck_types.go b/apis/compute/v1beta2/zz_healthcheck_types.go index 699765611..9164ce0f8 100755 --- a/apis/compute/v1beta2/zz_healthcheck_types.go +++ b/apis/compute/v1beta2/zz_healthcheck_types.go @@ -311,15 +311,15 @@ type HealthCheckInitParameters struct { // you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. GRPCHealthCheck *GRPCHealthCheckInitParameters `json:"grpcHealthCheck,omitempty" tf:"grpc_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPHealthCheck *HTTPHealthCheckInitParameters `json:"httpHealthCheck,omitempty" tf:"http_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPSHealthCheck *HTTPSHealthCheckInitParameters `json:"httpsHealthCheck,omitempty" tf:"https_health_check,omitempty"` @@ -327,7 +327,7 @@ type HealthCheckInitParameters struct { // consecutive successes. The default value is 2. HealthyThreshold *float64 `json:"healthyThreshold,omitempty" tf:"healthy_threshold,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. Http2HealthCheck *Http2HealthCheckInitParameters `json:"http2HealthCheck,omitempty" tf:"http2_health_check,omitempty"` @@ -339,7 +339,7 @@ type HealthCheckInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. SSLHealthCheck *SSLHealthCheckInitParameters `json:"sslHealthCheck,omitempty" tf:"ssl_health_check,omitempty"` @@ -351,7 +351,7 @@ type HealthCheckInitParameters struct { // and what other resources can use this health check: SourceRegions []*string `json:"sourceRegions,omitempty" tf:"source_regions,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. TCPHealthCheck *TCPHealthCheckInitParameters `json:"tcpHealthCheck,omitempty" tf:"tcp_health_check,omitempty"` @@ -400,15 +400,15 @@ type HealthCheckObservation struct { // you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. GRPCHealthCheck *GRPCHealthCheckObservation `json:"grpcHealthCheck,omitempty" tf:"grpc_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPHealthCheck *HTTPHealthCheckObservation `json:"httpHealthCheck,omitempty" tf:"http_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPSHealthCheck *HTTPSHealthCheckObservation `json:"httpsHealthCheck,omitempty" tf:"https_health_check,omitempty"` @@ -416,7 +416,7 @@ type HealthCheckObservation struct { // consecutive successes. The default value is 2. HealthyThreshold *float64 `json:"healthyThreshold,omitempty" tf:"healthy_threshold,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. Http2HealthCheck *Http2HealthCheckObservation `json:"http2HealthCheck,omitempty" tf:"http2_health_check,omitempty"` @@ -431,7 +431,7 @@ type HealthCheckObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. SSLHealthCheck *SSLHealthCheckObservation `json:"sslHealthCheck,omitempty" tf:"ssl_health_check,omitempty"` @@ -446,7 +446,7 @@ type HealthCheckObservation struct { // and what other resources can use this health check: SourceRegions []*string `json:"sourceRegions,omitempty" tf:"source_regions,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. TCPHealthCheck *TCPHealthCheckObservation `json:"tcpHealthCheck,omitempty" tf:"tcp_health_check,omitempty"` @@ -475,17 +475,17 @@ type HealthCheckParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional GRPCHealthCheck *GRPCHealthCheckParameters `json:"grpcHealthCheck,omitempty" tf:"grpc_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional HTTPHealthCheck *HTTPHealthCheckParameters `json:"httpHealthCheck,omitempty" tf:"http_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional HTTPSHealthCheck *HTTPSHealthCheckParameters `json:"httpsHealthCheck,omitempty" tf:"https_health_check,omitempty"` @@ -495,7 +495,7 @@ type HealthCheckParameters struct { // +kubebuilder:validation:Optional HealthyThreshold *float64 `json:"healthyThreshold,omitempty" tf:"healthy_threshold,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional Http2HealthCheck *Http2HealthCheckParameters `json:"http2HealthCheck,omitempty" tf:"http2_health_check,omitempty"` @@ -510,7 +510,7 @@ type HealthCheckParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional SSLHealthCheck *SSLHealthCheckParameters `json:"sslHealthCheck,omitempty" tf:"ssl_health_check,omitempty"` @@ -524,7 +524,7 @@ type HealthCheckParameters struct { // +kubebuilder:validation:Optional SourceRegions []*string `json:"sourceRegions,omitempty" tf:"source_regions,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional TCPHealthCheck *TCPHealthCheckParameters `json:"tcpHealthCheck,omitempty" tf:"tcp_health_check,omitempty"` diff --git a/apis/compute/v1beta2/zz_image_types.go b/apis/compute/v1beta2/zz_image_types.go index 064396c0f..68ef94248 100755 --- a/apis/compute/v1beta2/zz_image_types.go +++ b/apis/compute/v1beta2/zz_image_types.go @@ -54,21 +54,21 @@ type ImageEncryptionKeyParameters struct { type ImageGuestOsFeaturesInitParameters struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, IDPF, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type ImageGuestOsFeaturesObservation struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, IDPF, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type ImageGuestOsFeaturesParameters struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, IDPF, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. // +kubebuilder:validation:Optional Type *string `json:"type" tf:"type,omitempty"` } @@ -121,8 +121,18 @@ type ImageInitParameters struct { // The source disk to create this image based on. // You must provide either this property or the // rawDisk.source property but not both to create an image. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.Disk + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() SourceDisk *string `json:"sourceDisk,omitempty" tf:"source_disk,omitempty"` + // Reference to a Disk in compute to populate sourceDisk. + // +kubebuilder:validation:Optional + SourceDiskRef *v1.Reference `json:"sourceDiskRef,omitempty" tf:"-"` + + // Selector for a Disk in compute to populate sourceDisk. + // +kubebuilder:validation:Optional + SourceDiskSelector *v1.Selector `json:"sourceDiskSelector,omitempty" tf:"-"` + // URL of the source image used to create this image. In order to create an image, you must provide the full or partial // URL of one of the following: SourceImage *string `json:"sourceImage,omitempty" tf:"source_image,omitempty"` @@ -283,9 +293,19 @@ type ImageParameters struct { // The source disk to create this image based on. // You must provide either this property or the // rawDisk.source property but not both to create an image. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.Disk + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional SourceDisk *string `json:"sourceDisk,omitempty" tf:"source_disk,omitempty"` + // Reference to a Disk in compute to populate sourceDisk. + // +kubebuilder:validation:Optional + SourceDiskRef *v1.Reference `json:"sourceDiskRef,omitempty" tf:"-"` + + // Selector for a Disk in compute to populate sourceDisk. + // +kubebuilder:validation:Optional + SourceDiskSelector *v1.Selector `json:"sourceDiskSelector,omitempty" tf:"-"` + // URL of the source image used to create this image. In order to create an image, you must provide the full or partial // URL of one of the following: // +kubebuilder:validation:Optional diff --git a/apis/compute/v1beta2/zz_instance_types.go b/apis/compute/v1beta2/zz_instance_types.go index 7109cf40f..37d15b86a 100755 --- a/apis/compute/v1beta2/zz_instance_types.go +++ b/apis/compute/v1beta2/zz_instance_types.go @@ -63,9 +63,18 @@ type AdvancedMachineFeaturesInitParameters struct { // Defines whether the instance should have nested virtualization enabled. Defaults to false. EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` - // he number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. + // Whether to enable UEFI networking for instance creation. + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + // The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + + // The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + // Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default). + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + // The number of physical cores to expose to an instance. visible cores info (VC). VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` } @@ -75,9 +84,18 @@ type AdvancedMachineFeaturesObservation struct { // Defines whether the instance should have nested virtualization enabled. Defaults to false. EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` - // he number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. + // Whether to enable UEFI networking for instance creation. + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + // The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + + // The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + // Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default). + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + // The number of physical cores to expose to an instance. visible cores info (VC). VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` } @@ -88,10 +106,22 @@ type AdvancedMachineFeaturesParameters struct { // +kubebuilder:validation:Optional EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` - // he number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. + // Whether to enable UEFI networking for instance creation. + // +kubebuilder:validation:Optional + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + // The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + // +kubebuilder:validation:Optional + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + + // The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. // +kubebuilder:validation:Optional ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + // Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default). + // +kubebuilder:validation:Optional + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + // The number of physical cores to expose to an instance. visible cores info (VC). // +kubebuilder:validation:Optional VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` @@ -248,6 +278,9 @@ type BootDiskInitParameters struct { // Structure is documented below. InitializeParams *InitializeParamsInitParameters `json:"initializeParams,omitempty" tf:"initialize_params,omitempty"` + // The disk interface to use for attaching this disk; either SCSI or NVME. + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + // The self_link of the encryption key that is // stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link // and disk_encryption_key_raw may be set. @@ -283,6 +316,9 @@ type BootDiskObservation struct { // Structure is documented below. InitializeParams *InitializeParamsObservation `json:"initializeParams,omitempty" tf:"initialize_params,omitempty"` + // The disk interface to use for attaching this disk; either SCSI or NVME. + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + // The self_link of the encryption key that is // stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link // and disk_encryption_key_raw may be set. @@ -324,6 +360,10 @@ type BootDiskParameters struct { // +kubebuilder:validation:Optional InitializeParams *InitializeParamsParameters `json:"initializeParams,omitempty" tf:"initialize_params,omitempty"` + // The disk interface to use for attaching this disk; either SCSI or NVME. + // +kubebuilder:validation:Optional + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + // The self_link of the encryption key that is // stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link // and disk_encryption_key_raw may be set. @@ -344,7 +384,7 @@ type BootDiskParameters struct { type ConfidentialInstanceConfigInitParameters struct { - // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta. + // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. ConfidentialInstanceType *string `json:"confidentialInstanceType,omitempty" tf:"confidential_instance_type,omitempty"` // Defines whether the instance should have confidential compute enabled with AMD SEV. If enabled, on_host_maintenance can be set to MIGRATE if min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. @@ -353,7 +393,7 @@ type ConfidentialInstanceConfigInitParameters struct { type ConfidentialInstanceConfigObservation struct { - // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta. + // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. ConfidentialInstanceType *string `json:"confidentialInstanceType,omitempty" tf:"confidential_instance_type,omitempty"` // Defines whether the instance should have confidential compute enabled with AMD SEV. If enabled, on_host_maintenance can be set to MIGRATE if min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. @@ -362,7 +402,7 @@ type ConfidentialInstanceConfigObservation struct { type ConfidentialInstanceConfigParameters struct { - // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta. + // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. // +kubebuilder:validation:Optional ConfidentialInstanceType *string `json:"confidentialInstanceType,omitempty" tf:"confidential_instance_type,omitempty"` @@ -374,10 +414,10 @@ type ConfidentialInstanceConfigParameters struct { type GuestAcceleratorInitParameters struct { // The number of the guest accelerator cards exposed to this instance. - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type GuestAcceleratorObservation struct { @@ -393,11 +433,11 @@ type GuestAcceleratorParameters struct { // The number of the guest accelerator cards exposed to this instance. // +kubebuilder:validation:Optional - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count" tf:"count,omitempty"` // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. // +kubebuilder:validation:Optional - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type" tf:"type,omitempty"` } type IPv6AccessConfigInitParameters struct { @@ -530,11 +570,14 @@ type InitializeParamsInitParameters struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. + ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` + // The size of the image in gigabytes. If not specified, it // will inherit the size of its base image. Size *float64 `json:"size,omitempty" tf:"size,omitempty"` - // The URL of the storage pool in which the new disk is created. + // The URL or the name of the storage pool in which the new disk is created. // For example: StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` @@ -586,11 +629,14 @@ type InitializeParamsObservation struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. + ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` + // The size of the image in gigabytes. If not specified, it // will inherit the size of its base image. Size *float64 `json:"size,omitempty" tf:"size,omitempty"` - // The URL of the storage pool in which the new disk is created. + // The URL or the name of the storage pool in which the new disk is created. // For example: StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` @@ -657,12 +703,16 @@ type InitializeParamsParameters struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // - A list of self_links of resource policies to attach to the instance. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported. + // +kubebuilder:validation:Optional + ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` + // The size of the image in gigabytes. If not specified, it // will inherit the size of its base image. // +kubebuilder:validation:Optional Size *float64 `json:"size,omitempty" tf:"size,omitempty"` - // The URL of the storage pool in which the new disk is created. + // The URL or the name of the storage pool in which the new disk is created. // For example: // +kubebuilder:validation:Optional StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` @@ -703,7 +753,7 @@ type InstanceInitParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Desired status of the instance. Either - // "RUNNING" or "TERMINATED". + // "RUNNING", "SUSPENDED" or "TERMINATED". DesiredStatus *string `json:"desiredStatus,omitempty" tf:"desired_status,omitempty"` // Enable Virtual Displays on this instance. @@ -712,11 +762,10 @@ type InstanceInitParameters struct { // List of the type and count of accelerator cards attached to the instance. Structure documented below. // Note: GPU accelerators can only be used with on_host_maintenance option set to TERMINATE. - // Note: This field uses attr-as-block mode to avoid - // breaking users during the 0.12 upgrade. To explicitly send a list - // of zero objects you must use the following syntax: - // example=[] - // For more details about this behavior, see this section. + // Note: As of 6.0.0, argument syntax + // is no longer supported for this field in favor of block syntax. + // To dynamically set a list of guest accelerators, use dynamic blocks. + // To set an empty list, use a single guest_accelerator block with count = 0. GuestAccelerator []GuestAcceleratorInitParameters `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` // A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. @@ -724,6 +773,9 @@ type InstanceInitParameters struct { // The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created. Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` + // Action to be taken when a customer's encryption key is revoked. Supports STOP and NONE, with NONE being the default. + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // A map of key/value label pairs to assign to the instance. // Note: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field 'effective_labels' for all of the labels present on the resource. @@ -828,7 +880,10 @@ type InstanceObservation struct { // Enable Confidential Mode on this VM. Structure is documented below ConfidentialInstanceConfig *ConfidentialInstanceConfigObservation `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` - // The current status of the instance. This could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance life cycle.`, + // Creation timestamp in RFC3339 text format. + CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` + + // The current status of the instance. This could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance life cycle. CurrentStatus *string `json:"currentStatus,omitempty" tf:"current_status,omitempty"` // Enable deletion protection on this instance. Defaults to false. @@ -839,7 +894,7 @@ type InstanceObservation struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Desired status of the instance. Either - // "RUNNING" or "TERMINATED". + // "RUNNING", "SUSPENDED" or "TERMINATED". DesiredStatus *string `json:"desiredStatus,omitempty" tf:"desired_status,omitempty"` // +mapType=granular @@ -851,11 +906,10 @@ type InstanceObservation struct { // List of the type and count of accelerator cards attached to the instance. Structure documented below. // Note: GPU accelerators can only be used with on_host_maintenance option set to TERMINATE. - // Note: This field uses attr-as-block mode to avoid - // breaking users during the 0.12 upgrade. To explicitly send a list - // of zero objects you must use the following syntax: - // example=[] - // For more details about this behavior, see this section. + // Note: As of 6.0.0, argument syntax + // is no longer supported for this field in favor of block syntax. + // To dynamically set a list of guest accelerators, use dynamic blocks. + // To set an empty list, use a single guest_accelerator block with count = 0. GuestAccelerator []GuestAcceleratorObservation `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` // A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. @@ -869,6 +923,9 @@ type InstanceObservation struct { // The server-assigned unique identifier of this instance. InstanceID *string `json:"instanceId,omitempty" tf:"instance_id,omitempty"` + // Action to be taken when a customer's encryption key is revoked. Supports STOP and NONE, with NONE being the default. + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // The unique fingerprint of the labels. LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` @@ -1005,7 +1062,7 @@ type InstanceParameters struct { Description *string `json:"description,omitempty" tf:"description,omitempty"` // Desired status of the instance. Either - // "RUNNING" or "TERMINATED". + // "RUNNING", "SUSPENDED" or "TERMINATED". // +kubebuilder:validation:Optional DesiredStatus *string `json:"desiredStatus,omitempty" tf:"desired_status,omitempty"` @@ -1016,11 +1073,10 @@ type InstanceParameters struct { // List of the type and count of accelerator cards attached to the instance. Structure documented below. // Note: GPU accelerators can only be used with on_host_maintenance option set to TERMINATE. - // Note: This field uses attr-as-block mode to avoid - // breaking users during the 0.12 upgrade. To explicitly send a list - // of zero objects you must use the following syntax: - // example=[] - // For more details about this behavior, see this section. + // Note: As of 6.0.0, argument syntax + // is no longer supported for this field in favor of block syntax. + // To dynamically set a list of guest accelerators, use dynamic blocks. + // To set an empty list, use a single guest_accelerator block with count = 0. // +kubebuilder:validation:Optional GuestAccelerator []GuestAcceleratorParameters `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` @@ -1030,6 +1086,10 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` + // Action to be taken when a customer's encryption key is revoked. Supports STOP and NONE, with NONE being the default. + // +kubebuilder:validation:Optional + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // A map of key/value label pairs to assign to the instance. // Note: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field 'effective_labels' for all of the labels present on the resource. @@ -1222,7 +1282,7 @@ type NetworkInterfaceInitParameters struct { // instance can be accessed via the Internet. Omit to ensure that the instance // is not accessible from the Internet.g. via // tunnel or because it is running on another cloud instance on that network). - // This block can be repeated multiple times. Structure documented below. + // This block can be specified once per network_interface. Structure documented below. AccessConfig []AccessConfigInitParameters `json:"accessConfig,omitempty" tf:"access_config,omitempty"` // An @@ -1258,7 +1318,7 @@ type NetworkInterfaceInitParameters struct { // +kubebuilder:validation:Optional NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` - // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. + // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET, IDPF. In the beta provider the additional values of MRDMA and IRDMA are supported. NicType *string `json:"nicType,omitempty" tf:"nic_type,omitempty"` // The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified. @@ -1279,7 +1339,7 @@ type NetworkInterfaceInitParameters struct { Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` // The project in which the subnetwork belongs. - // If the subnetwork is a self_link, this field is ignored in favor of the project + // If the subnetwork is a self_link, this field is set to the project // defined in the subnetwork self_link. If the subnetwork is a name and this // field is not provided, the provider project is used. SubnetworkProject *string `json:"subnetworkProject,omitempty" tf:"subnetwork_project,omitempty"` @@ -1299,7 +1359,7 @@ type NetworkInterfaceObservation struct { // instance can be accessed via the Internet. Omit to ensure that the instance // is not accessible from the Internet.g. via // tunnel or because it is running on another cloud instance on that network). - // This block can be repeated multiple times. Structure documented below. + // This block can be specified once per network_interface. Structure documented below. AccessConfig []AccessConfigObservation `json:"accessConfig,omitempty" tf:"access_config,omitempty"` // An @@ -1333,7 +1393,7 @@ type NetworkInterfaceObservation struct { // empty, the address will be automatically assigned. NetworkIP *string `json:"networkIp,omitempty" tf:"network_ip,omitempty"` - // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. + // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET, IDPF. In the beta provider the additional values of MRDMA and IRDMA are supported. NicType *string `json:"nicType,omitempty" tf:"nic_type,omitempty"` // The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified. @@ -1352,7 +1412,7 @@ type NetworkInterfaceObservation struct { Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` // The project in which the subnetwork belongs. - // If the subnetwork is a self_link, this field is ignored in favor of the project + // If the subnetwork is a self_link, this field is set to the project // defined in the subnetwork self_link. If the subnetwork is a name and this // field is not provided, the provider project is used. SubnetworkProject *string `json:"subnetworkProject,omitempty" tf:"subnetwork_project,omitempty"` @@ -1364,7 +1424,7 @@ type NetworkInterfaceParameters struct { // instance can be accessed via the Internet. Omit to ensure that the instance // is not accessible from the Internet.g. via // tunnel or because it is running on another cloud instance on that network). - // This block can be repeated multiple times. Structure documented below. + // This block can be specified once per network_interface. Structure documented below. // +kubebuilder:validation:Optional AccessConfig []AccessConfigParameters `json:"accessConfig,omitempty" tf:"access_config,omitempty"` @@ -1407,7 +1467,7 @@ type NetworkInterfaceParameters struct { // +kubebuilder:validation:Optional NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` - // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. + // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET, IDPF. In the beta provider the additional values of MRDMA and IRDMA are supported. // +kubebuilder:validation:Optional NicType *string `json:"nicType,omitempty" tf:"nic_type,omitempty"` @@ -1432,7 +1492,7 @@ type NetworkInterfaceParameters struct { Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` // The project in which the subnetwork belongs. - // If the subnetwork is a self_link, this field is ignored in favor of the project + // If the subnetwork is a self_link, this field is set to the project // defined in the subnetwork self_link. If the subnetwork is a name and this // field is not provided, the provider project is used. // +kubebuilder:validation:Optional @@ -1594,6 +1654,9 @@ type SchedulingInitParameters struct { // Defaults to true. AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + // Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance. + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + // Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` @@ -1641,6 +1704,9 @@ type SchedulingObservation struct { // Defaults to true. AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + // Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance. + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + // Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` @@ -1689,6 +1755,10 @@ type SchedulingParameters struct { // +kubebuilder:validation:Optional AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + // Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance. + // +kubebuilder:validation:Optional + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + // Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here // +kubebuilder:validation:Optional InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` diff --git a/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go b/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go index bbe065740..11f5da524 100755 --- a/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go +++ b/apis/compute/v1beta2/zz_instancefromtemplate_terraformed.go @@ -21,7 +21,7 @@ func (mg *InstanceFromTemplate) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this InstanceFromTemplate func (tr *InstanceFromTemplate) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"boot_disk[*].disk_encryption_key_raw": "bootDisk[*].diskEncryptionKeyRawSecretRef"} + return map[string]string{"attached_disk[*].disk_encryption_key_raw": "attachedDisk[*].diskEncryptionKeyRawSecretRef", "boot_disk[*].disk_encryption_key_raw": "bootDisk[*].diskEncryptionKeyRawSecretRef"} } // GetObservation of this InstanceFromTemplate diff --git a/apis/compute/v1beta2/zz_instancefromtemplate_types.go b/apis/compute/v1beta2/zz_instancefromtemplate_types.go index 5dbbe716c..0994cf054 100755 --- a/apis/compute/v1beta2/zz_instancefromtemplate_types.go +++ b/apis/compute/v1beta2/zz_instancefromtemplate_types.go @@ -27,6 +27,8 @@ type BootDiskInitializeParamsInitParameters struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` + Size *float64 `json:"size,omitempty" tf:"size,omitempty"` StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` @@ -48,6 +50,8 @@ type BootDiskInitializeParamsObservation struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` + Size *float64 `json:"size,omitempty" tf:"size,omitempty"` StoragePool *string `json:"storagePool,omitempty" tf:"storage_pool,omitempty"` @@ -76,6 +80,9 @@ type BootDiskInitializeParamsParameters struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // +kubebuilder:validation:Optional + ResourcePolicies []*string `json:"resourcePolicies,omitempty" tf:"resource_policies,omitempty"` + // +kubebuilder:validation:Optional Size *float64 `json:"size,omitempty" tf:"size,omitempty"` @@ -89,16 +96,28 @@ type BootDiskInitializeParamsParameters struct { type InstanceFromTemplateAdvancedMachineFeaturesInitParameters struct { EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` } type InstanceFromTemplateAdvancedMachineFeaturesObservation struct { EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` } @@ -107,9 +126,18 @@ type InstanceFromTemplateAdvancedMachineFeaturesParameters struct { // +kubebuilder:validation:Optional EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` + // +kubebuilder:validation:Optional + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + // +kubebuilder:validation:Optional + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + // +kubebuilder:validation:Optional ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + // +kubebuilder:validation:Optional + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + // +kubebuilder:validation:Optional VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` } @@ -118,17 +146,15 @@ type InstanceFromTemplateAttachedDiskInitParameters struct { // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. - DeviceName *string `json:"deviceName,omitempty" tf:"device_name"` - - DiskEncryptionKeyRaw *string `json:"diskEncryptionKeyRaw,omitempty" tf:"disk_encryption_key_raw"` + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` - DiskEncryptionKeySha256 *string `json:"diskEncryptionKeySha256,omitempty" tf:"disk_encryption_key_sha256"` + DiskEncryptionKeyRawSecretRef *v1.SecretKeySelector `json:"diskEncryptionKeyRawSecretRef,omitempty" tf:"-"` - KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link"` + KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link,omitempty"` - Mode *string `json:"mode,omitempty" tf:"mode"` + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` - Source *string `json:"source,omitempty" tf:"source"` + Source *string `json:"source,omitempty" tf:"source,omitempty"` } type InstanceFromTemplateAttachedDiskObservation struct { @@ -137,8 +163,6 @@ type InstanceFromTemplateAttachedDiskObservation struct { // Changing this forces a new resource to be created. DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` - DiskEncryptionKeyRaw *string `json:"diskEncryptionKeyRaw,omitempty" tf:"disk_encryption_key_raw,omitempty"` - DiskEncryptionKeySha256 *string `json:"diskEncryptionKeySha256,omitempty" tf:"disk_encryption_key_sha256,omitempty"` KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link,omitempty"` @@ -153,22 +177,19 @@ type InstanceFromTemplateAttachedDiskParameters struct { // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. // +kubebuilder:validation:Optional - DeviceName *string `json:"deviceName,omitempty" tf:"device_name"` - - // +kubebuilder:validation:Optional - DiskEncryptionKeyRaw *string `json:"diskEncryptionKeyRaw,omitempty" tf:"disk_encryption_key_raw"` + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` // +kubebuilder:validation:Optional - DiskEncryptionKeySha256 *string `json:"diskEncryptionKeySha256,omitempty" tf:"disk_encryption_key_sha256"` + DiskEncryptionKeyRawSecretRef *v1.SecretKeySelector `json:"diskEncryptionKeyRawSecretRef,omitempty" tf:"-"` // +kubebuilder:validation:Optional - KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link"` + KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link,omitempty"` // +kubebuilder:validation:Optional - Mode *string `json:"mode,omitempty" tf:"mode"` + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` // +kubebuilder:validation:Optional - Source *string `json:"source,omitempty" tf:"source"` + Source *string `json:"source" tf:"source,omitempty"` } type InstanceFromTemplateBootDiskInitParameters struct { @@ -184,6 +205,8 @@ type InstanceFromTemplateBootDiskInitParameters struct { InitializeParams *BootDiskInitializeParamsInitParameters `json:"initializeParams,omitempty" tf:"initialize_params,omitempty"` + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link,omitempty"` Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` @@ -204,6 +227,8 @@ type InstanceFromTemplateBootDiskObservation struct { InitializeParams *BootDiskInitializeParamsObservation `json:"initializeParams,omitempty" tf:"initialize_params,omitempty"` + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link,omitempty"` Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` @@ -228,6 +253,9 @@ type InstanceFromTemplateBootDiskParameters struct { // +kubebuilder:validation:Optional InitializeParams *BootDiskInitializeParamsParameters `json:"initializeParams,omitempty" tf:"initialize_params,omitempty"` + // +kubebuilder:validation:Optional + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` + // +kubebuilder:validation:Optional KMSKeySelfLink *string `json:"kmsKeySelfLink,omitempty" tf:"kms_key_self_link,omitempty"` @@ -260,9 +288,9 @@ type InstanceFromTemplateConfidentialInstanceConfigParameters struct { } type InstanceFromTemplateGuestAcceleratorInitParameters struct { - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type InstanceFromTemplateGuestAcceleratorObservation struct { @@ -274,10 +302,10 @@ type InstanceFromTemplateGuestAcceleratorObservation struct { type InstanceFromTemplateGuestAcceleratorParameters struct { // +kubebuilder:validation:Optional - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count" tf:"count,omitempty"` // +kubebuilder:validation:Optional - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type" tf:"type,omitempty"` } type InstanceFromTemplateInitParameters struct { @@ -308,6 +336,8 @@ type InstanceFromTemplateInitParameters struct { // Changing this forces a new resource to be created. Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -529,6 +559,8 @@ type InstanceFromTemplateObservation struct { ConfidentialInstanceConfig *InstanceFromTemplateConfidentialInstanceConfigObservation `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` + CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` + CurrentStatus *string `json:"currentStatus,omitempty" tf:"current_status,omitempty"` DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` @@ -552,6 +584,8 @@ type InstanceFromTemplateObservation struct { InstanceID *string `json:"instanceId,omitempty" tf:"instance_id,omitempty"` + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + LabelFingerprint *string `json:"labelFingerprint,omitempty" tf:"label_fingerprint,omitempty"` // +mapType=granular @@ -652,6 +686,9 @@ type InstanceFromTemplateParameters struct { // +kubebuilder:validation:Optional Hostname *string `json:"hostname,omitempty" tf:"hostname,omitempty"` + // +kubebuilder:validation:Optional + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // +kubebuilder:validation:Optional // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -772,6 +809,8 @@ type InstanceFromTemplateReservationAffinityParameters struct { type InstanceFromTemplateSchedulingInitParameters struct { AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` LocalSsdRecoveryTimeout *SchedulingLocalSsdRecoveryTimeoutInitParameters `json:"localSsdRecoveryTimeout,omitempty" tf:"local_ssd_recovery_timeout,omitempty"` @@ -794,6 +833,8 @@ type InstanceFromTemplateSchedulingInitParameters struct { type InstanceFromTemplateSchedulingObservation struct { AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` LocalSsdRecoveryTimeout *SchedulingLocalSsdRecoveryTimeoutObservation `json:"localSsdRecoveryTimeout,omitempty" tf:"local_ssd_recovery_timeout,omitempty"` @@ -818,6 +859,9 @@ type InstanceFromTemplateSchedulingParameters struct { // +kubebuilder:validation:Optional AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + // +kubebuilder:validation:Optional + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + // +kubebuilder:validation:Optional InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` @@ -850,11 +894,11 @@ type InstanceFromTemplateScratchDiskInitParameters struct { // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. - DeviceName *string `json:"deviceName,omitempty" tf:"device_name"` + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` - Interface *string `json:"interface,omitempty" tf:"interface"` + Interface *string `json:"interface,omitempty" tf:"interface,omitempty"` - Size *float64 `json:"size,omitempty" tf:"size"` + Size *float64 `json:"size,omitempty" tf:"size,omitempty"` } type InstanceFromTemplateScratchDiskObservation struct { @@ -873,20 +917,20 @@ type InstanceFromTemplateScratchDiskParameters struct { // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. // +kubebuilder:validation:Optional - DeviceName *string `json:"deviceName,omitempty" tf:"device_name"` + DeviceName *string `json:"deviceName,omitempty" tf:"device_name,omitempty"` // +kubebuilder:validation:Optional - Interface *string `json:"interface,omitempty" tf:"interface"` + Interface *string `json:"interface" tf:"interface,omitempty"` // +kubebuilder:validation:Optional - Size *float64 `json:"size,omitempty" tf:"size"` + Size *float64 `json:"size,omitempty" tf:"size,omitempty"` } type InstanceFromTemplateServiceAccountInitParameters struct { - Email *string `json:"email,omitempty" tf:"email"` + Email *string `json:"email,omitempty" tf:"email,omitempty"` // +listType=set - Scopes []*string `json:"scopes,omitempty" tf:"scopes"` + Scopes []*string `json:"scopes,omitempty" tf:"scopes,omitempty"` } type InstanceFromTemplateServiceAccountObservation struct { @@ -899,11 +943,11 @@ type InstanceFromTemplateServiceAccountObservation struct { type InstanceFromTemplateServiceAccountParameters struct { // +kubebuilder:validation:Optional - Email *string `json:"email,omitempty" tf:"email"` + Email *string `json:"email,omitempty" tf:"email,omitempty"` // +kubebuilder:validation:Optional // +listType=set - Scopes []*string `json:"scopes,omitempty" tf:"scopes"` + Scopes []*string `json:"scopes" tf:"scopes,omitempty"` } type InstanceFromTemplateShieldedInstanceConfigInitParameters struct { @@ -935,13 +979,13 @@ type InstanceFromTemplateShieldedInstanceConfigParameters struct { } type NetworkInterfaceAccessConfigInitParameters struct { - NATIP *string `json:"natIp,omitempty" tf:"nat_ip"` + NATIP *string `json:"natIp,omitempty" tf:"nat_ip,omitempty"` - NetworkTier *string `json:"networkTier,omitempty" tf:"network_tier"` + NetworkTier *string `json:"networkTier,omitempty" tf:"network_tier,omitempty"` // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. - PublicPtrDomainName *string `json:"publicPtrDomainName,omitempty" tf:"public_ptr_domain_name"` + PublicPtrDomainName *string `json:"publicPtrDomainName,omitempty" tf:"public_ptr_domain_name,omitempty"` } type NetworkInterfaceAccessConfigObservation struct { @@ -957,23 +1001,23 @@ type NetworkInterfaceAccessConfigObservation struct { type NetworkInterfaceAccessConfigParameters struct { // +kubebuilder:validation:Optional - NATIP *string `json:"natIp,omitempty" tf:"nat_ip"` + NATIP *string `json:"natIp,omitempty" tf:"nat_ip,omitempty"` // +kubebuilder:validation:Optional - NetworkTier *string `json:"networkTier,omitempty" tf:"network_tier"` + NetworkTier *string `json:"networkTier,omitempty" tf:"network_tier,omitempty"` // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. // +kubebuilder:validation:Optional - PublicPtrDomainName *string `json:"publicPtrDomainName,omitempty" tf:"public_ptr_domain_name"` + PublicPtrDomainName *string `json:"publicPtrDomainName,omitempty" tf:"public_ptr_domain_name,omitempty"` } type NetworkInterfaceAliasIPRangeInitParameters struct { - IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range"` + IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range,omitempty"` // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. - SubnetworkRangeName *string `json:"subnetworkRangeName,omitempty" tf:"subnetwork_range_name"` + SubnetworkRangeName *string `json:"subnetworkRangeName,omitempty" tf:"subnetwork_range_name,omitempty"` } type NetworkInterfaceAliasIPRangeObservation struct { @@ -987,12 +1031,12 @@ type NetworkInterfaceAliasIPRangeObservation struct { type NetworkInterfaceAliasIPRangeParameters struct { // +kubebuilder:validation:Optional - IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range"` + IPCidrRange *string `json:"ipCidrRange" tf:"ip_cidr_range,omitempty"` // A unique name for the resource, required by GCE. // Changing this forces a new resource to be created. // +kubebuilder:validation:Optional - SubnetworkRangeName *string `json:"subnetworkRangeName,omitempty" tf:"subnetwork_range_name"` + SubnetworkRangeName *string `json:"subnetworkRangeName,omitempty" tf:"subnetwork_range_name,omitempty"` } type NetworkInterfaceIPv6AccessConfigInitParameters struct { diff --git a/apis/compute/v1beta2/zz_instancegroupmanager_types.go b/apis/compute/v1beta2/zz_instancegroupmanager_types.go index 88617b8c3..aa22ddf96 100755 --- a/apis/compute/v1beta2/zz_instancegroupmanager_types.go +++ b/apis/compute/v1beta2/zz_instancegroupmanager_types.go @@ -141,6 +141,9 @@ type InstanceGroupManagerInitParameters struct { // is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation. + StandbyPolicy *StandbyPolicyInitParameters `json:"standbyPolicy,omitempty" tf:"standby_policy,omitempty"` + // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. StatefulDisk []StatefulDiskInitParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` @@ -172,6 +175,12 @@ type InstanceGroupManagerInitParameters struct { // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` + // The target number of stopped instances for this managed instance group. + TargetStoppedSize *float64 `json:"targetStoppedSize,omitempty" tf:"target_stopped_size,omitempty"` + + // The target number of suspended instances for this managed instance group. + TargetSuspendedSize *float64 `json:"targetSuspendedSize,omitempty" tf:"target_suspended_size,omitempty"` + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API. UpdatePolicy *UpdatePolicyInitParameters `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` @@ -226,6 +235,9 @@ type InstanceGroupManagerObservation struct { // The full URL of the instance group created by the manager. InstanceGroup *string `json:"instanceGroup,omitempty" tf:"instance_group,omitempty"` + // an identifier for the resource with format projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{name}} + InstanceGroupManagerID *float64 `json:"instanceGroupManagerId,omitempty" tf:"instance_group_manager_id,omitempty"` + InstanceLifecyclePolicy *InstanceLifecyclePolicyObservation `json:"instanceLifecyclePolicy,omitempty" tf:"instance_lifecycle_policy,omitempty"` // Pagination behavior of the listManagedInstances API @@ -249,6 +261,9 @@ type InstanceGroupManagerObservation struct { // The URL of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation. + StandbyPolicy *StandbyPolicyObservation `json:"standbyPolicy,omitempty" tf:"standby_policy,omitempty"` + // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. StatefulDisk []StatefulDiskObservation `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` @@ -273,6 +288,12 @@ type InstanceGroupManagerObservation struct { // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` + // The target number of stopped instances for this managed instance group. + TargetStoppedSize *float64 `json:"targetStoppedSize,omitempty" tf:"target_stopped_size,omitempty"` + + // The target number of suspended instances for this managed instance group. + TargetSuspendedSize *float64 `json:"targetSuspendedSize,omitempty" tf:"target_suspended_size,omitempty"` + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API. UpdatePolicy *UpdatePolicyObservation `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` @@ -345,6 +366,10 @@ type InstanceGroupManagerParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation. + // +kubebuilder:validation:Optional + StandbyPolicy *StandbyPolicyParameters `json:"standbyPolicy,omitempty" tf:"standby_policy,omitempty"` + // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. // +kubebuilder:validation:Optional StatefulDisk []StatefulDiskParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` @@ -381,6 +406,14 @@ type InstanceGroupManagerParameters struct { // +kubebuilder:validation:Optional TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` + // The target number of stopped instances for this managed instance group. + // +kubebuilder:validation:Optional + TargetStoppedSize *float64 `json:"targetStoppedSize,omitempty" tf:"target_stopped_size,omitempty"` + + // The target number of suspended instances for this managed instance group. + // +kubebuilder:validation:Optional + TargetSuspendedSize *float64 `json:"targetSuspendedSize,omitempty" tf:"target_suspended_size,omitempty"` + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API. // +kubebuilder:validation:Optional UpdatePolicy *UpdatePolicyParameters `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` @@ -479,6 +512,35 @@ type PerInstanceConfigsObservation struct { type PerInstanceConfigsParameters struct { } +type StandbyPolicyInitParameters struct { + + // - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0. + InitialDelaySec *float64 `json:"initialDelaySec,omitempty" tf:"initial_delay_sec,omitempty"` + + // - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type StandbyPolicyObservation struct { + + // - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0. + InitialDelaySec *float64 `json:"initialDelaySec,omitempty" tf:"initial_delay_sec,omitempty"` + + // - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type StandbyPolicyParameters struct { + + // - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0. + // +kubebuilder:validation:Optional + InitialDelaySec *float64 `json:"initialDelaySec,omitempty" tf:"initial_delay_sec,omitempty"` + + // - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes. + // +kubebuilder:validation:Optional + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + type StatefulDiskInitParameters struct { // , A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER. diff --git a/apis/compute/v1beta2/zz_instancetemplate_types.go b/apis/compute/v1beta2/zz_instancetemplate_types.go index 8b89a25f4..63879da9c 100755 --- a/apis/compute/v1beta2/zz_instancetemplate_types.go +++ b/apis/compute/v1beta2/zz_instancetemplate_types.go @@ -116,9 +116,18 @@ type InstanceTemplateAdvancedMachineFeaturesInitParameters struct { // Defines whether the instance should have nested virtualization enabled. Defaults to false. EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` + // Whether to enable UEFI networking for instance creation. + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + // The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + // The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + // Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default). + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + // The number of physical cores to expose to an instance. visible cores info (VC). VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` } @@ -128,9 +137,18 @@ type InstanceTemplateAdvancedMachineFeaturesObservation struct { // Defines whether the instance should have nested virtualization enabled. Defaults to false. EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` + // Whether to enable UEFI networking for instance creation. + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + // The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + // The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + // Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default). + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + // The number of physical cores to expose to an instance. visible cores info (VC). VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` } @@ -141,10 +159,22 @@ type InstanceTemplateAdvancedMachineFeaturesParameters struct { // +kubebuilder:validation:Optional EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty" tf:"enable_nested_virtualization,omitempty"` + // Whether to enable UEFI networking for instance creation. + // +kubebuilder:validation:Optional + EnableUefiNetworking *bool `json:"enableUefiNetworking,omitempty" tf:"enable_uefi_networking,omitempty"` + + // The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + // +kubebuilder:validation:Optional + PerformanceMonitoringUnit *string `json:"performanceMonitoringUnit,omitempty" tf:"performance_monitoring_unit,omitempty"` + // The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. // +kubebuilder:validation:Optional ThreadsPerCore *float64 `json:"threadsPerCore,omitempty" tf:"threads_per_core,omitempty"` + // Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default). + // +kubebuilder:validation:Optional + TurboMode *string `json:"turboMode,omitempty" tf:"turbo_mode,omitempty"` + // The number of physical cores to expose to an instance. visible cores info (VC). // +kubebuilder:validation:Optional VisibleCoreCount *float64 `json:"visibleCoreCount,omitempty" tf:"visible_core_count,omitempty"` @@ -152,7 +182,7 @@ type InstanceTemplateAdvancedMachineFeaturesParameters struct { type InstanceTemplateConfidentialInstanceConfigInitParameters struct { - // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta. + // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. ConfidentialInstanceType *string `json:"confidentialInstanceType,omitempty" tf:"confidential_instance_type,omitempty"` // Defines whether the instance should have confidential compute enabled with AMD SEV. If enabled, on_host_maintenance can be set to MIGRATE if min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. @@ -161,7 +191,7 @@ type InstanceTemplateConfidentialInstanceConfigInitParameters struct { type InstanceTemplateConfidentialInstanceConfigObservation struct { - // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta. + // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. ConfidentialInstanceType *string `json:"confidentialInstanceType,omitempty" tf:"confidential_instance_type,omitempty"` // Defines whether the instance should have confidential compute enabled with AMD SEV. If enabled, on_host_maintenance can be set to MIGRATE if min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. @@ -170,7 +200,7 @@ type InstanceTemplateConfidentialInstanceConfigObservation struct { type InstanceTemplateConfidentialInstanceConfigParameters struct { - // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta. + // Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. // +kubebuilder:validation:Optional ConfidentialInstanceType *string `json:"confidentialInstanceType,omitempty" tf:"confidential_instance_type,omitempty"` @@ -231,6 +261,8 @@ type InstanceTemplateDiskInitParameters struct { // Extreme persistent disk documentation. ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` @@ -342,6 +374,8 @@ type InstanceTemplateDiskObservation struct { // Extreme persistent disk documentation. ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` @@ -445,6 +479,9 @@ type InstanceTemplateDiskParameters struct { // +kubebuilder:validation:Optional ProvisionedIops *float64 `json:"provisionedIops,omitempty" tf:"provisioned_iops,omitempty"` + // +kubebuilder:validation:Optional + ProvisionedThroughput *float64 `json:"provisionedThroughput,omitempty" tf:"provisioned_throughput,omitempty"` + // A set of key/value resource manager tag pairs to bind to this disk. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. // +kubebuilder:validation:Optional // +mapType=granular @@ -568,6 +605,9 @@ type InstanceTemplateInitParameters struct { // created from this template. InstanceDescription *string `json:"instanceDescription,omitempty" tf:"instance_description,omitempty"` + // Action to be taken when a customer's encryption key is revoked. Supports STOP and NONE, with NONE being the default. + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // A set of key/value label pairs to assign to instances // created from this template. // +mapType=granular @@ -594,7 +634,9 @@ type InstanceTemplateInitParameters struct { Name *string `json:"name,omitempty" tf:"name,omitempty"` // Creates a unique name beginning with the specified - // prefix. Conflicts with name. + // prefix. Conflicts with name. Max length is 54 characters. + // Prefixes with lengths longer than 37 characters will use a shortened + // UUID that will be more prone to collisions. NamePrefix *string `json:"namePrefix,omitempty" tf:"name_prefix,omitempty"` // Networks to attach to instances created from @@ -765,7 +807,7 @@ type InstanceTemplateNetworkInterfaceInitParameters struct { // Access configurations, i.e. IPs via which this // instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance - // on that network). This block can be repeated multiple times. Structure documented below. + // on that network). This block can be specified once per network_interface. Structure documented below. AccessConfig []InstanceTemplateNetworkInterfaceAccessConfigInitParameters `json:"accessConfig,omitempty" tf:"access_config,omitempty"` // An @@ -800,7 +842,7 @@ type InstanceTemplateNetworkInterfaceInitParameters struct { // +kubebuilder:validation:Optional NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` - // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. + // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. In the beta provider the additional values of MRDMA and IRDMA are supported. NicType *string `json:"nicType,omitempty" tf:"nic_type,omitempty"` // The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified. @@ -832,7 +874,7 @@ type InstanceTemplateNetworkInterfaceObservation struct { // Access configurations, i.e. IPs via which this // instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance - // on that network). This block can be repeated multiple times. Structure documented below. + // on that network). This block can be specified once per network_interface. Structure documented below. AccessConfig []InstanceTemplateNetworkInterfaceAccessConfigObservation `json:"accessConfig,omitempty" tf:"access_config,omitempty"` // An @@ -863,7 +905,7 @@ type InstanceTemplateNetworkInterfaceObservation struct { // empty, the address will be automatically assigned. NetworkIP *string `json:"networkIp,omitempty" tf:"network_ip,omitempty"` - // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. + // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. In the beta provider the additional values of MRDMA and IRDMA are supported. NicType *string `json:"nicType,omitempty" tf:"nic_type,omitempty"` // The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified. @@ -886,7 +928,7 @@ type InstanceTemplateNetworkInterfaceParameters struct { // Access configurations, i.e. IPs via which this // instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance - // on that network). This block can be repeated multiple times. Structure documented below. + // on that network). This block can be specified once per network_interface. Structure documented below. // +kubebuilder:validation:Optional AccessConfig []InstanceTemplateNetworkInterfaceAccessConfigParameters `json:"accessConfig,omitempty" tf:"access_config,omitempty"` @@ -928,7 +970,7 @@ type InstanceTemplateNetworkInterfaceParameters struct { // +kubebuilder:validation:Optional NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` - // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. + // The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. In the beta provider the additional values of MRDMA and IRDMA are supported. // +kubebuilder:validation:Optional NicType *string `json:"nicType,omitempty" tf:"nic_type,omitempty"` @@ -992,6 +1034,9 @@ type InstanceTemplateObservation struct { // Enable Confidential Mode on this VM. Structure is documented below ConfidentialInstanceConfig *InstanceTemplateConfidentialInstanceConfigObservation `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` + // Creation timestamp in RFC3339 text format. + CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` + // A brief description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1013,6 +1058,9 @@ type InstanceTemplateObservation struct { // created from this template. InstanceDescription *string `json:"instanceDescription,omitempty" tf:"instance_description,omitempty"` + // Action to be taken when a customer's encryption key is revoked. Supports STOP and NONE, with NONE being the default. + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // A set of key/value label pairs to assign to instances // created from this template. // +mapType=granular @@ -1042,7 +1090,9 @@ type InstanceTemplateObservation struct { Name *string `json:"name,omitempty" tf:"name,omitempty"` // Creates a unique name beginning with the specified - // prefix. Conflicts with name. + // prefix. Conflicts with name. Max length is 54 characters. + // Prefixes with lengths longer than 37 characters will use a shortened + // UUID that will be more prone to collisions. NamePrefix *string `json:"namePrefix,omitempty" tf:"name_prefix,omitempty"` // Networks to attach to instances created from @@ -1141,6 +1191,10 @@ type InstanceTemplateParameters struct { // +kubebuilder:validation:Optional InstanceDescription *string `json:"instanceDescription,omitempty" tf:"instance_description,omitempty"` + // Action to be taken when a customer's encryption key is revoked. Supports STOP and NONE, with NONE being the default. + // +kubebuilder:validation:Optional + KeyRevocationActionType *string `json:"keyRevocationActionType,omitempty" tf:"key_revocation_action_type,omitempty"` + // A set of key/value label pairs to assign to instances // created from this template. // +kubebuilder:validation:Optional @@ -1173,7 +1227,9 @@ type InstanceTemplateParameters struct { Name *string `json:"name,omitempty" tf:"name,omitempty"` // Creates a unique name beginning with the specified - // prefix. Conflicts with name. + // prefix. Conflicts with name. Max length is 54 characters. + // Prefixes with lengths longer than 37 characters will use a shortened + // UUID that will be more prone to collisions. // +kubebuilder:validation:Optional NamePrefix *string `json:"namePrefix,omitempty" tf:"name_prefix,omitempty"` @@ -1304,6 +1360,9 @@ type InstanceTemplateSchedulingInitParameters struct { // terminated by a user). This defaults to true. AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + // Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance. + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + // Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` @@ -1482,6 +1541,9 @@ type InstanceTemplateSchedulingObservation struct { // terminated by a user). This defaults to true. AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + // Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance. + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + // Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` @@ -1547,6 +1609,10 @@ type InstanceTemplateSchedulingParameters struct { // +kubebuilder:validation:Optional AutomaticRestart *bool `json:"automaticRestart,omitempty" tf:"automatic_restart,omitempty"` + // Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance. + // +kubebuilder:validation:Optional + AvailabilityDomain *float64 `json:"availabilityDomain,omitempty" tf:"availability_domain,omitempty"` + // Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here // +kubebuilder:validation:Optional InstanceTerminationAction *string `json:"instanceTerminationAction,omitempty" tf:"instance_termination_action,omitempty"` diff --git a/apis/compute/v1beta2/zz_managedsslcertificate_types.go b/apis/compute/v1beta2/zz_managedsslcertificate_types.go index a5abd6bc6..293e33c10 100755 --- a/apis/compute/v1beta2/zz_managedsslcertificate_types.go +++ b/apis/compute/v1beta2/zz_managedsslcertificate_types.go @@ -37,9 +37,6 @@ type ManagedParameters struct { type ManagedSSLCertificateInitParameters struct { - // The unique identifier for the resource. - CertificateID *float64 `json:"certificateId,omitempty" tf:"certificate_id,omitempty"` - // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -100,10 +97,6 @@ type ManagedSSLCertificateObservation struct { type ManagedSSLCertificateParameters struct { - // The unique identifier for the resource. - // +kubebuilder:validation:Optional - CertificateID *float64 `json:"certificateId,omitempty" tf:"certificate_id,omitempty"` - // An optional description of this resource. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/compute/v1beta2/zz_nodetemplate_types.go b/apis/compute/v1beta2/zz_nodetemplate_types.go index bfec8be8f..6187d3427 100755 --- a/apis/compute/v1beta2/zz_nodetemplate_types.go +++ b/apis/compute/v1beta2/zz_nodetemplate_types.go @@ -13,8 +13,87 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AcceleratorsInitParameters struct { + + // The number of the guest accelerator cards exposed to this + // node template. + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // Full or partial URL of the accelerator type resource to expose + // to this node template. + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type AcceleratorsObservation struct { + + // The number of the guest accelerator cards exposed to this + // node template. + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // Full or partial URL of the accelerator type resource to expose + // to this node template. + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type AcceleratorsParameters struct { + + // The number of the guest accelerator cards exposed to this + // node template. + // +kubebuilder:validation:Optional + AcceleratorCount *float64 `json:"acceleratorCount,omitempty" tf:"accelerator_count,omitempty"` + + // Full or partial URL of the accelerator type resource to expose + // to this node template. + // +kubebuilder:validation:Optional + AcceleratorType *string `json:"acceleratorType,omitempty" tf:"accelerator_type,omitempty"` +} + +type DisksInitParameters struct { + + // Specifies the number of such disks. + DiskCount *float64 `json:"diskCount,omitempty" tf:"disk_count,omitempty"` + + // Specifies the size of the disk in base-2 GB. + DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` + + // Specifies the desired disk type on the node. This disk type must be a local storage type (e.g.: local-ssd). Note that for nodeTemplates, this should be the name of the disk type and not its URL. + DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` +} + +type DisksObservation struct { + + // Specifies the number of such disks. + DiskCount *float64 `json:"diskCount,omitempty" tf:"disk_count,omitempty"` + + // Specifies the size of the disk in base-2 GB. + DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` + + // Specifies the desired disk type on the node. This disk type must be a local storage type (e.g.: local-ssd). Note that for nodeTemplates, this should be the name of the disk type and not its URL. + DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` +} + +type DisksParameters struct { + + // Specifies the number of such disks. + // +kubebuilder:validation:Optional + DiskCount *float64 `json:"diskCount,omitempty" tf:"disk_count,omitempty"` + + // Specifies the size of the disk in base-2 GB. + // +kubebuilder:validation:Optional + DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` + + // Specifies the desired disk type on the node. This disk type must be a local storage type (e.g.: local-ssd). Note that for nodeTemplates, this should be the name of the disk type and not its URL. + // +kubebuilder:validation:Optional + DiskType *string `json:"diskType,omitempty" tf:"disk_type,omitempty"` +} + type NodeTemplateInitParameters struct { + // List of the type and count of accelerator cards attached to the + // node template + // Structure is documented below. + Accelerators []AcceleratorsInitParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + // CPU overcommit. // Default value is NONE. // Possible values are: ENABLED, NONE. @@ -23,6 +102,11 @@ type NodeTemplateInitParameters struct { // An optional textual description of the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // List of the type, size and count of disks attached to the + // node template + // Structure is documented below. + Disks []DisksInitParameters `json:"disks,omitempty" tf:"disks,omitempty"` + // Labels to use for node affinity, which will be used in // instance scheduling. // +mapType=granular @@ -51,6 +135,11 @@ type NodeTemplateInitParameters struct { type NodeTemplateObservation struct { + // List of the type and count of accelerator cards attached to the + // node template + // Structure is documented below. + Accelerators []AcceleratorsObservation `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + // CPU overcommit. // Default value is NONE. // Possible values are: ENABLED, NONE. @@ -62,6 +151,11 @@ type NodeTemplateObservation struct { // An optional textual description of the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // List of the type, size and count of disks attached to the + // node template + // Structure is documented below. + Disks []DisksObservation `json:"disks,omitempty" tf:"disks,omitempty"` + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -100,6 +194,12 @@ type NodeTemplateObservation struct { type NodeTemplateParameters struct { + // List of the type and count of accelerator cards attached to the + // node template + // Structure is documented below. + // +kubebuilder:validation:Optional + Accelerators []AcceleratorsParameters `json:"accelerators,omitempty" tf:"accelerators,omitempty"` + // CPU overcommit. // Default value is NONE. // Possible values are: ENABLED, NONE. @@ -110,6 +210,12 @@ type NodeTemplateParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // List of the type, size and count of disks attached to the + // node template + // Structure is documented below. + // +kubebuilder:validation:Optional + Disks []DisksParameters `json:"disks,omitempty" tf:"disks,omitempty"` + // Labels to use for node affinity, which will be used in // instance scheduling. // +kubebuilder:validation:Optional diff --git a/apis/compute/v1beta2/zz_regionautoscaler_types.go b/apis/compute/v1beta2/zz_regionautoscaler_types.go index d33c8084e..db73b91bd 100755 --- a/apis/compute/v1beta2/zz_regionautoscaler_types.go +++ b/apis/compute/v1beta2/zz_regionautoscaler_types.go @@ -245,7 +245,7 @@ type AutoscalingPolicyMetricParameters struct { type AutoscalingPolicyScaleInControlInitParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. MaxScaledInReplicas *ScaleInControlMaxScaledInReplicasInitParameters `json:"maxScaledInReplicas,omitempty" tf:"max_scaled_in_replicas,omitempty"` @@ -256,7 +256,7 @@ type AutoscalingPolicyScaleInControlInitParameters struct { type AutoscalingPolicyScaleInControlObservation struct { - // A nested object resource + // A nested object resource. // Structure is documented below. MaxScaledInReplicas *ScaleInControlMaxScaledInReplicasObservation `json:"maxScaledInReplicas,omitempty" tf:"max_scaled_in_replicas,omitempty"` @@ -267,7 +267,7 @@ type AutoscalingPolicyScaleInControlObservation struct { type AutoscalingPolicyScaleInControlParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional MaxScaledInReplicas *ScaleInControlMaxScaledInReplicasParameters `json:"maxScaledInReplicas,omitempty" tf:"max_scaled_in_replicas,omitempty"` diff --git a/apis/compute/v1beta2/zz_regionbackendservice_types.go b/apis/compute/v1beta2/zz_regionbackendservice_types.go index a1862f02c..5cae20111 100755 --- a/apis/compute/v1beta2/zz_regionbackendservice_types.go +++ b/apis/compute/v1beta2/zz_regionbackendservice_types.go @@ -15,51 +15,33 @@ import ( type ConsistentHashHTTPCookieInitParameters struct { - // Name of the resource. Provided by the client when the resource is - // created. The name must be 1-63 characters long, and comply with - // RFC1035. Specifically, the name must be 1-63 characters long and match - // the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - // first character must be a lowercase letter, and all following - // characters must be a dash, lowercase letter, or digit, except the last - // character, which cannot be a dash. + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` // Path to set for the cookie. Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. TTL *HTTPCookieTTLInitParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` } type ConsistentHashHTTPCookieObservation struct { - // Name of the resource. Provided by the client when the resource is - // created. The name must be 1-63 characters long, and comply with - // RFC1035. Specifically, the name must be 1-63 characters long and match - // the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - // first character must be a lowercase letter, and all following - // characters must be a dash, lowercase letter, or digit, except the last - // character, which cannot be a dash. + // Name of the cookie. Name *string `json:"name,omitempty" tf:"name,omitempty"` // Path to set for the cookie. Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. TTL *HTTPCookieTTLObservation `json:"ttl,omitempty" tf:"ttl,omitempty"` } type ConsistentHashHTTPCookieParameters struct { - // Name of the resource. Provided by the client when the resource is - // created. The name must be 1-63 characters long, and comply with - // RFC1035. Specifically, the name must be 1-63 characters long and match - // the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - // first character must be a lowercase letter, and all following - // characters must be a dash, lowercase letter, or digit, except the last - // character, which cannot be a dash. + // Name of the cookie. // +kubebuilder:validation:Optional Name *string `json:"name,omitempty" tf:"name,omitempty"` @@ -67,8 +49,8 @@ type ConsistentHashHTTPCookieParameters struct { // +kubebuilder:validation:Optional Path *string `json:"path,omitempty" tf:"path,omitempty"` - // The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - // (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + // Lifetime of the cookie. + // Structure is documented below. // +kubebuilder:validation:Optional TTL *HTTPCookieTTLParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` } @@ -291,8 +273,7 @@ type RegionBackendServiceBackendInitParameters struct { // Specifies the balancing mode for this backend. // See the Backend Services Overview // for an explanation of load balancing modes. - // From version 6.0.0 default value will be UTILIZATION to match default GCP value. - // Default value is CONNECTION. + // Default value is UTILIZATION. // Possible values are: UTILIZATION, RATE, CONNECTION. BalancingMode *string `json:"balancingMode,omitempty" tf:"balancing_mode,omitempty"` @@ -401,8 +382,7 @@ type RegionBackendServiceBackendObservation struct { // Specifies the balancing mode for this backend. // See the Backend Services Overview // for an explanation of load balancing modes. - // From version 6.0.0 default value will be UTILIZATION to match default GCP value. - // Default value is CONNECTION. + // Default value is UTILIZATION. // Possible values are: UTILIZATION, RATE, CONNECTION. BalancingMode *string `json:"balancingMode,omitempty" tf:"balancing_mode,omitempty"` @@ -501,8 +481,7 @@ type RegionBackendServiceBackendParameters struct { // Specifies the balancing mode for this backend. // See the Backend Services Overview // for an explanation of load balancing modes. - // From version 6.0.0 default value will be UTILIZATION to match default GCP value. - // Default value is CONNECTION. + // Default value is UTILIZATION. // Possible values are: UTILIZATION, RATE, CONNECTION. // +kubebuilder:validation:Optional BalancingMode *string `json:"balancingMode,omitempty" tf:"balancing_mode,omitempty"` @@ -1046,30 +1025,40 @@ type RegionBackendServiceConsistentHashParameters struct { type RegionBackendServiceIapInitParameters struct { + // Whether the serving infrastructure will authenticate and authorize all incoming requests. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // OAuth2 Client ID for IAP Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` // OAuth2 Client Secret for IAP // Note: This property is sensitive and will not be displayed in the plan. - Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` + Oauth2ClientSecretSecretRef *v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef,omitempty" tf:"-"` } type RegionBackendServiceIapObservation struct { + // Whether the serving infrastructure will authenticate and authorize all incoming requests. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // OAuth2 Client ID for IAP Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` } type RegionBackendServiceIapParameters struct { + // Whether the serving infrastructure will authenticate and authorize all incoming requests. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` + // OAuth2 Client ID for IAP // +kubebuilder:validation:Optional - Oauth2ClientID *string `json:"oauth2ClientId" tf:"oauth2_client_id,omitempty"` + Oauth2ClientID *string `json:"oauth2ClientId,omitempty" tf:"oauth2_client_id,omitempty"` // OAuth2 Client Secret for IAP // Note: This property is sensitive and will not be displayed in the plan. // +kubebuilder:validation:Optional - Oauth2ClientSecretSecretRef v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef" tf:"-"` + Oauth2ClientSecretSecretRef *v1.SecretKeySelector `json:"oauth2ClientSecretSecretRef,omitempty" tf:"-"` } type RegionBackendServiceInitParameters struct { @@ -1097,7 +1086,6 @@ type RegionBackendServiceInitParameters struct { // Time for which instance will be drained (not accept new // connections, but still work to finish started). - // From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. ConnectionDrainingTimeoutSec *float64 `json:"connectionDrainingTimeoutSec,omitempty" tf:"connection_draining_timeout_sec,omitempty"` // Consistent Hash-based load balancing can be used to provide soft session @@ -1137,6 +1125,10 @@ type RegionBackendServiceInitParameters struct { // +kubebuilder:validation:Optional HealthChecksSelector *v1.Selector `json:"healthChecksSelector,omitempty" tf:"-"` + // Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + // Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + IPAddressSelectionPolicy *string `json:"ipAddressSelectionPolicy,omitempty" tf:"ip_address_selection_policy,omitempty"` + // Settings for enabling Cloud Identity Aware Proxy // Structure is documented below. Iap *RegionBackendServiceIapInitParameters `json:"iap,omitempty" tf:"iap,omitempty"` @@ -1160,8 +1152,6 @@ type RegionBackendServiceInitParameters struct { // Settings controlling eviction of unhealthy hosts from the load balancing pool. // This field is applicable only when the load_balancing_scheme is set // to INTERNAL_MANAGED and the protocol is set to HTTP, HTTPS, or HTTP2. - // From version 6.0. - // Default values are enforce by GCP without providing them. // Structure is documented below. OutlierDetection *RegionBackendServiceOutlierDetectionInitParameters `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -1183,9 +1173,13 @@ type RegionBackendServiceInitParameters struct { // Type of session affinity to use. The default is NONE. Session affinity is // not applicable if the protocol is UDP. - // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION. + // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION, STRONG_COOKIE_AFFINITY. SessionAffinity *string `json:"sessionAffinity,omitempty" tf:"session_affinity,omitempty"` + // Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + // Structure is documented below. + StrongSessionAffinityCookie *RegionBackendServiceStrongSessionAffinityCookieInitParameters `json:"strongSessionAffinityCookie,omitempty" tf:"strong_session_affinity_cookie,omitempty"` + // The backend service timeout has a different meaning depending on the type of load balancer. // For more information see, Backend service settings. // The default is 30 seconds. @@ -1256,7 +1250,6 @@ type RegionBackendServiceObservation struct { // Time for which instance will be drained (not accept new // connections, but still work to finish started). - // From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. ConnectionDrainingTimeoutSec *float64 `json:"connectionDrainingTimeoutSec,omitempty" tf:"connection_draining_timeout_sec,omitempty"` // Consistent Hash-based load balancing can be used to provide soft session @@ -1299,6 +1292,10 @@ type RegionBackendServiceObservation struct { // an identifier for the resource with format projects/{{project}}/regions/{{region}}/backendServices/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + // Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + IPAddressSelectionPolicy *string `json:"ipAddressSelectionPolicy,omitempty" tf:"ip_address_selection_policy,omitempty"` + // Settings for enabling Cloud Identity Aware Proxy // Structure is documented below. Iap *RegionBackendServiceIapObservation `json:"iap,omitempty" tf:"iap,omitempty"` @@ -1322,8 +1319,6 @@ type RegionBackendServiceObservation struct { // Settings controlling eviction of unhealthy hosts from the load balancing pool. // This field is applicable only when the load_balancing_scheme is set // to INTERNAL_MANAGED and the protocol is set to HTTP, HTTPS, or HTTP2. - // From version 6.0. - // Default values are enforce by GCP without providing them. // Structure is documented below. OutlierDetection *RegionBackendServiceOutlierDetectionObservation `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -1352,9 +1347,13 @@ type RegionBackendServiceObservation struct { // Type of session affinity to use. The default is NONE. Session affinity is // not applicable if the protocol is UDP. - // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION. + // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION, STRONG_COOKIE_AFFINITY. SessionAffinity *string `json:"sessionAffinity,omitempty" tf:"session_affinity,omitempty"` + // Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + // Structure is documented below. + StrongSessionAffinityCookie *RegionBackendServiceStrongSessionAffinityCookieObservation `json:"strongSessionAffinityCookie,omitempty" tf:"strong_session_affinity_cookie,omitempty"` + // The backend service timeout has a different meaning depending on the type of load balancer. // For more information see, Backend service settings. // The default is 30 seconds. @@ -1594,7 +1593,6 @@ type RegionBackendServiceParameters struct { // Time for which instance will be drained (not accept new // connections, but still work to finish started). - // From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. // +kubebuilder:validation:Optional ConnectionDrainingTimeoutSec *float64 `json:"connectionDrainingTimeoutSec,omitempty" tf:"connection_draining_timeout_sec,omitempty"` @@ -1640,6 +1638,11 @@ type RegionBackendServiceParameters struct { // +kubebuilder:validation:Optional HealthChecksSelector *v1.Selector `json:"healthChecksSelector,omitempty" tf:"-"` + // Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + // Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + // +kubebuilder:validation:Optional + IPAddressSelectionPolicy *string `json:"ipAddressSelectionPolicy,omitempty" tf:"ip_address_selection_policy,omitempty"` + // Settings for enabling Cloud Identity Aware Proxy // Structure is documented below. // +kubebuilder:validation:Optional @@ -1668,8 +1671,6 @@ type RegionBackendServiceParameters struct { // Settings controlling eviction of unhealthy hosts from the load balancing pool. // This field is applicable only when the load_balancing_scheme is set // to INTERNAL_MANAGED and the protocol is set to HTTP, HTTPS, or HTTP2. - // From version 6.0. - // Default values are enforce by GCP without providing them. // Structure is documented below. // +kubebuilder:validation:Optional OutlierDetection *RegionBackendServiceOutlierDetectionParameters `json:"outlierDetection,omitempty" tf:"outlier_detection,omitempty"` @@ -1700,10 +1701,15 @@ type RegionBackendServiceParameters struct { // Type of session affinity to use. The default is NONE. Session affinity is // not applicable if the protocol is UDP. - // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION. + // Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION, STRONG_COOKIE_AFFINITY. // +kubebuilder:validation:Optional SessionAffinity *string `json:"sessionAffinity,omitempty" tf:"session_affinity,omitempty"` + // Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + // Structure is documented below. + // +kubebuilder:validation:Optional + StrongSessionAffinityCookie *RegionBackendServiceStrongSessionAffinityCookieParameters `json:"strongSessionAffinityCookie,omitempty" tf:"strong_session_affinity_cookie,omitempty"` + // The backend service timeout has a different meaning depending on the type of load balancer. // For more information see, Backend service settings. // The default is 30 seconds. @@ -1712,6 +1718,89 @@ type RegionBackendServiceParameters struct { TimeoutSec *float64 `json:"timeoutSec,omitempty" tf:"timeout_sec,omitempty"` } +type RegionBackendServiceStrongSessionAffinityCookieInitParameters struct { + + // Name of the cookie. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Path to set for the cookie. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Lifetime of the cookie. + // Structure is documented below. + TTL *RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` +} + +type RegionBackendServiceStrongSessionAffinityCookieObservation struct { + + // Name of the cookie. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Path to set for the cookie. + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Lifetime of the cookie. + // Structure is documented below. + TTL *RegionBackendServiceStrongSessionAffinityCookieTTLObservation `json:"ttl,omitempty" tf:"ttl,omitempty"` +} + +type RegionBackendServiceStrongSessionAffinityCookieParameters struct { + + // Name of the cookie. + // +kubebuilder:validation:Optional + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Path to set for the cookie. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` + + // Lifetime of the cookie. + // Structure is documented below. + // +kubebuilder:validation:Optional + TTL *RegionBackendServiceStrongSessionAffinityCookieTTLParameters `json:"ttl,omitempty" tf:"ttl,omitempty"` +} + +type RegionBackendServiceStrongSessionAffinityCookieTTLInitParameters struct { + + // Span of time that's a fraction of a second at nanosecond + // resolution. Durations less than one second are represented + // with a 0 seconds field and a positive nanos field. Must + // be from 0 to 999,999,999 inclusive. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Span of time at a resolution of a second. + // Must be from 0 to 315,576,000,000 inclusive. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type RegionBackendServiceStrongSessionAffinityCookieTTLObservation struct { + + // Span of time that's a fraction of a second at nanosecond + // resolution. Durations less than one second are represented + // with a 0 seconds field and a positive nanos field. Must + // be from 0 to 999,999,999 inclusive. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Span of time at a resolution of a second. + // Must be from 0 to 315,576,000,000 inclusive. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type RegionBackendServiceStrongSessionAffinityCookieTTLParameters struct { + + // Span of time that's a fraction of a second at nanosecond + // resolution. Durations less than one second are represented + // with a 0 seconds field and a positive nanos field. Must + // be from 0 to 999,999,999 inclusive. + // +kubebuilder:validation:Optional + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Span of time at a resolution of a second. + // Must be from 0 to 315,576,000,000 inclusive. + // +kubebuilder:validation:Optional + Seconds *float64 `json:"seconds" tf:"seconds,omitempty"` +} + // RegionBackendServiceSpec defines the desired state of RegionBackendService type RegionBackendServiceSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/compute/v1beta2/zz_regiondisk_types.go b/apis/compute/v1beta2/zz_regiondisk_types.go index c5b9fef44..19f3748e3 100755 --- a/apis/compute/v1beta2/zz_regiondisk_types.go +++ b/apis/compute/v1beta2/zz_regiondisk_types.go @@ -111,7 +111,7 @@ type RegionDiskGuestOsFeaturesParameters struct { type RegionDiskInitParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. AsyncPrimaryDisk *RegionDiskAsyncPrimaryDiskInitParameters `json:"asyncPrimaryDisk,omitempty" tf:"async_primary_disk,omitempty"` @@ -198,7 +198,7 @@ type RegionDiskInitParameters struct { type RegionDiskObservation struct { - // A nested object resource + // A nested object resource. // Structure is documented below. AsyncPrimaryDisk *RegionDiskAsyncPrimaryDiskObservation `json:"asyncPrimaryDisk,omitempty" tf:"async_primary_disk,omitempty"` @@ -323,7 +323,7 @@ type RegionDiskObservation struct { type RegionDiskParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional AsyncPrimaryDisk *RegionDiskAsyncPrimaryDiskParameters `json:"asyncPrimaryDisk,omitempty" tf:"async_primary_disk,omitempty"` diff --git a/apis/compute/v1beta2/zz_regionhealthcheck_types.go b/apis/compute/v1beta2/zz_regionhealthcheck_types.go index def7ca2c1..05c21e7b3 100755 --- a/apis/compute/v1beta2/zz_regionhealthcheck_types.go +++ b/apis/compute/v1beta2/zz_regionhealthcheck_types.go @@ -423,15 +423,15 @@ type RegionHealthCheckInitParameters struct { // you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. GRPCHealthCheck *RegionHealthCheckGRPCHealthCheckInitParameters `json:"grpcHealthCheck,omitempty" tf:"grpc_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPHealthCheck *RegionHealthCheckHTTPHealthCheckInitParameters `json:"httpHealthCheck,omitempty" tf:"http_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPSHealthCheck *RegionHealthCheckHTTPSHealthCheckInitParameters `json:"httpsHealthCheck,omitempty" tf:"https_health_check,omitempty"` @@ -439,7 +439,7 @@ type RegionHealthCheckInitParameters struct { // consecutive successes. The default value is 2. HealthyThreshold *float64 `json:"healthyThreshold,omitempty" tf:"healthy_threshold,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. Http2HealthCheck *RegionHealthCheckHttp2HealthCheckInitParameters `json:"http2HealthCheck,omitempty" tf:"http2_health_check,omitempty"` @@ -451,11 +451,11 @@ type RegionHealthCheckInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. SSLHealthCheck *RegionHealthCheckSSLHealthCheckInitParameters `json:"sslHealthCheck,omitempty" tf:"ssl_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. TCPHealthCheck *RegionHealthCheckTCPHealthCheckInitParameters `json:"tcpHealthCheck,omitempty" tf:"tcp_health_check,omitempty"` @@ -504,23 +504,26 @@ type RegionHealthCheckObservation struct { // you create the resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. GRPCHealthCheck *RegionHealthCheckGRPCHealthCheckObservation `json:"grpcHealthCheck,omitempty" tf:"grpc_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPHealthCheck *RegionHealthCheckHTTPHealthCheckObservation `json:"httpHealthCheck,omitempty" tf:"http_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. HTTPSHealthCheck *RegionHealthCheckHTTPSHealthCheckObservation `json:"httpsHealthCheck,omitempty" tf:"https_health_check,omitempty"` + // The unique identifier number for the resource. This identifier is defined by the server. + HealthCheckID *float64 `json:"healthCheckId,omitempty" tf:"health_check_id,omitempty"` + // A so-far unhealthy instance will be marked healthy after this many // consecutive successes. The default value is 2. HealthyThreshold *float64 `json:"healthyThreshold,omitempty" tf:"healthy_threshold,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. Http2HealthCheck *RegionHealthCheckHttp2HealthCheckObservation `json:"http2HealthCheck,omitempty" tf:"http2_health_check,omitempty"` @@ -539,14 +542,14 @@ type RegionHealthCheckObservation struct { // If it is not provided, the provider region is used. Region *string `json:"region,omitempty" tf:"region,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. SSLHealthCheck *RegionHealthCheckSSLHealthCheckObservation `json:"sslHealthCheck,omitempty" tf:"ssl_health_check,omitempty"` // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. TCPHealthCheck *RegionHealthCheckTCPHealthCheckObservation `json:"tcpHealthCheck,omitempty" tf:"tcp_health_check,omitempty"` @@ -575,17 +578,17 @@ type RegionHealthCheckParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional GRPCHealthCheck *RegionHealthCheckGRPCHealthCheckParameters `json:"grpcHealthCheck,omitempty" tf:"grpc_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional HTTPHealthCheck *RegionHealthCheckHTTPHealthCheckParameters `json:"httpHealthCheck,omitempty" tf:"http_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional HTTPSHealthCheck *RegionHealthCheckHTTPSHealthCheckParameters `json:"httpsHealthCheck,omitempty" tf:"https_health_check,omitempty"` @@ -595,7 +598,7 @@ type RegionHealthCheckParameters struct { // +kubebuilder:validation:Optional HealthyThreshold *float64 `json:"healthyThreshold,omitempty" tf:"healthy_threshold,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional Http2HealthCheck *RegionHealthCheckHttp2HealthCheckParameters `json:"http2HealthCheck,omitempty" tf:"http2_health_check,omitempty"` @@ -615,12 +618,12 @@ type RegionHealthCheckParameters struct { // +kubebuilder:validation:Required Region *string `json:"region" tf:"region,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional SSLHealthCheck *RegionHealthCheckSSLHealthCheckParameters `json:"sslHealthCheck,omitempty" tf:"ssl_health_check,omitempty"` - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional TCPHealthCheck *RegionHealthCheckTCPHealthCheckParameters `json:"tcpHealthCheck,omitempty" tf:"tcp_health_check,omitempty"` diff --git a/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go b/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go index 530be83d7..34a9e8977 100755 --- a/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go +++ b/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go @@ -13,6 +13,67 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type InstanceFlexibilityPolicyInitParameters struct { + + // , Named instance selections configuring properties that the group will use when creating new VMs. One can specify multiple instance selection to allow managed instance group to create VMs from multiple types of machines, based on preference and availability. Structure is documented below. + InstanceSelections []InstanceSelectionsInitParameters `json:"instanceSelections,omitempty" tf:"instance_selections,omitempty"` +} + +type InstanceFlexibilityPolicyObservation struct { + + // , Named instance selections configuring properties that the group will use when creating new VMs. One can specify multiple instance selection to allow managed instance group to create VMs from multiple types of machines, based on preference and availability. Structure is documented below. + InstanceSelections []InstanceSelectionsObservation `json:"instanceSelections,omitempty" tf:"instance_selections,omitempty"` +} + +type InstanceFlexibilityPolicyParameters struct { + + // , Named instance selections configuring properties that the group will use when creating new VMs. One can specify multiple instance selection to allow managed instance group to create VMs from multiple types of machines, based on preference and availability. Structure is documented below. + // +kubebuilder:validation:Optional + InstanceSelections []InstanceSelectionsParameters `json:"instanceSelections,omitempty" tf:"instance_selections,omitempty"` +} + +type InstanceSelectionsInitParameters struct { + + // , A list of full machine-type names, e.g. "n1-standard-16". + // +listType=set + MachineTypes []*string `json:"machineTypes,omitempty" tf:"machine_types,omitempty"` + + // , Name of the instance selection, e.g. instance_selection_with_n1_machines_types. Instance selection names must be unique within the flexibility policy. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // , Preference of this instance selection. Lower number means higher preference. Managed instance group will first try to create a VM based on the machine-type with lowest rank and fallback to next rank based on availability. Machine types and instance selections with the same rank have the same preference. + Rank *float64 `json:"rank,omitempty" tf:"rank,omitempty"` +} + +type InstanceSelectionsObservation struct { + + // , A list of full machine-type names, e.g. "n1-standard-16". + // +listType=set + MachineTypes []*string `json:"machineTypes,omitempty" tf:"machine_types,omitempty"` + + // , Name of the instance selection, e.g. instance_selection_with_n1_machines_types. Instance selection names must be unique within the flexibility policy. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // , Preference of this instance selection. Lower number means higher preference. Managed instance group will first try to create a VM based on the machine-type with lowest rank and fallback to next rank based on availability. Machine types and instance selections with the same rank have the same preference. + Rank *float64 `json:"rank,omitempty" tf:"rank,omitempty"` +} + +type InstanceSelectionsParameters struct { + + // , A list of full machine-type names, e.g. "n1-standard-16". + // +kubebuilder:validation:Optional + // +listType=set + MachineTypes []*string `json:"machineTypes" tf:"machine_types,omitempty"` + + // , Name of the instance selection, e.g. instance_selection_with_n1_machines_types. Instance selection names must be unique within the flexibility policy. + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // , Preference of this instance selection. Lower number means higher preference. Managed instance group will first try to create a VM based on the machine-type with lowest rank and fallback to next rank based on availability. Machine types and instance selections with the same rank have the same preference. + // +kubebuilder:validation:Optional + Rank *float64 `json:"rank,omitempty" tf:"rank,omitempty"` +} + type RegionInstanceGroupManagerAllInstancesConfigInitParameters struct { // , The label key-value pairs that you want to patch onto the instance. @@ -131,6 +192,9 @@ type RegionInstanceGroupManagerInitParameters struct { // +listType=set DistributionPolicyZones []*string `json:"distributionPolicyZones,omitempty" tf:"distribution_policy_zones,omitempty"` + // The flexibility policy for managed instance group. Instance flexibility allows managed instance group to create VMs from multiple types of machines. Instance flexibility configuration on managed instance group overrides instance template configuration. Structure is documented below. + InstanceFlexibilityPolicy *InstanceFlexibilityPolicyInitParameters `json:"instanceFlexibilityPolicy,omitempty" tf:"instance_flexibility_policy,omitempty"` + InstanceLifecyclePolicy *RegionInstanceGroupManagerInstanceLifecyclePolicyInitParameters `json:"instanceLifecyclePolicy,omitempty" tf:"instance_lifecycle_policy,omitempty"` // Pagination behavior of the listManagedInstances API @@ -158,6 +222,9 @@ type RegionInstanceGroupManagerInitParameters struct { // The region where the managed instance group resides. If not provided, the provider region is used. Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation. + StandbyPolicy *RegionInstanceGroupManagerStandbyPolicyInitParameters `json:"standbyPolicy,omitempty" tf:"standby_policy,omitempty"` + // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy. StatefulDisk []RegionInstanceGroupManagerStatefulDiskInitParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` @@ -189,6 +256,12 @@ type RegionInstanceGroupManagerInitParameters struct { // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` + // The target number of stopped instances for this managed instance group. + TargetStoppedSize *float64 `json:"targetStoppedSize,omitempty" tf:"target_stopped_size,omitempty"` + + // The target number of suspended instances for this managed instance group. + TargetSuspendedSize *float64 `json:"targetSuspendedSize,omitempty" tf:"target_suspended_size,omitempty"` + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API UpdatePolicy *RegionInstanceGroupManagerUpdatePolicyInitParameters `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` @@ -306,9 +379,15 @@ type RegionInstanceGroupManagerObservation struct { // an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // The flexibility policy for managed instance group. Instance flexibility allows managed instance group to create VMs from multiple types of machines. Instance flexibility configuration on managed instance group overrides instance template configuration. Structure is documented below. + InstanceFlexibilityPolicy *InstanceFlexibilityPolicyObservation `json:"instanceFlexibilityPolicy,omitempty" tf:"instance_flexibility_policy,omitempty"` + // The full URL of the instance group created by the manager. InstanceGroup *string `json:"instanceGroup,omitempty" tf:"instance_group,omitempty"` + // an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}} + InstanceGroupManagerID *float64 `json:"instanceGroupManagerId,omitempty" tf:"instance_group_manager_id,omitempty"` + InstanceLifecyclePolicy *RegionInstanceGroupManagerInstanceLifecyclePolicyObservation `json:"instanceLifecyclePolicy,omitempty" tf:"instance_lifecycle_policy,omitempty"` // Pagination behavior of the listManagedInstances API @@ -339,6 +418,9 @@ type RegionInstanceGroupManagerObservation struct { // The URL of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation. + StandbyPolicy *RegionInstanceGroupManagerStandbyPolicyObservation `json:"standbyPolicy,omitempty" tf:"standby_policy,omitempty"` + // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy. StatefulDisk []RegionInstanceGroupManagerStatefulDiskObservation `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` @@ -362,6 +444,12 @@ type RegionInstanceGroupManagerObservation struct { // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` + // The target number of stopped instances for this managed instance group. + TargetStoppedSize *float64 `json:"targetStoppedSize,omitempty" tf:"target_stopped_size,omitempty"` + + // The target number of suspended instances for this managed instance group. + TargetSuspendedSize *float64 `json:"targetSuspendedSize,omitempty" tf:"target_suspended_size,omitempty"` + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API UpdatePolicy *RegionInstanceGroupManagerUpdatePolicyObservation `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` @@ -418,6 +506,10 @@ type RegionInstanceGroupManagerParameters struct { // +listType=set DistributionPolicyZones []*string `json:"distributionPolicyZones,omitempty" tf:"distribution_policy_zones,omitempty"` + // The flexibility policy for managed instance group. Instance flexibility allows managed instance group to create VMs from multiple types of machines. Instance flexibility configuration on managed instance group overrides instance template configuration. Structure is documented below. + // +kubebuilder:validation:Optional + InstanceFlexibilityPolicy *InstanceFlexibilityPolicyParameters `json:"instanceFlexibilityPolicy,omitempty" tf:"instance_flexibility_policy,omitempty"` + // +kubebuilder:validation:Optional InstanceLifecyclePolicy *RegionInstanceGroupManagerInstanceLifecyclePolicyParameters `json:"instanceLifecyclePolicy,omitempty" tf:"instance_lifecycle_policy,omitempty"` @@ -451,6 +543,10 @@ type RegionInstanceGroupManagerParameters struct { // +kubebuilder:validation:Optional Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation. + // +kubebuilder:validation:Optional + StandbyPolicy *RegionInstanceGroupManagerStandbyPolicyParameters `json:"standbyPolicy,omitempty" tf:"standby_policy,omitempty"` + // Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy. // +kubebuilder:validation:Optional StatefulDisk []RegionInstanceGroupManagerStatefulDiskParameters `json:"statefulDisk,omitempty" tf:"stateful_disk,omitempty"` @@ -487,6 +583,14 @@ type RegionInstanceGroupManagerParameters struct { // +kubebuilder:validation:Optional TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` + // The target number of stopped instances for this managed instance group. + // +kubebuilder:validation:Optional + TargetStoppedSize *float64 `json:"targetStoppedSize,omitempty" tf:"target_stopped_size,omitempty"` + + // The target number of suspended instances for this managed instance group. + // +kubebuilder:validation:Optional + TargetSuspendedSize *float64 `json:"targetSuspendedSize,omitempty" tf:"target_suspended_size,omitempty"` + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API // +kubebuilder:validation:Optional UpdatePolicy *RegionInstanceGroupManagerUpdatePolicyParameters `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` @@ -510,6 +614,35 @@ type RegionInstanceGroupManagerParameters struct { WaitForInstancesStatus *string `json:"waitForInstancesStatus,omitempty" tf:"wait_for_instances_status,omitempty"` } +type RegionInstanceGroupManagerStandbyPolicyInitParameters struct { + + // - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0. + InitialDelaySec *float64 `json:"initialDelaySec,omitempty" tf:"initial_delay_sec,omitempty"` + + // - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type RegionInstanceGroupManagerStandbyPolicyObservation struct { + + // - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0. + InitialDelaySec *float64 `json:"initialDelaySec,omitempty" tf:"initial_delay_sec,omitempty"` + + // - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type RegionInstanceGroupManagerStandbyPolicyParameters struct { + + // - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0. + // +kubebuilder:validation:Optional + InitialDelaySec *float64 `json:"initialDelaySec,omitempty" tf:"initial_delay_sec,omitempty"` + + // - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes. + // +kubebuilder:validation:Optional + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + type RegionInstanceGroupManagerStatefulDiskInitParameters struct { // , A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER. diff --git a/apis/compute/v1beta2/zz_regionnetworkendpointgroup_types.go b/apis/compute/v1beta2/zz_regionnetworkendpointgroup_types.go index 725f29bd9..01797e401 100755 --- a/apis/compute/v1beta2/zz_regionnetworkendpointgroup_types.go +++ b/apis/compute/v1beta2/zz_regionnetworkendpointgroup_types.go @@ -240,6 +240,34 @@ type CloudRunParameters struct { URLMask *string `json:"urlMask,omitempty" tf:"url_mask,omitempty"` } +type PscDataInitParameters struct { + + // The PSC producer port to use when consumer PSC NEG connects to a producer. If + // this flag isn't specified for a PSC NEG with endpoint type + // private-service-connect, then PSC NEG will be connected to a first port in the + // available PSC producer port range. + ProducerPort *string `json:"producerPort,omitempty" tf:"producer_port,omitempty"` +} + +type PscDataObservation struct { + + // The PSC producer port to use when consumer PSC NEG connects to a producer. If + // this flag isn't specified for a PSC NEG with endpoint type + // private-service-connect, then PSC NEG will be connected to a first port in the + // available PSC producer port range. + ProducerPort *string `json:"producerPort,omitempty" tf:"producer_port,omitempty"` +} + +type PscDataParameters struct { + + // The PSC producer port to use when consumer PSC NEG connects to a producer. If + // this flag isn't specified for a PSC NEG with endpoint type + // private-service-connect, then PSC NEG will be connected to a first port in the + // available PSC producer port range. + // +kubebuilder:validation:Optional + ProducerPort *string `json:"producerPort,omitempty" tf:"producer_port,omitempty"` +} + type RegionNetworkEndpointGroupInitParameters struct { // This field is only used for SERVERLESS NEGs. @@ -285,6 +313,10 @@ type RegionNetworkEndpointGroupInitParameters struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // This field is only used for PSC NEGs. + // Structure is documented below. + PscData *PscDataInitParameters `json:"pscData,omitempty" tf:"psc_data,omitempty"` + // This field is only used for PSC and INTERNET NEGs. // The target service url used to set up private service connection to // a Google API or a PSC Producer Service Attachment. @@ -353,6 +385,10 @@ type RegionNetworkEndpointGroupObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // This field is only used for PSC NEGs. + // Structure is documented below. + PscData *PscDataObservation `json:"pscData,omitempty" tf:"psc_data,omitempty"` + // This field is only used for PSC and INTERNET NEGs. // The target service url used to set up private service connection to // a Google API or a PSC Producer Service Attachment. @@ -421,6 +457,11 @@ type RegionNetworkEndpointGroupParameters struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // This field is only used for PSC NEGs. + // Structure is documented below. + // +kubebuilder:validation:Optional + PscData *PscDataParameters `json:"pscData,omitempty" tf:"psc_data,omitempty"` + // This field is only used for PSC and INTERNET NEGs. // The target service url used to set up private service connection to // a Google API or a PSC Producer Service Attachment. diff --git a/apis/compute/v1beta2/zz_routernat_types.go b/apis/compute/v1beta2/zz_routernat_types.go index ffed45276..f20247971 100755 --- a/apis/compute/v1beta2/zz_routernat_types.go +++ b/apis/compute/v1beta2/zz_routernat_types.go @@ -117,6 +117,11 @@ type RouterNATInitParameters struct { // Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. IcmpIdleTimeoutSec *float64 `json:"icmpIdleTimeoutSec,omitempty" tf:"icmp_idle_timeout_sec,omitempty"` + // Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. + // Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + // +listType=set + InitialNATIps []*string `json:"initialNatIps,omitempty" tf:"initial_nat_ips,omitempty"` + // Configuration for logging on NAT // Structure is documented below. LogConfig *RouterNATLogConfigInitParameters `json:"logConfig,omitempty" tf:"log_config,omitempty"` @@ -136,6 +141,9 @@ type RouterNATInitParameters struct { // Self-links of NAT IPs. Only valid if natIpAllocateOption // is set to MANUAL_ONLY. + // If this field is used alongside with a count created list of address resources google_compute_address.foobar.*.self_link, + // the access level resource for the address resource must have a lifecycle block with create_before_destroy = true so + // the number of resources can be increased/decreased without triggering the resourceInUseByAnotherResource error. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Address // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) // +listType=set @@ -260,6 +268,11 @@ type RouterNATObservation struct { // Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. IcmpIdleTimeoutSec *float64 `json:"icmpIdleTimeoutSec,omitempty" tf:"icmp_idle_timeout_sec,omitempty"` + // Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. + // Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + // +listType=set + InitialNATIps []*string `json:"initialNatIps,omitempty" tf:"initial_nat_ips,omitempty"` + // Configuration for logging on NAT // Structure is documented below. LogConfig *RouterNATLogConfigObservation `json:"logConfig,omitempty" tf:"log_config,omitempty"` @@ -279,6 +292,9 @@ type RouterNATObservation struct { // Self-links of NAT IPs. Only valid if natIpAllocateOption // is set to MANUAL_ONLY. + // If this field is used alongside with a count created list of address resources google_compute_address.foobar.*.self_link, + // the access level resource for the address resource must have a lifecycle block with create_before_destroy = true so + // the number of resources can be increased/decreased without triggering the resourceInUseByAnotherResource error. // +listType=set NATIps []*string `json:"natIps,omitempty" tf:"nat_ips,omitempty"` @@ -370,6 +386,12 @@ type RouterNATParameters struct { // +kubebuilder:validation:Optional IcmpIdleTimeoutSec *float64 `json:"icmpIdleTimeoutSec,omitempty" tf:"icmp_idle_timeout_sec,omitempty"` + // Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. + // Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + // +kubebuilder:validation:Optional + // +listType=set + InitialNATIps []*string `json:"initialNatIps,omitempty" tf:"initial_nat_ips,omitempty"` + // Configuration for logging on NAT // Structure is documented below. // +kubebuilder:validation:Optional @@ -393,6 +415,9 @@ type RouterNATParameters struct { // Self-links of NAT IPs. Only valid if natIpAllocateOption // is set to MANUAL_ONLY. + // If this field is used alongside with a count created list of address resources google_compute_address.foobar.*.self_link, + // the access level resource for the address resource must have a lifecycle block with create_before_destroy = true so + // the number of resources can be increased/decreased without triggering the resourceInUseByAnotherResource error. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Address // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) // +kubebuilder:validation:Optional diff --git a/apis/compute/v1beta2/zz_routerpeer_types.go b/apis/compute/v1beta2/zz_routerpeer_types.go index a524193f1..b48e03944 100755 --- a/apis/compute/v1beta2/zz_routerpeer_types.go +++ b/apis/compute/v1beta2/zz_routerpeer_types.go @@ -109,21 +109,21 @@ type BfdParameters struct { type CustomLearnedIPRangesInitParameters struct { - // The IP range to advertise. The value must be a + // The IP range to learn. The value must be a // CIDR-formatted string. Range *string `json:"range,omitempty" tf:"range,omitempty"` } type CustomLearnedIPRangesObservation struct { - // The IP range to advertise. The value must be a + // The IP range to learn. The value must be a // CIDR-formatted string. Range *string `json:"range,omitempty" tf:"range,omitempty"` } type CustomLearnedIPRangesParameters struct { - // The IP range to advertise. The value must be a + // The IP range to learn. The value must be a // CIDR-formatted string. // +kubebuilder:validation:Optional Range *string `json:"range" tf:"range,omitempty"` @@ -216,8 +216,16 @@ type RouterPeerInitParameters struct { // Structure is documented below. Bfd *BfdInitParameters `json:"bfd,omitempty" tf:"bfd,omitempty"` + // The custom learned route IP address range. Must be a valid CIDR-formatted prefix. + // If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, + // a /32 singular IP address range, and, for IPv6, /128. + // Structure is documented below. CustomLearnedIPRanges []CustomLearnedIPRangesInitParameters `json:"customLearnedIpRanges,omitempty" tf:"custom_learned_ip_ranges,omitempty"` + // The user-defined custom learned route priority for a BGP session. + // This value is applied to all custom learned route ranges for the session. + // You can choose a value from 0 to 65335. If you don't provide a value, + // Google Cloud assigns a priority of 100 to the ranges. CustomLearnedRoutePriority *float64 `json:"customLearnedRoutePriority,omitempty" tf:"custom_learned_route_priority,omitempty"` // The status of the BGP peer connection. If set to false, any active session @@ -353,8 +361,16 @@ type RouterPeerObservation struct { // Structure is documented below. Bfd *BfdObservation `json:"bfd,omitempty" tf:"bfd,omitempty"` + // The custom learned route IP address range. Must be a valid CIDR-formatted prefix. + // If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, + // a /32 singular IP address range, and, for IPv6, /128. + // Structure is documented below. CustomLearnedIPRanges []CustomLearnedIPRangesObservation `json:"customLearnedIpRanges,omitempty" tf:"custom_learned_ip_ranges,omitempty"` + // The user-defined custom learned route priority for a BGP session. + // This value is applied to all custom learned route ranges for the session. + // You can choose a value from 0 to 65335. If you don't provide a value, + // Google Cloud assigns a priority of 100 to the ranges. CustomLearnedRoutePriority *float64 `json:"customLearnedRoutePriority,omitempty" tf:"custom_learned_route_priority,omitempty"` // The status of the BGP peer connection. If set to false, any active session @@ -464,9 +480,17 @@ type RouterPeerParameters struct { // +kubebuilder:validation:Optional Bfd *BfdParameters `json:"bfd,omitempty" tf:"bfd,omitempty"` + // The custom learned route IP address range. Must be a valid CIDR-formatted prefix. + // If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, + // a /32 singular IP address range, and, for IPv6, /128. + // Structure is documented below. // +kubebuilder:validation:Optional CustomLearnedIPRanges []CustomLearnedIPRangesParameters `json:"customLearnedIpRanges,omitempty" tf:"custom_learned_ip_ranges,omitempty"` + // The user-defined custom learned route priority for a BGP session. + // This value is applied to all custom learned route ranges for the session. + // You can choose a value from 0 to 65335. If you don't provide a value, + // Google Cloud assigns a priority of 100 to the ranges. // +kubebuilder:validation:Optional CustomLearnedRoutePriority *float64 `json:"customLearnedRoutePriority,omitempty" tf:"custom_learned_route_priority,omitempty"` diff --git a/apis/compute/v1beta2/zz_securitypolicy_types.go b/apis/compute/v1beta2/zz_securitypolicy_types.go index bb259200a..5b1eeb344 100755 --- a/apis/compute/v1beta2/zz_securitypolicy_types.go +++ b/apis/compute/v1beta2/zz_securitypolicy_types.go @@ -144,6 +144,35 @@ type ConfigParameters struct { SrcIPRanges []*string `json:"srcIpRanges" tf:"src_ip_ranges,omitempty"` } +type EnforceOnKeyConfigsInitParameters struct { + + // Rate limit key name applicable only for the following key types: + EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` + + // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. + EnforceOnKeyType *string `json:"enforceOnKeyType,omitempty" tf:"enforce_on_key_type,omitempty"` +} + +type EnforceOnKeyConfigsObservation struct { + + // Rate limit key name applicable only for the following key types: + EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` + + // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. + EnforceOnKeyType *string `json:"enforceOnKeyType,omitempty" tf:"enforce_on_key_type,omitempty"` +} + +type EnforceOnKeyConfigsParameters struct { + + // Rate limit key name applicable only for the following key types: + // +kubebuilder:validation:Optional + EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` + + // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. + // +kubebuilder:validation:Optional + EnforceOnKeyType *string `json:"enforceOnKeyType,omitempty" tf:"enforce_on_key_type,omitempty"` +} + type ExceedRedirectOptionsInitParameters struct { // Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA. @@ -173,6 +202,78 @@ type ExceedRedirectOptionsParameters struct { Type *string `json:"type" tf:"type,omitempty"` } +type ExclusionInitParameters struct { + + // Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below. + RequestCookie []RequestCookieInitParameters `json:"requestCookie,omitempty" tf:"request_cookie,omitempty"` + + // Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below. + RequestHeader []RequestHeaderInitParameters `json:"requestHeader,omitempty" tf:"request_header,omitempty"` + + // Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below. + RequestQueryParam []RequestQueryParamInitParameters `json:"requestQueryParam,omitempty" tf:"request_query_param,omitempty"` + + // Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below. + RequestURI []RequestURIInitParameters `json:"requestUri,omitempty" tf:"request_uri,omitempty"` + + // A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set. + // +listType=set + TargetRuleIds []*string `json:"targetRuleIds,omitempty" tf:"target_rule_ids,omitempty"` + + // Target WAF rule set to apply the preconfigured WAF exclusion. + TargetRuleSet *string `json:"targetRuleSet,omitempty" tf:"target_rule_set,omitempty"` +} + +type ExclusionObservation struct { + + // Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below. + RequestCookie []RequestCookieObservation `json:"requestCookie,omitempty" tf:"request_cookie,omitempty"` + + // Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below. + RequestHeader []RequestHeaderObservation `json:"requestHeader,omitempty" tf:"request_header,omitempty"` + + // Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below. + RequestQueryParam []RequestQueryParamObservation `json:"requestQueryParam,omitempty" tf:"request_query_param,omitempty"` + + // Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below. + RequestURI []RequestURIObservation `json:"requestUri,omitempty" tf:"request_uri,omitempty"` + + // A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set. + // +listType=set + TargetRuleIds []*string `json:"targetRuleIds,omitempty" tf:"target_rule_ids,omitempty"` + + // Target WAF rule set to apply the preconfigured WAF exclusion. + TargetRuleSet *string `json:"targetRuleSet,omitempty" tf:"target_rule_set,omitempty"` +} + +type ExclusionParameters struct { + + // Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below. + // +kubebuilder:validation:Optional + RequestCookie []RequestCookieParameters `json:"requestCookie,omitempty" tf:"request_cookie,omitempty"` + + // Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below. + // +kubebuilder:validation:Optional + RequestHeader []RequestHeaderParameters `json:"requestHeader,omitempty" tf:"request_header,omitempty"` + + // Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below. + // +kubebuilder:validation:Optional + RequestQueryParam []RequestQueryParamParameters `json:"requestQueryParam,omitempty" tf:"request_query_param,omitempty"` + + // Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below. + // +kubebuilder:validation:Optional + RequestURI []RequestURIParameters `json:"requestUri,omitempty" tf:"request_uri,omitempty"` + + // A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set. + // +kubebuilder:validation:Optional + // +listType=set + TargetRuleIds []*string `json:"targetRuleIds,omitempty" tf:"target_rule_ids,omitempty"` + + // Target WAF rule set to apply the preconfigured WAF exclusion. + // +kubebuilder:validation:Optional + TargetRuleSet *string `json:"targetRuleSet" tf:"target_rule_set,omitempty"` +} + type ExprInitParameters struct { // Textual representation of an expression in Common Expression Language syntax. @@ -255,6 +356,9 @@ type Layer7DdosDefenseConfigInitParameters struct { // Rule visibility can be one of the following: RuleVisibility *string `json:"ruleVisibility,omitempty" tf:"rule_visibility,omitempty"` + + // Configuration options for layer7 adaptive protection for various customizable thresholds. Structure is documented below. + ThresholdConfigs []ThresholdConfigsInitParameters `json:"thresholdConfigs,omitempty" tf:"threshold_configs,omitempty"` } type Layer7DdosDefenseConfigObservation struct { @@ -264,6 +368,9 @@ type Layer7DdosDefenseConfigObservation struct { // Rule visibility can be one of the following: RuleVisibility *string `json:"ruleVisibility,omitempty" tf:"rule_visibility,omitempty"` + + // Configuration options for layer7 adaptive protection for various customizable thresholds. Structure is documented below. + ThresholdConfigs []ThresholdConfigsObservation `json:"thresholdConfigs,omitempty" tf:"threshold_configs,omitempty"` } type Layer7DdosDefenseConfigParameters struct { @@ -275,6 +382,29 @@ type Layer7DdosDefenseConfigParameters struct { // Rule visibility can be one of the following: // +kubebuilder:validation:Optional RuleVisibility *string `json:"ruleVisibility,omitempty" tf:"rule_visibility,omitempty"` + + // Configuration options for layer7 adaptive protection for various customizable thresholds. Structure is documented below. + // +kubebuilder:validation:Optional + ThresholdConfigs []ThresholdConfigsParameters `json:"thresholdConfigs,omitempty" tf:"threshold_configs,omitempty"` +} + +type PreconfiguredWafConfigInitParameters struct { + + // An exclusion to apply during preconfigured WAF evaluation. Structure is documented below. + Exclusion []ExclusionInitParameters `json:"exclusion,omitempty" tf:"exclusion,omitempty"` +} + +type PreconfiguredWafConfigObservation struct { + + // An exclusion to apply during preconfigured WAF evaluation. Structure is documented below. + Exclusion []ExclusionObservation `json:"exclusion,omitempty" tf:"exclusion,omitempty"` +} + +type PreconfiguredWafConfigParameters struct { + + // An exclusion to apply during preconfigured WAF evaluation. Structure is documented below. + // +kubebuilder:validation:Optional + Exclusion []ExclusionParameters `json:"exclusion,omitempty" tf:"exclusion,omitempty"` } type RateLimitOptionsInitParameters struct { @@ -294,6 +424,9 @@ type RateLimitOptionsInitParameters struct { // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. EnforceOnKey *string `json:"enforceOnKey,omitempty" tf:"enforce_on_key,omitempty"` + // If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which rate limit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must be set to an empty string. Structure is documented below. + EnforceOnKeyConfigs []EnforceOnKeyConfigsInitParameters `json:"enforceOnKeyConfigs,omitempty" tf:"enforce_on_key_configs,omitempty"` + // Rate limit key name applicable only for the following key types: EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` @@ -325,6 +458,9 @@ type RateLimitOptionsObservation struct { // Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. EnforceOnKey *string `json:"enforceOnKey,omitempty" tf:"enforce_on_key,omitempty"` + // If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which rate limit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must be set to an empty string. Structure is documented below. + EnforceOnKeyConfigs []EnforceOnKeyConfigsObservation `json:"enforceOnKeyConfigs,omitempty" tf:"enforce_on_key_configs,omitempty"` + // Rate limit key name applicable only for the following key types: EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` @@ -360,6 +496,10 @@ type RateLimitOptionsParameters struct { // +kubebuilder:validation:Optional EnforceOnKey *string `json:"enforceOnKey,omitempty" tf:"enforce_on_key,omitempty"` + // If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which rate limit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must be set to an empty string. Structure is documented below. + // +kubebuilder:validation:Optional + EnforceOnKeyConfigs []EnforceOnKeyConfigsParameters `json:"enforceOnKeyConfigs,omitempty" tf:"enforce_on_key_configs,omitempty"` + // Rate limit key name applicable only for the following key types: // +kubebuilder:validation:Optional EnforceOnKeyName *string `json:"enforceOnKeyName,omitempty" tf:"enforce_on_key_name,omitempty"` @@ -484,6 +624,64 @@ type RedirectOptionsParameters struct { Type *string `json:"type" tf:"type,omitempty"` } +type RequestCookieInitParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestCookieObservation struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestCookieParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + // +kubebuilder:validation:Optional + Operator *string `json:"operator" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestHeaderInitParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestHeaderObservation struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestHeaderParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + // +kubebuilder:validation:Optional + Operator *string `json:"operator" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + type RequestHeadersToAddsInitParameters struct { // The name of the header to set. @@ -513,6 +711,64 @@ type RequestHeadersToAddsParameters struct { HeaderValue *string `json:"headerValue,omitempty" tf:"header_value,omitempty"` } +type RequestQueryParamInitParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestQueryParamObservation struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestQueryParamParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + // +kubebuilder:validation:Optional + Operator *string `json:"operator" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestURIInitParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestURIObservation struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + Operator *string `json:"operator,omitempty" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type RequestURIParameters struct { + + // You can specify an exact match or a partial match by using a field operator and a field value. + // +kubebuilder:validation:Optional + Operator *string `json:"operator" tf:"operator,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + type RuleHeaderActionInitParameters struct { // The list of request headers to add or overwrite if they're already present. Structure is documented below. @@ -547,6 +803,9 @@ type RuleInitParameters struct { // If it evaluates to true, the corresponding action is enforced. Structure is documented below. Match *RuleMatchInitParameters `json:"match,omitempty" tf:"match,omitempty"` + // Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below. + PreconfiguredWafConfig *PreconfiguredWafConfigInitParameters `json:"preconfiguredWafConfig,omitempty" tf:"preconfigured_waf_config,omitempty"` + // When set to true, the action specified above is not enforced. // Stackdriver logs for requests that trigger a preview action are annotated as such. Preview *bool `json:"preview,omitempty" tf:"preview,omitempty"` @@ -644,6 +903,9 @@ type RuleObservation struct { // If it evaluates to true, the corresponding action is enforced. Structure is documented below. Match *RuleMatchObservation `json:"match,omitempty" tf:"match,omitempty"` + // Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below. + PreconfiguredWafConfig *PreconfiguredWafConfigObservation `json:"preconfiguredWafConfig,omitempty" tf:"preconfigured_waf_config,omitempty"` + // When set to true, the action specified above is not enforced. // Stackdriver logs for requests that trigger a preview action are annotated as such. Preview *bool `json:"preview,omitempty" tf:"preview,omitempty"` @@ -678,6 +940,10 @@ type RuleParameters struct { // +kubebuilder:validation:Optional Match *RuleMatchParameters `json:"match" tf:"match,omitempty"` + // Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below. + // +kubebuilder:validation:Optional + PreconfiguredWafConfig *PreconfiguredWafConfigParameters `json:"preconfiguredWafConfig,omitempty" tf:"preconfigured_waf_config,omitempty"` + // When set to true, the action specified above is not enforced. // Stackdriver logs for requests that trigger a preview action are annotated as such. // +kubebuilder:validation:Optional @@ -797,6 +1063,144 @@ type SecurityPolicyParameters struct { Type *string `json:"type,omitempty" tf:"type,omitempty"` } +type ThresholdConfigsInitParameters struct { + + // Confidence threshold above which Adaptive Protection's auto-deploy takes actions. + AutoDeployConfidenceThreshold *float64 `json:"autoDeployConfidenceThreshold,omitempty" tf:"auto_deploy_confidence_threshold,omitempty"` + + // Duration over which Adaptive Protection's auto-deployed actions last. + AutoDeployExpirationSec *float64 `json:"autoDeployExpirationSec,omitempty" tf:"auto_deploy_expiration_sec,omitempty"` + + // Impacted baseline threshold below which Adaptive Protection's auto-deploy takes actions. + AutoDeployImpactedBaselineThreshold *float64 `json:"autoDeployImpactedBaselineThreshold,omitempty" tf:"auto_deploy_impacted_baseline_threshold,omitempty"` + + // Load threshold above which Adaptive Protection automatically deploy threshold based on the backend load threshold and detect a new rule during an alerted attack. + AutoDeployLoadThreshold *float64 `json:"autoDeployLoadThreshold,omitempty" tf:"auto_deploy_load_threshold,omitempty"` + + // Detection threshold based on absolute QPS. + DetectionAbsoluteQPS *float64 `json:"detectionAbsoluteQps,omitempty" tf:"detection_absolute_qps,omitempty"` + + // Detection threshold based on the backend service's load. + DetectionLoadThreshold *float64 `json:"detectionLoadThreshold,omitempty" tf:"detection_load_threshold,omitempty"` + + // Detection threshold based on QPS relative to the average of baseline traffic. + DetectionRelativeToBaselineQPS *float64 `json:"detectionRelativeToBaselineQps,omitempty" tf:"detection_relative_to_baseline_qps,omitempty"` + + // The name of config. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the security policy. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Configuration options for enabling Adaptive Protection to work on the specified service granularity. Structure is documented below. + TrafficGranularityConfigs []TrafficGranularityConfigsInitParameters `json:"trafficGranularityConfigs,omitempty" tf:"traffic_granularity_configs,omitempty"` +} + +type ThresholdConfigsObservation struct { + + // Confidence threshold above which Adaptive Protection's auto-deploy takes actions. + AutoDeployConfidenceThreshold *float64 `json:"autoDeployConfidenceThreshold,omitempty" tf:"auto_deploy_confidence_threshold,omitempty"` + + // Duration over which Adaptive Protection's auto-deployed actions last. + AutoDeployExpirationSec *float64 `json:"autoDeployExpirationSec,omitempty" tf:"auto_deploy_expiration_sec,omitempty"` + + // Impacted baseline threshold below which Adaptive Protection's auto-deploy takes actions. + AutoDeployImpactedBaselineThreshold *float64 `json:"autoDeployImpactedBaselineThreshold,omitempty" tf:"auto_deploy_impacted_baseline_threshold,omitempty"` + + // Load threshold above which Adaptive Protection automatically deploy threshold based on the backend load threshold and detect a new rule during an alerted attack. + AutoDeployLoadThreshold *float64 `json:"autoDeployLoadThreshold,omitempty" tf:"auto_deploy_load_threshold,omitempty"` + + // Detection threshold based on absolute QPS. + DetectionAbsoluteQPS *float64 `json:"detectionAbsoluteQps,omitempty" tf:"detection_absolute_qps,omitempty"` + + // Detection threshold based on the backend service's load. + DetectionLoadThreshold *float64 `json:"detectionLoadThreshold,omitempty" tf:"detection_load_threshold,omitempty"` + + // Detection threshold based on QPS relative to the average of baseline traffic. + DetectionRelativeToBaselineQPS *float64 `json:"detectionRelativeToBaselineQps,omitempty" tf:"detection_relative_to_baseline_qps,omitempty"` + + // The name of config. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the security policy. + Name *string `json:"name,omitempty" tf:"name,omitempty"` + + // Configuration options for enabling Adaptive Protection to work on the specified service granularity. Structure is documented below. + TrafficGranularityConfigs []TrafficGranularityConfigsObservation `json:"trafficGranularityConfigs,omitempty" tf:"traffic_granularity_configs,omitempty"` +} + +type ThresholdConfigsParameters struct { + + // Confidence threshold above which Adaptive Protection's auto-deploy takes actions. + // +kubebuilder:validation:Optional + AutoDeployConfidenceThreshold *float64 `json:"autoDeployConfidenceThreshold,omitempty" tf:"auto_deploy_confidence_threshold,omitempty"` + + // Duration over which Adaptive Protection's auto-deployed actions last. + // +kubebuilder:validation:Optional + AutoDeployExpirationSec *float64 `json:"autoDeployExpirationSec,omitempty" tf:"auto_deploy_expiration_sec,omitempty"` + + // Impacted baseline threshold below which Adaptive Protection's auto-deploy takes actions. + // +kubebuilder:validation:Optional + AutoDeployImpactedBaselineThreshold *float64 `json:"autoDeployImpactedBaselineThreshold,omitempty" tf:"auto_deploy_impacted_baseline_threshold,omitempty"` + + // Load threshold above which Adaptive Protection automatically deploy threshold based on the backend load threshold and detect a new rule during an alerted attack. + // +kubebuilder:validation:Optional + AutoDeployLoadThreshold *float64 `json:"autoDeployLoadThreshold,omitempty" tf:"auto_deploy_load_threshold,omitempty"` + + // Detection threshold based on absolute QPS. + // +kubebuilder:validation:Optional + DetectionAbsoluteQPS *float64 `json:"detectionAbsoluteQps,omitempty" tf:"detection_absolute_qps,omitempty"` + + // Detection threshold based on the backend service's load. + // +kubebuilder:validation:Optional + DetectionLoadThreshold *float64 `json:"detectionLoadThreshold,omitempty" tf:"detection_load_threshold,omitempty"` + + // Detection threshold based on QPS relative to the average of baseline traffic. + // +kubebuilder:validation:Optional + DetectionRelativeToBaselineQPS *float64 `json:"detectionRelativeToBaselineQps,omitempty" tf:"detection_relative_to_baseline_qps,omitempty"` + + // The name of config. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the security policy. + // +kubebuilder:validation:Optional + Name *string `json:"name" tf:"name,omitempty"` + + // Configuration options for enabling Adaptive Protection to work on the specified service granularity. Structure is documented below. + // +kubebuilder:validation:Optional + TrafficGranularityConfigs []TrafficGranularityConfigsParameters `json:"trafficGranularityConfigs,omitempty" tf:"traffic_granularity_configs,omitempty"` +} + +type TrafficGranularityConfigsInitParameters struct { + + // If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty. + EnableEachUniqueValue *bool `json:"enableEachUniqueValue,omitempty" tf:"enable_each_unique_value,omitempty"` + + // Type of the redirect action. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TrafficGranularityConfigsObservation struct { + + // If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty. + EnableEachUniqueValue *bool `json:"enableEachUniqueValue,omitempty" tf:"enable_each_unique_value,omitempty"` + + // Type of the redirect action. + Type *string `json:"type,omitempty" tf:"type,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type TrafficGranularityConfigsParameters struct { + + // If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty. + // +kubebuilder:validation:Optional + EnableEachUniqueValue *bool `json:"enableEachUniqueValue,omitempty" tf:"enable_each_unique_value,omitempty"` + + // Type of the redirect action. + // +kubebuilder:validation:Optional + Type *string `json:"type" tf:"type,omitempty"` + + // Requests that match this value constitute a granular traffic unit. + // +kubebuilder:validation:Optional + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + // SecurityPolicySpec defines the desired state of SecurityPolicy type SecurityPolicySpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/compute/v1beta2/zz_subnetwork_types.go b/apis/compute/v1beta2/zz_subnetwork_types.go index 3a80e36d2..8f502f7f6 100755 --- a/apis/compute/v1beta2/zz_subnetwork_types.go +++ b/apis/compute/v1beta2/zz_subnetwork_types.go @@ -19,13 +19,18 @@ type SecondaryIPRangeInitParameters struct { // range. Provide this property when you create the subnetwork. // Ranges must be unique and non-overlapping with all primary and // secondary IP ranges within a network. Only IPv4 is supported. - IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range"` + // Field is optional when reserved_internal_range is defined, otherwise required. + IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range,omitempty"` // The name associated with this subnetwork secondary range, used // when adding an alias IP range to a VM instance. The name must // be 1-63 characters long, and comply with RFC1035. The name // must be unique within the subnetwork. - RangeName *string `json:"rangeName,omitempty" tf:"range_name"` + RangeName *string `json:"rangeName,omitempty" tf:"range_name,omitempty"` + + // The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + // E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + ReservedInternalRange *string `json:"reservedInternalRange,omitempty" tf:"reserved_internal_range,omitempty"` } type SecondaryIPRangeObservation struct { @@ -34,6 +39,7 @@ type SecondaryIPRangeObservation struct { // range. Provide this property when you create the subnetwork. // Ranges must be unique and non-overlapping with all primary and // secondary IP ranges within a network. Only IPv4 is supported. + // Field is optional when reserved_internal_range is defined, otherwise required. IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range,omitempty"` // The name associated with this subnetwork secondary range, used @@ -41,6 +47,10 @@ type SecondaryIPRangeObservation struct { // be 1-63 characters long, and comply with RFC1035. The name // must be unique within the subnetwork. RangeName *string `json:"rangeName,omitempty" tf:"range_name,omitempty"` + + // The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + // E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + ReservedInternalRange *string `json:"reservedInternalRange,omitempty" tf:"reserved_internal_range,omitempty"` } type SecondaryIPRangeParameters struct { @@ -49,15 +59,21 @@ type SecondaryIPRangeParameters struct { // range. Provide this property when you create the subnetwork. // Ranges must be unique and non-overlapping with all primary and // secondary IP ranges within a network. Only IPv4 is supported. + // Field is optional when reserved_internal_range is defined, otherwise required. // +kubebuilder:validation:Optional - IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range"` + IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range,omitempty"` // The name associated with this subnetwork secondary range, used // when adding an alias IP range to a VM instance. The name must // be 1-63 characters long, and comply with RFC1035. The name // must be unique within the subnetwork. // +kubebuilder:validation:Optional - RangeName *string `json:"rangeName,omitempty" tf:"range_name"` + RangeName *string `json:"rangeName" tf:"range_name,omitempty"` + + // The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + // E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + // +kubebuilder:validation:Optional + ReservedInternalRange *string `json:"reservedInternalRange,omitempty" tf:"reserved_internal_range,omitempty"` } type SubnetworkInitParameters_2 struct { @@ -74,6 +90,7 @@ type SubnetworkInitParameters_2 struct { // Provide this property when you create the subnetwork. For example, // 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and // non-overlapping within a network. Only IPv4 is supported. + // Field is optional when reserved_internal_range is defined, otherwise required. IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range,omitempty"` // The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation @@ -113,15 +130,19 @@ type SubnetworkInitParameters_2 struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + // The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). // A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. // A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. // A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. // A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. // Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. - // If unspecified, the purpose defaults to PRIVATE_RFC_1918. + // If unspecified, the purpose defaults to PRIVATE. Purpose *string `json:"purpose,omitempty" tf:"purpose,omitempty"` + // The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + // E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + ReservedInternalRange *string `json:"reservedInternalRange,omitempty" tf:"reserved_internal_range,omitempty"` + // The role of subnetwork. // Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. // The value can be set to ACTIVE or BACKUP. @@ -290,6 +311,7 @@ type SubnetworkObservation_2 struct { // Provide this property when you create the subnetwork. For example, // 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and // non-overlapping within a network. Only IPv4 is supported. + // Field is optional when reserved_internal_range is defined, otherwise required. IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range,omitempty"` // The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation @@ -326,18 +348,22 @@ type SubnetworkObservation_2 struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + // The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). // A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. // A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. // A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. // A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. // Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. - // If unspecified, the purpose defaults to PRIVATE_RFC_1918. + // If unspecified, the purpose defaults to PRIVATE. Purpose *string `json:"purpose,omitempty" tf:"purpose,omitempty"` // The GCP region for this subnetwork. Region *string `json:"region,omitempty" tf:"region,omitempty"` + // The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + // E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + ReservedInternalRange *string `json:"reservedInternalRange,omitempty" tf:"reserved_internal_range,omitempty"` + // The role of subnetwork. // Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. // The value can be set to ACTIVE or BACKUP. @@ -371,6 +397,9 @@ type SubnetworkObservation_2 struct { // If not specified IPV4_ONLY will be used. // Possible values are: IPV4_ONLY, IPV4_IPV6. StackType *string `json:"stackType,omitempty" tf:"stack_type,omitempty"` + + // The unique identifier number for the resource. This identifier is defined by the server. + SubnetworkID *float64 `json:"subnetworkId,omitempty" tf:"subnetwork_id,omitempty"` } type SubnetworkParameters_2 struct { @@ -389,6 +418,7 @@ type SubnetworkParameters_2 struct { // Provide this property when you create the subnetwork. For example, // 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and // non-overlapping within a network. Only IPv4 is supported. + // Field is optional when reserved_internal_range is defined, otherwise required. // +kubebuilder:validation:Optional IPCidrRange *string `json:"ipCidrRange,omitempty" tf:"ip_cidr_range,omitempty"` @@ -435,13 +465,13 @@ type SubnetworkParameters_2 struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` - // The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + // The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). // A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. // A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. // A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. // A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. // Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. - // If unspecified, the purpose defaults to PRIVATE_RFC_1918. + // If unspecified, the purpose defaults to PRIVATE. // +kubebuilder:validation:Optional Purpose *string `json:"purpose,omitempty" tf:"purpose,omitempty"` @@ -449,6 +479,11 @@ type SubnetworkParameters_2 struct { // +kubebuilder:validation:Required Region *string `json:"region" tf:"region,omitempty"` + // The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + // E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + // +kubebuilder:validation:Optional + ReservedInternalRange *string `json:"reservedInternalRange,omitempty" tf:"reserved_internal_range,omitempty"` + // The role of subnetwork. // Currently, this field is only used when purpose is REGIONAL_MANAGED_PROXY. // The value can be set to ACTIVE or BACKUP. @@ -520,9 +555,8 @@ type SubnetworkStatus struct { type Subnetwork struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.ipCidrRange) || (has(self.initProvider) && has(self.initProvider.ipCidrRange))",message="spec.forProvider.ipCidrRange is a required parameter" - Spec SubnetworkSpec `json:"spec"` - Status SubnetworkStatus `json:"status,omitempty"` + Spec SubnetworkSpec `json:"spec"` + Status SubnetworkStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml b/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml index f8710e2c1..c0c69ba1c 100644 --- a/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml +++ b/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml @@ -13,7 +13,7 @@ spec: testing.upbound.io/example-name: folder firewallPolicySelector: matchLabels: - testing.upbound.io/example-name: default + testing.upbound.io/example-name: policy name: my-association --- @@ -24,10 +24,28 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/firewallpolicyassociation labels: - testing.upbound.io/example-name: default - name: default + testing.upbound.io/example-name: policy + name: policy spec: forProvider: description: Example Resource - parent: organizations/12345 + parent: organizations/123456789 shortName: my-policy + +--- + +apiVersion: cloudplatform.gcp.upbound.io/v1beta1 +kind: Folder +metadata: + annotations: + meta.upbound.io/example-id: compute/v1beta1/firewallpolicyassociation + labels: + testing.upbound.io/example-name: folder + name: folder +spec: + forProvider: + deletionProtection: false + displayName: my-folder + parentSelector: + matchLabels: + testing.upbound.io/example-name: example diff --git a/examples-generated/compute/v1beta1/instancegroupnamedport.yaml b/examples-generated/compute/v1beta1/instancegroupnamedport.yaml index 9cc90970a..4127d2230 100644 --- a/examples-generated/compute/v1beta1/instancegroupnamedport.yaml +++ b/examples-generated/compute/v1beta1/instancegroupnamedport.yaml @@ -57,7 +57,7 @@ metadata: name: my-cluster spec: forProvider: - deletionProtection: "true" + deletionProtection: true initialNodeCount: 1 ipAllocationPolicy: - clusterIpv4CidrBlock: /19 diff --git a/examples-generated/compute/v1beta1/networkfirewallpolicyassociation.yaml b/examples-generated/compute/v1beta1/networkfirewallpolicyassociation.yaml index 5482185fb..9eb07a00c 100644 --- a/examples-generated/compute/v1beta1/networkfirewallpolicyassociation.yaml +++ b/examples-generated/compute/v1beta1/networkfirewallpolicyassociation.yaml @@ -4,8 +4,8 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/networkfirewallpolicyassociation labels: - testing.upbound.io/example-name: primary - name: primary + testing.upbound.io/example-name: default + name: default spec: forProvider: attachmentTargetSelector: @@ -13,7 +13,7 @@ spec: testing.upbound.io/example-name: network firewallPolicySelector: matchLabels: - testing.upbound.io/example-name: network_firewall_policy + testing.upbound.io/example-name: policy project: my-project-name --- @@ -27,7 +27,8 @@ metadata: testing.upbound.io/example-name: network name: network spec: - forProvider: {} + forProvider: + autoCreateSubnetworks: false --- @@ -37,8 +38,8 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/networkfirewallpolicyassociation labels: - testing.upbound.io/example-name: network_firewall_policy - name: network-firewall-policy + testing.upbound.io/example-name: policy + name: policy spec: forProvider: description: Sample global network firewall policy diff --git a/examples-generated/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml b/examples-generated/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml index cb4f604d5..cf23edfca 100644 --- a/examples-generated/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml +++ b/examples-generated/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml @@ -4,16 +4,16 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/regionnetworkfirewallpolicyassociation labels: - testing.upbound.io/example-name: primary - name: primary + testing.upbound.io/example-name: default + name: default spec: forProvider: attachmentTargetSelector: matchLabels: - testing.upbound.io/example-name: basic_network + testing.upbound.io/example-name: network firewallPolicySelector: matchLabels: - testing.upbound.io/example-name: basic_regional_network_firewall_policy + testing.upbound.io/example-name: policy project: my-project-name region: us-west1 @@ -25,10 +25,11 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/regionnetworkfirewallpolicyassociation labels: - testing.upbound.io/example-name: basic_network - name: basic-network + testing.upbound.io/example-name: network + name: network spec: - forProvider: {} + forProvider: + autoCreateSubnetworks: false --- @@ -38,8 +39,8 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta1/regionnetworkfirewallpolicyassociation labels: - testing.upbound.io/example-name: basic_regional_network_firewall_policy - name: basic-regional-network-firewall-policy + testing.upbound.io/example-name: policy + name: policy spec: forProvider: description: Sample global network firewall policy diff --git a/examples-generated/compute/v1beta2/firewallpolicyrule.yaml b/examples-generated/compute/v1beta2/firewallpolicyrule.yaml index 145a149d5..b06345ea1 100644 --- a/examples-generated/compute/v1beta2/firewallpolicyrule.yaml +++ b/examples-generated/compute/v1beta2/firewallpolicyrule.yaml @@ -4,8 +4,8 @@ metadata: annotations: meta.upbound.io/example-id: compute/v1beta2/firewallpolicyrule labels: - testing.upbound.io/example-name: primary - name: primary + testing.upbound.io/example-name: policy_rule + name: policy-rule spec: forProvider: action: allow @@ -66,7 +66,8 @@ metadata: name: folder spec: forProvider: - displayName: policy + deletionProtection: false + displayName: folder parentSelector: matchLabels: testing.upbound.io/example-name: example diff --git a/examples-generated/compute/v1beta2/image.yaml b/examples-generated/compute/v1beta2/image.yaml index cbc3c2a26..6cee6ba2c 100644 --- a/examples-generated/compute/v1beta2/image.yaml +++ b/examples-generated/compute/v1beta2/image.yaml @@ -8,5 +8,23 @@ metadata: name: example spec: forProvider: - rawDisk: - - source: https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz + sourceDiskSelector: + matchLabels: + testing.upbound.io/example-name: persistent + +--- + +apiVersion: compute.gcp.upbound.io/v1beta2 +kind: Disk +metadata: + annotations: + meta.upbound.io/example-id: compute/v1beta2/image + labels: + testing.upbound.io/example-name: persistent + name: persistent +spec: + forProvider: + image: ${data.google_compute_image.debian.self_link} + size: 10 + type: pd-ssd + zone: us-central1-a diff --git a/examples/compute/v1beta1/firewallpolicyassociation.yaml b/examples/compute/v1beta1/firewallpolicyassociation.yaml index dbfcf0983..337050a72 100644 --- a/examples/compute/v1beta1/firewallpolicyassociation.yaml +++ b/examples/compute/v1beta1/firewallpolicyassociation.yaml @@ -51,5 +51,6 @@ metadata: name: firewall-policy-assoc spec: forProvider: + deletionPolicy: false displayName: firewall-policy-assoc parent: organizations/1234567 diff --git a/examples/compute/v1beta1/instancegroupnamedport.yaml b/examples/compute/v1beta1/instancegroupnamedport.yaml index 0f3dc8088..e1f2a53fe 100644 --- a/examples/compute/v1beta1/instancegroupnamedport.yaml +++ b/examples/compute/v1beta1/instancegroupnamedport.yaml @@ -67,6 +67,7 @@ metadata: name: instance-group-named-port spec: forProvider: + deletionProtection: false initialNodeCount: 1 ipAllocationPolicy: - clusterIpv4CidrBlock: /19 diff --git a/examples/compute/v1beta1/networkfirewallpolicyassociation.yaml b/examples/compute/v1beta1/networkfirewallpolicyassociation.yaml index 2d08536c8..dbae67ef1 100644 --- a/examples/compute/v1beta1/networkfirewallpolicyassociation.yaml +++ b/examples/compute/v1beta1/networkfirewallpolicyassociation.yaml @@ -30,8 +30,8 @@ metadata: testing.upbound.io/example-name: network name: network spec: - forProvider: {} - + forProvider: + autoCreateSubnetworks: false --- apiVersion: compute.gcp.upbound.io/v1beta1 diff --git a/examples/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml b/examples/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml index 30988438f..24549a958 100644 --- a/examples/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml +++ b/examples/compute/v1beta1/regionnetworkfirewallpolicyassociation.yaml @@ -31,7 +31,8 @@ metadata: testing.upbound.io/example-name: basic_network name: basic-network spec: - forProvider: {} + forProvider: + autoCreateSubnetworks: false --- diff --git a/package/crds/compute.gcp.upbound.io_attacheddisks.yaml b/package/crds/compute.gcp.upbound.io_attacheddisks.yaml index fdf1d3d35..b683e947f 100644 --- a/package/crds/compute.gcp.upbound.io_attacheddisks.yaml +++ b/package/crds/compute.gcp.upbound.io_attacheddisks.yaml @@ -239,6 +239,9 @@ spec: type: string type: object type: object + interface: + description: The disk interface used for attaching this disk. + type: string mode: description: |- The mode in which to attach this disk, either READ_WRITE or @@ -435,6 +438,9 @@ spec: type: string type: object type: object + interface: + description: The disk interface used for attaching this disk. + type: string mode: description: |- The mode in which to attach this disk, either READ_WRITE or @@ -645,6 +651,9 @@ spec: self link. If only the name is used then zone and project must be defined as properties on the resource or provider. type: string + interface: + description: The disk interface used for attaching this disk. + type: string mode: description: |- The mode in which to attach this disk, either READ_WRITE or diff --git a/package/crds/compute.gcp.upbound.io_autoscalers.yaml b/package/crds/compute.gcp.upbound.io_autoscalers.yaml index 21512a1fe..5fc46977b 100644 --- a/package/crds/compute.gcp.upbound.io_autoscalers.yaml +++ b/package/crds/compute.gcp.upbound.io_autoscalers.yaml @@ -1179,7 +1179,7 @@ spec: properties: maxScaledInReplicas: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: fixed: @@ -1442,7 +1442,7 @@ spec: properties: maxScaledInReplicas: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: fixed: @@ -1864,7 +1864,7 @@ spec: properties: maxScaledInReplicas: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: fixed: diff --git a/package/crds/compute.gcp.upbound.io_backendservices.yaml b/package/crds/compute.gcp.upbound.io_backendservices.yaml index 68edfc343..1c27d4f4c 100644 --- a/package/crds/compute.gcp.upbound.io_backendservices.yaml +++ b/package/crds/compute.gcp.upbound.io_backendservices.yaml @@ -2926,7 +2926,6 @@ spec: and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. type: string @@ -3205,8 +3204,8 @@ spec: type: number ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. type: number type: object type: array @@ -3293,23 +3292,15 @@ spec: Structure is documented below. properties: name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. properties: nanos: description: |- @@ -3462,6 +3453,10 @@ spec: Settings for enabling Cloud Identity Aware Proxy Structure is documented below. properties: + enabled: + description: Whether the serving infrastructure will authenticate + and authorize all incoming requests. + type: boolean oauth2ClientId: description: OAuth2 Client ID for IAP type: string @@ -3485,6 +3480,11 @@ spec: - namespace type: object type: object + ipAddressSelectionPolicy: + description: |- + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + type: string loadBalancingScheme: description: |- Indicates whether the backend service will be used with internal or @@ -3517,15 +3517,7 @@ spec: by a locally installed custom policy implementation. type: string name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string type: object policy: @@ -3534,15 +3526,7 @@ spec: Structure is documented below. properties: name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string type: object type: object @@ -3575,8 +3559,6 @@ spec: Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - From version 6.0. - Default values are enforce by GCP without providing them. Structure is documented below. properties: baseEjectionTime: @@ -3775,8 +3757,38 @@ spec: description: |- Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. type: string + strongSessionAffinityCookie: + description: |- + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: |- + Lifetime of the cookie. + Structure is documented below. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: number + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: number + type: object + type: object timeoutSec: description: |- The backend service timeout has a different meaning depending on the type of load balancer. @@ -3820,7 +3832,6 @@ spec: and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. type: string @@ -4099,8 +4110,8 @@ spec: type: number ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. type: number type: object type: array @@ -4187,23 +4198,15 @@ spec: Structure is documented below. properties: name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. properties: nanos: description: |- @@ -4356,6 +4359,10 @@ spec: Settings for enabling Cloud Identity Aware Proxy Structure is documented below. properties: + enabled: + description: Whether the serving infrastructure will authenticate + and authorize all incoming requests. + type: boolean oauth2ClientId: description: OAuth2 Client ID for IAP type: string @@ -4378,9 +4385,12 @@ spec: - name - namespace type: object - required: - - oauth2ClientSecretSecretRef type: object + ipAddressSelectionPolicy: + description: |- + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + type: string loadBalancingScheme: description: |- Indicates whether the backend service will be used with internal or @@ -4413,15 +4423,7 @@ spec: by a locally installed custom policy implementation. type: string name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string type: object policy: @@ -4430,15 +4432,7 @@ spec: Structure is documented below. properties: name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string type: object type: object @@ -4471,8 +4465,6 @@ spec: Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - From version 6.0. - Default values are enforce by GCP without providing them. Structure is documented below. properties: baseEjectionTime: @@ -4671,8 +4663,38 @@ spec: description: |- Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. type: string + strongSessionAffinityCookie: + description: |- + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: |- + Lifetime of the cookie. + Structure is documented below. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: number + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: number + type: object + type: object timeoutSec: description: |- The backend service timeout has a different meaning depending on the type of load balancer. @@ -4875,7 +4897,6 @@ spec: and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. type: string @@ -5078,8 +5099,8 @@ spec: type: number ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. type: number type: object type: array @@ -5166,23 +5187,15 @@ spec: Structure is documented below. properties: name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. properties: nanos: description: |- @@ -5268,6 +5281,10 @@ spec: Settings for enabling Cloud Identity Aware Proxy Structure is documented below. properties: + enabled: + description: Whether the serving infrastructure will authenticate + and authorize all incoming requests. + type: boolean oauth2ClientId: description: OAuth2 Client ID for IAP type: string @@ -5275,6 +5292,11 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/global/backendServices/{{name}} type: string + ipAddressSelectionPolicy: + description: |- + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + type: string loadBalancingScheme: description: |- Indicates whether the backend service will be used with internal or @@ -5307,15 +5329,7 @@ spec: by a locally installed custom policy implementation. type: string name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string type: object policy: @@ -5324,15 +5338,7 @@ spec: Structure is documented below. properties: name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - This field should only be populated when the customPolicy field is not - used. - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - The possible values are: + description: Name of the cookie. type: string type: object type: object @@ -5365,8 +5371,6 @@ spec: Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - From version 6.0. - Default values are enforce by GCP without providing them. Structure is documented below. properties: baseEjectionTime: @@ -5548,8 +5552,38 @@ spec: description: |- Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. type: string + strongSessionAffinityCookie: + description: |- + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: |- + Lifetime of the cookie. + Structure is documented below. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: number + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: number + type: object + type: object timeoutSec: description: |- The backend service timeout has a different meaning depending on the type of load balancer. diff --git a/package/crds/compute.gcp.upbound.io_disks.yaml b/package/crds/compute.gcp.upbound.io_disks.yaml index b020d73dd..51f941198 100644 --- a/package/crds/compute.gcp.upbound.io_disks.yaml +++ b/package/crds/compute.gcp.upbound.io_disks.yaml @@ -1335,7 +1335,7 @@ spec: type: string asyncPrimaryDisk: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: disk: @@ -1634,7 +1634,7 @@ spec: type: object storagePool: description: |- - The URL of the storage pool in which the new disk is created. + The URL or the name of the storage pool in which the new disk is created. For example: type: string type: @@ -1668,7 +1668,7 @@ spec: type: string asyncPrimaryDisk: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: disk: @@ -1967,7 +1967,7 @@ spec: type: object storagePool: description: |- - The URL of the storage pool in which the new disk is created. + The URL or the name of the storage pool in which the new disk is created. For example: type: string type: @@ -2155,7 +2155,7 @@ spec: type: string asyncPrimaryDisk: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: disk: @@ -2410,7 +2410,7 @@ spec: type: string storagePool: description: |- - The URL of the storage pool in which the new disk is created. + The URL or the name of the storage pool in which the new disk is created. For example: type: string terraformLabels: diff --git a/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml b/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml index b7987514c..562e6e69a 100644 --- a/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml +++ b/package/crds/compute.gcp.upbound.io_externalvpngateways.yaml @@ -94,6 +94,15 @@ spec: your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. type: string + ipv6Address: + description: |- + IPv6 address of the interface in the external VPN gateway. This IPv6 + address can be either from your on-premise gateway or another Cloud + provider's VPN gateway, it cannot be an IP address from Google Compute + Engine. Must specify an IPv6 address (not IPV4-mapped) using any format + described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format + is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). + type: string type: object type: array labels: @@ -150,6 +159,15 @@ spec: your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. type: string + ipv6Address: + description: |- + IPv6 address of the interface in the external VPN gateway. This IPv6 + address can be either from your on-premise gateway or another Cloud + provider's VPN gateway, it cannot be an IP address from Google Compute + Engine. Must specify an IPv6 address (not IPV4-mapped) using any format + described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format + is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). + type: string type: object type: array labels: @@ -373,6 +391,15 @@ spec: your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. type: string + ipv6Address: + description: |- + IPv6 address of the interface in the external VPN gateway. This IPv6 + address can be either from your on-premise gateway or another Cloud + provider's VPN gateway, it cannot be an IP address from Google Compute + Engine. Must specify an IPv6 address (not IPV4-mapped) using any format + described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format + is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). + type: string type: object type: array labelFingerprint: diff --git a/package/crds/compute.gcp.upbound.io_firewallpolicyassociations.yaml b/package/crds/compute.gcp.upbound.io_firewallpolicyassociations.yaml index 5b11a4dfc..d226b8f62 100644 --- a/package/crds/compute.gcp.upbound.io_firewallpolicyassociations.yaml +++ b/package/crds/compute.gcp.upbound.io_firewallpolicyassociations.yaml @@ -35,7 +35,8 @@ spec: schema: openAPIV3Schema: description: FirewallPolicyAssociation is the Schema for the FirewallPolicyAssociations - API. Applies a hierarchical firewall policy to a target resource + API. Allows associating hierarchical firewall policies with the target where + they are applied. properties: apiVersion: description: |- @@ -154,7 +155,7 @@ spec: type: object type: object firewallPolicy: - description: The firewall policy ID of the association. + description: The firewall policy of the resource. type: string firewallPolicyRef: description: Reference to a FirewallPolicy in compute to populate @@ -329,7 +330,7 @@ spec: type: object type: object firewallPolicy: - description: The firewall policy ID of the association. + description: The firewall policy of the resource. type: string firewallPolicyRef: description: Reference to a FirewallPolicy in compute to populate @@ -593,7 +594,7 @@ spec: description: The target that the firewall policy is attached to. type: string firewallPolicy: - description: The firewall policy ID of the association. + description: The firewall policy of the resource. type: string id: description: an identifier for the resource with format locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}} diff --git a/package/crds/compute.gcp.upbound.io_firewallpolicyrules.yaml b/package/crds/compute.gcp.upbound.io_firewallpolicyrules.yaml index ea1ad1136..cf1a6cf01 100644 --- a/package/crds/compute.gcp.upbound.io_firewallpolicyrules.yaml +++ b/package/crds/compute.gcp.upbound.io_firewallpolicyrules.yaml @@ -987,7 +987,9 @@ spec: schema: openAPIV3Schema: description: FirewallPolicyRule is the Schema for the FirewallPolicyRules - API. The Compute FirewallPolicyRule resource + API. Represents a rule that describes one or more match conditions along + with the action to be taken when traffic matches this condition (allow or + deny). properties: apiVersion: description: |- @@ -1034,20 +1036,22 @@ spec: description: An optional description for this resource. type: string direction: - description: 'The direction in which this rule applies. Possible - values: INGRESS, EGRESS' + description: |- + The direction in which this rule applies. + Possible values are: INGRESS, EGRESS. type: string disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and - traffic behaves as if it did not exist. If this is unspecified, - the firewall policy rule will be enabled. + description: |- + Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + If this is unspecified, the firewall policy rule will be enabled. type: boolean enableLogging: - description: 'Denotes whether to enable logging for a particular - rule. If logging is enabled, logs will be exported to the configured - export destination in Stackdriver. Logs may be exported to BigQuery - or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + Logs may be exported to BigQuery or Pub/Sub. + Note: you cannot enable logging on "goto_next" rules. type: boolean firewallPolicy: description: The firewall policy of the resource. @@ -1129,55 +1133,55 @@ spec: type: object type: object match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' - is enforced. + description: |- + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. properties: destAddressGroups: description: Address groups which should be matched against the traffic destination. Maximum number of destination address - groups is 10. Destination address groups is only supported - in Egress rules. + groups is 10. items: type: string type: array destFqdns: - description: Domain names that will be used to match against - the resolved domain name of destination of traffic. Can - only be specified if DIRECTION is egress. + description: Fully Qualified Domain Name (FQDN) which should + be matched against traffic destination. Maximum number of + destination fqdn allowed is 100. items: type: string type: array destIpRanges: description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + CIDR IP ranges allowed is 5000. items: type: string type: array destRegionCodes: - description: The Unicode country codes whose IP addresses - will be used to match against the source of traffic. Can - only be specified if DIRECTION is egress. + description: Region codes whose IP addresses will be used + to match for destination of traffic. Should be specified + as 2 letter country code defined as per ISO 3166 alpha-2 + country codes. ex."US" Maximum number of dest region codes + allowed is 5000. items: type: string type: array destThreatIntelligences: - description: Name of the Google Cloud Threat Intelligence - list. + description: Names of Network Threat Intelligence lists. The + IPs in these lists will be matched against traffic destination. items: type: string type: array layer4Configs: - description: Pairs of IP protocols and ports that the rule - should match. + description: |- + Pairs of IP protocols and ports that the rule should match. + Structure is documented below. items: properties: ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following - well known protocol strings (tcp, udp, icmp, esp, - ah, ipip, sctp), or the IP protocol number. + description: |- + The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. type: string ports: description: An optional list of ports to which this @@ -1193,55 +1197,56 @@ spec: srcAddressGroups: description: Address groups which should be matched against the traffic source. Maximum number of source address groups - is 10. Source address groups is only supported in Ingress - rules. + is 10. items: type: string type: array srcFqdns: - description: Domain names that will be used to match against - the resolved domain name of source of traffic. Can only - be specified if DIRECTION is ingress. + description: Fully Qualified Domain Name (FQDN) which should + be matched against traffic source. Maximum number of source + fqdn allowed is 100. items: type: string type: array srcIpRanges: description: CIDR IP address range. Maximum number of source - CIDR IP ranges allowed is 256. + CIDR IP ranges allowed is 5000. items: type: string type: array srcRegionCodes: - description: The Unicode country codes whose IP addresses - will be used to match against the source of traffic. Can - only be specified if DIRECTION is ingress. + description: Region codes whose IP addresses will be used + to match for source of traffic. Should be specified as 2 + letter country code defined as per ISO 3166 alpha-2 country + codes. ex."US" Maximum number of source region codes allowed + is 5000. items: type: string type: array srcThreatIntelligences: - description: Name of the Google Cloud Threat Intelligence - list. + description: Names of Network Threat Intelligence lists. The + IPs in these lists will be matched against traffic source. items: type: string type: array type: object priority: - description: An integer indicating the priority of a rule in the - list. The priority must be a positive value between 0 and 2147483647. - Rules are evaluated from highest to lowest priority where 0 - is the highest priority and 2147483647 is the lowest prority. + description: |- + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. type: number securityProfileGroup: - description: 'A fully-qualified URL of a SecurityProfileGroup - resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. - It must be specified if action = ''apply_security_profile_group'' - and cannot be specified for other actions.' + description: |- + A fully-qualified URL of a SecurityProfile resource instance. + Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. type: string targetResources: - description: A list of network resource URLs to which this rule - applies. This field allows you to control which network's VMs - get this rule. If this field is left blank, all VMs within the - organization will receive the rule. + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get this rule. + If this field is left blank, all VMs within the organization will receive the rule. items: type: string type: array @@ -1252,9 +1257,9 @@ spec: type: string type: array tlsInspect: - description: Boolean flag indicating if the traffic should be - TLS decrypted. It can be set only if action = 'apply_security_profile_group' - and cannot be set for other actions. + description: |- + Boolean flag indicating if the traffic should be TLS decrypted. + Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. type: boolean type: object initProvider: @@ -1279,20 +1284,22 @@ spec: description: An optional description for this resource. type: string direction: - description: 'The direction in which this rule applies. Possible - values: INGRESS, EGRESS' + description: |- + The direction in which this rule applies. + Possible values are: INGRESS, EGRESS. type: string disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and - traffic behaves as if it did not exist. If this is unspecified, - the firewall policy rule will be enabled. + description: |- + Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + If this is unspecified, the firewall policy rule will be enabled. type: boolean enableLogging: - description: 'Denotes whether to enable logging for a particular - rule. If logging is enabled, logs will be exported to the configured - export destination in Stackdriver. Logs may be exported to BigQuery - or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + Logs may be exported to BigQuery or Pub/Sub. + Note: you cannot enable logging on "goto_next" rules. type: boolean firewallPolicy: description: The firewall policy of the resource. @@ -1374,55 +1381,55 @@ spec: type: object type: object match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' - is enforced. + description: |- + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. properties: destAddressGroups: description: Address groups which should be matched against the traffic destination. Maximum number of destination address - groups is 10. Destination address groups is only supported - in Egress rules. + groups is 10. items: type: string type: array destFqdns: - description: Domain names that will be used to match against - the resolved domain name of destination of traffic. Can - only be specified if DIRECTION is egress. + description: Fully Qualified Domain Name (FQDN) which should + be matched against traffic destination. Maximum number of + destination fqdn allowed is 100. items: type: string type: array destIpRanges: description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + CIDR IP ranges allowed is 5000. items: type: string type: array destRegionCodes: - description: The Unicode country codes whose IP addresses - will be used to match against the source of traffic. Can - only be specified if DIRECTION is egress. + description: Region codes whose IP addresses will be used + to match for destination of traffic. Should be specified + as 2 letter country code defined as per ISO 3166 alpha-2 + country codes. ex."US" Maximum number of dest region codes + allowed is 5000. items: type: string type: array destThreatIntelligences: - description: Name of the Google Cloud Threat Intelligence - list. + description: Names of Network Threat Intelligence lists. The + IPs in these lists will be matched against traffic destination. items: type: string type: array layer4Configs: - description: Pairs of IP protocols and ports that the rule - should match. + description: |- + Pairs of IP protocols and ports that the rule should match. + Structure is documented below. items: properties: ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following - well known protocol strings (tcp, udp, icmp, esp, - ah, ipip, sctp), or the IP protocol number. + description: |- + The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. type: string ports: description: An optional list of ports to which this @@ -1438,55 +1445,56 @@ spec: srcAddressGroups: description: Address groups which should be matched against the traffic source. Maximum number of source address groups - is 10. Source address groups is only supported in Ingress - rules. + is 10. items: type: string type: array srcFqdns: - description: Domain names that will be used to match against - the resolved domain name of source of traffic. Can only - be specified if DIRECTION is ingress. + description: Fully Qualified Domain Name (FQDN) which should + be matched against traffic source. Maximum number of source + fqdn allowed is 100. items: type: string type: array srcIpRanges: description: CIDR IP address range. Maximum number of source - CIDR IP ranges allowed is 256. + CIDR IP ranges allowed is 5000. items: type: string type: array srcRegionCodes: - description: The Unicode country codes whose IP addresses - will be used to match against the source of traffic. Can - only be specified if DIRECTION is ingress. + description: Region codes whose IP addresses will be used + to match for source of traffic. Should be specified as 2 + letter country code defined as per ISO 3166 alpha-2 country + codes. ex."US" Maximum number of source region codes allowed + is 5000. items: type: string type: array srcThreatIntelligences: - description: Name of the Google Cloud Threat Intelligence - list. + description: Names of Network Threat Intelligence lists. The + IPs in these lists will be matched against traffic source. items: type: string type: array type: object priority: - description: An integer indicating the priority of a rule in the - list. The priority must be a positive value between 0 and 2147483647. - Rules are evaluated from highest to lowest priority where 0 - is the highest priority and 2147483647 is the lowest prority. + description: |- + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. type: number securityProfileGroup: - description: 'A fully-qualified URL of a SecurityProfileGroup - resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. - It must be specified if action = ''apply_security_profile_group'' - and cannot be specified for other actions.' + description: |- + A fully-qualified URL of a SecurityProfile resource instance. + Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. type: string targetResources: - description: A list of network resource URLs to which this rule - applies. This field allows you to control which network's VMs - get this rule. If this field is left blank, all VMs within the - organization will receive the rule. + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get this rule. + If this field is left blank, all VMs within the organization will receive the rule. items: type: string type: array @@ -1497,9 +1505,9 @@ spec: type: string type: array tlsInspect: - description: Boolean flag indicating if the traffic should be - TLS decrypted. It can be set only if action = 'apply_security_profile_group' - and cannot be set for other actions. + description: |- + Boolean flag indicating if the traffic should be TLS decrypted. + Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. type: boolean type: object managementPolicies: @@ -1696,24 +1704,29 @@ spec: triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group". type: string + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string description: description: An optional description for this resource. type: string direction: - description: 'The direction in which this rule applies. Possible - values: INGRESS, EGRESS' + description: |- + The direction in which this rule applies. + Possible values are: INGRESS, EGRESS. type: string disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and - traffic behaves as if it did not exist. If this is unspecified, - the firewall policy rule will be enabled. + description: |- + Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + If this is unspecified, the firewall policy rule will be enabled. type: boolean enableLogging: - description: 'Denotes whether to enable logging for a particular - rule. If logging is enabled, logs will be exported to the configured - export destination in Stackdriver. Logs may be exported to BigQuery - or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + Logs may be exported to BigQuery or Pub/Sub. + Note: you cannot enable logging on "goto_next" rules. type: boolean firewallPolicy: description: The firewall policy of the resource. @@ -1726,55 +1739,55 @@ spec: for firewall policy rules type: string match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' - is enforced. + description: |- + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. properties: destAddressGroups: description: Address groups which should be matched against the traffic destination. Maximum number of destination address - groups is 10. Destination address groups is only supported - in Egress rules. + groups is 10. items: type: string type: array destFqdns: - description: Domain names that will be used to match against - the resolved domain name of destination of traffic. Can - only be specified if DIRECTION is egress. + description: Fully Qualified Domain Name (FQDN) which should + be matched against traffic destination. Maximum number of + destination fqdn allowed is 100. items: type: string type: array destIpRanges: description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + CIDR IP ranges allowed is 5000. items: type: string type: array destRegionCodes: - description: The Unicode country codes whose IP addresses - will be used to match against the source of traffic. Can - only be specified if DIRECTION is egress. + description: Region codes whose IP addresses will be used + to match for destination of traffic. Should be specified + as 2 letter country code defined as per ISO 3166 alpha-2 + country codes. ex."US" Maximum number of dest region codes + allowed is 5000. items: type: string type: array destThreatIntelligences: - description: Name of the Google Cloud Threat Intelligence - list. + description: Names of Network Threat Intelligence lists. The + IPs in these lists will be matched against traffic destination. items: type: string type: array layer4Configs: - description: Pairs of IP protocols and ports that the rule - should match. + description: |- + Pairs of IP protocols and ports that the rule should match. + Structure is documented below. items: properties: ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following - well known protocol strings (tcp, udp, icmp, esp, - ah, ipip, sctp), or the IP protocol number. + description: |- + The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. type: string ports: description: An optional list of ports to which this @@ -1790,59 +1803,60 @@ spec: srcAddressGroups: description: Address groups which should be matched against the traffic source. Maximum number of source address groups - is 10. Source address groups is only supported in Ingress - rules. + is 10. items: type: string type: array srcFqdns: - description: Domain names that will be used to match against - the resolved domain name of source of traffic. Can only - be specified if DIRECTION is ingress. + description: Fully Qualified Domain Name (FQDN) which should + be matched against traffic source. Maximum number of source + fqdn allowed is 100. items: type: string type: array srcIpRanges: description: CIDR IP address range. Maximum number of source - CIDR IP ranges allowed is 256. + CIDR IP ranges allowed is 5000. items: type: string type: array srcRegionCodes: - description: The Unicode country codes whose IP addresses - will be used to match against the source of traffic. Can - only be specified if DIRECTION is ingress. + description: Region codes whose IP addresses will be used + to match for source of traffic. Should be specified as 2 + letter country code defined as per ISO 3166 alpha-2 country + codes. ex."US" Maximum number of source region codes allowed + is 5000. items: type: string type: array srcThreatIntelligences: - description: Name of the Google Cloud Threat Intelligence - list. + description: Names of Network Threat Intelligence lists. The + IPs in these lists will be matched against traffic source. items: type: string type: array type: object priority: - description: An integer indicating the priority of a rule in the - list. The priority must be a positive value between 0 and 2147483647. - Rules are evaluated from highest to lowest priority where 0 - is the highest priority and 2147483647 is the lowest prority. + description: |- + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. type: number ruleTupleCount: description: Calculation of the complexity of a single firewall policy rule. type: number securityProfileGroup: - description: 'A fully-qualified URL of a SecurityProfileGroup - resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. - It must be specified if action = ''apply_security_profile_group'' - and cannot be specified for other actions.' + description: |- + A fully-qualified URL of a SecurityProfile resource instance. + Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. type: string targetResources: - description: A list of network resource URLs to which this rule - applies. This field allows you to control which network's VMs - get this rule. If this field is left blank, all VMs within the - organization will receive the rule. + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get this rule. + If this field is left blank, all VMs within the organization will receive the rule. items: type: string type: array @@ -1853,9 +1867,9 @@ spec: type: string type: array tlsInspect: - description: Boolean flag indicating if the traffic should be - TLS decrypted. It can be set only if action = 'apply_security_profile_group' - and cannot be set for other actions. + description: |- + Boolean flag indicating if the traffic should be TLS decrypted. + Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. type: boolean type: object conditions: diff --git a/package/crds/compute.gcp.upbound.io_firewalls.yaml b/package/crds/compute.gcp.upbound.io_firewalls.yaml index 1b335bc11..6aeab2ff0 100644 --- a/package/crds/compute.gcp.upbound.io_firewalls.yaml +++ b/package/crds/compute.gcp.upbound.io_firewalls.yaml @@ -1121,7 +1121,7 @@ spec: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. items: type: string @@ -1148,7 +1148,7 @@ spec: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. items: type: string @@ -1398,7 +1398,7 @@ spec: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. items: type: string @@ -1425,7 +1425,7 @@ spec: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. items: type: string @@ -1834,7 +1834,7 @@ spec: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. items: type: string @@ -1864,7 +1864,7 @@ spec: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. items: type: string diff --git a/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml b/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml index e922ad736..ea3aa489d 100644 --- a/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml +++ b/package/crds/compute.gcp.upbound.io_globalforwardingrules.yaml @@ -1968,6 +1968,19 @@ spec: type: string type: object type: object + networkTier: + description: |- + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + PREMIUM, STANDARD. + For regional ForwardingRule, the valid values are PREMIUM and + STANDARD. For GlobalForwardingRule, the valid value is + PREMIUM. + If this field is not specified, it is assumed to be PREMIUM. + If IPAddress is specified, this value must be equal to the + networkTier of the Address. + Possible values are: PREMIUM, STANDARD. + type: string noAutomateDnsZone: description: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC @@ -2533,6 +2546,19 @@ spec: type: string type: object type: object + networkTier: + description: |- + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + PREMIUM, STANDARD. + For regional ForwardingRule, the valid values are PREMIUM and + STANDARD. For GlobalForwardingRule, the valid value is + PREMIUM. + If this field is not specified, it is assumed to be PREMIUM. + If IPAddress is specified, this value must be equal to the + networkTier of the Address. + Possible values are: PREMIUM, STANDARD. + type: string noAutomateDnsZone: description: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC @@ -3011,6 +3037,10 @@ spec: description: for all of the labels present on the resource. type: object x-kubernetes-map-type: granular + forwardingRuleId: + description: The unique identifier number for the resource. This + identifier is defined by the server. + type: number id: description: an identifier for the resource with format projects/{{project}}/global/forwardingRules/{{name}} type: string @@ -3130,6 +3160,19 @@ spec: For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided. type: string + networkTier: + description: |- + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + PREMIUM, STANDARD. + For regional ForwardingRule, the valid values are PREMIUM and + STANDARD. For GlobalForwardingRule, the valid value is + PREMIUM. + If this field is not specified, it is assumed to be PREMIUM. + If IPAddress is specified, this value must be equal to the + networkTier of the Address. + Possible values are: PREMIUM, STANDARD. + type: string noAutomateDnsZone: description: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC diff --git a/package/crds/compute.gcp.upbound.io_healthchecks.yaml b/package/crds/compute.gcp.upbound.io_healthchecks.yaml index 9cb0e3690..2ae151394 100644 --- a/package/crds/compute.gcp.upbound.io_healthchecks.yaml +++ b/package/crds/compute.gcp.upbound.io_healthchecks.yaml @@ -1335,7 +1335,7 @@ spec: type: string grpcHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: grpcServiceName: @@ -1367,7 +1367,7 @@ spec: type: number http2HealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1412,7 +1412,7 @@ spec: type: object httpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1457,7 +1457,7 @@ spec: type: object httpsHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1529,7 +1529,7 @@ spec: type: array sslHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -1570,7 +1570,7 @@ spec: type: object tcpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -1646,7 +1646,7 @@ spec: type: string grpcHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: grpcServiceName: @@ -1678,7 +1678,7 @@ spec: type: number http2HealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1723,7 +1723,7 @@ spec: type: object httpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1768,7 +1768,7 @@ spec: type: object httpsHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1840,7 +1840,7 @@ spec: type: array sslHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -1881,7 +1881,7 @@ spec: type: object tcpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -2119,7 +2119,7 @@ spec: type: string grpcHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: grpcServiceName: @@ -2151,7 +2151,7 @@ spec: type: number http2HealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -2196,7 +2196,7 @@ spec: type: object httpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -2241,7 +2241,7 @@ spec: type: object httpsHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -2319,7 +2319,7 @@ spec: type: array sslHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -2360,7 +2360,7 @@ spec: type: object tcpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: diff --git a/package/crds/compute.gcp.upbound.io_images.yaml b/package/crds/compute.gcp.upbound.io_images.yaml index 845d24806..c1f4c21ae 100644 --- a/package/crds/compute.gcp.upbound.io_images.yaml +++ b/package/crds/compute.gcp.upbound.io_images.yaml @@ -806,7 +806,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, IDPF, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array @@ -881,6 +881,80 @@ spec: You must provide either this property or the rawDisk.source property but not both to create an image. type: string + sourceDiskRef: + description: Reference to a Disk in compute to populate sourceDisk. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + sourceDiskSelector: + description: Selector for a Disk in compute to populate sourceDisk. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object sourceImage: description: |- URL of the source image used to create this image. In order to create an image, you must provide the full or partial @@ -940,7 +1014,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, IDPF, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array @@ -1015,6 +1089,80 @@ spec: You must provide either this property or the rawDisk.source property but not both to create an image. type: string + sourceDiskRef: + description: Reference to a Disk in compute to populate sourceDisk. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + sourceDiskSelector: + description: Selector for a Disk in compute to populate sourceDisk. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object sourceImage: description: |- URL of the source image used to create this image. In order to create an image, you must provide the full or partial @@ -1246,7 +1394,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, IDPF, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array diff --git a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml index 46c9601a2..d89bc5a4c 100644 --- a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml +++ b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml @@ -1976,8 +1976,14 @@ spec: properties: enableNestedVirtualization: type: boolean + enableUefiNetworking: + type: boolean + performanceMonitoringUnit: + type: string threadsPerCore: type: number + turboMode: + type: string visibleCoreCount: type: number type: object @@ -1992,10 +1998,24 @@ spec: A unique name for the resource, required by GCE. Changing this forces a new resource to be created. type: string - diskEncryptionKeyRaw: - type: string - diskEncryptionKeySha256: - type: string + diskEncryptionKeyRawSecretRef: + description: A SecretKeySelector is a reference to a secret + key in an arbitrary namespace. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object kmsKeySelfLink: type: string mode: @@ -2051,6 +2071,10 @@ spec: type: string type: object x-kubernetes-map-type: granular + resourcePolicies: + items: + type: string + type: array size: type: number storagePool: @@ -2058,6 +2082,8 @@ spec: type: type: string type: object + interface: + type: string kmsKeySelfLink: type: string mode: @@ -2096,6 +2122,8 @@ spec: A unique name for the resource, required by GCE. Changing this forces a new resource to be created. type: string + keyRevocationActionType: + type: string labels: additionalProperties: type: string @@ -2375,6 +2403,8 @@ spec: properties: automaticRestart: type: boolean + availabilityDomain: + type: number instanceTerminationAction: type: string localSsdRecoveryTimeout: @@ -2562,8 +2592,14 @@ spec: properties: enableNestedVirtualization: type: boolean + enableUefiNetworking: + type: boolean + performanceMonitoringUnit: + type: string threadsPerCore: type: number + turboMode: + type: string visibleCoreCount: type: number type: object @@ -2578,10 +2614,24 @@ spec: A unique name for the resource, required by GCE. Changing this forces a new resource to be created. type: string - diskEncryptionKeyRaw: - type: string - diskEncryptionKeySha256: - type: string + diskEncryptionKeyRawSecretRef: + description: A SecretKeySelector is a reference to a secret + key in an arbitrary namespace. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object kmsKeySelfLink: type: string mode: @@ -2637,6 +2687,10 @@ spec: type: string type: object x-kubernetes-map-type: granular + resourcePolicies: + items: + type: string + type: array size: type: number storagePool: @@ -2644,6 +2698,8 @@ spec: type: type: string type: object + interface: + type: string kmsKeySelfLink: type: string mode: @@ -2682,6 +2738,8 @@ spec: A unique name for the resource, required by GCE. Changing this forces a new resource to be created. type: string + keyRevocationActionType: + type: string labels: additionalProperties: type: string @@ -2961,6 +3019,8 @@ spec: properties: automaticRestart: type: boolean + availabilityDomain: + type: number instanceTerminationAction: type: string localSsdRecoveryTimeout: @@ -3313,8 +3373,14 @@ spec: properties: enableNestedVirtualization: type: boolean + enableUefiNetworking: + type: boolean + performanceMonitoringUnit: + type: string threadsPerCore: type: number + turboMode: + type: string visibleCoreCount: type: number type: object @@ -3329,8 +3395,6 @@ spec: A unique name for the resource, required by GCE. Changing this forces a new resource to be created. type: string - diskEncryptionKeyRaw: - type: string diskEncryptionKeySha256: type: string kmsKeySelfLink: @@ -3372,6 +3436,10 @@ spec: type: string type: object x-kubernetes-map-type: granular + resourcePolicies: + items: + type: string + type: array size: type: number storagePool: @@ -3379,6 +3447,8 @@ spec: type: type: string type: object + interface: + type: string kmsKeySelfLink: type: string mode: @@ -3397,6 +3467,8 @@ spec: type: object cpuPlatform: type: string + creationTimestamp: + type: string currentStatus: type: string deletionProtection: @@ -3430,6 +3502,8 @@ spec: type: string instanceId: type: string + keyRevocationActionType: + type: string labelFingerprint: type: string labels: @@ -3568,6 +3642,8 @@ spec: properties: automaticRestart: type: boolean + availabilityDomain: + type: number instanceTerminationAction: type: string localSsdRecoveryTimeout: diff --git a/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml b/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml index 3f3201da3..602ec5240 100644 --- a/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml +++ b/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml @@ -2015,6 +2015,30 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + standbyPolicy: + description: The standby policy for stopped and suspended instances. + Structure is documented below. For more information, see the + official documentation. + properties: + initialDelaySec: + description: '- Specifies the number of seconds that the MIG + should wait to suspend or stop a VM after that VM was created. + The initial delay gives the initialization script the time + to prepare your VM for a quick scale out. The value of initial + delay must be between 0 and 3600 seconds. The default value + is 0.' + type: number + mode: + description: '- Defines how a MIG resumes or starts VMs from + a standby pool when the group scales out. Valid options + are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have + full control over which VMs are stopped and suspended in + the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the + standby pools to accelerate the scale out by resuming or + starting them and then automatically replenishes the standby + pool with new VMs to maintain the target sizes.' + type: string + type: object statefulDisk: description: Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. @@ -2173,6 +2197,14 @@ spec: when using one. If a value is required, such as to specify a creation-time target size for the MIG, lifecycle. Defaults to 0. type: number + targetStoppedSize: + description: The target number of stopped instances for this managed + instance group. + type: number + targetSuspendedSize: + description: The target number of suspended instances for this + managed instance group. + type: number updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the @@ -2551,6 +2583,30 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + standbyPolicy: + description: The standby policy for stopped and suspended instances. + Structure is documented below. For more information, see the + official documentation. + properties: + initialDelaySec: + description: '- Specifies the number of seconds that the MIG + should wait to suspend or stop a VM after that VM was created. + The initial delay gives the initialization script the time + to prepare your VM for a quick scale out. The value of initial + delay must be between 0 and 3600 seconds. The default value + is 0.' + type: number + mode: + description: '- Defines how a MIG resumes or starts VMs from + a standby pool when the group scales out. Valid options + are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have + full control over which VMs are stopped and suspended in + the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the + standby pools to accelerate the scale out by resuming or + starting them and then automatically replenishes the standby + pool with new VMs to maintain the target sizes.' + type: string + type: object statefulDisk: description: Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. @@ -2709,6 +2765,14 @@ spec: when using one. If a value is required, such as to specify a creation-time target size for the MIG, lifecycle. Defaults to 0. type: number + targetStoppedSize: + description: The target number of stopped instances for this managed + instance group. + type: number + targetSuspendedSize: + description: The target number of suspended instances for this + managed instance group. + type: number updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the @@ -3140,6 +3204,9 @@ spec: description: The full URL of the instance group created by the manager. type: string + instanceGroupManagerId: + description: an identifier for the resource with format projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{name}} + type: number instanceLifecyclePolicy: properties: defaultActionOnFailure: @@ -3191,6 +3258,30 @@ spec: selfLink: description: The URL of the created resource. type: string + standbyPolicy: + description: The standby policy for stopped and suspended instances. + Structure is documented below. For more information, see the + official documentation. + properties: + initialDelaySec: + description: '- Specifies the number of seconds that the MIG + should wait to suspend or stop a VM after that VM was created. + The initial delay gives the initialization script the time + to prepare your VM for a quick scale out. The value of initial + delay must be between 0 and 3600 seconds. The default value + is 0.' + type: number + mode: + description: '- Defines how a MIG resumes or starts VMs from + a standby pool when the group scales out. Valid options + are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have + full control over which VMs are stopped and suspended in + the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the + standby pools to accelerate the scale out by resuming or + starting them and then automatically replenishes the standby + pool with new VMs to maintain the target sizes.' + type: string + type: object statefulDisk: description: Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. @@ -3342,6 +3433,14 @@ spec: when using one. If a value is required, such as to specify a creation-time target size for the MIG, lifecycle. Defaults to 0. type: number + targetStoppedSize: + description: The target number of stopped instances for this managed + instance group. + type: number + targetSuspendedSize: + description: The target number of suspended instances for this + managed instance group. + type: number updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the diff --git a/package/crds/compute.gcp.upbound.io_instances.yaml b/package/crds/compute.gcp.upbound.io_instances.yaml index 667fa0fc3..a4fb772b0 100644 --- a/package/crds/compute.gcp.upbound.io_instances.yaml +++ b/package/crds/compute.gcp.upbound.io_instances.yaml @@ -3243,10 +3243,24 @@ spec: description: Defines whether the instance should have nested virtualization enabled. Defaults to false. type: boolean + enableUefiNetworking: + description: Whether to enable UEFI networking for instance + creation. + type: boolean + performanceMonitoringUnit: + description: The PMU is a hardware component within the CPU + core that monitors how the processor runs code. Valid values + for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + type: string threadsPerCore: - description: he number of threads per physical core. To disable + description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. type: number + turboMode: + description: Turbo frequency mode to use for the instance. + Supported modes are currently either ALL_CORE_MAX or unset + (default). + type: string visibleCoreCount: description: The number of physical cores to expose to an instance. visible cores info (VC). @@ -3480,6 +3494,14 @@ spec: a specific tag. This value is not returned by the API. type: object x-kubernetes-map-type: granular + resourcePolicies: + description: '- A list of self_links of resource policies + to attach to the instance. Modifying this list will + cause the instance to recreate. Currently a max of 1 + resource policy is supported.' + items: + type: string + type: array size: description: |- The size of the image in gigabytes. If not specified, it @@ -3487,7 +3509,7 @@ spec: type: number storagePool: description: |- - The URL of the storage pool in which the new disk is created. + The URL or the name of the storage pool in which the new disk is created. For example: type: string type: @@ -3495,6 +3517,10 @@ spec: can consume resources. type: string type: object + interface: + description: The disk interface to use for attaching this + disk; either SCSI or NVME. + type: string kmsKeySelfLink: description: |- The self_link of the encryption key that is @@ -3532,7 +3558,7 @@ spec: Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will - fail to create the VM. TDX is only available in beta.' + fail to create the VM.' type: string enableConfidentialCompute: description: Defines whether the instance should have confidential @@ -3553,7 +3579,7 @@ spec: desiredStatus: description: |- Desired status of the instance. Either - "RUNNING" or "TERMINATED". + "RUNNING", "SUSPENDED" or "TERMINATED". type: string enableDisplay: description: |- @@ -3564,11 +3590,10 @@ spec: description: |- List of the type and count of accelerator cards attached to the instance. Structure documented below. Note: GPU accelerators can only be used with on_host_maintenance option set to TERMINATE. - Note: This field uses attr-as-block mode to avoid - breaking users during the 0.12 upgrade. To explicitly send a list - of zero objects you must use the following syntax: - example=[] - For more details about this behavior, see this section. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. items: properties: count: @@ -3587,6 +3612,10 @@ spec: Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created. type: string + keyRevocationActionType: + description: Action to be taken when a customer's encryption key + is revoked. Supports STOP and NONE, with NONE being the default. + type: string labels: additionalProperties: type: string @@ -3639,7 +3668,7 @@ spec: instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet.g. via tunnel or because it is running on another cloud instance on that network). - This block can be repeated multiple times. Structure documented below. + This block can be specified once per network_interface. Structure documented below. items: properties: natIp: @@ -3810,7 +3839,9 @@ spec: type: object nicType: description: 'The type of vNIC to be used on this interface. - Possible values: GVNIC, VIRTIO_NET.' + Possible values: GVNIC, VIRTIO_NET, IDPF. In the beta + provider the additional values of MRDMA and IRDMA are + supported.' type: string queueCount: description: The networking queue count that's specified @@ -3836,7 +3867,7 @@ spec: subnetworkProject: description: |- The project in which the subnetwork belongs. - If the subnetwork is a self_link, this field is ignored in favor of the project + If the subnetwork is a self_link, this field is set to the project defined in the subnetwork self_link. If the subnetwork is a name and this field is not provided, the provider project is used. type: string @@ -3996,6 +4027,12 @@ spec: restarted if it was terminated by Compute Engine (not a user). Defaults to true. type: boolean + availabilityDomain: + description: Specifies the availability domain to place the + instance in. The value must be a number between 1 and the + number of availability domains specified in the spread placement + policy attached to the instance. + type: number instanceTerminationAction: description: Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here @@ -4281,10 +4318,24 @@ spec: description: Defines whether the instance should have nested virtualization enabled. Defaults to false. type: boolean + enableUefiNetworking: + description: Whether to enable UEFI networking for instance + creation. + type: boolean + performanceMonitoringUnit: + description: The PMU is a hardware component within the CPU + core that monitors how the processor runs code. Valid values + for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + type: string threadsPerCore: - description: he number of threads per physical core. To disable + description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. type: number + turboMode: + description: Turbo frequency mode to use for the instance. + Supported modes are currently either ALL_CORE_MAX or unset + (default). + type: string visibleCoreCount: description: The number of physical cores to expose to an instance. visible cores info (VC). @@ -4518,6 +4569,14 @@ spec: a specific tag. This value is not returned by the API. type: object x-kubernetes-map-type: granular + resourcePolicies: + description: '- A list of self_links of resource policies + to attach to the instance. Modifying this list will + cause the instance to recreate. Currently a max of 1 + resource policy is supported.' + items: + type: string + type: array size: description: |- The size of the image in gigabytes. If not specified, it @@ -4525,7 +4584,7 @@ spec: type: number storagePool: description: |- - The URL of the storage pool in which the new disk is created. + The URL or the name of the storage pool in which the new disk is created. For example: type: string type: @@ -4533,6 +4592,10 @@ spec: can consume resources. type: string type: object + interface: + description: The disk interface to use for attaching this + disk; either SCSI or NVME. + type: string kmsKeySelfLink: description: |- The self_link of the encryption key that is @@ -4570,7 +4633,7 @@ spec: Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will - fail to create the VM. TDX is only available in beta.' + fail to create the VM.' type: string enableConfidentialCompute: description: Defines whether the instance should have confidential @@ -4591,7 +4654,7 @@ spec: desiredStatus: description: |- Desired status of the instance. Either - "RUNNING" or "TERMINATED". + "RUNNING", "SUSPENDED" or "TERMINATED". type: string enableDisplay: description: |- @@ -4602,11 +4665,10 @@ spec: description: |- List of the type and count of accelerator cards attached to the instance. Structure documented below. Note: GPU accelerators can only be used with on_host_maintenance option set to TERMINATE. - Note: This field uses attr-as-block mode to avoid - breaking users during the 0.12 upgrade. To explicitly send a list - of zero objects you must use the following syntax: - example=[] - For more details about this behavior, see this section. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. items: properties: count: @@ -4625,6 +4687,10 @@ spec: Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created. type: string + keyRevocationActionType: + description: Action to be taken when a customer's encryption key + is revoked. Supports STOP and NONE, with NONE being the default. + type: string labels: additionalProperties: type: string @@ -4677,7 +4743,7 @@ spec: instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet.g. via tunnel or because it is running on another cloud instance on that network). - This block can be repeated multiple times. Structure documented below. + This block can be specified once per network_interface. Structure documented below. items: properties: natIp: @@ -4848,7 +4914,9 @@ spec: type: object nicType: description: 'The type of vNIC to be used on this interface. - Possible values: GVNIC, VIRTIO_NET.' + Possible values: GVNIC, VIRTIO_NET, IDPF. In the beta + provider the additional values of MRDMA and IRDMA are + supported.' type: string queueCount: description: The networking queue count that's specified @@ -4874,7 +4942,7 @@ spec: subnetworkProject: description: |- The project in which the subnetwork belongs. - If the subnetwork is a self_link, this field is ignored in favor of the project + If the subnetwork is a self_link, this field is set to the project defined in the subnetwork self_link. If the subnetwork is a name and this field is not provided, the provider project is used. type: string @@ -5034,6 +5102,12 @@ spec: restarted if it was terminated by Compute Engine (not a user). Defaults to true. type: boolean + availabilityDomain: + description: Specifies the availability domain to place the + instance in. The value must be a number between 1 and the + number of availability domains specified in the spread placement + policy attached to the instance. + type: number instanceTerminationAction: description: Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here @@ -5485,10 +5559,24 @@ spec: description: Defines whether the instance should have nested virtualization enabled. Defaults to false. type: boolean + enableUefiNetworking: + description: Whether to enable UEFI networking for instance + creation. + type: boolean + performanceMonitoringUnit: + description: The PMU is a hardware component within the CPU + core that monitors how the processor runs code. Valid values + for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + type: string threadsPerCore: - description: he number of threads per physical core. To disable + description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. type: number + turboMode: + description: Turbo frequency mode to use for the instance. + Supported modes are currently either ALL_CORE_MAX or unset + (default). + type: string visibleCoreCount: description: The number of physical cores to expose to an instance. visible cores info (VC). @@ -5615,6 +5703,14 @@ spec: a specific tag. This value is not returned by the API. type: object x-kubernetes-map-type: granular + resourcePolicies: + description: '- A list of self_links of resource policies + to attach to the instance. Modifying this list will + cause the instance to recreate. Currently a max of 1 + resource policy is supported.' + items: + type: string + type: array size: description: |- The size of the image in gigabytes. If not specified, it @@ -5622,7 +5718,7 @@ spec: type: number storagePool: description: |- - The URL of the storage pool in which the new disk is created. + The URL or the name of the storage pool in which the new disk is created. For example: type: string type: @@ -5630,6 +5726,10 @@ spec: can consume resources. type: string type: object + interface: + description: The disk interface to use for attaching this + disk; either SCSI or NVME. + type: string kmsKeySelfLink: description: |- The self_link of the encryption key that is @@ -5667,7 +5767,7 @@ spec: Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will - fail to create the VM. TDX is only available in beta.' + fail to create the VM.' type: string enableConfidentialCompute: description: Defines whether the instance should have confidential @@ -5680,12 +5780,15 @@ spec: cpuPlatform: description: The CPU platform used by this instance. type: string + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string currentStatus: description: 'The current status of the instance. This could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance - life cycle.`,' + life cycle.' type: string deletionProtection: description: |- @@ -5698,7 +5801,7 @@ spec: desiredStatus: description: |- Desired status of the instance. Either - "RUNNING" or "TERMINATED". + "RUNNING", "SUSPENDED" or "TERMINATED". type: string effectiveLabels: additionalProperties: @@ -5714,11 +5817,10 @@ spec: description: |- List of the type and count of accelerator cards attached to the instance. Structure documented below. Note: GPU accelerators can only be used with on_host_maintenance option set to TERMINATE. - Note: This field uses attr-as-block mode to avoid - breaking users during the 0.12 upgrade. To explicitly send a list - of zero objects you must use the following syntax: - example=[] - For more details about this behavior, see this section. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. items: properties: count: @@ -5743,6 +5845,10 @@ spec: instanceId: description: The server-assigned unique identifier of this instance. type: string + keyRevocationActionType: + description: Action to be taken when a customer's encryption key + is revoked. Supports STOP and NONE, with NONE being the default. + type: string labelFingerprint: description: The unique fingerprint of the labels. type: string @@ -5801,7 +5907,7 @@ spec: instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet.g. via tunnel or because it is running on another cloud instance on that network). - This block can be repeated multiple times. Structure documented below. + This block can be specified once per network_interface. Structure documented below. items: properties: natIp: @@ -5906,7 +6012,9 @@ spec: type: string nicType: description: 'The type of vNIC to be used on this interface. - Possible values: GVNIC, VIRTIO_NET.' + Possible values: GVNIC, VIRTIO_NET, IDPF. In the beta + provider the additional values of MRDMA and IRDMA are + supported.' type: string queueCount: description: The networking queue count that's specified @@ -5932,7 +6040,7 @@ spec: subnetworkProject: description: |- The project in which the subnetwork belongs. - If the subnetwork is a self_link, this field is ignored in favor of the project + If the subnetwork is a self_link, this field is set to the project defined in the subnetwork self_link. If the subnetwork is a name and this field is not provided, the provider project is used. type: string @@ -6016,6 +6124,12 @@ spec: restarted if it was terminated by Compute Engine (not a user). Defaults to true. type: boolean + availabilityDomain: + description: Specifies the availability domain to place the + instance in. The value must be a number between 1 and the + number of availability domains specified in the spread placement + policy attached to the instance. + type: number instanceTerminationAction: description: Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here diff --git a/package/crds/compute.gcp.upbound.io_instancetemplates.yaml b/package/crds/compute.gcp.upbound.io_instancetemplates.yaml index 7ab66d6e1..62155ac59 100644 --- a/package/crds/compute.gcp.upbound.io_instancetemplates.yaml +++ b/package/crds/compute.gcp.upbound.io_instancetemplates.yaml @@ -3085,10 +3085,24 @@ spec: description: Defines whether the instance should have nested virtualization enabled. Defaults to false. type: boolean + enableUefiNetworking: + description: Whether to enable UEFI networking for instance + creation. + type: boolean + performanceMonitoringUnit: + description: The PMU is a hardware component within the CPU + core that monitors how the processor runs code. Valid values + for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + type: string threadsPerCore: description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. type: number + turboMode: + description: Turbo frequency mode to use for the instance. + Supported modes are currently either ALL_CORE_MAX or unset + (default). + type: string visibleCoreCount: description: The number of physical cores to expose to an instance. visible cores info (VC). @@ -3112,7 +3126,7 @@ spec: Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will - fail to create the VM. TDX is only available in beta.' + fail to create the VM.' type: string enableConfidentialCompute: description: Defines whether the instance should have confidential @@ -3200,6 +3214,8 @@ spec: Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation. type: number + provisionedThroughput: + type: number resourceManagerTags: additionalProperties: type: string @@ -3454,6 +3470,10 @@ spec: A brief description to use for instances created from this template. type: string + keyRevocationActionType: + description: Action to be taken when a customer's encryption key + is revoked. Supports STOP and NONE, with NONE being the default. + type: string labels: additionalProperties: type: string @@ -3490,7 +3510,9 @@ spec: namePrefix: description: |- Creates a unique name beginning with the specified - prefix. Conflicts with name. + prefix. Conflicts with name. Max length is 54 characters. + Prefixes with lengths longer than 37 characters will use a shortened + UUID that will be more prone to collisions. type: string networkInterface: description: |- @@ -3503,7 +3525,7 @@ spec: description: |- Access configurations, i.e. IPs via which this instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance - on that network). This block can be repeated multiple times. Structure documented below. + on that network). This block can be specified once per network_interface. Structure documented below. items: properties: natIp: @@ -3648,7 +3670,8 @@ spec: type: object nicType: description: 'The type of vNIC to be used on this interface. - Possible values: GVNIC, VIRTIO_NET.' + Possible values: GVNIC, VIRTIO_NET. In the beta provider + the additional values of MRDMA and IRDMA are supported.' type: string queueCount: description: The networking queue count that's specified @@ -3829,6 +3852,12 @@ spec: automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. type: boolean + availabilityDomain: + description: Specifies the availability domain to place the + instance in. The value must be a number between 1 and the + number of availability domains specified in the spread placement + policy attached to the instance. + type: number instanceTerminationAction: description: Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here @@ -4082,10 +4111,24 @@ spec: description: Defines whether the instance should have nested virtualization enabled. Defaults to false. type: boolean + enableUefiNetworking: + description: Whether to enable UEFI networking for instance + creation. + type: boolean + performanceMonitoringUnit: + description: The PMU is a hardware component within the CPU + core that monitors how the processor runs code. Valid values + for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + type: string threadsPerCore: description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. type: number + turboMode: + description: Turbo frequency mode to use for the instance. + Supported modes are currently either ALL_CORE_MAX or unset + (default). + type: string visibleCoreCount: description: The number of physical cores to expose to an instance. visible cores info (VC). @@ -4109,7 +4152,7 @@ spec: Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will - fail to create the VM. TDX is only available in beta.' + fail to create the VM.' type: string enableConfidentialCompute: description: Defines whether the instance should have confidential @@ -4197,6 +4240,8 @@ spec: Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation. type: number + provisionedThroughput: + type: number resourceManagerTags: additionalProperties: type: string @@ -4451,6 +4496,10 @@ spec: A brief description to use for instances created from this template. type: string + keyRevocationActionType: + description: Action to be taken when a customer's encryption key + is revoked. Supports STOP and NONE, with NONE being the default. + type: string labels: additionalProperties: type: string @@ -4487,7 +4536,9 @@ spec: namePrefix: description: |- Creates a unique name beginning with the specified - prefix. Conflicts with name. + prefix. Conflicts with name. Max length is 54 characters. + Prefixes with lengths longer than 37 characters will use a shortened + UUID that will be more prone to collisions. type: string networkInterface: description: |- @@ -4500,7 +4551,7 @@ spec: description: |- Access configurations, i.e. IPs via which this instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance - on that network). This block can be repeated multiple times. Structure documented below. + on that network). This block can be specified once per network_interface. Structure documented below. items: properties: natIp: @@ -4645,7 +4696,8 @@ spec: type: object nicType: description: 'The type of vNIC to be used on this interface. - Possible values: GVNIC, VIRTIO_NET.' + Possible values: GVNIC, VIRTIO_NET. In the beta provider + the additional values of MRDMA and IRDMA are supported.' type: string queueCount: description: The networking queue count that's specified @@ -4826,6 +4878,12 @@ spec: automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. type: boolean + availabilityDomain: + description: Specifies the availability domain to place the + instance in. The value must be a number between 1 and the + number of availability domains specified in the spread placement + policy attached to the instance. + type: number instanceTerminationAction: description: Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here @@ -5247,10 +5305,24 @@ spec: description: Defines whether the instance should have nested virtualization enabled. Defaults to false. type: boolean + enableUefiNetworking: + description: Whether to enable UEFI networking for instance + creation. + type: boolean + performanceMonitoringUnit: + description: The PMU is a hardware component within the CPU + core that monitors how the processor runs code. Valid values + for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL. + type: string threadsPerCore: description: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. type: number + turboMode: + description: Turbo frequency mode to use for the instance. + Supported modes are currently either ALL_CORE_MAX or unset + (default). + type: string visibleCoreCount: description: The number of physical cores to expose to an instance. visible cores info (VC). @@ -5274,7 +5346,7 @@ spec: Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will - fail to create the VM. TDX is only available in beta.' + fail to create the VM.' type: string enableConfidentialCompute: description: Defines whether the instance should have confidential @@ -5284,6 +5356,9 @@ spec: TERMINATE or this will fail to create the VM. type: boolean type: object + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string description: description: A brief description of this resource. type: string @@ -5362,6 +5437,8 @@ spec: Values must be between 10,000 and 120,000. For more details, see the Extreme persistent disk documentation. type: number + provisionedThroughput: + type: number resourceManagerTags: additionalProperties: type: string @@ -5469,6 +5546,10 @@ spec: A brief description to use for instances created from this template. type: string + keyRevocationActionType: + description: Action to be taken when a customer's encryption key + is revoked. Supports STOP and NONE, with NONE being the default. + type: string labels: additionalProperties: type: string @@ -5508,7 +5589,9 @@ spec: namePrefix: description: |- Creates a unique name beginning with the specified - prefix. Conflicts with name. + prefix. Conflicts with name. Max length is 54 characters. + Prefixes with lengths longer than 37 characters will use a shortened + UUID that will be more prone to collisions. type: string networkInterface: description: |- @@ -5521,7 +5604,7 @@ spec: description: |- Access configurations, i.e. IPs via which this instance can be accessed via the Internet.g. via tunnel or because it is running on another cloud instance - on that network). This block can be repeated multiple times. Structure documented below. + on that network). This block can be specified once per network_interface. Structure documented below. items: properties: natIp: @@ -5608,7 +5691,8 @@ spec: type: string nicType: description: 'The type of vNIC to be used on this interface. - Possible values: GVNIC, VIRTIO_NET.' + Possible values: GVNIC, VIRTIO_NET. In the beta provider + the additional values of MRDMA and IRDMA are supported.' type: string queueCount: description: The networking queue count that's specified @@ -5713,6 +5797,12 @@ spec: automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. type: boolean + availabilityDomain: + description: Specifies the availability domain to place the + instance in. The value must be a number between 1 and the + number of availability domains specified in the spread placement + policy attached to the instance. + type: number instanceTerminationAction: description: Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here diff --git a/package/crds/compute.gcp.upbound.io_managedsslcertificates.yaml b/package/crds/compute.gcp.upbound.io_managedsslcertificates.yaml index fea61d205..9fd3c33ad 100644 --- a/package/crds/compute.gcp.upbound.io_managedsslcertificates.yaml +++ b/package/crds/compute.gcp.upbound.io_managedsslcertificates.yaml @@ -498,9 +498,6 @@ spec: type: string forProvider: properties: - certificateId: - description: The unique identifier for the resource. - type: number description: description: An optional description of this resource. type: string @@ -544,9 +541,6 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: - certificateId: - description: The unique identifier for the resource. - type: number description: description: An optional description of this resource. type: string diff --git a/package/crds/compute.gcp.upbound.io_nodetemplates.yaml b/package/crds/compute.gcp.upbound.io_nodetemplates.yaml index 318323250..4fc2603e5 100644 --- a/package/crds/compute.gcp.upbound.io_nodetemplates.yaml +++ b/package/crds/compute.gcp.upbound.io_nodetemplates.yaml @@ -610,6 +610,25 @@ spec: type: string forProvider: properties: + accelerators: + description: |- + List of the type and count of accelerator cards attached to the + node template + Structure is documented below. + items: + properties: + acceleratorCount: + description: |- + The number of the guest accelerator cards exposed to this + node template. + type: number + acceleratorType: + description: |- + Full or partial URL of the accelerator type resource to expose + to this node template. + type: string + type: object + type: array cpuOvercommitType: description: |- CPU overcommit. @@ -619,6 +638,27 @@ spec: description: description: An optional textual description of the resource. type: string + disks: + description: |- + List of the type, size and count of disks attached to the + node template + Structure is documented below. + items: + properties: + diskCount: + description: Specifies the number of such disks. + type: number + diskSizeGb: + description: Specifies the size of the disk in base-2 GB. + type: number + diskType: + description: 'Specifies the desired disk type on the node. + This disk type must be a local storage type (e.g.: local-ssd). + Note that for nodeTemplates, this should be the name of + the disk type and not its URL.' + type: string + type: object + type: array nodeAffinityLabels: additionalProperties: type: string @@ -696,6 +736,25 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + accelerators: + description: |- + List of the type and count of accelerator cards attached to the + node template + Structure is documented below. + items: + properties: + acceleratorCount: + description: |- + The number of the guest accelerator cards exposed to this + node template. + type: number + acceleratorType: + description: |- + Full or partial URL of the accelerator type resource to expose + to this node template. + type: string + type: object + type: array cpuOvercommitType: description: |- CPU overcommit. @@ -705,6 +764,27 @@ spec: description: description: An optional textual description of the resource. type: string + disks: + description: |- + List of the type, size and count of disks attached to the + node template + Structure is documented below. + items: + properties: + diskCount: + description: Specifies the number of such disks. + type: number + diskSizeGb: + description: Specifies the size of the disk in base-2 GB. + type: number + diskType: + description: 'Specifies the desired disk type on the node. + This disk type must be a local storage type (e.g.: local-ssd). + Note that for nodeTemplates, this should be the name of + the disk type and not its URL.' + type: string + type: object + type: array nodeAffinityLabels: additionalProperties: type: string @@ -934,6 +1014,25 @@ spec: properties: atProvider: properties: + accelerators: + description: |- + List of the type and count of accelerator cards attached to the + node template + Structure is documented below. + items: + properties: + acceleratorCount: + description: |- + The number of the guest accelerator cards exposed to this + node template. + type: number + acceleratorType: + description: |- + Full or partial URL of the accelerator type resource to expose + to this node template. + type: string + type: object + type: array cpuOvercommitType: description: |- CPU overcommit. @@ -946,6 +1045,27 @@ spec: description: description: An optional textual description of the resource. type: string + disks: + description: |- + List of the type, size and count of disks attached to the + node template + Structure is documented below. + items: + properties: + diskCount: + description: Specifies the number of such disks. + type: number + diskSizeGb: + description: Specifies the size of the disk in base-2 GB. + type: number + diskType: + description: 'Specifies the desired disk type on the node. + This disk type must be a local storage type (e.g.: local-ssd). + Note that for nodeTemplates, this should be the name of + the disk type and not its URL.' + type: string + type: object + type: array id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}} type: string diff --git a/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml b/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml index 91f7a673c..16915cd69 100644 --- a/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml +++ b/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml @@ -1367,7 +1367,7 @@ spec: properties: maxScaledInReplicas: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: fixed: @@ -1677,7 +1677,7 @@ spec: properties: maxScaledInReplicas: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: fixed: @@ -2146,7 +2146,7 @@ spec: properties: maxScaledInReplicas: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: fixed: diff --git a/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml b/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml index d49bfddc6..2718cb53a 100644 --- a/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml +++ b/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml @@ -2536,8 +2536,7 @@ spec: Specifies the balancing mode for this backend. See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. - Default value is CONNECTION. + Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. type: string capacityScaler: @@ -2868,7 +2867,6 @@ spec: description: |- Time for which instance will be drained (not accept new connections, but still work to finish started). - From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. type: number consistentHash: description: |- @@ -2889,22 +2887,15 @@ spec: Structure is documented below. properties: name: - description: |- - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. + description: Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. properties: nanos: description: |- @@ -3071,6 +3062,10 @@ spec: Settings for enabling Cloud Identity Aware Proxy Structure is documented below. properties: + enabled: + description: Whether the serving infrastructure will authenticate + and authorize all incoming requests. + type: boolean oauth2ClientId: description: OAuth2 Client ID for IAP type: string @@ -3094,6 +3089,11 @@ spec: - namespace type: object type: object + ipAddressSelectionPolicy: + description: |- + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + type: string loadBalancingScheme: description: is set to INTERNAL_MANAGED type: string @@ -3130,8 +3130,6 @@ spec: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_MANAGED and the protocol is set to HTTP, HTTPS, or HTTP2. - From version 6.0. - Default values are enforce by GCP without providing them. Structure is documented below. properties: baseEjectionTime: @@ -3260,8 +3258,38 @@ spec: description: |- Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION, STRONG_COOKIE_AFFINITY. type: string + strongSessionAffinityCookie: + description: |- + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: |- + Lifetime of the cookie. + Structure is documented below. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: number + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: number + type: object + type: object timeoutSec: description: |- The backend service timeout has a different meaning depending on the type of load balancer. @@ -3304,8 +3332,7 @@ spec: Specifies the balancing mode for this backend. See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. - Default value is CONNECTION. + Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. type: string capacityScaler: @@ -3636,7 +3663,6 @@ spec: description: |- Time for which instance will be drained (not accept new connections, but still work to finish started). - From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. type: number consistentHash: description: |- @@ -3657,22 +3683,15 @@ spec: Structure is documented below. properties: name: - description: |- - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. + description: Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. properties: nanos: description: |- @@ -3839,6 +3858,10 @@ spec: Settings for enabling Cloud Identity Aware Proxy Structure is documented below. properties: + enabled: + description: Whether the serving infrastructure will authenticate + and authorize all incoming requests. + type: boolean oauth2ClientId: description: OAuth2 Client ID for IAP type: string @@ -3861,9 +3884,12 @@ spec: - name - namespace type: object - required: - - oauth2ClientSecretSecretRef type: object + ipAddressSelectionPolicy: + description: |- + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + type: string loadBalancingScheme: description: is set to INTERNAL_MANAGED type: string @@ -3900,8 +3926,6 @@ spec: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_MANAGED and the protocol is set to HTTP, HTTPS, or HTTP2. - From version 6.0. - Default values are enforce by GCP without providing them. Structure is documented below. properties: baseEjectionTime: @@ -4025,8 +4049,38 @@ spec: description: |- Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION, STRONG_COOKIE_AFFINITY. type: string + strongSessionAffinityCookie: + description: |- + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: |- + Lifetime of the cookie. + Structure is documented below. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: number + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: number + type: object + type: object timeoutSec: description: |- The backend service timeout has a different meaning depending on the type of load balancer. @@ -4227,8 +4281,7 @@ spec: Specifies the balancing mode for this backend. See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. - Default value is CONNECTION. + Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. type: string capacityScaler: @@ -4483,7 +4536,6 @@ spec: description: |- Time for which instance will be drained (not accept new connections, but still work to finish started). - From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. type: number consistentHash: description: |- @@ -4504,22 +4556,15 @@ spec: Structure is documented below. properties: name: - description: |- - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. + description: Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + Lifetime of the cookie. + Structure is documented below. properties: nanos: description: |- @@ -4619,6 +4664,10 @@ spec: Settings for enabling Cloud Identity Aware Proxy Structure is documented below. properties: + enabled: + description: Whether the serving infrastructure will authenticate + and authorize all incoming requests. + type: boolean oauth2ClientId: description: OAuth2 Client ID for IAP type: string @@ -4626,6 +4675,11 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/backendServices/{{name}} type: string + ipAddressSelectionPolicy: + description: |- + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. + type: string loadBalancingScheme: description: is set to INTERNAL_MANAGED type: string @@ -4662,8 +4716,6 @@ spec: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_MANAGED and the protocol is set to HTTP, HTTPS, or HTTP2. - From version 6.0. - Default values are enforce by GCP without providing them. Structure is documented below. properties: baseEjectionTime: @@ -4795,8 +4847,38 @@ spec: description: |- Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION, STRONG_COOKIE_AFFINITY. type: string + strongSessionAffinityCookie: + description: |- + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: |- + Lifetime of the cookie. + Structure is documented below. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: number + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: number + type: object + type: object timeoutSec: description: |- The backend service timeout has a different meaning depending on the type of load balancer. diff --git a/package/crds/compute.gcp.upbound.io_regiondisks.yaml b/package/crds/compute.gcp.upbound.io_regiondisks.yaml index b403e16ed..4f2de4d7a 100644 --- a/package/crds/compute.gcp.upbound.io_regiondisks.yaml +++ b/package/crds/compute.gcp.upbound.io_regiondisks.yaml @@ -1168,7 +1168,7 @@ spec: properties: asyncPrimaryDisk: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: disk: @@ -1473,7 +1473,7 @@ spec: properties: asyncPrimaryDisk: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: disk: @@ -1937,7 +1937,7 @@ spec: properties: asyncPrimaryDisk: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: disk: diff --git a/package/crds/compute.gcp.upbound.io_regionhealthchecks.yaml b/package/crds/compute.gcp.upbound.io_regionhealthchecks.yaml index bff539263..c884ef43a 100644 --- a/package/crds/compute.gcp.upbound.io_regionhealthchecks.yaml +++ b/package/crds/compute.gcp.upbound.io_regionhealthchecks.yaml @@ -1316,7 +1316,7 @@ spec: type: string grpcHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: grpcServiceName: @@ -1348,7 +1348,7 @@ spec: type: number http2HealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1393,7 +1393,7 @@ spec: type: object httpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1438,7 +1438,7 @@ spec: type: object httpsHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1504,7 +1504,7 @@ spec: type: string sslHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -1545,7 +1545,7 @@ spec: type: object tcpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -1623,7 +1623,7 @@ spec: type: string grpcHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: grpcServiceName: @@ -1655,7 +1655,7 @@ spec: type: number http2HealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1700,7 +1700,7 @@ spec: type: object httpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1745,7 +1745,7 @@ spec: type: object httpsHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -1806,7 +1806,7 @@ spec: type: string sslHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -1847,7 +1847,7 @@ spec: type: object tcpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -2085,7 +2085,7 @@ spec: type: string grpcHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: grpcServiceName: @@ -2110,6 +2110,10 @@ spec: following values: type: string type: object + healthCheckId: + description: The unique identifier number for the resource. This + identifier is defined by the server. + type: number healthyThreshold: description: |- A so-far unhealthy instance will be marked healthy after this many @@ -2117,7 +2121,7 @@ spec: type: number http2HealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -2162,7 +2166,7 @@ spec: type: object httpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -2207,7 +2211,7 @@ spec: type: object httpsHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: host: @@ -2279,7 +2283,7 @@ spec: type: string sslHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: @@ -2320,7 +2324,7 @@ spec: type: object tcpHealthCheck: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: port: diff --git a/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml b/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml index f75608ea9..7aad5d9bc 100644 --- a/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml +++ b/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml @@ -2097,6 +2097,45 @@ spec: type: string type: array x-kubernetes-list-type: set + instanceFlexibilityPolicy: + description: The flexibility policy for managed instance group. + Instance flexibility allows managed instance group to create + VMs from multiple types of machines. Instance flexibility configuration + on managed instance group overrides instance template configuration. + Structure is documented below. + properties: + instanceSelections: + description: ', Named instance selections configuring properties + that the group will use when creating new VMs. One can specify + multiple instance selection to allow managed instance group + to create VMs from multiple types of machines, based on + preference and availability. Structure is documented below.' + items: + properties: + machineTypes: + description: ', A list of full machine-type names, e.g. + "n1-standard-16".' + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: ', Name of the instance selection, e.g. + instance_selection_with_n1_machines_types. Instance + selection names must be unique within the flexibility + policy.' + type: string + rank: + description: ', Preference of this instance selection. + Lower number means higher preference. Managed instance + group will first try to create a VM based on the machine-type + with lowest rank and fallback to next rank based on + availability. Machine types and instance selections + with the same rank have the same preference.' + type: number + type: object + type: array + type: object instanceLifecyclePolicy: properties: defaultActionOnFailure: @@ -2154,6 +2193,30 @@ spec: description: The region where the managed instance group resides. If not provided, the provider region is used. type: string + standbyPolicy: + description: The standby policy for stopped and suspended instances. + Structure is documented below. For more information, see the + official documentation. + properties: + initialDelaySec: + description: '- Specifies the number of seconds that the MIG + should wait to suspend or stop a VM after that VM was created. + The initial delay gives the initialization script the time + to prepare your VM for a quick scale out. The value of initial + delay must be between 0 and 3600 seconds. The default value + is 0.' + type: number + mode: + description: '- Defines how a MIG resumes or starts VMs from + a standby pool when the group scales out. Valid options + are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have + full control over which VMs are stopped and suspended in + the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the + standby pools to accelerate the scale out by resuming or + starting them and then automatically replenishes the standby + pool with new VMs to maintain the target sizes.' + type: string + type: object statefulDisk: description: Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. @@ -2315,6 +2378,14 @@ spec: when using one. If a value is required, such as to specify a creation-time target size for the MIG, lifecycle. Defaults to 0. type: number + targetStoppedSize: + description: The target number of stopped instances for this managed + instance group. + type: number + targetSuspendedSize: + description: The target number of suspended instances for this + managed instance group. + type: number updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the @@ -2658,6 +2729,45 @@ spec: type: string type: array x-kubernetes-list-type: set + instanceFlexibilityPolicy: + description: The flexibility policy for managed instance group. + Instance flexibility allows managed instance group to create + VMs from multiple types of machines. Instance flexibility configuration + on managed instance group overrides instance template configuration. + Structure is documented below. + properties: + instanceSelections: + description: ', Named instance selections configuring properties + that the group will use when creating new VMs. One can specify + multiple instance selection to allow managed instance group + to create VMs from multiple types of machines, based on + preference and availability. Structure is documented below.' + items: + properties: + machineTypes: + description: ', A list of full machine-type names, e.g. + "n1-standard-16".' + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: ', Name of the instance selection, e.g. + instance_selection_with_n1_machines_types. Instance + selection names must be unique within the flexibility + policy.' + type: string + rank: + description: ', Preference of this instance selection. + Lower number means higher preference. Managed instance + group will first try to create a VM based on the machine-type + with lowest rank and fallback to next rank based on + availability. Machine types and instance selections + with the same rank have the same preference.' + type: number + type: object + type: array + type: object instanceLifecyclePolicy: properties: defaultActionOnFailure: @@ -2715,6 +2825,30 @@ spec: description: The region where the managed instance group resides. If not provided, the provider region is used. type: string + standbyPolicy: + description: The standby policy for stopped and suspended instances. + Structure is documented below. For more information, see the + official documentation. + properties: + initialDelaySec: + description: '- Specifies the number of seconds that the MIG + should wait to suspend or stop a VM after that VM was created. + The initial delay gives the initialization script the time + to prepare your VM for a quick scale out. The value of initial + delay must be between 0 and 3600 seconds. The default value + is 0.' + type: number + mode: + description: '- Defines how a MIG resumes or starts VMs from + a standby pool when the group scales out. Valid options + are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have + full control over which VMs are stopped and suspended in + the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the + standby pools to accelerate the scale out by resuming or + starting them and then automatically replenishes the standby + pool with new VMs to maintain the target sizes.' + type: string + type: object statefulDisk: description: Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. @@ -2876,6 +3010,14 @@ spec: when using one. If a value is required, such as to specify a creation-time target size for the MIG, lifecycle. Defaults to 0. type: number + targetStoppedSize: + description: The target number of stopped instances for this managed + instance group. + type: number + targetSuspendedSize: + description: The target number of suspended instances for this + managed instance group. + type: number updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the @@ -3329,10 +3471,52 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}} type: string + instanceFlexibilityPolicy: + description: The flexibility policy for managed instance group. + Instance flexibility allows managed instance group to create + VMs from multiple types of machines. Instance flexibility configuration + on managed instance group overrides instance template configuration. + Structure is documented below. + properties: + instanceSelections: + description: ', Named instance selections configuring properties + that the group will use when creating new VMs. One can specify + multiple instance selection to allow managed instance group + to create VMs from multiple types of machines, based on + preference and availability. Structure is documented below.' + items: + properties: + machineTypes: + description: ', A list of full machine-type names, e.g. + "n1-standard-16".' + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: ', Name of the instance selection, e.g. + instance_selection_with_n1_machines_types. Instance + selection names must be unique within the flexibility + policy.' + type: string + rank: + description: ', Preference of this instance selection. + Lower number means higher preference. Managed instance + group will first try to create a VM based on the machine-type + with lowest rank and fallback to next rank based on + availability. Machine types and instance selections + with the same rank have the same preference.' + type: number + type: object + type: array + type: object instanceGroup: description: The full URL of the instance group created by the manager. type: string + instanceGroupManagerId: + description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}} + type: number instanceLifecyclePolicy: properties: defaultActionOnFailure: @@ -3393,6 +3577,30 @@ spec: selfLink: description: The URL of the created resource. type: string + standbyPolicy: + description: The standby policy for stopped and suspended instances. + Structure is documented below. For more information, see the + official documentation. + properties: + initialDelaySec: + description: '- Specifies the number of seconds that the MIG + should wait to suspend or stop a VM after that VM was created. + The initial delay gives the initialization script the time + to prepare your VM for a quick scale out. The value of initial + delay must be between 0 and 3600 seconds. The default value + is 0.' + type: number + mode: + description: '- Defines how a MIG resumes or starts VMs from + a standby pool when the group scales out. Valid options + are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have + full control over which VMs are stopped and suspended in + the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the + standby pools to accelerate the scale out by resuming or + starting them and then automatically replenishes the standby + pool with new VMs to maintain the target sizes.' + type: string + type: object statefulDisk: description: Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. @@ -3546,6 +3754,14 @@ spec: when using one. If a value is required, such as to specify a creation-time target size for the MIG, lifecycle. Defaults to 0. type: number + targetStoppedSize: + description: The target number of stopped instances for this managed + instance group. + type: number + targetSuspendedSize: + description: The target number of suspended instances for this + managed instance group. + type: number updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the diff --git a/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml b/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml index 446b69af9..77eab1f25 100644 --- a/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml +++ b/package/crds/compute.gcp.upbound.io_regionnetworkendpointgroups.yaml @@ -1843,6 +1843,19 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + pscData: + description: |- + This field is only used for PSC NEGs. + Structure is documented below. + properties: + producerPort: + description: |- + The PSC producer port to use when consumer PSC NEG connects to a producer. If + this flag isn't specified for a PSC NEG with endpoint type + private-service-connect, then PSC NEG will be connected to a first port in the + available PSC producer port range. + type: string + type: object pscTargetService: description: |- This field is only used for PSC and INTERNET NEGs. @@ -2355,6 +2368,19 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + pscData: + description: |- + This field is only used for PSC NEGs. + Structure is documented below. + properties: + producerPort: + description: |- + The PSC producer port to use when consumer PSC NEG connects to a producer. If + this flag isn't specified for a PSC NEG with endpoint type + private-service-connect, then PSC NEG will be connected to a first port in the + available PSC producer port range. + type: string + type: object pscTargetService: description: |- This field is only used for PSC and INTERNET NEGs. @@ -2798,6 +2824,19 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + pscData: + description: |- + This field is only used for PSC NEGs. + Structure is documented below. + properties: + producerPort: + description: |- + The PSC producer port to use when consumer PSC NEG connects to a producer. If + this flag isn't specified for a PSC NEG with endpoint type + private-service-connect, then PSC NEG will be connected to a first port in the + available PSC producer port range. + type: string + type: object pscTargetService: description: |- This field is only used for PSC and INTERNET NEGs. diff --git a/package/crds/compute.gcp.upbound.io_regionnetworkendpoints.yaml b/package/crds/compute.gcp.upbound.io_regionnetworkendpoints.yaml index b91b10c6d..2116ee71f 100644 --- a/package/crds/compute.gcp.upbound.io_regionnetworkendpoints.yaml +++ b/package/crds/compute.gcp.upbound.io_regionnetworkendpoints.yaml @@ -484,6 +484,10 @@ spec: IPv4 address external endpoint. This can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT. type: string + networkEndpointId: + description: The unique identifier number for the resource. This + identifier is defined by the server. + type: number port: description: Port number of network endpoint. type: number diff --git a/package/crds/compute.gcp.upbound.io_regiontargethttpproxies.yaml b/package/crds/compute.gcp.upbound.io_regiontargethttpproxies.yaml index 9147ebc1d..a80ff6d01 100644 --- a/package/crds/compute.gcp.upbound.io_regiontargethttpproxies.yaml +++ b/package/crds/compute.gcp.upbound.io_regiontargethttpproxies.yaml @@ -77,6 +77,14 @@ spec: description: description: An optional description of this resource. type: string + httpKeepAliveTimeoutSec: + description: |- + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regional + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. + type: number project: description: |- The ID of the project in which the resource belongs. @@ -187,6 +195,14 @@ spec: description: description: An optional description of this resource. type: string + httpKeepAliveTimeoutSec: + description: |- + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regional + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. + type: number project: description: |- The ID of the project in which the resource belongs. @@ -453,6 +469,14 @@ spec: description: description: An optional description of this resource. type: string + httpKeepAliveTimeoutSec: + description: |- + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regional + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. + type: number id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}} type: string diff --git a/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml b/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml index 084e2cc8c..78455fc81 100644 --- a/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml +++ b/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml @@ -85,6 +85,14 @@ spec: description: description: An optional description of this resource. type: string + httpKeepAliveTimeoutSec: + description: |- + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regioanl + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. + type: number project: description: |- The ID of the project in which the resource belongs. @@ -312,6 +320,14 @@ spec: description: description: An optional description of this resource. type: string + httpKeepAliveTimeoutSec: + description: |- + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regioanl + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. + type: number project: description: |- The ID of the project in which the resource belongs. @@ -695,6 +711,14 @@ spec: description: description: An optional description of this resource. type: string + httpKeepAliveTimeoutSec: + description: |- + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regioanl + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. + type: number id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}} type: string diff --git a/package/crds/compute.gcp.upbound.io_routernats.yaml b/package/crds/compute.gcp.upbound.io_routernats.yaml index 03e971928..337a7dbc4 100644 --- a/package/crds/compute.gcp.upbound.io_routernats.yaml +++ b/package/crds/compute.gcp.upbound.io_routernats.yaml @@ -1602,6 +1602,14 @@ spec: description: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. type: number + initialNatIps: + description: |- + Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. + Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + items: + type: string + type: array + x-kubernetes-list-type: set logConfig: description: |- Configuration for logging on NAT @@ -1637,6 +1645,9 @@ spec: description: |- Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + If this field is used alongside with a count created list of address resources google_compute_address.foobar.*.self_link, + the access level resource for the address resource must have a lifecycle block with create_before_destroy = true so + the number of resources can be increased/decreased without triggering the resourceInUseByAnotherResource error. items: type: string type: array @@ -2134,6 +2145,14 @@ spec: description: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. type: number + initialNatIps: + description: |- + Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. + Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + items: + type: string + type: array + x-kubernetes-list-type: set logConfig: description: |- Configuration for logging on NAT @@ -2169,6 +2188,9 @@ spec: description: |- Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + If this field is used alongside with a count created list of address resources google_compute_address.foobar.*.self_link, + the access level resource for the address resource must have a lifecycle block with create_before_destroy = true so + the number of resources can be increased/decreased without triggering the resourceInUseByAnotherResource error. items: type: string type: array @@ -2751,6 +2773,14 @@ spec: id: description: an identifier for the resource with format {{project}}/{{region}}/{{router}}/{{name}} type: string + initialNatIps: + description: |- + Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. + Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + items: + type: string + type: array + x-kubernetes-list-type: set logConfig: description: |- Configuration for logging on NAT @@ -2786,6 +2816,9 @@ spec: description: |- Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + If this field is used alongside with a count created list of address resources google_compute_address.foobar.*.self_link, + the access level resource for the address resource must have a lifecycle block with create_before_destroy = true so + the number of resources can be increased/decreased without triggering the resourceInUseByAnotherResource error. items: type: string type: array diff --git a/package/crds/compute.gcp.upbound.io_routerpeers.yaml b/package/crds/compute.gcp.upbound.io_routerpeers.yaml index 1ae32fee3..7694c5451 100644 --- a/package/crds/compute.gcp.upbound.io_routerpeers.yaml +++ b/package/crds/compute.gcp.upbound.io_routerpeers.yaml @@ -1699,16 +1699,26 @@ spec: type: string type: object customLearnedIpRanges: + description: |- + The custom learned route IP address range. Must be a valid CIDR-formatted prefix. + If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, + a /32 singular IP address range, and, for IPv6, /128. + Structure is documented below. items: properties: range: description: |- - The IP range to advertise. The value must be a + The IP range to learn. The value must be a CIDR-formatted string. type: string type: object type: array customLearnedRoutePriority: + description: |- + The user-defined custom learned route priority for a BGP session. + This value is applied to all custom learned route ranges for the session. + You can choose a value from 0 to 65335. If you don't provide a value, + Google Cloud assigns a priority of 100 to the ranges. type: number enable: description: |- @@ -2280,16 +2290,26 @@ spec: type: string type: object customLearnedIpRanges: + description: |- + The custom learned route IP address range. Must be a valid CIDR-formatted prefix. + If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, + a /32 singular IP address range, and, for IPv6, /128. + Structure is documented below. items: properties: range: description: |- - The IP range to advertise. The value must be a + The IP range to learn. The value must be a CIDR-formatted string. type: string type: object type: array customLearnedRoutePriority: + description: |- + The user-defined custom learned route priority for a BGP session. + This value is applied to all custom learned route ranges for the session. + You can choose a value from 0 to 65335. If you don't provide a value, + Google Cloud assigns a priority of 100 to the ranges. type: number enable: description: |- @@ -2949,16 +2969,26 @@ spec: type: string type: object customLearnedIpRanges: + description: |- + The custom learned route IP address range. Must be a valid CIDR-formatted prefix. + If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, + a /32 singular IP address range, and, for IPv6, /128. + Structure is documented below. items: properties: range: description: |- - The IP range to advertise. The value must be a + The IP range to learn. The value must be a CIDR-formatted string. type: string type: object type: array customLearnedRoutePriority: + description: |- + The user-defined custom learned route priority for a BGP session. + This value is applied to all custom learned route ranges for the session. + You can choose a value from 0 to 65335. If you don't provide a value, + Google Cloud assigns a priority of 100 to the ranges. type: number enable: description: |- diff --git a/package/crds/compute.gcp.upbound.io_securitypolicies.yaml b/package/crds/compute.gcp.upbound.io_securitypolicies.yaml index b286e2d8d..42daf9638 100644 --- a/package/crds/compute.gcp.upbound.io_securitypolicies.yaml +++ b/package/crds/compute.gcp.upbound.io_securitypolicies.yaml @@ -1347,6 +1347,70 @@ spec: ruleVisibility: description: 'Rule visibility can be one of the following:' type: string + thresholdConfigs: + description: Configuration options for layer7 adaptive + protection for various customizable thresholds. Structure + is documented below. + items: + properties: + autoDeployConfidenceThreshold: + description: Confidence threshold above which Adaptive + Protection's auto-deploy takes actions. + type: number + autoDeployExpirationSec: + description: Duration over which Adaptive Protection's + auto-deployed actions last. + type: number + autoDeployImpactedBaselineThreshold: + description: Impacted baseline threshold below which + Adaptive Protection's auto-deploy takes actions. + type: number + autoDeployLoadThreshold: + description: Load threshold above which Adaptive + Protection automatically deploy threshold based + on the backend load threshold and detect a new + rule during an alerted attack. + type: number + detectionAbsoluteQps: + description: Detection threshold based on absolute + QPS. + type: number + detectionLoadThreshold: + description: Detection threshold based on the backend + service's load. + type: number + detectionRelativeToBaselineQps: + description: Detection threshold based on QPS relative + to the average of baseline traffic. + type: number + name: + description: The name of config. The name must be + 1-63 characters long, and comply with RFC1035. + The name must be unique within the security policy. + type: string + trafficGranularityConfigs: + description: Configuration options for enabling + Adaptive Protection to work on the specified service + granularity. Structure is documented below. + items: + properties: + enableEachUniqueValue: + description: If enabled, traffic matching + each unique value for the specified type + constitutes a separate traffic unit. It + can only be set to true if value is empty. + type: boolean + type: + description: Type of the redirect action. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + type: object + type: array type: object type: object advancedOptionsConfig: @@ -1513,6 +1577,106 @@ spec: Available options: type: string type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied + for the rule. If the rule does not evaluate preconfigured + WAF rules, i.e., if evaluatePreconfiguredWaf() is not + used, this field will have no effect. Structure is documented + below. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + requestCookie: + description: Request cookie whose value will be + excluded from inspection during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestHeader: + description: Request header whose value will be + excluded from inspection during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestQueryParam: + description: Request query parameter whose value + will be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can + be in the query string or in the POST body. + Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestUri: + description: Request URI from the request line + to be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, + the query or fragment part should be excluded. + Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the + WAF rule set to apply the preconfigured WAF + exclusion. If omitted, it refers to all the + rule IDs under the WAF rule set. + items: + type: string + type: array + x-kubernetes-list-type: set + targetRuleSet: + description: Target WAF rule set to apply the + preconfigured WAF exclusion. + type: string + type: object + type: array + type: object preview: description: |- When set to true, the action specified above is not enforced. @@ -1557,6 +1721,27 @@ spec: description: Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. type: string + enforceOnKeyConfigs: + description: If specified, any combination of values + of enforce_on_key_type/enforce_on_key_name is treated + as the key on which rate limit threshold/action is + enforced. You can specify up to 3 enforce_on_key_configs. + If enforce_on_key_configs is specified, enforce_on_key + must be set to an empty string. Structure is documented + below. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types:' + type: string + enforceOnKeyType: + description: Determines the key to enforce the + rate_limit_threshold on. If not specified, defaults + to ALL. + type: string + type: object + type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types:' @@ -1642,6 +1827,70 @@ spec: ruleVisibility: description: 'Rule visibility can be one of the following:' type: string + thresholdConfigs: + description: Configuration options for layer7 adaptive + protection for various customizable thresholds. Structure + is documented below. + items: + properties: + autoDeployConfidenceThreshold: + description: Confidence threshold above which Adaptive + Protection's auto-deploy takes actions. + type: number + autoDeployExpirationSec: + description: Duration over which Adaptive Protection's + auto-deployed actions last. + type: number + autoDeployImpactedBaselineThreshold: + description: Impacted baseline threshold below which + Adaptive Protection's auto-deploy takes actions. + type: number + autoDeployLoadThreshold: + description: Load threshold above which Adaptive + Protection automatically deploy threshold based + on the backend load threshold and detect a new + rule during an alerted attack. + type: number + detectionAbsoluteQps: + description: Detection threshold based on absolute + QPS. + type: number + detectionLoadThreshold: + description: Detection threshold based on the backend + service's load. + type: number + detectionRelativeToBaselineQps: + description: Detection threshold based on QPS relative + to the average of baseline traffic. + type: number + name: + description: The name of config. The name must be + 1-63 characters long, and comply with RFC1035. + The name must be unique within the security policy. + type: string + trafficGranularityConfigs: + description: Configuration options for enabling + Adaptive Protection to work on the specified service + granularity. Structure is documented below. + items: + properties: + enableEachUniqueValue: + description: If enabled, traffic matching + each unique value for the specified type + constitutes a separate traffic unit. It + can only be set to true if value is empty. + type: boolean + type: + description: Type of the redirect action. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + type: object + type: array type: object type: object advancedOptionsConfig: @@ -1808,6 +2057,106 @@ spec: Available options: type: string type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied + for the rule. If the rule does not evaluate preconfigured + WAF rules, i.e., if evaluatePreconfiguredWaf() is not + used, this field will have no effect. Structure is documented + below. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + requestCookie: + description: Request cookie whose value will be + excluded from inspection during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestHeader: + description: Request header whose value will be + excluded from inspection during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestQueryParam: + description: Request query parameter whose value + will be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can + be in the query string or in the POST body. + Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestUri: + description: Request URI from the request line + to be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, + the query or fragment part should be excluded. + Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the + WAF rule set to apply the preconfigured WAF + exclusion. If omitted, it refers to all the + rule IDs under the WAF rule set. + items: + type: string + type: array + x-kubernetes-list-type: set + targetRuleSet: + description: Target WAF rule set to apply the + preconfigured WAF exclusion. + type: string + type: object + type: array + type: object preview: description: |- When set to true, the action specified above is not enforced. @@ -1852,6 +2201,27 @@ spec: description: Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. type: string + enforceOnKeyConfigs: + description: If specified, any combination of values + of enforce_on_key_type/enforce_on_key_name is treated + as the key on which rate limit threshold/action is + enforced. You can specify up to 3 enforce_on_key_configs. + If enforce_on_key_configs is specified, enforce_on_key + must be set to an empty string. Structure is documented + below. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types:' + type: string + enforceOnKeyType: + description: Determines the key to enforce the + rate_limit_threshold on. If not specified, defaults + to ALL. + type: string + type: object + type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types:' @@ -2096,6 +2466,70 @@ spec: ruleVisibility: description: 'Rule visibility can be one of the following:' type: string + thresholdConfigs: + description: Configuration options for layer7 adaptive + protection for various customizable thresholds. Structure + is documented below. + items: + properties: + autoDeployConfidenceThreshold: + description: Confidence threshold above which Adaptive + Protection's auto-deploy takes actions. + type: number + autoDeployExpirationSec: + description: Duration over which Adaptive Protection's + auto-deployed actions last. + type: number + autoDeployImpactedBaselineThreshold: + description: Impacted baseline threshold below which + Adaptive Protection's auto-deploy takes actions. + type: number + autoDeployLoadThreshold: + description: Load threshold above which Adaptive + Protection automatically deploy threshold based + on the backend load threshold and detect a new + rule during an alerted attack. + type: number + detectionAbsoluteQps: + description: Detection threshold based on absolute + QPS. + type: number + detectionLoadThreshold: + description: Detection threshold based on the backend + service's load. + type: number + detectionRelativeToBaselineQps: + description: Detection threshold based on QPS relative + to the average of baseline traffic. + type: number + name: + description: The name of config. The name must be + 1-63 characters long, and comply with RFC1035. + The name must be unique within the security policy. + type: string + trafficGranularityConfigs: + description: Configuration options for enabling + Adaptive Protection to work on the specified service + granularity. Structure is documented below. + items: + properties: + enableEachUniqueValue: + description: If enabled, traffic matching + each unique value for the specified type + constitutes a separate traffic unit. It + can only be set to true if value is empty. + type: boolean + type: + description: Type of the redirect action. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + type: object + type: array type: object type: object advancedOptionsConfig: @@ -2268,6 +2702,106 @@ spec: Available options: type: string type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied + for the rule. If the rule does not evaluate preconfigured + WAF rules, i.e., if evaluatePreconfiguredWaf() is not + used, this field will have no effect. Structure is documented + below. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + requestCookie: + description: Request cookie whose value will be + excluded from inspection during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestHeader: + description: Request header whose value will be + excluded from inspection during preconfigured + WAF evaluation. Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestQueryParam: + description: Request query parameter whose value + will be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can + be in the query string or in the POST body. + Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + requestUri: + description: Request URI from the request line + to be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, + the query or fragment part should be excluded. + Structure is documented below. + items: + properties: + operator: + description: You can specify an exact match + or a partial match by using a field operator + and a field value. + type: string + value: + description: Requests that match this value + constitute a granular traffic unit. + type: string + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the + WAF rule set to apply the preconfigured WAF + exclusion. If omitted, it refers to all the + rule IDs under the WAF rule set. + items: + type: string + type: array + x-kubernetes-list-type: set + targetRuleSet: + description: Target WAF rule set to apply the + preconfigured WAF exclusion. + type: string + type: object + type: array + type: object preview: description: |- When set to true, the action specified above is not enforced. @@ -2312,6 +2846,27 @@ spec: description: Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to ALL. type: string + enforceOnKeyConfigs: + description: If specified, any combination of values + of enforce_on_key_type/enforce_on_key_name is treated + as the key on which rate limit threshold/action is + enforced. You can specify up to 3 enforce_on_key_configs. + If enforce_on_key_configs is specified, enforce_on_key + must be set to an empty string. Structure is documented + below. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types:' + type: string + enforceOnKeyType: + description: Determines the key to enforce the + rate_limit_threshold on. If not specified, defaults + to ALL. + type: string + type: object + type: array enforceOnKeyName: description: 'Rate limit key name applicable only for the following key types:' diff --git a/package/crds/compute.gcp.upbound.io_serviceattachments.yaml b/package/crds/compute.gcp.upbound.io_serviceattachments.yaml index 09883d794..48c3279dd 100644 --- a/package/crds/compute.gcp.upbound.io_serviceattachments.yaml +++ b/package/crds/compute.gcp.upbound.io_serviceattachments.yaml @@ -292,6 +292,14 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + propagatedConnectionLimit: + description: |- + The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center. + This limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer. + If the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list. + If the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint. + If unspecified, the default propagated connection limit is 250. + type: number reconcileConnections: description: |- This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. @@ -616,6 +624,14 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + propagatedConnectionLimit: + description: |- + The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center. + This limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer. + If the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list. + If the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint. + If unspecified, the default propagated connection limit is 250. + type: number reconcileConnections: description: |- This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. @@ -891,11 +907,26 @@ spec: Structure is documented below. items: properties: + consumerNetwork: + description: |- + (Output) + The url of the consumer network. + type: string endpoint: description: |- (Output) The URL of the consumer forwarding rule. type: string + propagatedConnectionCount: + description: |- + (Output) + The number of consumer Network Connectivity Center spokes that the connected Private Service Connect endpoint has propagated to. + type: number + pscConnectionId: + description: |- + (Output) + The PSC connection id of the connected endpoint. + type: string status: description: |- (Output) @@ -977,6 +1008,14 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + propagatedConnectionLimit: + description: |- + The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center. + This limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer. + If the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list. + If the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint. + If unspecified, the default propagated connection limit is 250. + type: number reconcileConnections: description: |- This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. diff --git a/package/crds/compute.gcp.upbound.io_subnetworks.yaml b/package/crds/compute.gcp.upbound.io_subnetworks.yaml index de3ca2e59..5f9ff955c 100644 --- a/package/crds/compute.gcp.upbound.io_subnetworks.yaml +++ b/package/crds/compute.gcp.upbound.io_subnetworks.yaml @@ -1051,6 +1051,7 @@ spec: Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. type: string ipv6AccessType: description: |- @@ -1202,17 +1203,22 @@ spec: type: string purpose: description: |- - The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. - If unspecified, the purpose defaults to PRIVATE_RFC_1918. + If unspecified, the purpose defaults to PRIVATE. type: string region: description: The GCP region for this subnetwork. type: string + reservedInternalRange: + description: |- + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + type: string role: description: |- The role of subnetwork. @@ -1240,6 +1246,7 @@ spec: range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. type: string rangeName: description: |- @@ -1248,6 +1255,11 @@ spec: be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork. type: string + reservedInternalRange: + description: |- + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + type: string type: object type: array sendSecondaryIpRangeIfEmpty: @@ -1297,6 +1309,7 @@ spec: Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. type: string ipv6AccessType: description: |- @@ -1448,13 +1461,18 @@ spec: type: string purpose: description: |- - The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. - If unspecified, the purpose defaults to PRIVATE_RFC_1918. + If unspecified, the purpose defaults to PRIVATE. + type: string + reservedInternalRange: + description: |- + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} type: string role: description: |- @@ -1483,6 +1501,7 @@ spec: range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. type: string rangeName: description: |- @@ -1491,6 +1510,11 @@ spec: be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork. type: string + reservedInternalRange: + description: |- + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + type: string type: object type: array sendSecondaryIpRangeIfEmpty: @@ -1676,11 +1700,6 @@ spec: required: - forProvider type: object - x-kubernetes-validations: - - message: spec.forProvider.ipCidrRange is a required parameter - rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies - || ''Update'' in self.managementPolicies) || has(self.forProvider.ipCidrRange) - || (has(self.initProvider) && has(self.initProvider.ipCidrRange))' status: description: SubnetworkStatus defines the observed state of Subnetwork. properties: @@ -1719,6 +1738,7 @@ spec: Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. type: string ipv6AccessType: description: |- @@ -1800,17 +1820,22 @@ spec: type: string purpose: description: |- - The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. - If unspecified, the purpose defaults to PRIVATE_RFC_1918. + If unspecified, the purpose defaults to PRIVATE. type: string region: description: The GCP region for this subnetwork. type: string + reservedInternalRange: + description: |- + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + type: string role: description: |- The role of subnetwork. @@ -1838,6 +1863,7 @@ spec: range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. type: string rangeName: description: |- @@ -1846,6 +1872,11 @@ spec: be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork. type: string + reservedInternalRange: + description: |- + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} + type: string type: object type: array selfLink: @@ -1866,6 +1897,10 @@ spec: If not specified IPV4_ONLY will be used. Possible values are: IPV4_ONLY, IPV4_IPV6. type: string + subnetworkId: + description: The unique identifier number for the resource. This + identifier is defined by the server. + type: number type: object conditions: description: Conditions of the resource. diff --git a/package/crds/compute.gcp.upbound.io_targethttpproxies.yaml b/package/crds/compute.gcp.upbound.io_targethttpproxies.yaml index 696dbf665..a252056bb 100644 --- a/package/crds/compute.gcp.upbound.io_targethttpproxies.yaml +++ b/package/crds/compute.gcp.upbound.io_targethttpproxies.yaml @@ -81,10 +81,13 @@ spec: description: |- Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. type: number project: description: |- @@ -196,10 +199,13 @@ spec: description: |- Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. type: number project: description: |- @@ -473,10 +479,13 @@ spec: description: |- Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. type: number id: description: an identifier for the resource with format projects/{{project}}/global/targetHttpProxies/{{name}} diff --git a/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml b/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml index 4435c2008..137c1a34e 100644 --- a/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml +++ b/package/crds/compute.gcp.upbound.io_targethttpsproxies.yaml @@ -98,10 +98,13 @@ spec: description: |- Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. type: number project: description: |- @@ -133,6 +136,10 @@ spec: INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. type: string sslCertificates: description: |- @@ -352,10 +359,13 @@ spec: description: |- Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. type: number project: description: |- @@ -387,6 +397,10 @@ spec: INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. type: string sslCertificates: description: |- @@ -768,10 +782,13 @@ spec: description: |- Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. type: number id: description: an identifier for the resource with format projects/{{project}}/global/targetHttpsProxies/{{name}} @@ -812,6 +829,10 @@ spec: INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. type: string sslCertificates: description: |- From fe23ad2ecc60f2617e7a0058b36962cb447b5aef Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 14:40:46 +0100 Subject: [PATCH 12/47] containeraws: added kubeletConfig Signed-off-by: Rickard von Essen --- .../v1beta2/zz_generated.deepcopy.go | 120 ++++++++++++++++++ .../containeraws/v1beta2/zz_nodepool_types.go | 59 +++++++++ .../containeraws/v1beta2/nodepool.yaml | 5 + examples/containeraws/v1beta2/nodepool.yaml | 5 + ...containeraws.gcp.upbound.io_nodepools.yaml | 63 +++++++++ 5 files changed, 252 insertions(+) diff --git a/apis/containeraws/v1beta2/zz_generated.deepcopy.go b/apis/containeraws/v1beta2/zz_generated.deepcopy.go index 57a03c0e5..b7f16aacb 100644 --- a/apis/containeraws/v1beta2/zz_generated.deepcopy.go +++ b/apis/containeraws/v1beta2/zz_generated.deepcopy.go @@ -2012,6 +2012,111 @@ func (in *FleetParameters) DeepCopy() *FleetParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfigInitParameters) DeepCopyInto(out *KubeletConfigInitParameters) { + *out = *in + if in.CPUCfsQuota != nil { + in, out := &in.CPUCfsQuota, &out.CPUCfsQuota + *out = new(bool) + **out = **in + } + if in.CPUCfsQuotaPeriod != nil { + in, out := &in.CPUCfsQuotaPeriod, &out.CPUCfsQuotaPeriod + *out = new(string) + **out = **in + } + if in.CPUManagerPolicy != nil { + in, out := &in.CPUManagerPolicy, &out.CPUManagerPolicy + *out = new(string) + **out = **in + } + if in.PodPidsLimit != nil { + in, out := &in.PodPidsLimit, &out.PodPidsLimit + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfigInitParameters. +func (in *KubeletConfigInitParameters) DeepCopy() *KubeletConfigInitParameters { + if in == nil { + return nil + } + out := new(KubeletConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfigObservation) DeepCopyInto(out *KubeletConfigObservation) { + *out = *in + if in.CPUCfsQuota != nil { + in, out := &in.CPUCfsQuota, &out.CPUCfsQuota + *out = new(bool) + **out = **in + } + if in.CPUCfsQuotaPeriod != nil { + in, out := &in.CPUCfsQuotaPeriod, &out.CPUCfsQuotaPeriod + *out = new(string) + **out = **in + } + if in.CPUManagerPolicy != nil { + in, out := &in.CPUManagerPolicy, &out.CPUManagerPolicy + *out = new(string) + **out = **in + } + if in.PodPidsLimit != nil { + in, out := &in.PodPidsLimit, &out.PodPidsLimit + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfigObservation. +func (in *KubeletConfigObservation) DeepCopy() *KubeletConfigObservation { + if in == nil { + return nil + } + out := new(KubeletConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeletConfigParameters) DeepCopyInto(out *KubeletConfigParameters) { + *out = *in + if in.CPUCfsQuota != nil { + in, out := &in.CPUCfsQuota, &out.CPUCfsQuota + *out = new(bool) + **out = **in + } + if in.CPUCfsQuotaPeriod != nil { + in, out := &in.CPUCfsQuotaPeriod, &out.CPUCfsQuotaPeriod + *out = new(string) + **out = **in + } + if in.CPUManagerPolicy != nil { + in, out := &in.CPUManagerPolicy, &out.CPUManagerPolicy + *out = new(string) + **out = **in + } + if in.PodPidsLimit != nil { + in, out := &in.PodPidsLimit, &out.PodPidsLimit + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeletConfigParameters. +func (in *KubeletConfigParameters) DeepCopy() *KubeletConfigParameters { + if in == nil { + return nil + } + out := new(KubeletConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MainVolumeInitParameters) DeepCopyInto(out *MainVolumeInitParameters) { *out = *in @@ -2449,6 +2554,11 @@ func (in *NodePoolInitParameters) DeepCopyInto(out *NodePoolInitParameters) { *out = new(ConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.KubeletConfig != nil { + in, out := &in.KubeletConfig, &out.KubeletConfig + *out = new(KubeletConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.Management != nil { in, out := &in.Management, &out.Management *out = new(ManagementInitParameters) @@ -2588,6 +2698,11 @@ func (in *NodePoolObservation) DeepCopyInto(out *NodePoolObservation) { *out = new(string) **out = **in } + if in.KubeletConfig != nil { + in, out := &in.KubeletConfig, &out.KubeletConfig + *out = new(KubeletConfigObservation) + (*in).DeepCopyInto(*out) + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -2699,6 +2814,11 @@ func (in *NodePoolParameters) DeepCopyInto(out *NodePoolParameters) { *out = new(ConfigParameters) (*in).DeepCopyInto(*out) } + if in.KubeletConfig != nil { + in, out := &in.KubeletConfig, &out.KubeletConfig + *out = new(KubeletConfigParameters) + (*in).DeepCopyInto(*out) + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) diff --git a/apis/containeraws/v1beta2/zz_nodepool_types.go b/apis/containeraws/v1beta2/zz_nodepool_types.go index a565163e4..caddfa80e 100755 --- a/apis/containeraws/v1beta2/zz_nodepool_types.go +++ b/apis/containeraws/v1beta2/zz_nodepool_types.go @@ -322,6 +322,55 @@ type ConfigSSHConfigParameters struct { EC2KeyPair *string `json:"ec2KeyPair" tf:"ec2_key_pair,omitempty"` } +type KubeletConfigInitParameters struct { + + // Whether or not to enable CPU CFS quota. Defaults to true. + CPUCfsQuota *bool `json:"cpuCfsQuota,omitempty" tf:"cpu_cfs_quota,omitempty"` + + // Optional. The CPU CFS quota period to use for the node. Defaults to "100ms". + CPUCfsQuotaPeriod *string `json:"cpuCfsQuotaPeriod,omitempty" tf:"cpu_cfs_quota_period,omitempty"` + + // The CpuManagerPolicy to use for the node. Defaults to "none". + CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` + + // Optional. The maximum number of PIDs in each pod running on the node. The limit scales automatically based on underlying machine size if left unset. + PodPidsLimit *float64 `json:"podPidsLimit,omitempty" tf:"pod_pids_limit,omitempty"` +} + +type KubeletConfigObservation struct { + + // Whether or not to enable CPU CFS quota. Defaults to true. + CPUCfsQuota *bool `json:"cpuCfsQuota,omitempty" tf:"cpu_cfs_quota,omitempty"` + + // Optional. The CPU CFS quota period to use for the node. Defaults to "100ms". + CPUCfsQuotaPeriod *string `json:"cpuCfsQuotaPeriod,omitempty" tf:"cpu_cfs_quota_period,omitempty"` + + // The CpuManagerPolicy to use for the node. Defaults to "none". + CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` + + // Optional. The maximum number of PIDs in each pod running on the node. The limit scales automatically based on underlying machine size if left unset. + PodPidsLimit *float64 `json:"podPidsLimit,omitempty" tf:"pod_pids_limit,omitempty"` +} + +type KubeletConfigParameters struct { + + // Whether or not to enable CPU CFS quota. Defaults to true. + // +kubebuilder:validation:Optional + CPUCfsQuota *bool `json:"cpuCfsQuota,omitempty" tf:"cpu_cfs_quota,omitempty"` + + // Optional. The CPU CFS quota period to use for the node. Defaults to "100ms". + // +kubebuilder:validation:Optional + CPUCfsQuotaPeriod *string `json:"cpuCfsQuotaPeriod,omitempty" tf:"cpu_cfs_quota_period,omitempty"` + + // The CpuManagerPolicy to use for the node. Defaults to "none". + // +kubebuilder:validation:Optional + CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` + + // Optional. The maximum number of PIDs in each pod running on the node. The limit scales automatically based on underlying machine size if left unset. + // +kubebuilder:validation:Optional + PodPidsLimit *float64 `json:"podPidsLimit,omitempty" tf:"pod_pids_limit,omitempty"` +} + type ManagementInitParameters struct { // Optional. Whether or not the nodes will be automatically repaired. @@ -372,6 +421,9 @@ type NodePoolInitParameters struct { // The configuration of the node pool. Config *ConfigInitParameters `json:"config,omitempty" tf:"config,omitempty"` + // The kubelet configuration for the node pool. + KubeletConfig *KubeletConfigInitParameters `json:"kubeletConfig,omitempty" tf:"kubelet_config,omitempty"` + // The Management configuration for this node pool. Management *ManagementInitParameters `json:"management,omitempty" tf:"management,omitempty"` @@ -418,6 +470,9 @@ type NodePoolObservation struct { // an identifier for the resource with format projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // The kubelet configuration for the node pool. + KubeletConfig *KubeletConfigObservation `json:"kubeletConfig,omitempty" tf:"kubelet_config,omitempty"` + // The location for the resource Location *string `json:"location,omitempty" tf:"location,omitempty"` @@ -480,6 +535,10 @@ type NodePoolParameters struct { // +kubebuilder:validation:Optional Config *ConfigParameters `json:"config,omitempty" tf:"config,omitempty"` + // The kubelet configuration for the node pool. + // +kubebuilder:validation:Optional + KubeletConfig *KubeletConfigParameters `json:"kubeletConfig,omitempty" tf:"kubelet_config,omitempty"` + // The location for the resource // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` diff --git a/examples-generated/containeraws/v1beta2/nodepool.yaml b/examples-generated/containeraws/v1beta2/nodepool.yaml index 569d7ba3e..d7a0ce0e8 100644 --- a/examples-generated/containeraws/v1beta2/nodepool.yaml +++ b/examples-generated/containeraws/v1beta2/nodepool.yaml @@ -41,6 +41,11 @@ spec: - effect: PREFER_NO_SCHEDULE key: taint-key value: taint-value + kubeletConfig: + - cpuCfsQuota: true + cpuCfsQuotaPeriod: 100ms + cpuManagerPolicy: none + podPidsLimit: 1024 location: us-west1 management: - autoRepair: true diff --git a/examples/containeraws/v1beta2/nodepool.yaml b/examples/containeraws/v1beta2/nodepool.yaml index 0df958ca0..a4652206a 100644 --- a/examples/containeraws/v1beta2/nodepool.yaml +++ b/examples/containeraws/v1beta2/nodepool.yaml @@ -37,6 +37,11 @@ spec: volumeType: GP3 tags: tag-one: value-one + kubeletConfig: + - cpuCfsQuota: true + cpuCfsQuotaPeriod: 100ms + cpuManagerPolicy: none + podPidsLimit: 1024 location: us-west1 maxPodsConstraint: maxPodsPerNode: 110 diff --git a/package/crds/containeraws.gcp.upbound.io_nodepools.yaml b/package/crds/containeraws.gcp.upbound.io_nodepools.yaml index fca61b887..5ce4dea9b 100644 --- a/package/crds/containeraws.gcp.upbound.io_nodepools.yaml +++ b/package/crds/containeraws.gcp.upbound.io_nodepools.yaml @@ -1478,6 +1478,27 @@ spec: type: object type: array type: object + kubeletConfig: + description: The kubelet configuration for the node pool. + properties: + cpuCfsQuota: + description: Whether or not to enable CPU CFS quota. Defaults + to true. + type: boolean + cpuCfsQuotaPeriod: + description: Optional. The CPU CFS quota period to use for + the node. Defaults to "100ms". + type: string + cpuManagerPolicy: + description: The CpuManagerPolicy to use for the node. Defaults + to "none". + type: string + podPidsLimit: + description: Optional. The maximum number of PIDs in each + pod running on the node. The limit scales automatically + based on underlying machine size if left unset. + type: number + type: object location: description: The location for the resource type: string @@ -1710,6 +1731,27 @@ spec: type: object type: array type: object + kubeletConfig: + description: The kubelet configuration for the node pool. + properties: + cpuCfsQuota: + description: Whether or not to enable CPU CFS quota. Defaults + to true. + type: boolean + cpuCfsQuotaPeriod: + description: Optional. The CPU CFS quota period to use for + the node. Defaults to "100ms". + type: string + cpuManagerPolicy: + description: The CpuManagerPolicy to use for the node. Defaults + to "none". + type: string + podPidsLimit: + description: Optional. The maximum number of PIDs in each + pod running on the node. The limit scales automatically + based on underlying machine size if left unset. + type: number + type: object management: description: The Management configuration for this node pool. properties: @@ -2138,6 +2180,27 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/awsClusters/{{cluster}}/awsNodePools/{{name}} type: string + kubeletConfig: + description: The kubelet configuration for the node pool. + properties: + cpuCfsQuota: + description: Whether or not to enable CPU CFS quota. Defaults + to true. + type: boolean + cpuCfsQuotaPeriod: + description: Optional. The CPU CFS quota period to use for + the node. Defaults to "100ms". + type: string + cpuManagerPolicy: + description: The CpuManagerPolicy to use for the node. Defaults + to "none". + type: string + podPidsLimit: + description: Optional. The maximum number of PIDs in each + pod running on the node. The limit scales automatically + based on underlying machine size if left unset. + type: number + type: object location: description: The location for the resource type: string From 4f1e8795cf46d455ce886fb41162284a15678c79 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 14:48:21 +0100 Subject: [PATCH 13/47] dialogflowcx: agent added loggingSettings and speechSettings Signed-off-by: Rickard von Essen --- apis/dialogflowcx/v1beta2/zz_agent_types.go | 117 ++++ apis/dialogflowcx/v1beta2/zz_flow_types.go | 117 ++++ .../v1beta2/zz_generated.deepcopy.go | 516 ++++++++++++++++++ .../dialogflowcx/v1beta2/agent.yaml | 12 + .../dialogflowcx.gcp.upbound.io_agents.yaml | 132 +++++ .../dialogflowcx.gcp.upbound.io_flows.yaml | 132 +++++ 6 files changed, 1026 insertions(+) diff --git a/apis/dialogflowcx/v1beta2/zz_agent_types.go b/apis/dialogflowcx/v1beta2/zz_agent_types.go index 95babb204..3ef89622a 100755 --- a/apis/dialogflowcx/v1beta2/zz_agent_types.go +++ b/apis/dialogflowcx/v1beta2/zz_agent_types.go @@ -20,6 +20,12 @@ type AdvancedSettingsInitParameters struct { // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: DtmfSettings *DtmfSettingsInitParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` + + // Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + LoggingSettings *LoggingSettingsInitParameters `json:"loggingSettings,omitempty" tf:"logging_settings,omitempty"` + + // Settings for speech to text detection. Exposed at the following levels: + SpeechSettings *SpeechSettingsInitParameters `json:"speechSettings,omitempty" tf:"speech_settings,omitempty"` } type AdvancedSettingsObservation struct { @@ -29,6 +35,12 @@ type AdvancedSettingsObservation struct { // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: DtmfSettings *DtmfSettingsObservation `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` + + // Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + LoggingSettings *LoggingSettingsObservation `json:"loggingSettings,omitempty" tf:"logging_settings,omitempty"` + + // Settings for speech to text detection. Exposed at the following levels: + SpeechSettings *SpeechSettingsObservation `json:"speechSettings,omitempty" tf:"speech_settings,omitempty"` } type AdvancedSettingsParameters struct { @@ -40,6 +52,14 @@ type AdvancedSettingsParameters struct { // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: // +kubebuilder:validation:Optional DtmfSettings *DtmfSettingsParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` + + // Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + // +kubebuilder:validation:Optional + LoggingSettings *LoggingSettingsParameters `json:"loggingSettings,omitempty" tf:"logging_settings,omitempty"` + + // Settings for speech to text detection. Exposed at the following levels: + // +kubebuilder:validation:Optional + SpeechSettings *SpeechSettingsParameters `json:"speechSettings,omitempty" tf:"speech_settings,omitempty"` } type AgentInitParameters struct { @@ -384,6 +404,103 @@ type GithubSettingsParameters struct { TrackingBranch *string `json:"trackingBranch,omitempty" tf:"tracking_branch,omitempty"` } +type LoggingSettingsInitParameters struct { + + // Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + EnableConsentBasedRedaction *bool `json:"enableConsentBasedRedaction,omitempty" tf:"enable_consent_based_redaction,omitempty"` + + // Enables DF Interaction logging. + EnableInteractionLogging *bool `json:"enableInteractionLogging,omitempty" tf:"enable_interaction_logging,omitempty"` + + // Enables Google Cloud Logging. + EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` +} + +type LoggingSettingsObservation struct { + + // Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + EnableConsentBasedRedaction *bool `json:"enableConsentBasedRedaction,omitempty" tf:"enable_consent_based_redaction,omitempty"` + + // Enables DF Interaction logging. + EnableInteractionLogging *bool `json:"enableInteractionLogging,omitempty" tf:"enable_interaction_logging,omitempty"` + + // Enables Google Cloud Logging. + EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` +} + +type LoggingSettingsParameters struct { + + // Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + // +kubebuilder:validation:Optional + EnableConsentBasedRedaction *bool `json:"enableConsentBasedRedaction,omitempty" tf:"enable_consent_based_redaction,omitempty"` + + // Enables DF Interaction logging. + // +kubebuilder:validation:Optional + EnableInteractionLogging *bool `json:"enableInteractionLogging,omitempty" tf:"enable_interaction_logging,omitempty"` + + // Enables Google Cloud Logging. + // +kubebuilder:validation:Optional + EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` +} + +type SpeechSettingsInitParameters struct { + + // Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + EndpointerSensitivity *float64 `json:"endpointerSensitivity,omitempty" tf:"endpointer_sensitivity,omitempty"` + + // Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Models map[string]*string `json:"models,omitempty" tf:"models,omitempty"` + + // Timeout before detecting no speech. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + NoSpeechTimeout *string `json:"noSpeechTimeout,omitempty" tf:"no_speech_timeout,omitempty"` + + // Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. + UseTimeoutBasedEndpointing *bool `json:"useTimeoutBasedEndpointing,omitempty" tf:"use_timeout_based_endpointing,omitempty"` +} + +type SpeechSettingsObservation struct { + + // Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + EndpointerSensitivity *float64 `json:"endpointerSensitivity,omitempty" tf:"endpointer_sensitivity,omitempty"` + + // Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Models map[string]*string `json:"models,omitempty" tf:"models,omitempty"` + + // Timeout before detecting no speech. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + NoSpeechTimeout *string `json:"noSpeechTimeout,omitempty" tf:"no_speech_timeout,omitempty"` + + // Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. + UseTimeoutBasedEndpointing *bool `json:"useTimeoutBasedEndpointing,omitempty" tf:"use_timeout_based_endpointing,omitempty"` +} + +type SpeechSettingsParameters struct { + + // Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + // +kubebuilder:validation:Optional + EndpointerSensitivity *float64 `json:"endpointerSensitivity,omitempty" tf:"endpointer_sensitivity,omitempty"` + + // Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + Models map[string]*string `json:"models,omitempty" tf:"models,omitempty"` + + // Timeout before detecting no speech. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + // +kubebuilder:validation:Optional + NoSpeechTimeout *string `json:"noSpeechTimeout,omitempty" tf:"no_speech_timeout,omitempty"` + + // Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. + // +kubebuilder:validation:Optional + UseTimeoutBasedEndpointing *bool `json:"useTimeoutBasedEndpointing,omitempty" tf:"use_timeout_based_endpointing,omitempty"` +} + type SpeechToTextSettingsInitParameters struct { // Whether to use speech adaptation for speech recognition. diff --git a/apis/dialogflowcx/v1beta2/zz_flow_types.go b/apis/dialogflowcx/v1beta2/zz_flow_types.go index dd520915b..b2ebbbd29 100755 --- a/apis/dialogflowcx/v1beta2/zz_flow_types.go +++ b/apis/dialogflowcx/v1beta2/zz_flow_types.go @@ -74,6 +74,103 @@ type AdvancedSettingsDtmfSettingsParameters struct { MaxDigits *float64 `json:"maxDigits,omitempty" tf:"max_digits,omitempty"` } +type AdvancedSettingsLoggingSettingsInitParameters struct { + + // Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + EnableConsentBasedRedaction *bool `json:"enableConsentBasedRedaction,omitempty" tf:"enable_consent_based_redaction,omitempty"` + + // Enables DF Interaction logging. + EnableInteractionLogging *bool `json:"enableInteractionLogging,omitempty" tf:"enable_interaction_logging,omitempty"` + + // Enables Google Cloud Logging. + EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` +} + +type AdvancedSettingsLoggingSettingsObservation struct { + + // Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + EnableConsentBasedRedaction *bool `json:"enableConsentBasedRedaction,omitempty" tf:"enable_consent_based_redaction,omitempty"` + + // Enables DF Interaction logging. + EnableInteractionLogging *bool `json:"enableInteractionLogging,omitempty" tf:"enable_interaction_logging,omitempty"` + + // Enables Google Cloud Logging. + EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` +} + +type AdvancedSettingsLoggingSettingsParameters struct { + + // Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + // +kubebuilder:validation:Optional + EnableConsentBasedRedaction *bool `json:"enableConsentBasedRedaction,omitempty" tf:"enable_consent_based_redaction,omitempty"` + + // Enables DF Interaction logging. + // +kubebuilder:validation:Optional + EnableInteractionLogging *bool `json:"enableInteractionLogging,omitempty" tf:"enable_interaction_logging,omitempty"` + + // Enables Google Cloud Logging. + // +kubebuilder:validation:Optional + EnableStackdriverLogging *bool `json:"enableStackdriverLogging,omitempty" tf:"enable_stackdriver_logging,omitempty"` +} + +type AdvancedSettingsSpeechSettingsInitParameters struct { + + // Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + EndpointerSensitivity *float64 `json:"endpointerSensitivity,omitempty" tf:"endpointer_sensitivity,omitempty"` + + // Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Models map[string]*string `json:"models,omitempty" tf:"models,omitempty"` + + // Timeout before detecting no speech. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + NoSpeechTimeout *string `json:"noSpeechTimeout,omitempty" tf:"no_speech_timeout,omitempty"` + + // Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. + UseTimeoutBasedEndpointing *bool `json:"useTimeoutBasedEndpointing,omitempty" tf:"use_timeout_based_endpointing,omitempty"` +} + +type AdvancedSettingsSpeechSettingsObservation struct { + + // Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + EndpointerSensitivity *float64 `json:"endpointerSensitivity,omitempty" tf:"endpointer_sensitivity,omitempty"` + + // Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +mapType=granular + Models map[string]*string `json:"models,omitempty" tf:"models,omitempty"` + + // Timeout before detecting no speech. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + NoSpeechTimeout *string `json:"noSpeechTimeout,omitempty" tf:"no_speech_timeout,omitempty"` + + // Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. + UseTimeoutBasedEndpointing *bool `json:"useTimeoutBasedEndpointing,omitempty" tf:"use_timeout_based_endpointing,omitempty"` +} + +type AdvancedSettingsSpeechSettingsParameters struct { + + // Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + // +kubebuilder:validation:Optional + EndpointerSensitivity *float64 `json:"endpointerSensitivity,omitempty" tf:"endpointer_sensitivity,omitempty"` + + // Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + // +kubebuilder:validation:Optional + // +mapType=granular + Models map[string]*string `json:"models,omitempty" tf:"models,omitempty"` + + // Timeout before detecting no speech. + // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + // +kubebuilder:validation:Optional + NoSpeechTimeout *string `json:"noSpeechTimeout,omitempty" tf:"no_speech_timeout,omitempty"` + + // Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. + // +kubebuilder:validation:Optional + UseTimeoutBasedEndpointing *bool `json:"useTimeoutBasedEndpointing,omitempty" tf:"use_timeout_based_endpointing,omitempty"` +} + type ConditionalCasesInitParameters struct { // A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. @@ -184,6 +281,12 @@ type FlowAdvancedSettingsInitParameters struct { // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: DtmfSettings *AdvancedSettingsDtmfSettingsInitParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` + + // Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + LoggingSettings *AdvancedSettingsLoggingSettingsInitParameters `json:"loggingSettings,omitempty" tf:"logging_settings,omitempty"` + + // Settings for speech to text detection. Exposed at the following levels: + SpeechSettings *AdvancedSettingsSpeechSettingsInitParameters `json:"speechSettings,omitempty" tf:"speech_settings,omitempty"` } type FlowAdvancedSettingsObservation struct { @@ -193,6 +296,12 @@ type FlowAdvancedSettingsObservation struct { // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: DtmfSettings *AdvancedSettingsDtmfSettingsObservation `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` + + // Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + LoggingSettings *AdvancedSettingsLoggingSettingsObservation `json:"loggingSettings,omitempty" tf:"logging_settings,omitempty"` + + // Settings for speech to text detection. Exposed at the following levels: + SpeechSettings *AdvancedSettingsSpeechSettingsObservation `json:"speechSettings,omitempty" tf:"speech_settings,omitempty"` } type FlowAdvancedSettingsParameters struct { @@ -204,6 +313,14 @@ type FlowAdvancedSettingsParameters struct { // Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: // +kubebuilder:validation:Optional DtmfSettings *AdvancedSettingsDtmfSettingsParameters `json:"dtmfSettings,omitempty" tf:"dtmf_settings,omitempty"` + + // Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + // +kubebuilder:validation:Optional + LoggingSettings *AdvancedSettingsLoggingSettingsParameters `json:"loggingSettings,omitempty" tf:"logging_settings,omitempty"` + + // Settings for speech to text detection. Exposed at the following levels: + // +kubebuilder:validation:Optional + SpeechSettings *AdvancedSettingsSpeechSettingsParameters `json:"speechSettings,omitempty" tf:"speech_settings,omitempty"` } type FlowInitParameters struct { diff --git a/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go b/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go index d712aabe5..b3064730a 100644 --- a/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go +++ b/apis/dialogflowcx/v1beta2/zz_generated.deepcopy.go @@ -176,6 +176,16 @@ func (in *AdvancedSettingsInitParameters) DeepCopyInto(out *AdvancedSettingsInit *out = new(DtmfSettingsInitParameters) (*in).DeepCopyInto(*out) } + if in.LoggingSettings != nil { + in, out := &in.LoggingSettings, &out.LoggingSettings + *out = new(LoggingSettingsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.SpeechSettings != nil { + in, out := &in.SpeechSettings, &out.SpeechSettings + *out = new(SpeechSettingsInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsInitParameters. @@ -188,6 +198,96 @@ func (in *AdvancedSettingsInitParameters) DeepCopy() *AdvancedSettingsInitParame return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsLoggingSettingsInitParameters) DeepCopyInto(out *AdvancedSettingsLoggingSettingsInitParameters) { + *out = *in + if in.EnableConsentBasedRedaction != nil { + in, out := &in.EnableConsentBasedRedaction, &out.EnableConsentBasedRedaction + *out = new(bool) + **out = **in + } + if in.EnableInteractionLogging != nil { + in, out := &in.EnableInteractionLogging, &out.EnableInteractionLogging + *out = new(bool) + **out = **in + } + if in.EnableStackdriverLogging != nil { + in, out := &in.EnableStackdriverLogging, &out.EnableStackdriverLogging + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsLoggingSettingsInitParameters. +func (in *AdvancedSettingsLoggingSettingsInitParameters) DeepCopy() *AdvancedSettingsLoggingSettingsInitParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsLoggingSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsLoggingSettingsObservation) DeepCopyInto(out *AdvancedSettingsLoggingSettingsObservation) { + *out = *in + if in.EnableConsentBasedRedaction != nil { + in, out := &in.EnableConsentBasedRedaction, &out.EnableConsentBasedRedaction + *out = new(bool) + **out = **in + } + if in.EnableInteractionLogging != nil { + in, out := &in.EnableInteractionLogging, &out.EnableInteractionLogging + *out = new(bool) + **out = **in + } + if in.EnableStackdriverLogging != nil { + in, out := &in.EnableStackdriverLogging, &out.EnableStackdriverLogging + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsLoggingSettingsObservation. +func (in *AdvancedSettingsLoggingSettingsObservation) DeepCopy() *AdvancedSettingsLoggingSettingsObservation { + if in == nil { + return nil + } + out := new(AdvancedSettingsLoggingSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsLoggingSettingsParameters) DeepCopyInto(out *AdvancedSettingsLoggingSettingsParameters) { + *out = *in + if in.EnableConsentBasedRedaction != nil { + in, out := &in.EnableConsentBasedRedaction, &out.EnableConsentBasedRedaction + *out = new(bool) + **out = **in + } + if in.EnableInteractionLogging != nil { + in, out := &in.EnableInteractionLogging, &out.EnableInteractionLogging + *out = new(bool) + **out = **in + } + if in.EnableStackdriverLogging != nil { + in, out := &in.EnableStackdriverLogging, &out.EnableStackdriverLogging + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsLoggingSettingsParameters. +func (in *AdvancedSettingsLoggingSettingsParameters) DeepCopy() *AdvancedSettingsLoggingSettingsParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsLoggingSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdvancedSettingsObservation) DeepCopyInto(out *AdvancedSettingsObservation) { *out = *in @@ -201,6 +301,16 @@ func (in *AdvancedSettingsObservation) DeepCopyInto(out *AdvancedSettingsObserva *out = new(DtmfSettingsObservation) (*in).DeepCopyInto(*out) } + if in.LoggingSettings != nil { + in, out := &in.LoggingSettings, &out.LoggingSettings + *out = new(LoggingSettingsObservation) + (*in).DeepCopyInto(*out) + } + if in.SpeechSettings != nil { + in, out := &in.SpeechSettings, &out.SpeechSettings + *out = new(SpeechSettingsObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsObservation. @@ -226,6 +336,16 @@ func (in *AdvancedSettingsParameters) DeepCopyInto(out *AdvancedSettingsParamete *out = new(DtmfSettingsParameters) (*in).DeepCopyInto(*out) } + if in.LoggingSettings != nil { + in, out := &in.LoggingSettings, &out.LoggingSettings + *out = new(LoggingSettingsParameters) + (*in).DeepCopyInto(*out) + } + if in.SpeechSettings != nil { + in, out := &in.SpeechSettings, &out.SpeechSettings + *out = new(SpeechSettingsParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsParameters. @@ -238,6 +358,144 @@ func (in *AdvancedSettingsParameters) DeepCopy() *AdvancedSettingsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsSpeechSettingsInitParameters) DeepCopyInto(out *AdvancedSettingsSpeechSettingsInitParameters) { + *out = *in + if in.EndpointerSensitivity != nil { + in, out := &in.EndpointerSensitivity, &out.EndpointerSensitivity + *out = new(float64) + **out = **in + } + if in.Models != nil { + in, out := &in.Models, &out.Models + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.NoSpeechTimeout != nil { + in, out := &in.NoSpeechTimeout, &out.NoSpeechTimeout + *out = new(string) + **out = **in + } + if in.UseTimeoutBasedEndpointing != nil { + in, out := &in.UseTimeoutBasedEndpointing, &out.UseTimeoutBasedEndpointing + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsSpeechSettingsInitParameters. +func (in *AdvancedSettingsSpeechSettingsInitParameters) DeepCopy() *AdvancedSettingsSpeechSettingsInitParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsSpeechSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsSpeechSettingsObservation) DeepCopyInto(out *AdvancedSettingsSpeechSettingsObservation) { + *out = *in + if in.EndpointerSensitivity != nil { + in, out := &in.EndpointerSensitivity, &out.EndpointerSensitivity + *out = new(float64) + **out = **in + } + if in.Models != nil { + in, out := &in.Models, &out.Models + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.NoSpeechTimeout != nil { + in, out := &in.NoSpeechTimeout, &out.NoSpeechTimeout + *out = new(string) + **out = **in + } + if in.UseTimeoutBasedEndpointing != nil { + in, out := &in.UseTimeoutBasedEndpointing, &out.UseTimeoutBasedEndpointing + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsSpeechSettingsObservation. +func (in *AdvancedSettingsSpeechSettingsObservation) DeepCopy() *AdvancedSettingsSpeechSettingsObservation { + if in == nil { + return nil + } + out := new(AdvancedSettingsSpeechSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdvancedSettingsSpeechSettingsParameters) DeepCopyInto(out *AdvancedSettingsSpeechSettingsParameters) { + *out = *in + if in.EndpointerSensitivity != nil { + in, out := &in.EndpointerSensitivity, &out.EndpointerSensitivity + *out = new(float64) + **out = **in + } + if in.Models != nil { + in, out := &in.Models, &out.Models + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.NoSpeechTimeout != nil { + in, out := &in.NoSpeechTimeout, &out.NoSpeechTimeout + *out = new(string) + **out = **in + } + if in.UseTimeoutBasedEndpointing != nil { + in, out := &in.UseTimeoutBasedEndpointing, &out.UseTimeoutBasedEndpointing + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedSettingsSpeechSettingsParameters. +func (in *AdvancedSettingsSpeechSettingsParameters) DeepCopy() *AdvancedSettingsSpeechSettingsParameters { + if in == nil { + return nil + } + out := new(AdvancedSettingsSpeechSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Agent) DeepCopyInto(out *Agent) { *out = *in @@ -2450,6 +2708,16 @@ func (in *FlowAdvancedSettingsInitParameters) DeepCopyInto(out *FlowAdvancedSett *out = new(AdvancedSettingsDtmfSettingsInitParameters) (*in).DeepCopyInto(*out) } + if in.LoggingSettings != nil { + in, out := &in.LoggingSettings, &out.LoggingSettings + *out = new(AdvancedSettingsLoggingSettingsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.SpeechSettings != nil { + in, out := &in.SpeechSettings, &out.SpeechSettings + *out = new(AdvancedSettingsSpeechSettingsInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowAdvancedSettingsInitParameters. @@ -2475,6 +2743,16 @@ func (in *FlowAdvancedSettingsObservation) DeepCopyInto(out *FlowAdvancedSetting *out = new(AdvancedSettingsDtmfSettingsObservation) (*in).DeepCopyInto(*out) } + if in.LoggingSettings != nil { + in, out := &in.LoggingSettings, &out.LoggingSettings + *out = new(AdvancedSettingsLoggingSettingsObservation) + (*in).DeepCopyInto(*out) + } + if in.SpeechSettings != nil { + in, out := &in.SpeechSettings, &out.SpeechSettings + *out = new(AdvancedSettingsSpeechSettingsObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowAdvancedSettingsObservation. @@ -2500,6 +2778,16 @@ func (in *FlowAdvancedSettingsParameters) DeepCopyInto(out *FlowAdvancedSettings *out = new(AdvancedSettingsDtmfSettingsParameters) (*in).DeepCopyInto(*out) } + if in.LoggingSettings != nil { + in, out := &in.LoggingSettings, &out.LoggingSettings + *out = new(AdvancedSettingsLoggingSettingsParameters) + (*in).DeepCopyInto(*out) + } + if in.SpeechSettings != nil { + in, out := &in.SpeechSettings, &out.SpeechSettings + *out = new(AdvancedSettingsSpeechSettingsParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowAdvancedSettingsParameters. @@ -4155,6 +4443,96 @@ func (in *LiveAgentHandoffParameters) DeepCopy() *LiveAgentHandoffParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingSettingsInitParameters) DeepCopyInto(out *LoggingSettingsInitParameters) { + *out = *in + if in.EnableConsentBasedRedaction != nil { + in, out := &in.EnableConsentBasedRedaction, &out.EnableConsentBasedRedaction + *out = new(bool) + **out = **in + } + if in.EnableInteractionLogging != nil { + in, out := &in.EnableInteractionLogging, &out.EnableInteractionLogging + *out = new(bool) + **out = **in + } + if in.EnableStackdriverLogging != nil { + in, out := &in.EnableStackdriverLogging, &out.EnableStackdriverLogging + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingSettingsInitParameters. +func (in *LoggingSettingsInitParameters) DeepCopy() *LoggingSettingsInitParameters { + if in == nil { + return nil + } + out := new(LoggingSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingSettingsObservation) DeepCopyInto(out *LoggingSettingsObservation) { + *out = *in + if in.EnableConsentBasedRedaction != nil { + in, out := &in.EnableConsentBasedRedaction, &out.EnableConsentBasedRedaction + *out = new(bool) + **out = **in + } + if in.EnableInteractionLogging != nil { + in, out := &in.EnableInteractionLogging, &out.EnableInteractionLogging + *out = new(bool) + **out = **in + } + if in.EnableStackdriverLogging != nil { + in, out := &in.EnableStackdriverLogging, &out.EnableStackdriverLogging + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingSettingsObservation. +func (in *LoggingSettingsObservation) DeepCopy() *LoggingSettingsObservation { + if in == nil { + return nil + } + out := new(LoggingSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingSettingsParameters) DeepCopyInto(out *LoggingSettingsParameters) { + *out = *in + if in.EnableConsentBasedRedaction != nil { + in, out := &in.EnableConsentBasedRedaction, &out.EnableConsentBasedRedaction + *out = new(bool) + **out = **in + } + if in.EnableInteractionLogging != nil { + in, out := &in.EnableInteractionLogging, &out.EnableInteractionLogging + *out = new(bool) + **out = **in + } + if in.EnableStackdriverLogging != nil { + in, out := &in.EnableStackdriverLogging, &out.EnableStackdriverLogging + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingSettingsParameters. +func (in *LoggingSettingsParameters) DeepCopy() *LoggingSettingsParameters { + if in == nil { + return nil + } + out := new(LoggingSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MessagesConversationSuccessInitParameters) DeepCopyInto(out *MessagesConversationSuccessInitParameters) { *out = *in @@ -7492,6 +7870,144 @@ func (in *SetParameterActionsParameters) DeepCopy() *SetParameterActionsParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SpeechSettingsInitParameters) DeepCopyInto(out *SpeechSettingsInitParameters) { + *out = *in + if in.EndpointerSensitivity != nil { + in, out := &in.EndpointerSensitivity, &out.EndpointerSensitivity + *out = new(float64) + **out = **in + } + if in.Models != nil { + in, out := &in.Models, &out.Models + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.NoSpeechTimeout != nil { + in, out := &in.NoSpeechTimeout, &out.NoSpeechTimeout + *out = new(string) + **out = **in + } + if in.UseTimeoutBasedEndpointing != nil { + in, out := &in.UseTimeoutBasedEndpointing, &out.UseTimeoutBasedEndpointing + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechSettingsInitParameters. +func (in *SpeechSettingsInitParameters) DeepCopy() *SpeechSettingsInitParameters { + if in == nil { + return nil + } + out := new(SpeechSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SpeechSettingsObservation) DeepCopyInto(out *SpeechSettingsObservation) { + *out = *in + if in.EndpointerSensitivity != nil { + in, out := &in.EndpointerSensitivity, &out.EndpointerSensitivity + *out = new(float64) + **out = **in + } + if in.Models != nil { + in, out := &in.Models, &out.Models + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.NoSpeechTimeout != nil { + in, out := &in.NoSpeechTimeout, &out.NoSpeechTimeout + *out = new(string) + **out = **in + } + if in.UseTimeoutBasedEndpointing != nil { + in, out := &in.UseTimeoutBasedEndpointing, &out.UseTimeoutBasedEndpointing + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechSettingsObservation. +func (in *SpeechSettingsObservation) DeepCopy() *SpeechSettingsObservation { + if in == nil { + return nil + } + out := new(SpeechSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SpeechSettingsParameters) DeepCopyInto(out *SpeechSettingsParameters) { + *out = *in + if in.EndpointerSensitivity != nil { + in, out := &in.EndpointerSensitivity, &out.EndpointerSensitivity + *out = new(float64) + **out = **in + } + if in.Models != nil { + in, out := &in.Models, &out.Models + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.NoSpeechTimeout != nil { + in, out := &in.NoSpeechTimeout, &out.NoSpeechTimeout + *out = new(string) + **out = **in + } + if in.UseTimeoutBasedEndpointing != nil { + in, out := &in.UseTimeoutBasedEndpointing, &out.UseTimeoutBasedEndpointing + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SpeechSettingsParameters. +func (in *SpeechSettingsParameters) DeepCopy() *SpeechSettingsParameters { + if in == nil { + return nil + } + out := new(SpeechSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SpeechToTextSettingsInitParameters) DeepCopyInto(out *SpeechToTextSettingsInitParameters) { *out = *in diff --git a/examples-generated/dialogflowcx/v1beta2/agent.yaml b/examples-generated/dialogflowcx/v1beta2/agent.yaml index fb82ef14f..78f579c87 100644 --- a/examples-generated/dialogflowcx/v1beta2/agent.yaml +++ b/examples-generated/dialogflowcx/v1beta2/agent.yaml @@ -15,6 +15,18 @@ spec: - enabled: true finishDigit: '#' maxDigits: 1 + loggingSettings: + - enableConsentBasedRedaction: true + enableInteractionLogging: true + enableStackdriverLogging: true + speechSettings: + - endpointerSensitivity: 30 + models: + count: "3" + mass: 1.3kg + name: wrench + noSpeechTimeout: 3.500s + useTimeoutBasedEndpointing: true avatarUri: https://cloud.google.com/_static/images/cloud/icons/favicons/onecloud/super_cloud.png defaultLanguageCode: en description: Example description. diff --git a/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml b/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml index f5685376e..ea8028fe8 100644 --- a/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml +++ b/package/crds/dialogflowcx.gcp.upbound.io_agents.yaml @@ -961,6 +961,50 @@ spec: description: Max length of DTMF digits. type: number type: object + loggingSettings: + description: 'Settings for logging. Settings for Dialogflow + History, Contact Center messages, StackDriver logs, and + speech logging. Exposed at the following levels:' + properties: + enableConsentBasedRedaction: + description: Enables consent-based end-user input redaction, + if true, a pre-defined session parameter $session.params.conversation-redaction + will be used to determine if the utterance should be + redacted. + type: boolean + enableInteractionLogging: + description: Enables DF Interaction logging. + type: boolean + enableStackdriverLogging: + description: Enables Google Cloud Logging. + type: boolean + type: object + speechSettings: + description: 'Settings for speech to text detection. Exposed + at the following levels:' + properties: + endpointerSensitivity: + description: Sensitivity of the speech model that detects + the end of speech. Scale from 0 to 100. + type: number + models: + additionalProperties: + type: string + description: |- + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + noSpeechTimeout: + description: |- + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + useTimeoutBasedEndpointing: + description: Use timeout based endpointing, interpreting + endpointer sensitivity as seconds of timeout value. + type: boolean + type: object type: object avatarUri: description: The URI of the agent's avatar. Avatars are used throughout @@ -1136,6 +1180,50 @@ spec: description: Max length of DTMF digits. type: number type: object + loggingSettings: + description: 'Settings for logging. Settings for Dialogflow + History, Contact Center messages, StackDriver logs, and + speech logging. Exposed at the following levels:' + properties: + enableConsentBasedRedaction: + description: Enables consent-based end-user input redaction, + if true, a pre-defined session parameter $session.params.conversation-redaction + will be used to determine if the utterance should be + redacted. + type: boolean + enableInteractionLogging: + description: Enables DF Interaction logging. + type: boolean + enableStackdriverLogging: + description: Enables Google Cloud Logging. + type: boolean + type: object + speechSettings: + description: 'Settings for speech to text detection. Exposed + at the following levels:' + properties: + endpointerSensitivity: + description: Sensitivity of the speech model that detects + the end of speech. Scale from 0 to 100. + type: number + models: + additionalProperties: + type: string + description: |- + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + noSpeechTimeout: + description: |- + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + useTimeoutBasedEndpointing: + description: Use timeout based endpointing, interpreting + endpointer sensitivity as seconds of timeout value. + type: boolean + type: object type: object avatarUri: description: The URI of the agent's avatar. Avatars are used throughout @@ -1487,6 +1575,50 @@ spec: description: Max length of DTMF digits. type: number type: object + loggingSettings: + description: 'Settings for logging. Settings for Dialogflow + History, Contact Center messages, StackDriver logs, and + speech logging. Exposed at the following levels:' + properties: + enableConsentBasedRedaction: + description: Enables consent-based end-user input redaction, + if true, a pre-defined session parameter $session.params.conversation-redaction + will be used to determine if the utterance should be + redacted. + type: boolean + enableInteractionLogging: + description: Enables DF Interaction logging. + type: boolean + enableStackdriverLogging: + description: Enables Google Cloud Logging. + type: boolean + type: object + speechSettings: + description: 'Settings for speech to text detection. Exposed + at the following levels:' + properties: + endpointerSensitivity: + description: Sensitivity of the speech model that detects + the end of speech. Scale from 0 to 100. + type: number + models: + additionalProperties: + type: string + description: |- + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + noSpeechTimeout: + description: |- + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + useTimeoutBasedEndpointing: + description: Use timeout based endpointing, interpreting + endpointer sensitivity as seconds of timeout value. + type: boolean + type: object type: object avatarUri: description: The URI of the agent's avatar. Avatars are used throughout diff --git a/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml b/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml index 3a575ceef..4bfada5d2 100644 --- a/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml +++ b/package/crds/dialogflowcx.gcp.upbound.io_flows.yaml @@ -2159,6 +2159,50 @@ spec: description: Max length of DTMF digits. type: number type: object + loggingSettings: + description: 'Settings for logging. Settings for Dialogflow + History, Contact Center messages, StackDriver logs, and + speech logging. Exposed at the following levels:' + properties: + enableConsentBasedRedaction: + description: Enables consent-based end-user input redaction, + if true, a pre-defined session parameter $session.params.conversation-redaction + will be used to determine if the utterance should be + redacted. + type: boolean + enableInteractionLogging: + description: Enables DF Interaction logging. + type: boolean + enableStackdriverLogging: + description: Enables Google Cloud Logging. + type: boolean + type: object + speechSettings: + description: 'Settings for speech to text detection. Exposed + at the following levels:' + properties: + endpointerSensitivity: + description: Sensitivity of the speech model that detects + the end of speech. Scale from 0 to 100. + type: number + models: + additionalProperties: + type: string + description: |- + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + noSpeechTimeout: + description: |- + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + useTimeoutBasedEndpointing: + description: Use timeout based endpointing, interpreting + endpointer sensitivity as seconds of timeout value. + type: boolean + type: object type: object description: description: The description of the flow. The maximum length is @@ -2747,6 +2791,50 @@ spec: description: Max length of DTMF digits. type: number type: object + loggingSettings: + description: 'Settings for logging. Settings for Dialogflow + History, Contact Center messages, StackDriver logs, and + speech logging. Exposed at the following levels:' + properties: + enableConsentBasedRedaction: + description: Enables consent-based end-user input redaction, + if true, a pre-defined session parameter $session.params.conversation-redaction + will be used to determine if the utterance should be + redacted. + type: boolean + enableInteractionLogging: + description: Enables DF Interaction logging. + type: boolean + enableStackdriverLogging: + description: Enables Google Cloud Logging. + type: boolean + type: object + speechSettings: + description: 'Settings for speech to text detection. Exposed + at the following levels:' + properties: + endpointerSensitivity: + description: Sensitivity of the speech model that detects + the end of speech. Scale from 0 to 100. + type: number + models: + additionalProperties: + type: string + description: |- + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + noSpeechTimeout: + description: |- + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + useTimeoutBasedEndpointing: + description: Use timeout based endpointing, interpreting + endpointer sensitivity as seconds of timeout value. + type: boolean + type: object type: object description: description: The description of the flow. The maximum length is @@ -3499,6 +3587,50 @@ spec: description: Max length of DTMF digits. type: number type: object + loggingSettings: + description: 'Settings for logging. Settings for Dialogflow + History, Contact Center messages, StackDriver logs, and + speech logging. Exposed at the following levels:' + properties: + enableConsentBasedRedaction: + description: Enables consent-based end-user input redaction, + if true, a pre-defined session parameter $session.params.conversation-redaction + will be used to determine if the utterance should be + redacted. + type: boolean + enableInteractionLogging: + description: Enables DF Interaction logging. + type: boolean + enableStackdriverLogging: + description: Enables Google Cloud Logging. + type: boolean + type: object + speechSettings: + description: 'Settings for speech to text detection. Exposed + at the following levels:' + properties: + endpointerSensitivity: + description: Sensitivity of the speech model that detects + the end of speech. Scale from 0 to 100. + type: number + models: + additionalProperties: + type: string + description: |- + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + type: object + x-kubernetes-map-type: granular + noSpeechTimeout: + description: |- + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + useTimeoutBasedEndpointing: + description: Use timeout based endpointing, interpreting + endpointer sensitivity as seconds of timeout value. + type: boolean + type: object type: object description: description: The description of the flow. The maximum length is From 7f933fa2db41448a9609d3a069d4d5f1ac14b0d8 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 14:55:07 +0100 Subject: [PATCH 14/47] dns: Added externalendpoints and healthcheck Signed-off-by: Rickard von Essen --- apis/dns/v1beta2/zz_generated.deepcopy.go | 167 +++++++++++++ apis/dns/v1beta2/zz_generated.resolvers.go | 42 ++++ apis/dns/v1beta2/zz_recordset_types.go | 78 +++++- .../dns/v1beta1/responsepolicy.yaml | 2 +- .../crds/dns.gcp.upbound.io_recordsets.yaml | 236 ++++++++++++++++++ 5 files changed, 520 insertions(+), 5 deletions(-) diff --git a/apis/dns/v1beta2/zz_generated.deepcopy.go b/apis/dns/v1beta2/zz_generated.deepcopy.go index d17271491..a7ecdec00 100644 --- a/apis/dns/v1beta2/zz_generated.deepcopy.go +++ b/apis/dns/v1beta2/zz_generated.deepcopy.go @@ -157,6 +157,17 @@ func (in *AlternativeNameServerConfigTargetNameServersParameters) DeepCopy() *Al // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupGeoHealthCheckedTargetsInitParameters) DeepCopyInto(out *BackupGeoHealthCheckedTargetsInitParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]HealthCheckedTargetsInternalLoadBalancersInitParameters, len(*in)) @@ -179,6 +190,17 @@ func (in *BackupGeoHealthCheckedTargetsInitParameters) DeepCopy() *BackupGeoHeal // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupGeoHealthCheckedTargetsObservation) DeepCopyInto(out *BackupGeoHealthCheckedTargetsObservation) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]HealthCheckedTargetsInternalLoadBalancersObservation, len(*in)) @@ -201,6 +223,17 @@ func (in *BackupGeoHealthCheckedTargetsObservation) DeepCopy() *BackupGeoHealthC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupGeoHealthCheckedTargetsParameters) DeepCopyInto(out *BackupGeoHealthCheckedTargetsParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]HealthCheckedTargetsInternalLoadBalancersParameters, len(*in)) @@ -951,6 +984,17 @@ func (in *GkeClustersParameters) DeepCopy() *GkeClustersParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HealthCheckedTargetsInitParameters) DeepCopyInto(out *HealthCheckedTargetsInitParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]InternalLoadBalancersInitParameters, len(*in)) @@ -1123,6 +1167,17 @@ func (in *HealthCheckedTargetsInternalLoadBalancersParameters) DeepCopy() *Healt // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HealthCheckedTargetsObservation) DeepCopyInto(out *HealthCheckedTargetsObservation) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]InternalLoadBalancersObservation, len(*in)) @@ -1145,6 +1200,17 @@ func (in *HealthCheckedTargetsObservation) DeepCopy() *HealthCheckedTargetsObser // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HealthCheckedTargetsParameters) DeepCopyInto(out *HealthCheckedTargetsParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]InternalLoadBalancersParameters, len(*in)) @@ -2507,6 +2573,17 @@ func (in *PrimaryBackupParameters) DeepCopy() *PrimaryBackupParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrimaryInitParameters) DeepCopyInto(out *PrimaryInitParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]PrimaryInternalLoadBalancersInitParameters, len(*in)) @@ -2759,6 +2836,17 @@ func (in *PrimaryInternalLoadBalancersParameters) DeepCopy() *PrimaryInternalLoa // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrimaryObservation) DeepCopyInto(out *PrimaryObservation) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]PrimaryInternalLoadBalancersObservation, len(*in)) @@ -2781,6 +2869,17 @@ func (in *PrimaryObservation) DeepCopy() *PrimaryObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrimaryParameters) DeepCopyInto(out *PrimaryParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]PrimaryInternalLoadBalancersParameters, len(*in)) @@ -3189,6 +3288,21 @@ func (in *RoutingPolicyInitParameters) DeepCopyInto(out *RoutingPolicyInitParame (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.HealthCheck != nil { + in, out := &in.HealthCheck, &out.HealthCheck + *out = new(string) + **out = **in + } + if in.HealthCheckRef != nil { + in, out := &in.HealthCheckRef, &out.HealthCheckRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.HealthCheckSelector != nil { + in, out := &in.HealthCheckSelector, &out.HealthCheckSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.PrimaryBackup != nil { in, out := &in.PrimaryBackup, &out.PrimaryBackup *out = new(PrimaryBackupInitParameters) @@ -3228,6 +3342,11 @@ func (in *RoutingPolicyObservation) DeepCopyInto(out *RoutingPolicyObservation) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.HealthCheck != nil { + in, out := &in.HealthCheck, &out.HealthCheck + *out = new(string) + **out = **in + } if in.PrimaryBackup != nil { in, out := &in.PrimaryBackup, &out.PrimaryBackup *out = new(PrimaryBackupObservation) @@ -3267,6 +3386,21 @@ func (in *RoutingPolicyParameters) DeepCopyInto(out *RoutingPolicyParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.HealthCheck != nil { + in, out := &in.HealthCheck, &out.HealthCheck + *out = new(string) + **out = **in + } + if in.HealthCheckRef != nil { + in, out := &in.HealthCheckRef, &out.HealthCheckRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.HealthCheckSelector != nil { + in, out := &in.HealthCheckSelector, &out.HealthCheckSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.PrimaryBackup != nil { in, out := &in.PrimaryBackup, &out.PrimaryBackup *out = new(PrimaryBackupParameters) @@ -3449,6 +3583,17 @@ func (in *TargetNetworkParameters) DeepCopy() *TargetNetworkParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WrrHealthCheckedTargetsInitParameters) DeepCopyInto(out *WrrHealthCheckedTargetsInitParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]WrrHealthCheckedTargetsInternalLoadBalancersInitParameters, len(*in)) @@ -3621,6 +3766,17 @@ func (in *WrrHealthCheckedTargetsInternalLoadBalancersParameters) DeepCopy() *Wr // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WrrHealthCheckedTargetsObservation) DeepCopyInto(out *WrrHealthCheckedTargetsObservation) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]WrrHealthCheckedTargetsInternalLoadBalancersObservation, len(*in)) @@ -3643,6 +3799,17 @@ func (in *WrrHealthCheckedTargetsObservation) DeepCopy() *WrrHealthCheckedTarget // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WrrHealthCheckedTargetsParameters) DeepCopyInto(out *WrrHealthCheckedTargetsParameters) { *out = *in + if in.ExternalEndpoints != nil { + in, out := &in.ExternalEndpoints, &out.ExternalEndpoints + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.InternalLoadBalancers != nil { in, out := &in.InternalLoadBalancers, &out.InternalLoadBalancers *out = make([]WrrHealthCheckedTargetsInternalLoadBalancersParameters, len(*in)) diff --git a/apis/dns/v1beta2/zz_generated.resolvers.go b/apis/dns/v1beta2/zz_generated.resolvers.go index 25bc939ee..b6a253522 100644 --- a/apis/dns/v1beta2/zz_generated.resolvers.go +++ b/apis/dns/v1beta2/zz_generated.resolvers.go @@ -252,6 +252,27 @@ func (mg *RecordSet) ResolveReferences(ctx context.Context, c client.Reader) err mg.Spec.ForProvider.ManagedZone = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ManagedZoneRef = rsp.ResolvedReference + if mg.Spec.ForProvider.RoutingPolicy != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "HealthCheck", "HealthCheckList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RoutingPolicy.HealthCheck), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.RoutingPolicy.HealthCheckRef, + Selector: mg.Spec.ForProvider.RoutingPolicy.HealthCheckSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RoutingPolicy.HealthCheck") + } + mg.Spec.ForProvider.RoutingPolicy.HealthCheck = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RoutingPolicy.HealthCheckRef = rsp.ResolvedReference + + } if mg.Spec.ForProvider.RoutingPolicy != nil { if mg.Spec.ForProvider.RoutingPolicy.PrimaryBackup != nil { if mg.Spec.ForProvider.RoutingPolicy.PrimaryBackup.Primary != nil { @@ -379,6 +400,27 @@ func (mg *RecordSet) ResolveReferences(ctx context.Context, c client.Reader) err mg.Spec.InitProvider.ManagedZone = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.ManagedZoneRef = rsp.ResolvedReference + if mg.Spec.InitProvider.RoutingPolicy != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "HealthCheck", "HealthCheckList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RoutingPolicy.HealthCheck), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.RoutingPolicy.HealthCheckRef, + Selector: mg.Spec.InitProvider.RoutingPolicy.HealthCheckSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RoutingPolicy.HealthCheck") + } + mg.Spec.InitProvider.RoutingPolicy.HealthCheck = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RoutingPolicy.HealthCheckRef = rsp.ResolvedReference + + } if mg.Spec.InitProvider.RoutingPolicy != nil { if mg.Spec.InitProvider.RoutingPolicy.PrimaryBackup != nil { if mg.Spec.InitProvider.RoutingPolicy.PrimaryBackup.Primary != nil { diff --git a/apis/dns/v1beta2/zz_recordset_types.go b/apis/dns/v1beta2/zz_recordset_types.go index a483521e0..3431836b2 100755 --- a/apis/dns/v1beta2/zz_recordset_types.go +++ b/apis/dns/v1beta2/zz_recordset_types.go @@ -15,6 +15,9 @@ import ( type BackupGeoHealthCheckedTargetsInitParameters struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []HealthCheckedTargetsInternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -22,6 +25,9 @@ type BackupGeoHealthCheckedTargetsInitParameters struct { type BackupGeoHealthCheckedTargetsObservation struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []HealthCheckedTargetsInternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -29,10 +35,14 @@ type BackupGeoHealthCheckedTargetsObservation struct { type BackupGeoHealthCheckedTargetsParameters struct { + // The list of external endpoint addresses to health check. + // +kubebuilder:validation:Optional + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. // +kubebuilder:validation:Optional - InternalLoadBalancers []HealthCheckedTargetsInternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` + InternalLoadBalancers []HealthCheckedTargetsInternalLoadBalancersParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type BackupGeoInitParameters struct { @@ -121,6 +131,9 @@ type GeoParameters struct { type HealthCheckedTargetsInitParameters struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []InternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -210,6 +223,9 @@ type HealthCheckedTargetsInternalLoadBalancersParameters struct { type HealthCheckedTargetsObservation struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []InternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -217,10 +233,14 @@ type HealthCheckedTargetsObservation struct { type HealthCheckedTargetsParameters struct { + // The list of external endpoint addresses to health check. + // +kubebuilder:validation:Optional + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. // +kubebuilder:validation:Optional - InternalLoadBalancers []InternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` + InternalLoadBalancers []InternalLoadBalancersParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type InternalLoadBalancersInitParameters struct { @@ -362,6 +382,9 @@ type PrimaryBackupParameters struct { type PrimaryInitParameters struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []PrimaryInternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -531,6 +554,9 @@ type PrimaryInternalLoadBalancersParameters struct { type PrimaryObservation struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []PrimaryInternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -538,10 +564,14 @@ type PrimaryObservation struct { type PrimaryParameters struct { + // The list of external endpoint addresses to health check. + // +kubebuilder:validation:Optional + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. // +kubebuilder:validation:Optional - InternalLoadBalancers []PrimaryInternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` + InternalLoadBalancers []PrimaryInternalLoadBalancersParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type RecordSetInitParameters struct { @@ -668,6 +698,19 @@ type RoutingPolicyInitParameters struct { // Structure is documented below. Geo []GeoInitParameters `json:"geo,omitempty" tf:"geo,omitempty"` + // Specifies the health check (used with external endpoints). + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.HealthCheck + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + HealthCheck *string `json:"healthCheck,omitempty" tf:"health_check,omitempty"` + + // Reference to a HealthCheck in compute to populate healthCheck. + // +kubebuilder:validation:Optional + HealthCheckRef *v1.Reference `json:"healthCheckRef,omitempty" tf:"-"` + + // Selector for a HealthCheck in compute to populate healthCheck. + // +kubebuilder:validation:Optional + HealthCheckSelector *v1.Selector `json:"healthCheckSelector,omitempty" tf:"-"` + // The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. // Structure is documented below. PrimaryBackup *PrimaryBackupInitParameters `json:"primaryBackup,omitempty" tf:"primary_backup,omitempty"` @@ -686,6 +729,9 @@ type RoutingPolicyObservation struct { // Structure is documented below. Geo []GeoObservation `json:"geo,omitempty" tf:"geo,omitempty"` + // Specifies the health check (used with external endpoints). + HealthCheck *string `json:"healthCheck,omitempty" tf:"health_check,omitempty"` + // The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. // Structure is documented below. PrimaryBackup *PrimaryBackupObservation `json:"primaryBackup,omitempty" tf:"primary_backup,omitempty"` @@ -706,6 +752,20 @@ type RoutingPolicyParameters struct { // +kubebuilder:validation:Optional Geo []GeoParameters `json:"geo,omitempty" tf:"geo,omitempty"` + // Specifies the health check (used with external endpoints). + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.HealthCheck + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + HealthCheck *string `json:"healthCheck,omitempty" tf:"health_check,omitempty"` + + // Reference to a HealthCheck in compute to populate healthCheck. + // +kubebuilder:validation:Optional + HealthCheckRef *v1.Reference `json:"healthCheckRef,omitempty" tf:"-"` + + // Selector for a HealthCheck in compute to populate healthCheck. + // +kubebuilder:validation:Optional + HealthCheckSelector *v1.Selector `json:"healthCheckSelector,omitempty" tf:"-"` + // The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. // Structure is documented below. // +kubebuilder:validation:Optional @@ -719,6 +779,9 @@ type RoutingPolicyParameters struct { type WrrHealthCheckedTargetsInitParameters struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []WrrHealthCheckedTargetsInternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -808,6 +871,9 @@ type WrrHealthCheckedTargetsInternalLoadBalancersParameters struct { type WrrHealthCheckedTargetsObservation struct { + // The list of external endpoint addresses to health check. + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. InternalLoadBalancers []WrrHealthCheckedTargetsInternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` @@ -815,10 +881,14 @@ type WrrHealthCheckedTargetsObservation struct { type WrrHealthCheckedTargetsParameters struct { + // The list of external endpoint addresses to health check. + // +kubebuilder:validation:Optional + ExternalEndpoints []*string `json:"externalEndpoints,omitempty" tf:"external_endpoints,omitempty"` + // The list of internal load balancers to health check. // Structure is documented below. // +kubebuilder:validation:Optional - InternalLoadBalancers []WrrHealthCheckedTargetsInternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` + InternalLoadBalancers []WrrHealthCheckedTargetsInternalLoadBalancersParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type WrrInitParameters struct { diff --git a/examples-generated/dns/v1beta1/responsepolicy.yaml b/examples-generated/dns/v1beta1/responsepolicy.yaml index b9b8dccbf..2e89bd162 100644 --- a/examples-generated/dns/v1beta1/responsepolicy.yaml +++ b/examples-generated/dns/v1beta1/responsepolicy.yaml @@ -86,7 +86,7 @@ spec: forProvider: defaultSnatStatus: - disabled: true - deletionProtection: "true" + deletionProtection: true initialNodeCount: 1 ipAllocationPolicy: - clusterSecondaryRangeName: pod diff --git a/package/crds/dns.gcp.upbound.io_recordsets.yaml b/package/crds/dns.gcp.upbound.io_recordsets.yaml index 56dcfbe18..5a8f344b7 100644 --- a/package/crds/dns.gcp.upbound.io_recordsets.yaml +++ b/package/crds/dns.gcp.upbound.io_recordsets.yaml @@ -2202,6 +2202,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -2254,6 +2260,86 @@ spec: type: array type: object type: array + healthCheck: + description: Specifies the health check (used with external + endpoints). + type: string + healthCheckRef: + description: Reference to a HealthCheck in compute to populate + healthCheck. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + healthCheckSelector: + description: Selector for a HealthCheck in compute to populate + healthCheck. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object primaryBackup: description: |- The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. @@ -2270,6 +2356,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -2335,6 +2427,12 @@ spec: The list of global primary targets to be health checked. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -2698,6 +2796,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -2885,6 +2989,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -2937,6 +3047,86 @@ spec: type: array type: object type: array + healthCheck: + description: Specifies the health check (used with external + endpoints). + type: string + healthCheckRef: + description: Reference to a HealthCheck in compute to populate + healthCheck. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + healthCheckSelector: + description: Selector for a HealthCheck in compute to populate + healthCheck. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object primaryBackup: description: |- The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. @@ -2953,6 +3143,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -3018,6 +3214,12 @@ spec: The list of global primary targets to be health checked. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -3381,6 +3583,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -3665,6 +3873,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -3717,6 +3931,10 @@ spec: type: array type: object type: array + healthCheck: + description: Specifies the health check (used with external + endpoints). + type: string primaryBackup: description: |- The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. @@ -3733,6 +3951,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -3798,6 +4022,12 @@ spec: The list of global primary targets to be health checked. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. @@ -3857,6 +4087,12 @@ spec: The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. Structure is documented below. properties: + externalEndpoints: + description: The list of external endpoint addresses + to health check. + items: + type: string + type: array internalLoadBalancers: description: |- The list of internal load balancers to health check. From 853dc1c7e17820eda3312afe20a8062fcf3a4426 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 14:57:39 +0100 Subject: [PATCH 15/47] gke: doc updates only Signed-off-by: Rickard von Essen --- apis/gkehub/v1beta2/zz_membership_types.go | 12 ++++++------ apis/tags/v1beta1/zz_tagkey_types.go | 6 +++--- examples-generated/gke/v1beta2/backupbackupplan.yaml | 2 +- package/crds/gkehub.gcp.upbound.io_memberships.yaml | 12 ++++++------ package/crds/tags.gcp.upbound.io_tagkeys.yaml | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/apis/gkehub/v1beta2/zz_membership_types.go b/apis/gkehub/v1beta2/zz_membership_types.go index 95e1cea42..1fb99764f 100755 --- a/apis/gkehub/v1beta2/zz_membership_types.go +++ b/apis/gkehub/v1beta2/zz_membership_types.go @@ -16,21 +16,21 @@ import ( type AuthorityInitParameters struct { // A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - // with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones).googleapis.com/v1/${google_container_cluster.my-cluster.id}". + // with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster.googleapis.com/v1/${google_container_cluster.my-cluster.id}". Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` } type AuthorityObservation struct { // A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - // with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones).googleapis.com/v1/${google_container_cluster.my-cluster.id}". + // with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster.googleapis.com/v1/${google_container_cluster.my-cluster.id}". Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"` } type AuthorityParameters struct { // A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - // with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones).googleapis.com/v1/${google_container_cluster.my-cluster.id}". + // with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster.googleapis.com/v1/${google_container_cluster.my-cluster.id}". // +kubebuilder:validation:Optional Issuer *string `json:"issuer" tf:"issuer,omitempty"` } @@ -60,7 +60,7 @@ type EndpointParameters struct { type GkeClusterInitParameters struct { // Self-link of the GCP resource for the GKE cluster. - // For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + // For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster. // It can be at the most 1000 characters in length.googleapis.com/${google_container_cluster.my-cluster.id}" or // google_container_cluster.my-cluster.id. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/container/v1beta2.Cluster @@ -79,7 +79,7 @@ type GkeClusterInitParameters struct { type GkeClusterObservation struct { // Self-link of the GCP resource for the GKE cluster. - // For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + // For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster. // It can be at the most 1000 characters in length.googleapis.com/${google_container_cluster.my-cluster.id}" or // google_container_cluster.my-cluster.id. ResourceLink *string `json:"resourceLink,omitempty" tf:"resource_link,omitempty"` @@ -88,7 +88,7 @@ type GkeClusterObservation struct { type GkeClusterParameters struct { // Self-link of the GCP resource for the GKE cluster. - // For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + // For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster. // It can be at the most 1000 characters in length.googleapis.com/${google_container_cluster.my-cluster.id}" or // google_container_cluster.my-cluster.id. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/container/v1beta2.Cluster diff --git a/apis/tags/v1beta1/zz_tagkey_types.go b/apis/tags/v1beta1/zz_tagkey_types.go index 0ea6f8390..3fd21bd83 100755 --- a/apis/tags/v1beta1/zz_tagkey_types.go +++ b/apis/tags/v1beta1/zz_tagkey_types.go @@ -32,7 +32,7 @@ type TagKeyInitParameters struct { PurposeData map[string]*string `json:"purposeData,omitempty" tf:"purpose_data,omitempty"` // Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - // The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + // The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). ShortName *string `json:"shortName,omitempty" tf:"short_name,omitempty"` } @@ -68,7 +68,7 @@ type TagKeyObservation struct { PurposeData map[string]*string `json:"purposeData,omitempty" tf:"purpose_data,omitempty"` // Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - // The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + // The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). ShortName *string `json:"shortName,omitempty" tf:"short_name,omitempty"` // Output only. Update time. @@ -99,7 +99,7 @@ type TagKeyParameters struct { PurposeData map[string]*string `json:"purposeData,omitempty" tf:"purpose_data,omitempty"` // Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - // The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + // The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). // +kubebuilder:validation:Optional ShortName *string `json:"shortName,omitempty" tf:"short_name,omitempty"` } diff --git a/examples-generated/gke/v1beta2/backupbackupplan.yaml b/examples-generated/gke/v1beta2/backupbackupplan.yaml index c90932afd..66de7bc3a 100644 --- a/examples-generated/gke/v1beta2/backupbackupplan.yaml +++ b/examples-generated/gke/v1beta2/backupbackupplan.yaml @@ -32,7 +32,7 @@ spec: addonsConfig: - gkeBackupAgentConfig: - enabled: true - deletionProtection: "true" + deletionProtection: true initialNodeCount: 1 location: us-central1 networkSelector: diff --git a/package/crds/gkehub.gcp.upbound.io_memberships.yaml b/package/crds/gkehub.gcp.upbound.io_memberships.yaml index 05625926e..c8866b4a0 100644 --- a/package/crds/gkehub.gcp.upbound.io_memberships.yaml +++ b/package/crds/gkehub.gcp.upbound.io_memberships.yaml @@ -716,7 +716,7 @@ spec: issuer: description: |- A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones).googleapis.com/v1/${google_container_cluster.my-cluster.id}". + with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster.googleapis.com/v1/${google_container_cluster.my-cluster.id}". type: string type: object endpoint: @@ -732,7 +732,7 @@ spec: resourceLink: description: |- Self-link of the GCP resource for the GKE cluster. - For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster. It can be at the most 1000 characters in length.googleapis.com/${google_container_cluster.my-cluster.id}" or google_container_cluster.my-cluster.id. type: string @@ -854,7 +854,7 @@ spec: issuer: description: |- A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones).googleapis.com/v1/${google_container_cluster.my-cluster.id}". + with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster.googleapis.com/v1/${google_container_cluster.my-cluster.id}". type: string type: object endpoint: @@ -870,7 +870,7 @@ spec: resourceLink: description: |- Self-link of the GCP resource for the GKE cluster. - For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster. It can be at the most 1000 characters in length.googleapis.com/${google_container_cluster.my-cluster.id}" or google_container_cluster.my-cluster.id. type: string @@ -1146,7 +1146,7 @@ spec: issuer: description: |- A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones).googleapis.com/v1/${google_container_cluster.my-cluster.id}". + with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster.googleapis.com/v1/${google_container_cluster.my-cluster.id}". type: string type: object effectiveLabels: @@ -1168,7 +1168,7 @@ spec: resourceLink: description: |- Self-link of the GCP resource for the GKE cluster. - For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster. It can be at the most 1000 characters in length.googleapis.com/${google_container_cluster.my-cluster.id}" or google_container_cluster.my-cluster.id. type: string diff --git a/package/crds/tags.gcp.upbound.io_tagkeys.yaml b/package/crds/tags.gcp.upbound.io_tagkeys.yaml index fa8848ade..e5b33d5aa 100644 --- a/package/crds/tags.gcp.upbound.io_tagkeys.yaml +++ b/package/crds/tags.gcp.upbound.io_tagkeys.yaml @@ -98,7 +98,7 @@ spec: shortName: description: |- Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). type: string type: object initProvider: @@ -139,7 +139,7 @@ spec: shortName: description: |- Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). type: string type: object managementPolicies: @@ -362,7 +362,7 @@ spec: shortName: description: |- Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). type: string updateTime: description: |- From 5b3ded1c5d9a3350db9ca39983d753cc6047dc3d Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:08:33 +0100 Subject: [PATCH 16/47] networkconnectivity: multiple changes Signed-off-by: Rickard von Essen --- .../v1beta1/zz_generated.deepcopy.go | 15 + .../v1beta1/zz_hub_types.go | 13 + .../v1beta2/zz_generated.deepcopy.go | 396 ++++++++ .../v1beta2/zz_generated.resolvers.go | 169 ++++ .../v1beta2/zz_spoke_types.go | 209 ++++- .../networkconnectivity/v1beta2/spoke.yaml | 3 + ...tworkconnectivity.gcp.upbound.io_hubs.yaml | 15 + ...orkconnectivity.gcp.upbound.io_spokes.yaml | 886 +++++++++++++++++- 8 files changed, 1658 insertions(+), 48 deletions(-) diff --git a/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go b/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go index 9a6cca98b..9ae0d9969 100644 --- a/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go +++ b/apis/networkconnectivity/v1beta1/zz_generated.deepcopy.go @@ -222,6 +222,11 @@ func (in *HubInitParameters) DeepCopyInto(out *HubInitParameters) { *out = new(string) **out = **in } + if in.PresetTopology != nil { + in, out := &in.PresetTopology, &out.PresetTopology + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -331,6 +336,11 @@ func (in *HubObservation) DeepCopyInto(out *HubObservation) { *out = new(string) **out = **in } + if in.PresetTopology != nil { + in, out := &in.PresetTopology, &out.PresetTopology + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -420,6 +430,11 @@ func (in *HubParameters) DeepCopyInto(out *HubParameters) { *out = new(string) **out = **in } + if in.PresetTopology != nil { + in, out := &in.PresetTopology, &out.PresetTopology + *out = new(string) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) diff --git a/apis/networkconnectivity/v1beta1/zz_hub_types.go b/apis/networkconnectivity/v1beta1/zz_hub_types.go index 62fe1ac99..eb31482cf 100755 --- a/apis/networkconnectivity/v1beta1/zz_hub_types.go +++ b/apis/networkconnectivity/v1beta1/zz_hub_types.go @@ -30,6 +30,10 @@ type HubInitParameters struct { // Immutable. The name of the hub. Hub names must be unique. They use the following form: projects/{project_number}/locations/global/hubs/{hub_id} Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. + // Possible values are: MESH, STAR. + PresetTopology *string `json:"presetTopology,omitempty" tf:"preset_topology,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -61,6 +65,10 @@ type HubObservation struct { // Immutable. The name of the hub. Hub names must be unique. They use the following form: projects/{project_number}/locations/global/hubs/{hub_id} Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. + // Possible values are: MESH, STAR. + PresetTopology *string `json:"presetTopology,omitempty" tf:"preset_topology,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -105,6 +113,11 @@ type HubParameters struct { // +kubebuilder:validation:Optional Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. + // Possible values are: MESH, STAR. + // +kubebuilder:validation:Optional + PresetTopology *string `json:"presetTopology,omitempty" tf:"preset_topology,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional diff --git a/apis/networkconnectivity/v1beta2/zz_generated.deepcopy.go b/apis/networkconnectivity/v1beta2/zz_generated.deepcopy.go index 202c5c271..deab06acf 100644 --- a/apis/networkconnectivity/v1beta2/zz_generated.deepcopy.go +++ b/apis/networkconnectivity/v1beta2/zz_generated.deepcopy.go @@ -111,6 +111,17 @@ func (in *InstancesParameters) DeepCopy() *InstancesParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedInterconnectAttachmentsInitParameters) DeepCopyInto(out *LinkedInterconnectAttachmentsInitParameters) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SiteToSiteDataTransfer != nil { in, out := &in.SiteToSiteDataTransfer, &out.SiteToSiteDataTransfer *out = new(bool) @@ -127,6 +138,18 @@ func (in *LinkedInterconnectAttachmentsInitParameters) DeepCopyInto(out *LinkedI } } } + if in.UrisRefs != nil { + in, out := &in.UrisRefs, &out.UrisRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UrisSelector != nil { + in, out := &in.UrisSelector, &out.UrisSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedInterconnectAttachmentsInitParameters. @@ -142,6 +165,17 @@ func (in *LinkedInterconnectAttachmentsInitParameters) DeepCopy() *LinkedInterco // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedInterconnectAttachmentsObservation) DeepCopyInto(out *LinkedInterconnectAttachmentsObservation) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SiteToSiteDataTransfer != nil { in, out := &in.SiteToSiteDataTransfer, &out.SiteToSiteDataTransfer *out = new(bool) @@ -173,6 +207,17 @@ func (in *LinkedInterconnectAttachmentsObservation) DeepCopy() *LinkedInterconne // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedInterconnectAttachmentsParameters) DeepCopyInto(out *LinkedInterconnectAttachmentsParameters) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SiteToSiteDataTransfer != nil { in, out := &in.SiteToSiteDataTransfer, &out.SiteToSiteDataTransfer *out = new(bool) @@ -189,6 +234,18 @@ func (in *LinkedInterconnectAttachmentsParameters) DeepCopyInto(out *LinkedInter } } } + if in.UrisRefs != nil { + in, out := &in.UrisRefs, &out.UrisRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UrisSelector != nil { + in, out := &in.UrisSelector, &out.UrisSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedInterconnectAttachmentsParameters. @@ -201,9 +258,206 @@ func (in *LinkedInterconnectAttachmentsParameters) DeepCopy() *LinkedInterconnec return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinkedProducerVPCNetworkInitParameters) DeepCopyInto(out *LinkedProducerVPCNetworkInitParameters) { + *out = *in + if in.ExcludeExportRanges != nil { + in, out := &in.ExcludeExportRanges, &out.ExcludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludeExportRanges != nil { + in, out := &in.IncludeExportRanges, &out.IncludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.NetworkRef != nil { + in, out := &in.NetworkRef, &out.NetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NetworkSelector != nil { + in, out := &in.NetworkSelector, &out.NetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Peering != nil { + in, out := &in.Peering, &out.Peering + *out = new(string) + **out = **in + } + if in.PeeringRef != nil { + in, out := &in.PeeringRef, &out.PeeringRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PeeringSelector != nil { + in, out := &in.PeeringSelector, &out.PeeringSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedProducerVPCNetworkInitParameters. +func (in *LinkedProducerVPCNetworkInitParameters) DeepCopy() *LinkedProducerVPCNetworkInitParameters { + if in == nil { + return nil + } + out := new(LinkedProducerVPCNetworkInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinkedProducerVPCNetworkObservation) DeepCopyInto(out *LinkedProducerVPCNetworkObservation) { + *out = *in + if in.ExcludeExportRanges != nil { + in, out := &in.ExcludeExportRanges, &out.ExcludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludeExportRanges != nil { + in, out := &in.IncludeExportRanges, &out.IncludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.Peering != nil { + in, out := &in.Peering, &out.Peering + *out = new(string) + **out = **in + } + if in.ProducerNetwork != nil { + in, out := &in.ProducerNetwork, &out.ProducerNetwork + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedProducerVPCNetworkObservation. +func (in *LinkedProducerVPCNetworkObservation) DeepCopy() *LinkedProducerVPCNetworkObservation { + if in == nil { + return nil + } + out := new(LinkedProducerVPCNetworkObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinkedProducerVPCNetworkParameters) DeepCopyInto(out *LinkedProducerVPCNetworkParameters) { + *out = *in + if in.ExcludeExportRanges != nil { + in, out := &in.ExcludeExportRanges, &out.ExcludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.IncludeExportRanges != nil { + in, out := &in.IncludeExportRanges, &out.IncludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.NetworkRef != nil { + in, out := &in.NetworkRef, &out.NetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NetworkSelector != nil { + in, out := &in.NetworkSelector, &out.NetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Peering != nil { + in, out := &in.Peering, &out.Peering + *out = new(string) + **out = **in + } + if in.PeeringRef != nil { + in, out := &in.PeeringRef, &out.PeeringRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PeeringSelector != nil { + in, out := &in.PeeringSelector, &out.PeeringSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedProducerVPCNetworkParameters. +func (in *LinkedProducerVPCNetworkParameters) DeepCopy() *LinkedProducerVPCNetworkParameters { + if in == nil { + return nil + } + out := new(LinkedProducerVPCNetworkParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedRouterApplianceInstancesInitParameters) DeepCopyInto(out *LinkedRouterApplianceInstancesInitParameters) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Instances != nil { in, out := &in.Instances, &out.Instances *out = make([]InstancesInitParameters, len(*in)) @@ -231,6 +485,17 @@ func (in *LinkedRouterApplianceInstancesInitParameters) DeepCopy() *LinkedRouter // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedRouterApplianceInstancesObservation) DeepCopyInto(out *LinkedRouterApplianceInstancesObservation) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Instances != nil { in, out := &in.Instances, &out.Instances *out = make([]InstancesObservation, len(*in)) @@ -258,6 +523,17 @@ func (in *LinkedRouterApplianceInstancesObservation) DeepCopy() *LinkedRouterApp // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedRouterApplianceInstancesParameters) DeepCopyInto(out *LinkedRouterApplianceInstancesParameters) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Instances != nil { in, out := &in.Instances, &out.Instances *out = make([]InstancesParameters, len(*in)) @@ -296,6 +572,17 @@ func (in *LinkedVPCNetworkInitParameters) DeepCopyInto(out *LinkedVPCNetworkInit } } } + if in.IncludeExportRanges != nil { + in, out := &in.IncludeExportRanges, &out.IncludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.URI != nil { in, out := &in.URI, &out.URI *out = new(string) @@ -337,6 +624,17 @@ func (in *LinkedVPCNetworkObservation) DeepCopyInto(out *LinkedVPCNetworkObserva } } } + if in.IncludeExportRanges != nil { + in, out := &in.IncludeExportRanges, &out.IncludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.URI != nil { in, out := &in.URI, &out.URI *out = new(string) @@ -368,6 +666,17 @@ func (in *LinkedVPCNetworkParameters) DeepCopyInto(out *LinkedVPCNetworkParamete } } } + if in.IncludeExportRanges != nil { + in, out := &in.IncludeExportRanges, &out.IncludeExportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.URI != nil { in, out := &in.URI, &out.URI *out = new(string) @@ -398,6 +707,17 @@ func (in *LinkedVPCNetworkParameters) DeepCopy() *LinkedVPCNetworkParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedVPNTunnelsInitParameters) DeepCopyInto(out *LinkedVPNTunnelsInitParameters) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SiteToSiteDataTransfer != nil { in, out := &in.SiteToSiteDataTransfer, &out.SiteToSiteDataTransfer *out = new(bool) @@ -414,6 +734,18 @@ func (in *LinkedVPNTunnelsInitParameters) DeepCopyInto(out *LinkedVPNTunnelsInit } } } + if in.UrisRefs != nil { + in, out := &in.UrisRefs, &out.UrisRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UrisSelector != nil { + in, out := &in.UrisSelector, &out.UrisSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedVPNTunnelsInitParameters. @@ -429,6 +761,17 @@ func (in *LinkedVPNTunnelsInitParameters) DeepCopy() *LinkedVPNTunnelsInitParame // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedVPNTunnelsObservation) DeepCopyInto(out *LinkedVPNTunnelsObservation) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SiteToSiteDataTransfer != nil { in, out := &in.SiteToSiteDataTransfer, &out.SiteToSiteDataTransfer *out = new(bool) @@ -460,6 +803,17 @@ func (in *LinkedVPNTunnelsObservation) DeepCopy() *LinkedVPNTunnelsObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinkedVPNTunnelsParameters) DeepCopyInto(out *LinkedVPNTunnelsParameters) { *out = *in + if in.IncludeImportRanges != nil { + in, out := &in.IncludeImportRanges, &out.IncludeImportRanges + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.SiteToSiteDataTransfer != nil { in, out := &in.SiteToSiteDataTransfer, &out.SiteToSiteDataTransfer *out = new(bool) @@ -476,6 +830,18 @@ func (in *LinkedVPNTunnelsParameters) DeepCopyInto(out *LinkedVPNTunnelsParamete } } } + if in.UrisRefs != nil { + in, out := &in.UrisRefs, &out.UrisRefs + *out = make([]v1.Reference, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UrisSelector != nil { + in, out := &in.UrisSelector, &out.UrisSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinkedVPNTunnelsParameters. @@ -523,6 +889,11 @@ func (in *SpokeInitParameters) DeepCopyInto(out *SpokeInitParameters) { *out = new(string) **out = **in } + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } if in.Hub != nil { in, out := &in.Hub, &out.Hub *out = new(string) @@ -559,6 +930,11 @@ func (in *SpokeInitParameters) DeepCopyInto(out *SpokeInitParameters) { *out = new(LinkedInterconnectAttachmentsInitParameters) (*in).DeepCopyInto(*out) } + if in.LinkedProducerVPCNetwork != nil { + in, out := &in.LinkedProducerVPCNetwork, &out.LinkedProducerVPCNetwork + *out = new(LinkedProducerVPCNetworkInitParameters) + (*in).DeepCopyInto(*out) + } if in.LinkedRouterApplianceInstances != nil { in, out := &in.LinkedRouterApplianceInstances, &out.LinkedRouterApplianceInstances *out = new(LinkedRouterApplianceInstancesInitParameters) @@ -662,6 +1038,11 @@ func (in *SpokeObservation) DeepCopyInto(out *SpokeObservation) { (*out)[key] = outVal } } + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } if in.Hub != nil { in, out := &in.Hub, &out.Hub *out = new(string) @@ -693,6 +1074,11 @@ func (in *SpokeObservation) DeepCopyInto(out *SpokeObservation) { *out = new(LinkedInterconnectAttachmentsObservation) (*in).DeepCopyInto(*out) } + if in.LinkedProducerVPCNetwork != nil { + in, out := &in.LinkedProducerVPCNetwork, &out.LinkedProducerVPCNetwork + *out = new(LinkedProducerVPCNetworkObservation) + (*in).DeepCopyInto(*out) + } if in.LinkedRouterApplianceInstances != nil { in, out := &in.LinkedRouterApplianceInstances, &out.LinkedRouterApplianceInstances *out = new(LinkedRouterApplianceInstancesObservation) @@ -774,6 +1160,11 @@ func (in *SpokeParameters) DeepCopyInto(out *SpokeParameters) { *out = new(string) **out = **in } + if in.Group != nil { + in, out := &in.Group, &out.Group + *out = new(string) + **out = **in + } if in.Hub != nil { in, out := &in.Hub, &out.Hub *out = new(string) @@ -810,6 +1201,11 @@ func (in *SpokeParameters) DeepCopyInto(out *SpokeParameters) { *out = new(LinkedInterconnectAttachmentsParameters) (*in).DeepCopyInto(*out) } + if in.LinkedProducerVPCNetwork != nil { + in, out := &in.LinkedProducerVPCNetwork, &out.LinkedProducerVPCNetwork + *out = new(LinkedProducerVPCNetworkParameters) + (*in).DeepCopyInto(*out) + } if in.LinkedRouterApplianceInstances != nil { in, out := &in.LinkedRouterApplianceInstances, &out.LinkedRouterApplianceInstances *out = new(LinkedRouterApplianceInstancesParameters) diff --git a/apis/networkconnectivity/v1beta2/zz_generated.resolvers.go b/apis/networkconnectivity/v1beta2/zz_generated.resolvers.go index db8c0607b..f81345d2f 100644 --- a/apis/networkconnectivity/v1beta2/zz_generated.resolvers.go +++ b/apis/networkconnectivity/v1beta2/zz_generated.resolvers.go @@ -25,6 +25,7 @@ func (mg *Spoke) ResolveReferences(ctx context.Context, c client.Reader) error { r := reference.NewAPIResolver(c, mg) var rsp reference.ResolutionResponse + var mrsp reference.MultiResolutionResponse var err error { m, l, err = apisresolver.GetManagedResource("networkconnectivity.gcp.upbound.io", "v1beta1", "Hub", "HubList") @@ -46,6 +47,69 @@ func (mg *Spoke) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.ForProvider.Hub = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.HubRef = rsp.ResolvedReference + if mg.Spec.ForProvider.LinkedInterconnectAttachments != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "InterconnectAttachment", "InterconnectAttachmentList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.ForProvider.LinkedInterconnectAttachments.Uris), + Extract: resource.ExtractParamPath("self_link", true), + References: mg.Spec.ForProvider.LinkedInterconnectAttachments.UrisRefs, + Selector: mg.Spec.ForProvider.LinkedInterconnectAttachments.UrisSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.LinkedInterconnectAttachments.Uris") + } + mg.Spec.ForProvider.LinkedInterconnectAttachments.Uris = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.ForProvider.LinkedInterconnectAttachments.UrisRefs = mrsp.ResolvedReferences + + } + if mg.Spec.ForProvider.LinkedProducerVPCNetwork != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.LinkedProducerVPCNetwork.Network), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.LinkedProducerVPCNetwork.NetworkRef, + Selector: mg.Spec.ForProvider.LinkedProducerVPCNetwork.NetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.LinkedProducerVPCNetwork.Network") + } + mg.Spec.ForProvider.LinkedProducerVPCNetwork.Network = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.LinkedProducerVPCNetwork.NetworkRef = rsp.ResolvedReference + + } + if mg.Spec.ForProvider.LinkedProducerVPCNetwork != nil { + { + m, l, err = apisresolver.GetManagedResource("servicenetworking.gcp.upbound.io", "v1beta1", "Connection", "ConnectionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.LinkedProducerVPCNetwork.Peering), + Extract: resource.ExtractParamPath("peering", true), + Reference: mg.Spec.ForProvider.LinkedProducerVPCNetwork.PeeringRef, + Selector: mg.Spec.ForProvider.LinkedProducerVPCNetwork.PeeringSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.LinkedProducerVPCNetwork.Peering") + } + mg.Spec.ForProvider.LinkedProducerVPCNetwork.Peering = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.LinkedProducerVPCNetwork.PeeringRef = rsp.ResolvedReference + + } if mg.Spec.ForProvider.LinkedRouterApplianceInstances != nil { for i4 := 0; i4 < len(mg.Spec.ForProvider.LinkedRouterApplianceInstances.Instances); i4++ { { @@ -89,6 +153,27 @@ func (mg *Spoke) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.ForProvider.LinkedVPCNetwork.URI = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.LinkedVPCNetwork.URIRef = rsp.ResolvedReference + } + if mg.Spec.ForProvider.LinkedVPNTunnels != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "VPNTunnel", "VPNTunnelList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.ForProvider.LinkedVPNTunnels.Uris), + Extract: resource.ExtractParamPath("self_link", true), + References: mg.Spec.ForProvider.LinkedVPNTunnels.UrisRefs, + Selector: mg.Spec.ForProvider.LinkedVPNTunnels.UrisSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.LinkedVPNTunnels.Uris") + } + mg.Spec.ForProvider.LinkedVPNTunnels.Uris = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.ForProvider.LinkedVPNTunnels.UrisRefs = mrsp.ResolvedReferences + } { m, l, err = apisresolver.GetManagedResource("networkconnectivity.gcp.upbound.io", "v1beta1", "Hub", "HubList") @@ -109,6 +194,69 @@ func (mg *Spoke) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.InitProvider.Hub = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.HubRef = rsp.ResolvedReference + if mg.Spec.InitProvider.LinkedInterconnectAttachments != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "InterconnectAttachment", "InterconnectAttachmentList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.InitProvider.LinkedInterconnectAttachments.Uris), + Extract: resource.ExtractParamPath("self_link", true), + References: mg.Spec.InitProvider.LinkedInterconnectAttachments.UrisRefs, + Selector: mg.Spec.InitProvider.LinkedInterconnectAttachments.UrisSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.LinkedInterconnectAttachments.Uris") + } + mg.Spec.InitProvider.LinkedInterconnectAttachments.Uris = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.InitProvider.LinkedInterconnectAttachments.UrisRefs = mrsp.ResolvedReferences + + } + if mg.Spec.InitProvider.LinkedProducerVPCNetwork != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.LinkedProducerVPCNetwork.Network), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.LinkedProducerVPCNetwork.NetworkRef, + Selector: mg.Spec.InitProvider.LinkedProducerVPCNetwork.NetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.LinkedProducerVPCNetwork.Network") + } + mg.Spec.InitProvider.LinkedProducerVPCNetwork.Network = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.LinkedProducerVPCNetwork.NetworkRef = rsp.ResolvedReference + + } + if mg.Spec.InitProvider.LinkedProducerVPCNetwork != nil { + { + m, l, err = apisresolver.GetManagedResource("servicenetworking.gcp.upbound.io", "v1beta1", "Connection", "ConnectionList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.LinkedProducerVPCNetwork.Peering), + Extract: resource.ExtractParamPath("peering", true), + Reference: mg.Spec.InitProvider.LinkedProducerVPCNetwork.PeeringRef, + Selector: mg.Spec.InitProvider.LinkedProducerVPCNetwork.PeeringSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.LinkedProducerVPCNetwork.Peering") + } + mg.Spec.InitProvider.LinkedProducerVPCNetwork.Peering = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.LinkedProducerVPCNetwork.PeeringRef = rsp.ResolvedReference + + } if mg.Spec.InitProvider.LinkedRouterApplianceInstances != nil { for i4 := 0; i4 < len(mg.Spec.InitProvider.LinkedRouterApplianceInstances.Instances); i4++ { { @@ -152,6 +300,27 @@ func (mg *Spoke) ResolveReferences(ctx context.Context, c client.Reader) error { mg.Spec.InitProvider.LinkedVPCNetwork.URI = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.LinkedVPCNetwork.URIRef = rsp.ResolvedReference + } + if mg.Spec.InitProvider.LinkedVPNTunnels != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "VPNTunnel", "VPNTunnelList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ + CurrentValues: reference.FromPtrValues(mg.Spec.InitProvider.LinkedVPNTunnels.Uris), + Extract: resource.ExtractParamPath("self_link", true), + References: mg.Spec.InitProvider.LinkedVPNTunnels.UrisRefs, + Selector: mg.Spec.InitProvider.LinkedVPNTunnels.UrisSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.LinkedVPNTunnels.Uris") + } + mg.Spec.InitProvider.LinkedVPNTunnels.Uris = reference.ToPtrValues(mrsp.ResolvedValues) + mg.Spec.InitProvider.LinkedVPNTunnels.UrisRefs = mrsp.ResolvedReferences + } return nil diff --git a/apis/networkconnectivity/v1beta2/zz_spoke_types.go b/apis/networkconnectivity/v1beta2/zz_spoke_types.go index 72b352a83..74ca66975 100755 --- a/apis/networkconnectivity/v1beta2/zz_spoke_types.go +++ b/apis/networkconnectivity/v1beta2/zz_spoke_types.go @@ -45,7 +45,7 @@ type InstancesParameters struct { // The IP address on the VM to use for peering. // +kubebuilder:validation:Optional - IPAddress *string `json:"ipAddress,omitempty" tf:"ip_address,omitempty"` + IPAddress *string `json:"ipAddress" tf:"ip_address,omitempty"` // The URI of the virtual machine resource // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.Instance @@ -64,15 +64,33 @@ type InstancesParameters struct { type LinkedInterconnectAttachmentsInitParameters struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. SiteToSiteDataTransfer *bool `json:"siteToSiteDataTransfer,omitempty" tf:"site_to_site_data_transfer,omitempty"` // The URIs of linked interconnect attachment resources + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.InterconnectAttachment + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) Uris []*string `json:"uris,omitempty" tf:"uris,omitempty"` + + // References to InterconnectAttachment in compute to populate uris. + // +kubebuilder:validation:Optional + UrisRefs []v1.Reference `json:"urisRefs,omitempty" tf:"-"` + + // Selector for a list of InterconnectAttachment in compute to populate uris. + // +kubebuilder:validation:Optional + UrisSelector *v1.Selector `json:"urisSelector,omitempty" tf:"-"` } type LinkedInterconnectAttachmentsObservation struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. SiteToSiteDataTransfer *bool `json:"siteToSiteDataTransfer,omitempty" tf:"site_to_site_data_transfer,omitempty"` @@ -82,17 +100,127 @@ type LinkedInterconnectAttachmentsObservation struct { type LinkedInterconnectAttachmentsParameters struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + // +kubebuilder:validation:Optional + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. // +kubebuilder:validation:Optional SiteToSiteDataTransfer *bool `json:"siteToSiteDataTransfer" tf:"site_to_site_data_transfer,omitempty"` // The URIs of linked interconnect attachment resources + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.InterconnectAttachment + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) // +kubebuilder:validation:Optional - Uris []*string `json:"uris" tf:"uris,omitempty"` + Uris []*string `json:"uris,omitempty" tf:"uris,omitempty"` + + // References to InterconnectAttachment in compute to populate uris. + // +kubebuilder:validation:Optional + UrisRefs []v1.Reference `json:"urisRefs,omitempty" tf:"-"` + + // Selector for a list of InterconnectAttachment in compute to populate uris. + // +kubebuilder:validation:Optional + UrisSelector *v1.Selector `json:"urisSelector,omitempty" tf:"-"` +} + +type LinkedProducerVPCNetworkInitParameters struct { + + // IP ranges encompassing the subnets to be excluded from peering. + ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + + // IP ranges allowed to be included from peering. + IncludeExportRanges []*string `json:"includeExportRanges,omitempty" tf:"include_export_ranges,omitempty"` + + // The URI of the Service Consumer VPC that the Producer VPC is peered with. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // Reference to a Network in compute to populate network. + // +kubebuilder:validation:Optional + NetworkRef *v1.Reference `json:"networkRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate network. + // +kubebuilder:validation:Optional + NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` + + // The name of the VPC peering between the Service Consumer VPC and the Producer VPC (defined in the Tenant project) which is added to the NCC hub. This peering must be in ACTIVE state. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/servicenetworking/v1beta1.Connection + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("peering",true) + Peering *string `json:"peering,omitempty" tf:"peering,omitempty"` + + // Reference to a Connection in servicenetworking to populate peering. + // +kubebuilder:validation:Optional + PeeringRef *v1.Reference `json:"peeringRef,omitempty" tf:"-"` + + // Selector for a Connection in servicenetworking to populate peering. + // +kubebuilder:validation:Optional + PeeringSelector *v1.Selector `json:"peeringSelector,omitempty" tf:"-"` +} + +type LinkedProducerVPCNetworkObservation struct { + + // IP ranges encompassing the subnets to be excluded from peering. + ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + + // IP ranges allowed to be included from peering. + IncludeExportRanges []*string `json:"includeExportRanges,omitempty" tf:"include_export_ranges,omitempty"` + + // The URI of the Service Consumer VPC that the Producer VPC is peered with. + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // The name of the VPC peering between the Service Consumer VPC and the Producer VPC (defined in the Tenant project) which is added to the NCC hub. This peering must be in ACTIVE state. + Peering *string `json:"peering,omitempty" tf:"peering,omitempty"` + + // (Output) + // The URI of the Producer VPC. + ProducerNetwork *string `json:"producerNetwork,omitempty" tf:"producer_network,omitempty"` +} + +type LinkedProducerVPCNetworkParameters struct { + + // IP ranges encompassing the subnets to be excluded from peering. + // +kubebuilder:validation:Optional + ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + + // IP ranges allowed to be included from peering. + // +kubebuilder:validation:Optional + IncludeExportRanges []*string `json:"includeExportRanges,omitempty" tf:"include_export_ranges,omitempty"` + + // The URI of the Service Consumer VPC that the Producer VPC is peered with. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + // +kubebuilder:validation:Optional + Network *string `json:"network,omitempty" tf:"network,omitempty"` + + // Reference to a Network in compute to populate network. + // +kubebuilder:validation:Optional + NetworkRef *v1.Reference `json:"networkRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate network. + // +kubebuilder:validation:Optional + NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` + + // The name of the VPC peering between the Service Consumer VPC and the Producer VPC (defined in the Tenant project) which is added to the NCC hub. This peering must be in ACTIVE state. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/servicenetworking/v1beta1.Connection + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("peering",true) + // +kubebuilder:validation:Optional + Peering *string `json:"peering,omitempty" tf:"peering,omitempty"` + + // Reference to a Connection in servicenetworking to populate peering. + // +kubebuilder:validation:Optional + PeeringRef *v1.Reference `json:"peeringRef,omitempty" tf:"-"` + + // Selector for a Connection in servicenetworking to populate peering. + // +kubebuilder:validation:Optional + PeeringSelector *v1.Selector `json:"peeringSelector,omitempty" tf:"-"` } type LinkedRouterApplianceInstancesInitParameters struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // The list of router appliance instances // Structure is documented below. Instances []InstancesInitParameters `json:"instances,omitempty" tf:"instances,omitempty"` @@ -103,6 +231,10 @@ type LinkedRouterApplianceInstancesInitParameters struct { type LinkedRouterApplianceInstancesObservation struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // The list of router appliance instances // Structure is documented below. Instances []InstancesObservation `json:"instances,omitempty" tf:"instances,omitempty"` @@ -113,6 +245,11 @@ type LinkedRouterApplianceInstancesObservation struct { type LinkedRouterApplianceInstancesParameters struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + // +kubebuilder:validation:Optional + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // The list of router appliance instances // Structure is documented below. // +kubebuilder:validation:Optional @@ -128,6 +265,9 @@ type LinkedVPCNetworkInitParameters struct { // IP ranges encompassing the subnets to be excluded from peering. ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + // IP ranges allowed to be included from peering. + IncludeExportRanges []*string `json:"includeExportRanges,omitempty" tf:"include_export_ranges,omitempty"` + // The URI of the VPC network resource. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) @@ -147,6 +287,9 @@ type LinkedVPCNetworkObservation struct { // IP ranges encompassing the subnets to be excluded from peering. ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + // IP ranges allowed to be included from peering. + IncludeExportRanges []*string `json:"includeExportRanges,omitempty" tf:"include_export_ranges,omitempty"` + // The URI of the VPC network resource. URI *string `json:"uri,omitempty" tf:"uri,omitempty"` } @@ -157,6 +300,10 @@ type LinkedVPCNetworkParameters struct { // +kubebuilder:validation:Optional ExcludeExportRanges []*string `json:"excludeExportRanges,omitempty" tf:"exclude_export_ranges,omitempty"` + // IP ranges allowed to be included from peering. + // +kubebuilder:validation:Optional + IncludeExportRanges []*string `json:"includeExportRanges,omitempty" tf:"include_export_ranges,omitempty"` + // The URI of the VPC network resource. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) @@ -174,15 +321,33 @@ type LinkedVPCNetworkParameters struct { type LinkedVPNTunnelsInitParameters struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. SiteToSiteDataTransfer *bool `json:"siteToSiteDataTransfer,omitempty" tf:"site_to_site_data_transfer,omitempty"` // The URIs of linked VPN tunnel resources. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.VPNTunnel + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) Uris []*string `json:"uris,omitempty" tf:"uris,omitempty"` + + // References to VPNTunnel in compute to populate uris. + // +kubebuilder:validation:Optional + UrisRefs []v1.Reference `json:"urisRefs,omitempty" tf:"-"` + + // Selector for a list of VPNTunnel in compute to populate uris. + // +kubebuilder:validation:Optional + UrisSelector *v1.Selector `json:"urisSelector,omitempty" tf:"-"` } type LinkedVPNTunnelsObservation struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. SiteToSiteDataTransfer *bool `json:"siteToSiteDataTransfer,omitempty" tf:"site_to_site_data_transfer,omitempty"` @@ -192,13 +357,28 @@ type LinkedVPNTunnelsObservation struct { type LinkedVPNTunnelsParameters struct { + // IP ranges allowed to be included during import from hub (does not control transit connectivity). + // The only allowed value for now is "ALL_IPV4_RANGES". + // +kubebuilder:validation:Optional + IncludeImportRanges []*string `json:"includeImportRanges,omitempty" tf:"include_import_ranges,omitempty"` + // A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. // +kubebuilder:validation:Optional SiteToSiteDataTransfer *bool `json:"siteToSiteDataTransfer" tf:"site_to_site_data_transfer,omitempty"` // The URIs of linked VPN tunnel resources. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.VPNTunnel + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) + // +kubebuilder:validation:Optional + Uris []*string `json:"uris,omitempty" tf:"uris,omitempty"` + + // References to VPNTunnel in compute to populate uris. + // +kubebuilder:validation:Optional + UrisRefs []v1.Reference `json:"urisRefs,omitempty" tf:"-"` + + // Selector for a list of VPNTunnel in compute to populate uris. // +kubebuilder:validation:Optional - Uris []*string `json:"uris" tf:"uris,omitempty"` + UrisSelector *v1.Selector `json:"urisSelector,omitempty" tf:"-"` } type SpokeInitParameters struct { @@ -206,6 +386,9 @@ type SpokeInitParameters struct { // An optional description of the spoke. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The name of the group that this spoke is associated with. + Group *string `json:"group,omitempty" tf:"group,omitempty"` + // Immutable. The URI of the hub that this spoke is attached to. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/networkconnectivity/v1beta1.Hub // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() @@ -229,6 +412,10 @@ type SpokeInitParameters struct { // Structure is documented below. LinkedInterconnectAttachments *LinkedInterconnectAttachmentsInitParameters `json:"linkedInterconnectAttachments,omitempty" tf:"linked_interconnect_attachments,omitempty"` + // Producer VPC network that is associated with the spoke. + // Structure is documented below. + LinkedProducerVPCNetwork *LinkedProducerVPCNetworkInitParameters `json:"linkedProducerVpcNetwork,omitempty" tf:"linked_producer_vpc_network,omitempty"` + // The URIs of linked Router appliance resources // Structure is documented below. LinkedRouterApplianceInstances *LinkedRouterApplianceInstancesInitParameters `json:"linkedRouterApplianceInstances,omitempty" tf:"linked_router_appliance_instances,omitempty"` @@ -263,6 +450,9 @@ type SpokeObservation struct { // +mapType=granular EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // The name of the group that this spoke is associated with. + Group *string `json:"group,omitempty" tf:"group,omitempty"` + // Immutable. The URI of the hub that this spoke is attached to. Hub *string `json:"hub,omitempty" tf:"hub,omitempty"` @@ -279,6 +469,10 @@ type SpokeObservation struct { // Structure is documented below. LinkedInterconnectAttachments *LinkedInterconnectAttachmentsObservation `json:"linkedInterconnectAttachments,omitempty" tf:"linked_interconnect_attachments,omitempty"` + // Producer VPC network that is associated with the spoke. + // Structure is documented below. + LinkedProducerVPCNetwork *LinkedProducerVPCNetworkObservation `json:"linkedProducerVpcNetwork,omitempty" tf:"linked_producer_vpc_network,omitempty"` + // The URIs of linked Router appliance resources // Structure is documented below. LinkedRouterApplianceInstances *LinkedRouterApplianceInstancesObservation `json:"linkedRouterApplianceInstances,omitempty" tf:"linked_router_appliance_instances,omitempty"` @@ -322,6 +516,10 @@ type SpokeParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // The name of the group that this spoke is associated with. + // +kubebuilder:validation:Optional + Group *string `json:"group,omitempty" tf:"group,omitempty"` + // Immutable. The URI of the hub that this spoke is attached to. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/networkconnectivity/v1beta1.Hub // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() @@ -348,6 +546,11 @@ type SpokeParameters struct { // +kubebuilder:validation:Optional LinkedInterconnectAttachments *LinkedInterconnectAttachmentsParameters `json:"linkedInterconnectAttachments,omitempty" tf:"linked_interconnect_attachments,omitempty"` + // Producer VPC network that is associated with the spoke. + // Structure is documented below. + // +kubebuilder:validation:Optional + LinkedProducerVPCNetwork *LinkedProducerVPCNetworkParameters `json:"linkedProducerVpcNetwork,omitempty" tf:"linked_producer_vpc_network,omitempty"` + // The URIs of linked Router appliance resources // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/examples-generated/networkconnectivity/v1beta2/spoke.yaml b/examples-generated/networkconnectivity/v1beta2/spoke.yaml index 8d9c1330f..ad1c663f9 100644 --- a/examples-generated/networkconnectivity/v1beta2/spoke.yaml +++ b/examples-generated/networkconnectivity/v1beta2/spoke.yaml @@ -18,6 +18,9 @@ spec: - excludeExportRanges: - 198.51.100.0/24 - 10.10.0.0/16 + includeExportRanges: + - 198.51.100.0/23 + - 10.0.0.0/8 uriSelector: matchLabels: testing.upbound.io/example-name: network diff --git a/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml b/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml index 56b39d160..e32f76eb6 100644 --- a/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml +++ b/package/crds/networkconnectivity.gcp.upbound.io_hubs.yaml @@ -95,6 +95,11 @@ spec: description: 'Immutable. The name of the hub. Hub names must be unique. They use the following form: projects/{project_number}/locations/global/hubs/{hub_id}' type: string + presetTopology: + description: |- + Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. + Possible values are: MESH, STAR. + type: string project: description: |- The ID of the project in which the resource belongs. @@ -136,6 +141,11 @@ spec: description: 'Immutable. The name of the hub. Hub names must be unique. They use the following form: projects/{project_number}/locations/global/hubs/{hub_id}' type: string + presetTopology: + description: |- + Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. + Possible values are: MESH, STAR. + type: string project: description: |- The ID of the project in which the resource belongs. @@ -347,6 +357,11 @@ spec: description: 'Immutable. The name of the hub. Hub names must be unique. They use the following form: projects/{project_number}/locations/global/hubs/{hub_id}' type: string + presetTopology: + description: |- + Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. + Possible values are: MESH, STAR. + type: string project: description: |- The ID of the project in which the resource belongs. diff --git a/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml b/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml index 83de6d8e8..2b031877e 100644 --- a/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml +++ b/package/crds/networkconnectivity.gcp.upbound.io_spokes.yaml @@ -1174,6 +1174,10 @@ spec: description: description: An optional description of the spoke. type: string + group: + description: The name of the group that this spoke is associated + with. + type: string hub: description: Immutable. The URI of the hub that this spoke is attached to. @@ -1268,6 +1272,13 @@ spec: A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes. Structure is documented below. properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array siteToSiteDataTransfer: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data @@ -1278,12 +1289,277 @@ spec: items: type: string type: array + urisRefs: + description: References to InterconnectAttachment in compute + to populate uris. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + urisSelector: + description: Selector for a list of InterconnectAttachment + in compute to populate uris. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + linkedProducerVpcNetwork: + description: |- + Producer VPC network that is associated with the spoke. + Structure is documented below. + properties: + excludeExportRanges: + description: IP ranges encompassing the subnets to be excluded + from peering. + items: + type: string + type: array + includeExportRanges: + description: IP ranges allowed to be included from peering. + items: + type: string + type: array + network: + description: The URI of the Service Consumer VPC that the + Producer VPC is peered with. + type: string + networkRef: + description: Reference to a Network in compute to populate + network. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + networkSelector: + description: Selector for a Network in compute to populate + network. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + peering: + description: The name of the VPC peering between the Service + Consumer VPC and the Producer VPC (defined in the Tenant + project) which is added to the NCC hub. This peering must + be in ACTIVE state. + type: string + peeringRef: + description: Reference to a Connection in servicenetworking + to populate peering. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + peeringSelector: + description: Selector for a Connection in servicenetworking + to populate peering. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object linkedRouterApplianceInstances: description: |- The URIs of linked Router appliance resources Structure is documented below. properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array instances: description: |- The list of router appliance instances @@ -1391,6 +1667,11 @@ spec: items: type: string type: array + includeExportRanges: + description: IP ranges allowed to be included from peering. + items: + type: string + type: array uri: description: The URI of the VPC network resource. type: string @@ -1476,6 +1757,13 @@ spec: The URIs of linked VPN tunnel resources Structure is documented below. properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array siteToSiteDataTransfer: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data @@ -1486,6 +1774,85 @@ spec: items: type: string type: array + urisRefs: + description: References to VPNTunnel in compute to populate + uris. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + urisSelector: + description: Selector for a list of VPNTunnel in compute to + populate uris. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object location: description: The location for the resource @@ -1516,6 +1883,10 @@ spec: description: description: An optional description of the spoke. type: string + group: + description: The name of the group that this spoke is associated + with. + type: string hub: description: Immutable. The URI of the hub that this spoke is attached to. @@ -1570,62 +1941,334 @@ spec: description: MatchLabels ensures an object with matching labels is selected. type: object - policy: - description: Policies for selection. + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: |- + Optional labels in key:value format. For more information about labels, see Requirements for labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + type: object + x-kubernetes-map-type: granular + linkedInterconnectAttachments: + description: |- + A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes. + Structure is documented below. + properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array + siteToSiteDataTransfer: + description: A value that controls whether site-to-site data + transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: The URIs of linked interconnect attachment resources + items: + type: string + type: array + urisRefs: + description: References to InterconnectAttachment in compute + to populate uris. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + urisSelector: + description: Selector for a list of InterconnectAttachment + in compute to populate uris. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + linkedProducerVpcNetwork: + description: |- + Producer VPC network that is associated with the spoke. + Structure is documented below. + properties: + excludeExportRanges: + description: IP ranges encompassing the subnets to be excluded + from peering. + items: + type: string + type: array + includeExportRanges: + description: IP ranges allowed to be included from peering. + items: + type: string + type: array + network: + description: The URI of the Service Consumer VPC that the + Producer VPC is peered with. + type: string + networkRef: + description: Reference to a Network in compute to populate + network. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + networkSelector: + description: Selector for a Network in compute to populate + network. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + peering: + description: The name of the VPC peering between the Service + Consumer VPC and the Producer VPC (defined in the Tenant + project) which is added to the NCC hub. This peering must + be in ACTIVE state. + type: string + peeringRef: + description: Reference to a Connection in servicenetworking + to populate peering. properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional + name: + description: Name of the referenced object. type: string - resolve: + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + peeringSelector: + description: Selector for a Connection in servicenetworking + to populate peering. + properties: + matchControllerRef: description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object type: object type: object - labels: - additionalProperties: - type: string - description: |- - Optional labels in key:value format. For more information about labels, see Requirements for labels. - Note: This field is non-authoritative, and will only manage the labels present in your configuration. - Please refer to the field effective_labels for all of the labels present on the resource. - type: object - x-kubernetes-map-type: granular - linkedInterconnectAttachments: + linkedRouterApplianceInstances: description: |- - A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes. + The URIs of linked Router appliance resources Structure is documented below. properties: - siteToSiteDataTransfer: - description: A value that controls whether site-to-site data - transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: The URIs of linked interconnect attachment resources + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". items: type: string type: array - type: object - linkedRouterApplianceInstances: - description: |- - The URIs of linked Router appliance resources - Structure is documented below. - properties: instances: description: |- The list of router appliance instances @@ -1733,6 +2376,11 @@ spec: items: type: string type: array + includeExportRanges: + description: IP ranges allowed to be included from peering. + items: + type: string + type: array uri: description: The URI of the VPC network resource. type: string @@ -1818,6 +2466,13 @@ spec: The URIs of linked VPN tunnel resources Structure is documented below. properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array siteToSiteDataTransfer: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data @@ -1828,6 +2483,85 @@ spec: items: type: string type: array + urisRefs: + description: References to VPNTunnel in compute to populate + uris. + items: + description: A Reference to a named object. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + type: array + urisSelector: + description: Selector for a list of VPNTunnel in compute to + populate uris. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object location: description: The location for the resource @@ -2034,6 +2768,10 @@ spec: type: string type: object x-kubernetes-map-type: granular + group: + description: The name of the group that this spoke is associated + with. + type: string hub: description: Immutable. The URI of the hub that this spoke is attached to. @@ -2055,6 +2793,13 @@ spec: A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes. Structure is documented below. properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array siteToSiteDataTransfer: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data @@ -2066,11 +2811,50 @@ spec: type: string type: array type: object + linkedProducerVpcNetwork: + description: |- + Producer VPC network that is associated with the spoke. + Structure is documented below. + properties: + excludeExportRanges: + description: IP ranges encompassing the subnets to be excluded + from peering. + items: + type: string + type: array + includeExportRanges: + description: IP ranges allowed to be included from peering. + items: + type: string + type: array + network: + description: The URI of the Service Consumer VPC that the + Producer VPC is peered with. + type: string + peering: + description: The name of the VPC peering between the Service + Consumer VPC and the Producer VPC (defined in the Tenant + project) which is added to the NCC hub. This peering must + be in ACTIVE state. + type: string + producerNetwork: + description: |- + (Output) + The URI of the Producer VPC. + type: string + type: object linkedRouterApplianceInstances: description: |- The URIs of linked Router appliance resources Structure is documented below. properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array instances: description: |- The list of router appliance instances @@ -2102,6 +2886,11 @@ spec: items: type: string type: array + includeExportRanges: + description: IP ranges allowed to be included from peering. + items: + type: string + type: array uri: description: The URI of the VPC network resource. type: string @@ -2111,6 +2900,13 @@ spec: The URIs of linked VPN tunnel resources Structure is documented below. properties: + includeImportRanges: + description: |- + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + items: + type: string + type: array siteToSiteDataTransfer: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data From d09798138456f1a917fa7e9bbc10199420830be3 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:11:40 +0100 Subject: [PATCH 17/47] orgpolicy: policy added parameters Signed-off-by: Rickard von Essen --- .../v1beta1/zz_generated.deepcopy.go | 30 +++++++++++ apis/orgpolicy/v1beta1/zz_policy_types.go | 26 +++++++-- .../orgpolicy/v1beta1/policy.yaml | 1 + .../orgpolicy.gcp.upbound.io_policies.yaml | 54 +++++++++++++++++-- 4 files changed, 105 insertions(+), 6 deletions(-) diff --git a/apis/orgpolicy/v1beta1/zz_generated.deepcopy.go b/apis/orgpolicy/v1beta1/zz_generated.deepcopy.go index c99538e13..0c7dfd9fd 100644 --- a/apis/orgpolicy/v1beta1/zz_generated.deepcopy.go +++ b/apis/orgpolicy/v1beta1/zz_generated.deepcopy.go @@ -551,6 +551,11 @@ func (in *RulesInitParameters) DeepCopyInto(out *RulesInitParameters) { *out = new(string) **out = **in } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = new(string) + **out = **in + } if in.Values != nil { in, out := &in.Values, &out.Values *out = new(ValuesInitParameters) @@ -591,6 +596,11 @@ func (in *RulesObservation) DeepCopyInto(out *RulesObservation) { *out = new(string) **out = **in } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = new(string) + **out = **in + } if in.Values != nil { in, out := &in.Values, &out.Values *out = new(ValuesObservation) @@ -631,6 +641,11 @@ func (in *RulesParameters) DeepCopyInto(out *RulesParameters) { *out = new(string) **out = **in } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = new(string) + **out = **in + } if in.Values != nil { in, out := &in.Values, &out.Values *out = new(ValuesParameters) @@ -888,6 +903,11 @@ func (in *SpecRulesInitParameters) DeepCopyInto(out *SpecRulesInitParameters) { *out = new(string) **out = **in } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = new(string) + **out = **in + } if in.Values != nil { in, out := &in.Values, &out.Values *out = new(RulesValuesInitParameters) @@ -928,6 +948,11 @@ func (in *SpecRulesObservation) DeepCopyInto(out *SpecRulesObservation) { *out = new(string) **out = **in } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = new(string) + **out = **in + } if in.Values != nil { in, out := &in.Values, &out.Values *out = new(RulesValuesObservation) @@ -968,6 +993,11 @@ func (in *SpecRulesParameters) DeepCopyInto(out *SpecRulesParameters) { *out = new(string) **out = **in } + if in.Parameters != nil { + in, out := &in.Parameters, &out.Parameters + *out = new(string) + **out = **in + } if in.Values != nil { in, out := &in.Values, &out.Values *out = new(RulesValuesParameters) diff --git a/apis/orgpolicy/v1beta1/zz_policy_types.go b/apis/orgpolicy/v1beta1/zz_policy_types.go index 8b3d34fdb..5fd2eb286 100755 --- a/apis/orgpolicy/v1beta1/zz_policy_types.go +++ b/apis/orgpolicy/v1beta1/zz_policy_types.go @@ -234,6 +234,9 @@ type RulesInitParameters struct { // If "TRUE", then the Policy is enforced. If "FALSE", then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce *string `json:"enforce,omitempty" tf:"enforce,omitempty"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true } + Parameters *string `json:"parameters,omitempty" tf:"parameters,omitempty"` + // List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. // Structure is documented below. Values *ValuesInitParameters `json:"values,omitempty" tf:"values,omitempty"` @@ -254,6 +257,9 @@ type RulesObservation struct { // If "TRUE", then the Policy is enforced. If "FALSE", then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce *string `json:"enforce,omitempty" tf:"enforce,omitempty"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true } + Parameters *string `json:"parameters,omitempty" tf:"parameters,omitempty"` + // List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. // Structure is documented below. Values *ValuesObservation `json:"values,omitempty" tf:"values,omitempty"` @@ -278,6 +284,10 @@ type RulesParameters struct { // +kubebuilder:validation:Optional Enforce *string `json:"enforce,omitempty" tf:"enforce,omitempty"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true } + // +kubebuilder:validation:Optional + Parameters *string `json:"parameters,omitempty" tf:"parameters,omitempty"` + // List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. // Structure is documented below. // +kubebuilder:validation:Optional @@ -321,7 +331,7 @@ type SpecInitParameters struct { // Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, rules must be empty and inherit_from_parent must be set to false. Reset *bool `json:"reset,omitempty" tf:"reset,omitempty"` - // Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. + // In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. // Structure is documented below. Rules []SpecRulesInitParameters `json:"rules,omitempty" tf:"rules,omitempty"` } @@ -338,7 +348,7 @@ type SpecObservation struct { // Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, rules must be empty and inherit_from_parent must be set to false. Reset *bool `json:"reset,omitempty" tf:"reset,omitempty"` - // Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. + // In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. // Structure is documented below. Rules []SpecRulesObservation `json:"rules,omitempty" tf:"rules,omitempty"` @@ -357,7 +367,7 @@ type SpecParameters struct { // +kubebuilder:validation:Optional Reset *bool `json:"reset,omitempty" tf:"reset,omitempty"` - // Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. + // In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. // Structure is documented below. // +kubebuilder:validation:Optional Rules []SpecRulesParameters `json:"rules,omitempty" tf:"rules,omitempty"` @@ -378,6 +388,9 @@ type SpecRulesInitParameters struct { // If "TRUE", then the Policy is enforced. If "FALSE", then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce *string `json:"enforce,omitempty" tf:"enforce,omitempty"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true } + Parameters *string `json:"parameters,omitempty" tf:"parameters,omitempty"` + // List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. // Structure is documented below. Values *RulesValuesInitParameters `json:"values,omitempty" tf:"values,omitempty"` @@ -398,6 +411,9 @@ type SpecRulesObservation struct { // If "TRUE", then the Policy is enforced. If "FALSE", then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce *string `json:"enforce,omitempty" tf:"enforce,omitempty"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true } + Parameters *string `json:"parameters,omitempty" tf:"parameters,omitempty"` + // List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. // Structure is documented below. Values *RulesValuesObservation `json:"values,omitempty" tf:"values,omitempty"` @@ -422,6 +438,10 @@ type SpecRulesParameters struct { // +kubebuilder:validation:Optional Enforce *string `json:"enforce,omitempty" tf:"enforce,omitempty"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true } + // +kubebuilder:validation:Optional + Parameters *string `json:"parameters,omitempty" tf:"parameters,omitempty"` + // List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/examples-generated/orgpolicy/v1beta1/policy.yaml b/examples-generated/orgpolicy/v1beta1/policy.yaml index a9032b124..b503d9ac6 100644 --- a/examples-generated/orgpolicy/v1beta1/policy.yaml +++ b/examples-generated/orgpolicy/v1beta1/policy.yaml @@ -27,6 +27,7 @@ metadata: name: basic spec: forProvider: + deletionPolicy: DELETE name: id orgId: "123456789" projectId: id diff --git a/package/crds/orgpolicy.gcp.upbound.io_policies.yaml b/package/crds/orgpolicy.gcp.upbound.io_policies.yaml index 95b0f9416..583cf804c 100644 --- a/package/crds/orgpolicy.gcp.upbound.io_policies.yaml +++ b/package/crds/orgpolicy.gcp.upbound.io_policies.yaml @@ -144,6 +144,14 @@ spec: This field can be set only in Policies for boolean constraints. type: string + parameters: + description: 'Optional. Required for Managed Constraints + if parameters defined in constraints. Pass parameter + values when policy enforcement is enabled. Ensure + that parameter value types match those defined in + the constraint definition. For example: { "allowedLocations" + : ["us-east1", "us-west1"], "allowAll" : true }' + type: string values: description: |- List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. @@ -266,7 +274,7 @@ spec: type: boolean rules: description: |- - Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. + In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. Structure is documented below. items: properties: @@ -312,6 +320,14 @@ spec: This field can be set only in Policies for boolean constraints. type: string + parameters: + description: 'Optional. Required for Managed Constraints + if parameters defined in constraints. Pass parameter + values when policy enforcement is enabled. Ensure + that parameter value types match those defined in + the constraint definition. For example: { "allowedLocations" + : ["us-east1", "us-west1"], "allowAll" : true }' + type: string values: description: |- List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. @@ -415,6 +431,14 @@ spec: This field can be set only in Policies for boolean constraints. type: string + parameters: + description: 'Optional. Required for Managed Constraints + if parameters defined in constraints. Pass parameter + values when policy enforcement is enabled. Ensure + that parameter value types match those defined in + the constraint definition. For example: { "allowedLocations" + : ["us-east1", "us-west1"], "allowAll" : true }' + type: string values: description: |- List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. @@ -458,7 +482,7 @@ spec: type: boolean rules: description: |- - Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. + In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. Structure is documented below. items: properties: @@ -504,6 +528,14 @@ spec: This field can be set only in Policies for boolean constraints. type: string + parameters: + description: 'Optional. Required for Managed Constraints + if parameters defined in constraints. Pass parameter + values when policy enforcement is enabled. Ensure + that parameter value types match those defined in + the constraint definition. For example: { "allowedLocations" + : ["us-east1", "us-west1"], "allowAll" : true }' + type: string values: description: |- List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. @@ -771,6 +803,14 @@ spec: This field can be set only in Policies for boolean constraints. type: string + parameters: + description: 'Optional. Required for Managed Constraints + if parameters defined in constraints. Pass parameter + values when policy enforcement is enabled. Ensure + that parameter value types match those defined in + the constraint definition. For example: { "allowedLocations" + : ["us-east1", "us-west1"], "allowAll" : true }' + type: string values: description: |- List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. @@ -837,7 +877,7 @@ spec: type: boolean rules: description: |- - Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. + In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. Structure is documented below. items: properties: @@ -883,6 +923,14 @@ spec: This field can be set only in Policies for boolean constraints. type: string + parameters: + description: 'Optional. Required for Managed Constraints + if parameters defined in constraints. Pass parameter + values when policy enforcement is enabled. Ensure + that parameter value types match those defined in + the constraint definition. For example: { "allowedLocations" + : ["us-east1", "us-west1"], "allowAll" : true }' + type: string values: description: |- List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints. From cc6fdb7114572d1b6facdbb97352d7259b1e1cf3 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:17:03 +0100 Subject: [PATCH 18/47] privateca: doc updates only Signed-off-by: Rickard von Essen --- .../privateca/v1beta2/zz_certificate_types.go | 10 ++++----- .../v1beta2/zz_certificateauthority_types.go | 9 +++++--- .../v1beta2/certificateauthority.yaml | 22 ++++--------------- ...gcp.upbound.io_certificateauthorities.yaml | 21 ++++++++++-------- ...privateca.gcp.upbound.io_certificates.yaml | 10 ++++----- 5 files changed, 32 insertions(+), 40 deletions(-) diff --git a/apis/privateca/v1beta2/zz_certificate_types.go b/apis/privateca/v1beta2/zz_certificate_types.go index b10df16a8..54fee9d09 100755 --- a/apis/privateca/v1beta2/zz_certificate_types.go +++ b/apis/privateca/v1beta2/zz_certificate_types.go @@ -30,7 +30,7 @@ type AuthorityKeyIDInitParameters struct { type AuthorityKeyIDObservation struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } @@ -405,19 +405,19 @@ type ConfigPublicKeyParameters struct { type ConfigSubjectKeyIDInitParameters struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } type ConfigSubjectKeyIDObservation struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } type ConfigSubjectKeyIDParameters struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. // +kubebuilder:validation:Optional KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } @@ -811,7 +811,7 @@ type SubjectKeyIDInitParameters struct { type SubjectKeyIDObservation struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } diff --git a/apis/privateca/v1beta2/zz_certificateauthority_types.go b/apis/privateca/v1beta2/zz_certificateauthority_types.go index 7f33266e8..34fcbfe9a 100755 --- a/apis/privateca/v1beta2/zz_certificateauthority_types.go +++ b/apis/privateca/v1beta2/zz_certificateauthority_types.go @@ -82,19 +82,19 @@ type CertificateAuthorityConfigParameters struct { type CertificateAuthorityConfigSubjectKeyIDInitParameters struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } type CertificateAuthorityConfigSubjectKeyIDObservation struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } type CertificateAuthorityConfigSubjectKeyIDParameters struct { - // The value of the KeyId in lowercase hexidecimal. + // The value of the KeyId in lowercase hexadecimal. // +kubebuilder:validation:Optional KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } @@ -109,6 +109,7 @@ type CertificateAuthorityInitParameters struct { DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` // Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. + // Possible values: ENABLED, DISABLED, STAGED. DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` // The name of a Cloud Storage bucket where this CertificateAuthority will publish content, @@ -184,6 +185,7 @@ type CertificateAuthorityObservation struct { DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` // Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. + // Possible values: ENABLED, DISABLED, STAGED. DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` // +mapType=granular @@ -288,6 +290,7 @@ type CertificateAuthorityParameters struct { DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` // Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. + // Possible values: ENABLED, DISABLED, STAGED. // +kubebuilder:validation:Optional DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` diff --git a/examples-generated/privateca/v1beta2/certificateauthority.yaml b/examples-generated/privateca/v1beta2/certificateauthority.yaml index 025675d3d..67c2f38b4 100644 --- a/examples-generated/privateca/v1beta2/certificateauthority.yaml +++ b/examples-generated/privateca/v1beta2/certificateauthority.yaml @@ -12,34 +12,20 @@ spec: - subjectConfig: - subject: - commonName: my-certificate-authority - organization: HashiCorp - subjectAltName: - - dnsNames: - - hashicorp.com + organization: ACME x509Config: - caOptions: - isCa: true - maxIssuerPathLength: 10 keyUsage: - baseKeyUsage: - certSign: true - contentCommitment: true crlSign: true - dataEncipherment: true - decipherOnly: true - digitalSignature: true - keyAgreement: true - keyEncipherment: false extendedKeyUsage: - - clientAuth: false - codeSigning: true - emailProtection: true - serverAuth: true - timeStamping: true - deletionProtection: "true" + - {} + deletionProtection: true keySpec: - algorithm: RSA_PKCS1_4096_SHA256 - lifetime: 86400s + lifetime: ${10 * 365 * 24 * 3600}s location: us-central1 poolSelector: matchLabels: diff --git a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml index 40b1b3d53..26ce30d19 100644 --- a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml @@ -2241,7 +2241,7 @@ spec: Structure is documented below. properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object x509Config: @@ -2509,8 +2509,9 @@ spec: is allowed. type: boolean desiredState: - description: Desired state of the CertificateAuthority. Set this - field to STAGED to create a STAGED root CA. + description: |- + Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. + Possible values: ENABLED, DISABLED, STAGED. type: string gcsBucket: description: |- @@ -2863,7 +2864,7 @@ spec: Structure is documented below. properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object x509Config: @@ -3131,8 +3132,9 @@ spec: is allowed. type: boolean desiredState: - description: Desired state of the CertificateAuthority. Set this - field to STAGED to create a STAGED root CA. + description: |- + Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. + Possible values: ENABLED, DISABLED, STAGED. type: string gcsBucket: description: |- @@ -3591,7 +3593,7 @@ spec: Structure is documented below. properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object x509Config: @@ -3865,8 +3867,9 @@ spec: is allowed. type: boolean desiredState: - description: Desired state of the CertificateAuthority. Set this - field to STAGED to create a STAGED root CA. + description: |- + Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. + Possible values: ENABLED, DISABLED, STAGED. type: string effectiveLabels: additionalProperties: diff --git a/package/crds/privateca.gcp.upbound.io_certificates.yaml b/package/crds/privateca.gcp.upbound.io_certificates.yaml index d815592bd..08292632e 100644 --- a/package/crds/privateca.gcp.upbound.io_certificates.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificates.yaml @@ -2962,7 +2962,7 @@ spec: Structure is documented below. properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object x509Config: @@ -3631,7 +3631,7 @@ spec: Structure is documented below. properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object x509Config: @@ -4123,7 +4123,7 @@ spec: items: properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object type: array @@ -4311,7 +4311,7 @@ spec: items: properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object type: array @@ -4695,7 +4695,7 @@ spec: Structure is documented below. properties: keyId: - description: The value of the KeyId in lowercase hexidecimal. + description: The value of the KeyId in lowercase hexadecimal. type: string type: object x509Config: From f2fd40fe25836ccca90dfc5de0a8033c6ff4b332 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:23:41 +0100 Subject: [PATCH 19/47] redis: multiple changes for cluster Signed-off-by: Rickard von Essen --- apis/redis/v1beta1/zz_cluster_types.go | 480 ++++++- apis/redis/v1beta1/zz_generated.deepcopy.go | 1206 +++++++++++++++-- apis/redis/v1beta1/zz_generated.resolvers.go | 46 + examples-generated/redis/v1beta1/cluster.yaml | 9 + examples/redis/v1beta1/cluster.yaml | 9 + .../crds/redis.gcp.upbound.io_clusters.yaml | 604 ++++++++- 6 files changed, 2269 insertions(+), 85 deletions(-) diff --git a/apis/redis/v1beta1/zz_cluster_types.go b/apis/redis/v1beta1/zz_cluster_types.go index f0e66a5fb..b3a75448b 100755 --- a/apis/redis/v1beta1/zz_cluster_types.go +++ b/apis/redis/v1beta1/zz_cluster_types.go @@ -13,6 +13,25 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AofConfigInitParameters struct { + + // Optional. Available fsync modes. + AppendFsync *string `json:"appendFsync,omitempty" tf:"append_fsync,omitempty"` +} + +type AofConfigObservation struct { + + // Optional. Available fsync modes. + AppendFsync *string `json:"appendFsync,omitempty" tf:"append_fsync,omitempty"` +} + +type AofConfigParameters struct { + + // Optional. Available fsync modes. + // +kubebuilder:validation:Optional + AppendFsync *string `json:"appendFsync,omitempty" tf:"append_fsync,omitempty"` +} + type ClusterInitParameters struct { // Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. @@ -20,11 +39,27 @@ type ClusterInitParameters struct { // Possible values are: AUTH_MODE_UNSPECIFIED, AUTH_MODE_IAM_AUTH, AUTH_MODE_DISABLED. AuthorizationMode *string `json:"authorizationMode,omitempty" tf:"authorization_mode,omitempty"` + // field to the configuration file to match the latest value in the state. + CrossClusterReplicationConfig *CrossClusterReplicationConfigInitParameters `json:"crossClusterReplicationConfig,omitempty" tf:"cross_cluster_replication_config,omitempty"` + + // Optional. Indicates if the cluster is deletion protected or not. + // If the value if set to true, any delete cluster operation will fail. + // Default value is true. + DeletionProtectionEnabled *bool `json:"deletionProtectionEnabled,omitempty" tf:"deletion_protection_enabled,omitempty"` + + // Maintenance policy for a cluster + // Structure is documented below. + MaintenancePolicy *ClusterMaintenancePolicyInitParameters `json:"maintenancePolicy,omitempty" tf:"maintenance_policy,omitempty"` + // The nodeType for the Redis cluster. // If not provided, REDIS_HIGHMEM_MEDIUM will be used as default // Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. NodeType *string `json:"nodeType,omitempty" tf:"node_type,omitempty"` + // Persistence config (RDB, AOF) for the cluster. + // Structure is documented below. + PersistenceConfig *ClusterPersistenceConfigInitParameters `json:"persistenceConfig,omitempty" tf:"persistence_config,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -58,6 +93,74 @@ type ClusterInitParameters struct { ZoneDistributionConfig *ZoneDistributionConfigInitParameters `json:"zoneDistributionConfig,omitempty" tf:"zone_distribution_config,omitempty"` } +type ClusterMaintenancePolicyInitParameters struct { + + // Optional. Maintenance window that is applied to resources covered by this policy. + // Minimum 1. For the current version, the maximum number + // of weekly_window is expected to be one. + // Structure is documented below. + WeeklyMaintenanceWindow []MaintenancePolicyWeeklyMaintenanceWindowInitParameters `json:"weeklyMaintenanceWindow,omitempty" tf:"weekly_maintenance_window,omitempty"` +} + +type ClusterMaintenancePolicyObservation struct { + + // (Output) + // Output only. The time when the policy was created. + // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + // resolution and up to nine fractional digits. + CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + + // (Output) + // Output only. The time when the policy was last updated. + // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + // resolution and up to nine fractional digits. + UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` + + // Optional. Maintenance window that is applied to resources covered by this policy. + // Minimum 1. For the current version, the maximum number + // of weekly_window is expected to be one. + // Structure is documented below. + WeeklyMaintenanceWindow []MaintenancePolicyWeeklyMaintenanceWindowObservation `json:"weeklyMaintenanceWindow,omitempty" tf:"weekly_maintenance_window,omitempty"` +} + +type ClusterMaintenancePolicyParameters struct { + + // Optional. Maintenance window that is applied to resources covered by this policy. + // Minimum 1. For the current version, the maximum number + // of weekly_window is expected to be one. + // Structure is documented below. + // +kubebuilder:validation:Optional + WeeklyMaintenanceWindow []MaintenancePolicyWeeklyMaintenanceWindowParameters `json:"weeklyMaintenanceWindow,omitempty" tf:"weekly_maintenance_window,omitempty"` +} + +type ClusterMaintenanceScheduleInitParameters struct { +} + +type ClusterMaintenanceScheduleObservation struct { + + // (Output) + // Output only. The end time of any upcoming scheduled maintenance for this cluster. + // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + // resolution and up to nine fractional digits. + EndTime *string `json:"endTime,omitempty" tf:"end_time,omitempty"` + + // (Output) + // Output only. The deadline that the maintenance schedule start time + // can not go beyond, including reschedule. + // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + // resolution and up to nine fractional digits. + ScheduleDeadlineTime *string `json:"scheduleDeadlineTime,omitempty" tf:"schedule_deadline_time,omitempty"` + + // (Output) + // Output only. The start time of any upcoming scheduled maintenance for this cluster. + // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + // resolution and up to nine fractional digits. + StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type ClusterMaintenanceScheduleParameters struct { +} + type ClusterObservation struct { // Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. @@ -70,6 +173,14 @@ type ClusterObservation struct { // digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // field to the configuration file to match the latest value in the state. + CrossClusterReplicationConfig *CrossClusterReplicationConfigObservation `json:"crossClusterReplicationConfig,omitempty" tf:"cross_cluster_replication_config,omitempty"` + + // Optional. Indicates if the cluster is deletion protected or not. + // If the value if set to true, any delete cluster operation will fail. + // Default value is true. + DeletionProtectionEnabled *bool `json:"deletionProtectionEnabled,omitempty" tf:"deletion_protection_enabled,omitempty"` + // Output only. Endpoints created on each given network, // for Redis clients to connect to the cluster. // Currently only one endpoint is supported. @@ -79,11 +190,23 @@ type ClusterObservation struct { // an identifier for the resource with format projects/{{project}}/locations/{{region}}/clusters/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // Maintenance policy for a cluster + // Structure is documented below. + MaintenancePolicy *ClusterMaintenancePolicyObservation `json:"maintenancePolicy,omitempty" tf:"maintenance_policy,omitempty"` + + // Upcoming maintenance schedule. + // Structure is documented below. + MaintenanceSchedule []ClusterMaintenanceScheduleObservation `json:"maintenanceSchedule,omitempty" tf:"maintenance_schedule,omitempty"` + // The nodeType for the Redis cluster. // If not provided, REDIS_HIGHMEM_MEDIUM will be used as default // Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. NodeType *string `json:"nodeType,omitempty" tf:"node_type,omitempty"` + // Persistence config (RDB, AOF) for the cluster. + // Structure is documented below. + PersistenceConfig *ClusterPersistenceConfigObservation `json:"persistenceConfig,omitempty" tf:"persistence_config,omitempty"` + // Output only. Redis memory precise size in GB for the entire cluster. PreciseSizeGb *float64 `json:"preciseSizeGb,omitempty" tf:"precise_size_gb,omitempty"` @@ -148,12 +271,32 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional AuthorizationMode *string `json:"authorizationMode,omitempty" tf:"authorization_mode,omitempty"` + // field to the configuration file to match the latest value in the state. + // +kubebuilder:validation:Optional + CrossClusterReplicationConfig *CrossClusterReplicationConfigParameters `json:"crossClusterReplicationConfig,omitempty" tf:"cross_cluster_replication_config,omitempty"` + + // Optional. Indicates if the cluster is deletion protected or not. + // If the value if set to true, any delete cluster operation will fail. + // Default value is true. + // +kubebuilder:validation:Optional + DeletionProtectionEnabled *bool `json:"deletionProtectionEnabled,omitempty" tf:"deletion_protection_enabled,omitempty"` + + // Maintenance policy for a cluster + // Structure is documented below. + // +kubebuilder:validation:Optional + MaintenancePolicy *ClusterMaintenancePolicyParameters `json:"maintenancePolicy,omitempty" tf:"maintenance_policy,omitempty"` + // The nodeType for the Redis cluster. // If not provided, REDIS_HIGHMEM_MEDIUM will be used as default // Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. // +kubebuilder:validation:Optional NodeType *string `json:"nodeType,omitempty" tf:"node_type,omitempty"` + // Persistence config (RDB, AOF) for the cluster. + // Structure is documented below. + // +kubebuilder:validation:Optional + PersistenceConfig *ClusterPersistenceConfigParameters `json:"persistenceConfig,omitempty" tf:"persistence_config,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional @@ -198,6 +341,163 @@ type ClusterParameters struct { ZoneDistributionConfig *ZoneDistributionConfigParameters `json:"zoneDistributionConfig,omitempty" tf:"zone_distribution_config,omitempty"` } +type ClusterPersistenceConfigInitParameters struct { + + // AOF configuration. This field will be ignored if mode is not AOF. + // Structure is documented below. + AofConfig *AofConfigInitParameters `json:"aofConfig,omitempty" tf:"aof_config,omitempty"` + + // Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // RDB configuration. This field will be ignored if mode is not RDB. + // Structure is documented below. + RdbConfig *RdbConfigInitParameters `json:"rdbConfig,omitempty" tf:"rdb_config,omitempty"` +} + +type ClusterPersistenceConfigObservation struct { + + // AOF configuration. This field will be ignored if mode is not AOF. + // Structure is documented below. + AofConfig *AofConfigObservation `json:"aofConfig,omitempty" tf:"aof_config,omitempty"` + + // Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used. + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // RDB configuration. This field will be ignored if mode is not RDB. + // Structure is documented below. + RdbConfig *RdbConfigObservation `json:"rdbConfig,omitempty" tf:"rdb_config,omitempty"` +} + +type ClusterPersistenceConfigParameters struct { + + // AOF configuration. This field will be ignored if mode is not AOF. + // Structure is documented below. + // +kubebuilder:validation:Optional + AofConfig *AofConfigParameters `json:"aofConfig,omitempty" tf:"aof_config,omitempty"` + + // Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used. + // +kubebuilder:validation:Optional + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` + + // RDB configuration. This field will be ignored if mode is not RDB. + // Structure is documented below. + // +kubebuilder:validation:Optional + RdbConfig *RdbConfigParameters `json:"rdbConfig,omitempty" tf:"rdb_config,omitempty"` +} + +type CrossClusterReplicationConfigInitParameters struct { + + // from SECONDARY to PRIMARY. + ClusterRole *string `json:"clusterRole,omitempty" tf:"cluster_role,omitempty"` + + // field. + PrimaryCluster *CrossClusterReplicationConfigPrimaryClusterInitParameters `json:"primaryCluster,omitempty" tf:"primary_cluster,omitempty"` + + // list with the new secondaries. The new secondaries are the current primary and other secondary clusters(if any). + SecondaryClusters []CrossClusterReplicationConfigSecondaryClustersInitParameters `json:"secondaryClusters,omitempty" tf:"secondary_clusters,omitempty"` +} + +type CrossClusterReplicationConfigObservation struct { + + // from SECONDARY to PRIMARY. + ClusterRole *string `json:"clusterRole,omitempty" tf:"cluster_role,omitempty"` + + // (Output) + // An output only view of all the member clusters participating in cross cluster replication. This field is populated for all the member clusters irrespective of their cluster role. + // Structure is documented below. + Membership []MembershipObservation `json:"membership,omitempty" tf:"membership,omitempty"` + + // field. + PrimaryCluster *CrossClusterReplicationConfigPrimaryClusterObservation `json:"primaryCluster,omitempty" tf:"primary_cluster,omitempty"` + + // list with the new secondaries. The new secondaries are the current primary and other secondary clusters(if any). + SecondaryClusters []CrossClusterReplicationConfigSecondaryClustersObservation `json:"secondaryClusters,omitempty" tf:"secondary_clusters,omitempty"` + + // (Output) + // The last time cross cluster replication config was updated. + UpdateTime *string `json:"updateTime,omitempty" tf:"update_time,omitempty"` +} + +type CrossClusterReplicationConfigParameters struct { + + // from SECONDARY to PRIMARY. + // +kubebuilder:validation:Optional + ClusterRole *string `json:"clusterRole,omitempty" tf:"cluster_role,omitempty"` + + // field. + // +kubebuilder:validation:Optional + PrimaryCluster *CrossClusterReplicationConfigPrimaryClusterParameters `json:"primaryCluster,omitempty" tf:"primary_cluster,omitempty"` + + // list with the new secondaries. The new secondaries are the current primary and other secondary clusters(if any). + // +kubebuilder:validation:Optional + SecondaryClusters []CrossClusterReplicationConfigSecondaryClustersParameters `json:"secondaryClusters,omitempty" tf:"secondary_clusters,omitempty"` +} + +type CrossClusterReplicationConfigPrimaryClusterInitParameters struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/redis/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // Reference to a Cluster in redis to populate cluster. + // +kubebuilder:validation:Optional + ClusterRef *v1.Reference `json:"clusterRef,omitempty" tf:"-"` + + // Selector for a Cluster in redis to populate cluster. + // +kubebuilder:validation:Optional + ClusterSelector *v1.Selector `json:"clusterSelector,omitempty" tf:"-"` +} + +type CrossClusterReplicationConfigPrimaryClusterObservation struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // System assigned, unique identifier for the cluster. + UID *string `json:"uid,omitempty" tf:"uid,omitempty"` +} + +type CrossClusterReplicationConfigPrimaryClusterParameters struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/redis/v1beta1.Cluster + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // Reference to a Cluster in redis to populate cluster. + // +kubebuilder:validation:Optional + ClusterRef *v1.Reference `json:"clusterRef,omitempty" tf:"-"` + + // Selector for a Cluster in redis to populate cluster. + // +kubebuilder:validation:Optional + ClusterSelector *v1.Selector `json:"clusterSelector,omitempty" tf:"-"` +} + +type CrossClusterReplicationConfigSecondaryClustersInitParameters struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` +} + +type CrossClusterReplicationConfigSecondaryClustersObservation struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // System assigned, unique identifier for the cluster. + UID *string `json:"uid,omitempty" tf:"uid,omitempty"` +} + +type CrossClusterReplicationConfigSecondaryClustersParameters struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + // +kubebuilder:validation:Optional + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` +} + type DiscoveryEndpointsInitParameters struct { } @@ -218,6 +518,79 @@ type DiscoveryEndpointsObservation struct { type DiscoveryEndpointsParameters struct { } +type MaintenancePolicyWeeklyMaintenanceWindowInitParameters struct { + + // Required. The day of week that maintenance updates occur. + Day *string `json:"day,omitempty" tf:"day,omitempty"` + + // Required. Start time of the window in UTC time. + // Structure is documented below. + StartTime *WeeklyMaintenanceWindowStartTimeInitParameters `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type MaintenancePolicyWeeklyMaintenanceWindowObservation struct { + + // Required. The day of week that maintenance updates occur. + Day *string `json:"day,omitempty" tf:"day,omitempty"` + + // (Output) + // Output only. Duration of the maintenance window. + // The current window is fixed at 1 hour. + // A duration in seconds with up to nine fractional digits, + // terminated by 's'. Example: "3.5s". + Duration *string `json:"duration,omitempty" tf:"duration,omitempty"` + + // Required. Start time of the window in UTC time. + // Structure is documented below. + StartTime *WeeklyMaintenanceWindowStartTimeObservation `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type MaintenancePolicyWeeklyMaintenanceWindowParameters struct { + + // Required. The day of week that maintenance updates occur. + // +kubebuilder:validation:Optional + Day *string `json:"day" tf:"day,omitempty"` + + // Required. Start time of the window in UTC time. + // Structure is documented below. + // +kubebuilder:validation:Optional + StartTime *WeeklyMaintenanceWindowStartTimeParameters `json:"startTime" tf:"start_time,omitempty"` +} + +type MembershipInitParameters struct { +} + +type MembershipObservation struct { + + // (Output) + // Details of the primary cluster that is used as the replication source for all the secondary clusters. + // Structure is documented below. + PrimaryCluster []PrimaryClusterObservation `json:"primaryCluster,omitempty" tf:"primary_cluster,omitempty"` + + // (Output) + // List of secondary clusters that are replicating from the primary cluster. + // Structure is documented below. + SecondaryClusters []SecondaryClustersObservation `json:"secondaryClusters,omitempty" tf:"secondary_clusters,omitempty"` +} + +type MembershipParameters struct { +} + +type PrimaryClusterInitParameters struct { +} + +type PrimaryClusterObservation struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // System assigned, unique identifier for the cluster. + UID *string `json:"uid,omitempty" tf:"uid,omitempty"` +} + +type PrimaryClusterParameters struct { +} + type PscConfigInitParameters struct { } @@ -299,12 +672,62 @@ type PscConnectionsObservation struct { type PscConnectionsParameters struct { } +type RdbConfigInitParameters struct { + + // Optional. Available snapshot periods for scheduling. + RdbSnapshotPeriod *string `json:"rdbSnapshotPeriod,omitempty" tf:"rdb_snapshot_period,omitempty"` + + // The time that the first snapshot was/will be attempted, and to which + // future snapshots will be aligned. + // If not provided, the current time will be used. + RdbSnapshotStartTime *string `json:"rdbSnapshotStartTime,omitempty" tf:"rdb_snapshot_start_time,omitempty"` +} + +type RdbConfigObservation struct { + + // Optional. Available snapshot periods for scheduling. + RdbSnapshotPeriod *string `json:"rdbSnapshotPeriod,omitempty" tf:"rdb_snapshot_period,omitempty"` + + // The time that the first snapshot was/will be attempted, and to which + // future snapshots will be aligned. + // If not provided, the current time will be used. + RdbSnapshotStartTime *string `json:"rdbSnapshotStartTime,omitempty" tf:"rdb_snapshot_start_time,omitempty"` +} + +type RdbConfigParameters struct { + + // Optional. Available snapshot periods for scheduling. + // +kubebuilder:validation:Optional + RdbSnapshotPeriod *string `json:"rdbSnapshotPeriod,omitempty" tf:"rdb_snapshot_period,omitempty"` + + // The time that the first snapshot was/will be attempted, and to which + // future snapshots will be aligned. + // If not provided, the current time will be used. + // +kubebuilder:validation:Optional + RdbSnapshotStartTime *string `json:"rdbSnapshotStartTime,omitempty" tf:"rdb_snapshot_start_time,omitempty"` +} + +type SecondaryClustersInitParameters struct { +} + +type SecondaryClustersObservation struct { + + // The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` + + // System assigned, unique identifier for the cluster. + UID *string `json:"uid,omitempty" tf:"uid,omitempty"` +} + +type SecondaryClustersParameters struct { +} + type StateInfoInitParameters struct { } type StateInfoObservation struct { - // A nested object resource + // A nested object resource. // Structure is documented below. UpdateInfo *UpdateInfoObservation `json:"updateInfo,omitempty" tf:"update_info,omitempty"` } @@ -327,6 +750,61 @@ type UpdateInfoObservation struct { type UpdateInfoParameters struct { } +type WeeklyMaintenanceWindowStartTimeInitParameters struct { + + // Hours of day in 24 hour format. Should be from 0 to 23. + // An API may choose to allow the value "24:00:00" for scenarios like business closing time. + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. Must be from 0 to 59. + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. Must normally be from 0 to 59. + // An API may allow the value 60 if it allows leap-seconds. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type WeeklyMaintenanceWindowStartTimeObservation struct { + + // Hours of day in 24 hour format. Should be from 0 to 23. + // An API may choose to allow the value "24:00:00" for scenarios like business closing time. + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. Must be from 0 to 59. + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. Must normally be from 0 to 59. + // An API may allow the value 60 if it allows leap-seconds. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type WeeklyMaintenanceWindowStartTimeParameters struct { + + // Hours of day in 24 hour format. Should be from 0 to 23. + // An API may choose to allow the value "24:00:00" for scenarios like business closing time. + // +kubebuilder:validation:Optional + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. Must be from 0 to 59. + // +kubebuilder:validation:Optional + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + // +kubebuilder:validation:Optional + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. Must normally be from 0 to 59. + // An API may allow the value 60 if it allows leap-seconds. + // +kubebuilder:validation:Optional + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + type ZoneDistributionConfigInitParameters struct { // Immutable. The mode for zone distribution for Memorystore Redis cluster. diff --git a/apis/redis/v1beta1/zz_generated.deepcopy.go b/apis/redis/v1beta1/zz_generated.deepcopy.go index fec5ad9f7..0e8eeedbf 100644 --- a/apis/redis/v1beta1/zz_generated.deepcopy.go +++ b/apis/redis/v1beta1/zz_generated.deepcopy.go @@ -13,6 +13,66 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AofConfigInitParameters) DeepCopyInto(out *AofConfigInitParameters) { + *out = *in + if in.AppendFsync != nil { + in, out := &in.AppendFsync, &out.AppendFsync + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AofConfigInitParameters. +func (in *AofConfigInitParameters) DeepCopy() *AofConfigInitParameters { + if in == nil { + return nil + } + out := new(AofConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AofConfigObservation) DeepCopyInto(out *AofConfigObservation) { + *out = *in + if in.AppendFsync != nil { + in, out := &in.AppendFsync, &out.AppendFsync + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AofConfigObservation. +func (in *AofConfigObservation) DeepCopy() *AofConfigObservation { + if in == nil { + return nil + } + out := new(AofConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AofConfigParameters) DeepCopyInto(out *AofConfigParameters) { + *out = *in + if in.AppendFsync != nil { + in, out := &in.AppendFsync, &out.AppendFsync + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AofConfigParameters. +func (in *AofConfigParameters) DeepCopy() *AofConfigParameters { + if in == nil { + return nil + } + out := new(AofConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Cluster) DeepCopyInto(out *Cluster) { *out = *in @@ -48,11 +108,31 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(string) **out = **in } + if in.CrossClusterReplicationConfig != nil { + in, out := &in.CrossClusterReplicationConfig, &out.CrossClusterReplicationConfig + *out = new(CrossClusterReplicationConfigInitParameters) + (*in).DeepCopyInto(*out) + } + if in.DeletionProtectionEnabled != nil { + in, out := &in.DeletionProtectionEnabled, &out.DeletionProtectionEnabled + *out = new(bool) + **out = **in + } + if in.MaintenancePolicy != nil { + in, out := &in.MaintenancePolicy, &out.MaintenancePolicy + *out = new(ClusterMaintenancePolicyInitParameters) + (*in).DeepCopyInto(*out) + } if in.NodeType != nil { in, out := &in.NodeType, &out.NodeType *out = new(string) **out = **in } + if in.PersistenceConfig != nil { + in, out := &in.PersistenceConfig, &out.PersistenceConfig + *out = new(ClusterPersistenceConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -145,6 +225,142 @@ func (in *ClusterList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterMaintenancePolicyInitParameters) DeepCopyInto(out *ClusterMaintenancePolicyInitParameters) { + *out = *in + if in.WeeklyMaintenanceWindow != nil { + in, out := &in.WeeklyMaintenanceWindow, &out.WeeklyMaintenanceWindow + *out = make([]MaintenancePolicyWeeklyMaintenanceWindowInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMaintenancePolicyInitParameters. +func (in *ClusterMaintenancePolicyInitParameters) DeepCopy() *ClusterMaintenancePolicyInitParameters { + if in == nil { + return nil + } + out := new(ClusterMaintenancePolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterMaintenancePolicyObservation) DeepCopyInto(out *ClusterMaintenancePolicyObservation) { + *out = *in + if in.CreateTime != nil { + in, out := &in.CreateTime, &out.CreateTime + *out = new(string) + **out = **in + } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime + *out = new(string) + **out = **in + } + if in.WeeklyMaintenanceWindow != nil { + in, out := &in.WeeklyMaintenanceWindow, &out.WeeklyMaintenanceWindow + *out = make([]MaintenancePolicyWeeklyMaintenanceWindowObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMaintenancePolicyObservation. +func (in *ClusterMaintenancePolicyObservation) DeepCopy() *ClusterMaintenancePolicyObservation { + if in == nil { + return nil + } + out := new(ClusterMaintenancePolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterMaintenancePolicyParameters) DeepCopyInto(out *ClusterMaintenancePolicyParameters) { + *out = *in + if in.WeeklyMaintenanceWindow != nil { + in, out := &in.WeeklyMaintenanceWindow, &out.WeeklyMaintenanceWindow + *out = make([]MaintenancePolicyWeeklyMaintenanceWindowParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMaintenancePolicyParameters. +func (in *ClusterMaintenancePolicyParameters) DeepCopy() *ClusterMaintenancePolicyParameters { + if in == nil { + return nil + } + out := new(ClusterMaintenancePolicyParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterMaintenanceScheduleInitParameters) DeepCopyInto(out *ClusterMaintenanceScheduleInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMaintenanceScheduleInitParameters. +func (in *ClusterMaintenanceScheduleInitParameters) DeepCopy() *ClusterMaintenanceScheduleInitParameters { + if in == nil { + return nil + } + out := new(ClusterMaintenanceScheduleInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterMaintenanceScheduleObservation) DeepCopyInto(out *ClusterMaintenanceScheduleObservation) { + *out = *in + if in.EndTime != nil { + in, out := &in.EndTime, &out.EndTime + *out = new(string) + **out = **in + } + if in.ScheduleDeadlineTime != nil { + in, out := &in.ScheduleDeadlineTime, &out.ScheduleDeadlineTime + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMaintenanceScheduleObservation. +func (in *ClusterMaintenanceScheduleObservation) DeepCopy() *ClusterMaintenanceScheduleObservation { + if in == nil { + return nil + } + out := new(ClusterMaintenanceScheduleObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterMaintenanceScheduleParameters) DeepCopyInto(out *ClusterMaintenanceScheduleParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMaintenanceScheduleParameters. +func (in *ClusterMaintenanceScheduleParameters) DeepCopy() *ClusterMaintenanceScheduleParameters { + if in == nil { + return nil + } + out := new(ClusterMaintenanceScheduleParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = *in @@ -158,6 +374,16 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.CrossClusterReplicationConfig != nil { + in, out := &in.CrossClusterReplicationConfig, &out.CrossClusterReplicationConfig + *out = new(CrossClusterReplicationConfigObservation) + (*in).DeepCopyInto(*out) + } + if in.DeletionProtectionEnabled != nil { + in, out := &in.DeletionProtectionEnabled, &out.DeletionProtectionEnabled + *out = new(bool) + **out = **in + } if in.DiscoveryEndpoints != nil { in, out := &in.DiscoveryEndpoints, &out.DiscoveryEndpoints *out = make([]DiscoveryEndpointsObservation, len(*in)) @@ -170,11 +396,28 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.MaintenancePolicy != nil { + in, out := &in.MaintenancePolicy, &out.MaintenancePolicy + *out = new(ClusterMaintenancePolicyObservation) + (*in).DeepCopyInto(*out) + } + if in.MaintenanceSchedule != nil { + in, out := &in.MaintenanceSchedule, &out.MaintenanceSchedule + *out = make([]ClusterMaintenanceScheduleObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.NodeType != nil { in, out := &in.NodeType, &out.NodeType *out = new(string) **out = **in } + if in.PersistenceConfig != nil { + in, out := &in.PersistenceConfig, &out.PersistenceConfig + *out = new(ClusterPersistenceConfigObservation) + (*in).DeepCopyInto(*out) + } if in.PreciseSizeGb != nil { in, out := &in.PreciseSizeGb, &out.PreciseSizeGb *out = new(float64) @@ -247,142 +490,510 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.TransitEncryptionMode != nil { - in, out := &in.TransitEncryptionMode, &out.TransitEncryptionMode + if in.TransitEncryptionMode != nil { + in, out := &in.TransitEncryptionMode, &out.TransitEncryptionMode + *out = new(string) + **out = **in + } + if in.UID != nil { + in, out := &in.UID, &out.UID + *out = new(string) + **out = **in + } + if in.ZoneDistributionConfig != nil { + in, out := &in.ZoneDistributionConfig, &out.ZoneDistributionConfig + *out = new(ZoneDistributionConfigObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterObservation. +func (in *ClusterObservation) DeepCopy() *ClusterObservation { + if in == nil { + return nil + } + out := new(ClusterObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { + *out = *in + if in.AuthorizationMode != nil { + in, out := &in.AuthorizationMode, &out.AuthorizationMode + *out = new(string) + **out = **in + } + if in.CrossClusterReplicationConfig != nil { + in, out := &in.CrossClusterReplicationConfig, &out.CrossClusterReplicationConfig + *out = new(CrossClusterReplicationConfigParameters) + (*in).DeepCopyInto(*out) + } + if in.DeletionProtectionEnabled != nil { + in, out := &in.DeletionProtectionEnabled, &out.DeletionProtectionEnabled + *out = new(bool) + **out = **in + } + if in.MaintenancePolicy != nil { + in, out := &in.MaintenancePolicy, &out.MaintenancePolicy + *out = new(ClusterMaintenancePolicyParameters) + (*in).DeepCopyInto(*out) + } + if in.NodeType != nil { + in, out := &in.NodeType, &out.NodeType + *out = new(string) + **out = **in + } + if in.PersistenceConfig != nil { + in, out := &in.PersistenceConfig, &out.PersistenceConfig + *out = new(ClusterPersistenceConfigParameters) + (*in).DeepCopyInto(*out) + } + if in.Project != nil { + in, out := &in.Project, &out.Project + *out = new(string) + **out = **in + } + if in.PscConfigs != nil { + in, out := &in.PscConfigs, &out.PscConfigs + *out = make([]PscConfigsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RedisConfigs != nil { + in, out := &in.RedisConfigs, &out.RedisConfigs + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } + if in.Region != nil { + in, out := &in.Region, &out.Region + *out = new(string) + **out = **in + } + if in.ReplicaCount != nil { + in, out := &in.ReplicaCount, &out.ReplicaCount + *out = new(float64) + **out = **in + } + if in.ShardCount != nil { + in, out := &in.ShardCount, &out.ShardCount + *out = new(float64) + **out = **in + } + if in.TransitEncryptionMode != nil { + in, out := &in.TransitEncryptionMode, &out.TransitEncryptionMode + *out = new(string) + **out = **in + } + if in.ZoneDistributionConfig != nil { + in, out := &in.ZoneDistributionConfig, &out.ZoneDistributionConfig + *out = new(ZoneDistributionConfigParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterParameters. +func (in *ClusterParameters) DeepCopy() *ClusterParameters { + if in == nil { + return nil + } + out := new(ClusterParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPersistenceConfigInitParameters) DeepCopyInto(out *ClusterPersistenceConfigInitParameters) { + *out = *in + if in.AofConfig != nil { + in, out := &in.AofConfig, &out.AofConfig + *out = new(AofConfigInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.RdbConfig != nil { + in, out := &in.RdbConfig, &out.RdbConfig + *out = new(RdbConfigInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPersistenceConfigInitParameters. +func (in *ClusterPersistenceConfigInitParameters) DeepCopy() *ClusterPersistenceConfigInitParameters { + if in == nil { + return nil + } + out := new(ClusterPersistenceConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPersistenceConfigObservation) DeepCopyInto(out *ClusterPersistenceConfigObservation) { + *out = *in + if in.AofConfig != nil { + in, out := &in.AofConfig, &out.AofConfig + *out = new(AofConfigObservation) + (*in).DeepCopyInto(*out) + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.RdbConfig != nil { + in, out := &in.RdbConfig, &out.RdbConfig + *out = new(RdbConfigObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPersistenceConfigObservation. +func (in *ClusterPersistenceConfigObservation) DeepCopy() *ClusterPersistenceConfigObservation { + if in == nil { + return nil + } + out := new(ClusterPersistenceConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterPersistenceConfigParameters) DeepCopyInto(out *ClusterPersistenceConfigParameters) { + *out = *in + if in.AofConfig != nil { + in, out := &in.AofConfig, &out.AofConfig + *out = new(AofConfigParameters) + (*in).DeepCopyInto(*out) + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } + if in.RdbConfig != nil { + in, out := &in.RdbConfig, &out.RdbConfig + *out = new(RdbConfigParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPersistenceConfigParameters. +func (in *ClusterPersistenceConfigParameters) DeepCopy() *ClusterPersistenceConfigParameters { + if in == nil { + return nil + } + out := new(ClusterPersistenceConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSpec. +func (in *ClusterSpec) DeepCopy() *ClusterSpec { + if in == nil { + return nil + } + out := new(ClusterSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterStatus) DeepCopyInto(out *ClusterStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterStatus. +func (in *ClusterStatus) DeepCopy() *ClusterStatus { + if in == nil { + return nil + } + out := new(ClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CrossClusterReplicationConfigInitParameters) DeepCopyInto(out *CrossClusterReplicationConfigInitParameters) { + *out = *in + if in.ClusterRole != nil { + in, out := &in.ClusterRole, &out.ClusterRole + *out = new(string) + **out = **in + } + if in.PrimaryCluster != nil { + in, out := &in.PrimaryCluster, &out.PrimaryCluster + *out = new(CrossClusterReplicationConfigPrimaryClusterInitParameters) + (*in).DeepCopyInto(*out) + } + if in.SecondaryClusters != nil { + in, out := &in.SecondaryClusters, &out.SecondaryClusters + *out = make([]CrossClusterReplicationConfigSecondaryClustersInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigInitParameters. +func (in *CrossClusterReplicationConfigInitParameters) DeepCopy() *CrossClusterReplicationConfigInitParameters { + if in == nil { + return nil + } + out := new(CrossClusterReplicationConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CrossClusterReplicationConfigObservation) DeepCopyInto(out *CrossClusterReplicationConfigObservation) { + *out = *in + if in.ClusterRole != nil { + in, out := &in.ClusterRole, &out.ClusterRole + *out = new(string) + **out = **in + } + if in.Membership != nil { + in, out := &in.Membership, &out.Membership + *out = make([]MembershipObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PrimaryCluster != nil { + in, out := &in.PrimaryCluster, &out.PrimaryCluster + *out = new(CrossClusterReplicationConfigPrimaryClusterObservation) + (*in).DeepCopyInto(*out) + } + if in.SecondaryClusters != nil { + in, out := &in.SecondaryClusters, &out.SecondaryClusters + *out = make([]CrossClusterReplicationConfigSecondaryClustersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.UpdateTime != nil { + in, out := &in.UpdateTime, &out.UpdateTime *out = new(string) **out = **in } - if in.UID != nil { - in, out := &in.UID, &out.UID +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigObservation. +func (in *CrossClusterReplicationConfigObservation) DeepCopy() *CrossClusterReplicationConfigObservation { + if in == nil { + return nil + } + out := new(CrossClusterReplicationConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CrossClusterReplicationConfigParameters) DeepCopyInto(out *CrossClusterReplicationConfigParameters) { + *out = *in + if in.ClusterRole != nil { + in, out := &in.ClusterRole, &out.ClusterRole *out = new(string) **out = **in } - if in.ZoneDistributionConfig != nil { - in, out := &in.ZoneDistributionConfig, &out.ZoneDistributionConfig - *out = new(ZoneDistributionConfigObservation) + if in.PrimaryCluster != nil { + in, out := &in.PrimaryCluster, &out.PrimaryCluster + *out = new(CrossClusterReplicationConfigPrimaryClusterParameters) (*in).DeepCopyInto(*out) } + if in.SecondaryClusters != nil { + in, out := &in.SecondaryClusters, &out.SecondaryClusters + *out = make([]CrossClusterReplicationConfigSecondaryClustersParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterObservation. -func (in *ClusterObservation) DeepCopy() *ClusterObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigParameters. +func (in *CrossClusterReplicationConfigParameters) DeepCopy() *CrossClusterReplicationConfigParameters { if in == nil { return nil } - out := new(ClusterObservation) + out := new(CrossClusterReplicationConfigParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { +func (in *CrossClusterReplicationConfigPrimaryClusterInitParameters) DeepCopyInto(out *CrossClusterReplicationConfigPrimaryClusterInitParameters) { *out = *in - if in.AuthorizationMode != nil { - in, out := &in.AuthorizationMode, &out.AuthorizationMode + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster *out = new(string) **out = **in } - if in.NodeType != nil { - in, out := &in.NodeType, &out.NodeType + if in.ClusterRef != nil { + in, out := &in.ClusterRef, &out.ClusterRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClusterSelector != nil { + in, out := &in.ClusterSelector, &out.ClusterSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigPrimaryClusterInitParameters. +func (in *CrossClusterReplicationConfigPrimaryClusterInitParameters) DeepCopy() *CrossClusterReplicationConfigPrimaryClusterInitParameters { + if in == nil { + return nil + } + out := new(CrossClusterReplicationConfigPrimaryClusterInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CrossClusterReplicationConfigPrimaryClusterObservation) DeepCopyInto(out *CrossClusterReplicationConfigPrimaryClusterObservation) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster *out = new(string) **out = **in } - if in.Project != nil { - in, out := &in.Project, &out.Project + if in.UID != nil { + in, out := &in.UID, &out.UID *out = new(string) **out = **in } - if in.PscConfigs != nil { - in, out := &in.PscConfigs, &out.PscConfigs - *out = make([]PscConfigsParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.RedisConfigs != nil { - in, out := &in.RedisConfigs, &out.RedisConfigs - *out = make(map[string]*string, len(*in)) - for key, val := range *in { - var outVal *string - if val == nil { - (*out)[key] = nil - } else { - inVal := (*in)[key] - in, out := &inVal, &outVal - *out = new(string) - **out = **in - } - (*out)[key] = outVal - } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigPrimaryClusterObservation. +func (in *CrossClusterReplicationConfigPrimaryClusterObservation) DeepCopy() *CrossClusterReplicationConfigPrimaryClusterObservation { + if in == nil { + return nil } - if in.Region != nil { - in, out := &in.Region, &out.Region + out := new(CrossClusterReplicationConfigPrimaryClusterObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CrossClusterReplicationConfigPrimaryClusterParameters) DeepCopyInto(out *CrossClusterReplicationConfigPrimaryClusterParameters) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster *out = new(string) **out = **in } - if in.ReplicaCount != nil { - in, out := &in.ReplicaCount, &out.ReplicaCount - *out = new(float64) - **out = **in + if in.ClusterRef != nil { + in, out := &in.ClusterRef, &out.ClusterRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) } - if in.ShardCount != nil { - in, out := &in.ShardCount, &out.ShardCount - *out = new(float64) - **out = **in + if in.ClusterSelector != nil { + in, out := &in.ClusterSelector, &out.ClusterSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) } - if in.TransitEncryptionMode != nil { - in, out := &in.TransitEncryptionMode, &out.TransitEncryptionMode +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigPrimaryClusterParameters. +func (in *CrossClusterReplicationConfigPrimaryClusterParameters) DeepCopy() *CrossClusterReplicationConfigPrimaryClusterParameters { + if in == nil { + return nil + } + out := new(CrossClusterReplicationConfigPrimaryClusterParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CrossClusterReplicationConfigSecondaryClustersInitParameters) DeepCopyInto(out *CrossClusterReplicationConfigSecondaryClustersInitParameters) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster *out = new(string) **out = **in } - if in.ZoneDistributionConfig != nil { - in, out := &in.ZoneDistributionConfig, &out.ZoneDistributionConfig - *out = new(ZoneDistributionConfigParameters) - (*in).DeepCopyInto(*out) - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterParameters. -func (in *ClusterParameters) DeepCopy() *ClusterParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigSecondaryClustersInitParameters. +func (in *CrossClusterReplicationConfigSecondaryClustersInitParameters) DeepCopy() *CrossClusterReplicationConfigSecondaryClustersInitParameters { if in == nil { return nil } - out := new(ClusterParameters) + out := new(CrossClusterReplicationConfigSecondaryClustersInitParameters) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) { +func (in *CrossClusterReplicationConfigSecondaryClustersObservation) DeepCopyInto(out *CrossClusterReplicationConfigSecondaryClustersObservation) { *out = *in - in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) - in.ForProvider.DeepCopyInto(&out.ForProvider) - in.InitProvider.DeepCopyInto(&out.InitProvider) + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster + *out = new(string) + **out = **in + } + if in.UID != nil { + in, out := &in.UID, &out.UID + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSpec. -func (in *ClusterSpec) DeepCopy() *ClusterSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigSecondaryClustersObservation. +func (in *CrossClusterReplicationConfigSecondaryClustersObservation) DeepCopy() *CrossClusterReplicationConfigSecondaryClustersObservation { if in == nil { return nil } - out := new(ClusterSpec) + out := new(CrossClusterReplicationConfigSecondaryClustersObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterStatus) DeepCopyInto(out *ClusterStatus) { +func (in *CrossClusterReplicationConfigSecondaryClustersParameters) DeepCopyInto(out *CrossClusterReplicationConfigSecondaryClustersParameters) { *out = *in - in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - in.AtProvider.DeepCopyInto(&out.AtProvider) + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster + *out = new(string) + **out = **in + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterStatus. -func (in *ClusterStatus) DeepCopy() *ClusterStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossClusterReplicationConfigSecondaryClustersParameters. +func (in *CrossClusterReplicationConfigSecondaryClustersParameters) DeepCopy() *CrossClusterReplicationConfigSecondaryClustersParameters { if in == nil { return nil } - out := new(ClusterStatus) + out := new(CrossClusterReplicationConfigSecondaryClustersParameters) in.DeepCopyInto(out) return out } @@ -1213,6 +1824,86 @@ func (in *MaintenancePolicyParameters) DeepCopy() *MaintenancePolicyParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenancePolicyWeeklyMaintenanceWindowInitParameters) DeepCopyInto(out *MaintenancePolicyWeeklyMaintenanceWindowInitParameters) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(WeeklyMaintenanceWindowStartTimeInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenancePolicyWeeklyMaintenanceWindowInitParameters. +func (in *MaintenancePolicyWeeklyMaintenanceWindowInitParameters) DeepCopy() *MaintenancePolicyWeeklyMaintenanceWindowInitParameters { + if in == nil { + return nil + } + out := new(MaintenancePolicyWeeklyMaintenanceWindowInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenancePolicyWeeklyMaintenanceWindowObservation) DeepCopyInto(out *MaintenancePolicyWeeklyMaintenanceWindowObservation) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(string) + **out = **in + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(WeeklyMaintenanceWindowStartTimeObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenancePolicyWeeklyMaintenanceWindowObservation. +func (in *MaintenancePolicyWeeklyMaintenanceWindowObservation) DeepCopy() *MaintenancePolicyWeeklyMaintenanceWindowObservation { + if in == nil { + return nil + } + out := new(MaintenancePolicyWeeklyMaintenanceWindowObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenancePolicyWeeklyMaintenanceWindowParameters) DeepCopyInto(out *MaintenancePolicyWeeklyMaintenanceWindowParameters) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(WeeklyMaintenanceWindowStartTimeParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenancePolicyWeeklyMaintenanceWindowParameters. +func (in *MaintenancePolicyWeeklyMaintenanceWindowParameters) DeepCopy() *MaintenancePolicyWeeklyMaintenanceWindowParameters { + if in == nil { + return nil + } + out := new(MaintenancePolicyWeeklyMaintenanceWindowParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MaintenanceScheduleInitParameters) DeepCopyInto(out *MaintenanceScheduleInitParameters) { *out = *in @@ -1241,34 +1932,93 @@ func (in *MaintenanceScheduleObservation) DeepCopyInto(out *MaintenanceScheduleO *out = new(string) **out = **in } - if in.StartTime != nil { - in, out := &in.StartTime, &out.StartTime - *out = new(string) - **out = **in + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceScheduleObservation. +func (in *MaintenanceScheduleObservation) DeepCopy() *MaintenanceScheduleObservation { + if in == nil { + return nil + } + out := new(MaintenanceScheduleObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenanceScheduleParameters) DeepCopyInto(out *MaintenanceScheduleParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceScheduleParameters. +func (in *MaintenanceScheduleParameters) DeepCopy() *MaintenanceScheduleParameters { + if in == nil { + return nil + } + out := new(MaintenanceScheduleParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MembershipInitParameters) DeepCopyInto(out *MembershipInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MembershipInitParameters. +func (in *MembershipInitParameters) DeepCopy() *MembershipInitParameters { + if in == nil { + return nil + } + out := new(MembershipInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MembershipObservation) DeepCopyInto(out *MembershipObservation) { + *out = *in + if in.PrimaryCluster != nil { + in, out := &in.PrimaryCluster, &out.PrimaryCluster + *out = make([]PrimaryClusterObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SecondaryClusters != nil { + in, out := &in.SecondaryClusters, &out.SecondaryClusters + *out = make([]SecondaryClustersObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceScheduleObservation. -func (in *MaintenanceScheduleObservation) DeepCopy() *MaintenanceScheduleObservation { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MembershipObservation. +func (in *MembershipObservation) DeepCopy() *MembershipObservation { if in == nil { return nil } - out := new(MaintenanceScheduleObservation) + out := new(MembershipObservation) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MaintenanceScheduleParameters) DeepCopyInto(out *MaintenanceScheduleParameters) { +func (in *MembershipParameters) DeepCopyInto(out *MembershipParameters) { *out = *in } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceScheduleParameters. -func (in *MaintenanceScheduleParameters) DeepCopy() *MaintenanceScheduleParameters { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MembershipParameters. +func (in *MembershipParameters) DeepCopy() *MembershipParameters { if in == nil { return nil } - out := new(MaintenanceScheduleParameters) + out := new(MembershipParameters) in.DeepCopyInto(out) return out } @@ -1423,6 +2173,61 @@ func (in *PersistenceConfigParameters) DeepCopy() *PersistenceConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryClusterInitParameters) DeepCopyInto(out *PrimaryClusterInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryClusterInitParameters. +func (in *PrimaryClusterInitParameters) DeepCopy() *PrimaryClusterInitParameters { + if in == nil { + return nil + } + out := new(PrimaryClusterInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryClusterObservation) DeepCopyInto(out *PrimaryClusterObservation) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster + *out = new(string) + **out = **in + } + if in.UID != nil { + in, out := &in.UID, &out.UID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryClusterObservation. +func (in *PrimaryClusterObservation) DeepCopy() *PrimaryClusterObservation { + if in == nil { + return nil + } + out := new(PrimaryClusterObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrimaryClusterParameters) DeepCopyInto(out *PrimaryClusterParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrimaryClusterParameters. +func (in *PrimaryClusterParameters) DeepCopy() *PrimaryClusterParameters { + if in == nil { + return nil + } + out := new(PrimaryClusterParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PscConfigInitParameters) DeepCopyInto(out *PscConfigInitParameters) { *out = *in @@ -1623,6 +2428,136 @@ func (in *PscConnectionsParameters) DeepCopy() *PscConnectionsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RdbConfigInitParameters) DeepCopyInto(out *RdbConfigInitParameters) { + *out = *in + if in.RdbSnapshotPeriod != nil { + in, out := &in.RdbSnapshotPeriod, &out.RdbSnapshotPeriod + *out = new(string) + **out = **in + } + if in.RdbSnapshotStartTime != nil { + in, out := &in.RdbSnapshotStartTime, &out.RdbSnapshotStartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RdbConfigInitParameters. +func (in *RdbConfigInitParameters) DeepCopy() *RdbConfigInitParameters { + if in == nil { + return nil + } + out := new(RdbConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RdbConfigObservation) DeepCopyInto(out *RdbConfigObservation) { + *out = *in + if in.RdbSnapshotPeriod != nil { + in, out := &in.RdbSnapshotPeriod, &out.RdbSnapshotPeriod + *out = new(string) + **out = **in + } + if in.RdbSnapshotStartTime != nil { + in, out := &in.RdbSnapshotStartTime, &out.RdbSnapshotStartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RdbConfigObservation. +func (in *RdbConfigObservation) DeepCopy() *RdbConfigObservation { + if in == nil { + return nil + } + out := new(RdbConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RdbConfigParameters) DeepCopyInto(out *RdbConfigParameters) { + *out = *in + if in.RdbSnapshotPeriod != nil { + in, out := &in.RdbSnapshotPeriod, &out.RdbSnapshotPeriod + *out = new(string) + **out = **in + } + if in.RdbSnapshotStartTime != nil { + in, out := &in.RdbSnapshotStartTime, &out.RdbSnapshotStartTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RdbConfigParameters. +func (in *RdbConfigParameters) DeepCopy() *RdbConfigParameters { + if in == nil { + return nil + } + out := new(RdbConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryClustersInitParameters) DeepCopyInto(out *SecondaryClustersInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryClustersInitParameters. +func (in *SecondaryClustersInitParameters) DeepCopy() *SecondaryClustersInitParameters { + if in == nil { + return nil + } + out := new(SecondaryClustersInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryClustersObservation) DeepCopyInto(out *SecondaryClustersObservation) { + *out = *in + if in.Cluster != nil { + in, out := &in.Cluster, &out.Cluster + *out = new(string) + **out = **in + } + if in.UID != nil { + in, out := &in.UID, &out.UID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryClustersObservation. +func (in *SecondaryClustersObservation) DeepCopy() *SecondaryClustersObservation { + if in == nil { + return nil + } + out := new(SecondaryClustersObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryClustersParameters) DeepCopyInto(out *SecondaryClustersParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryClustersParameters. +func (in *SecondaryClustersParameters) DeepCopy() *SecondaryClustersParameters { + if in == nil { + return nil + } + out := new(SecondaryClustersParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServerCACertsInitParameters) DeepCopyInto(out *ServerCACertsInitParameters) { *out = *in @@ -1989,6 +2924,111 @@ func (in *WeeklyMaintenanceWindowParameters) DeepCopy() *WeeklyMaintenanceWindow return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WeeklyMaintenanceWindowStartTimeInitParameters) DeepCopyInto(out *WeeklyMaintenanceWindowStartTimeInitParameters) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WeeklyMaintenanceWindowStartTimeInitParameters. +func (in *WeeklyMaintenanceWindowStartTimeInitParameters) DeepCopy() *WeeklyMaintenanceWindowStartTimeInitParameters { + if in == nil { + return nil + } + out := new(WeeklyMaintenanceWindowStartTimeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WeeklyMaintenanceWindowStartTimeObservation) DeepCopyInto(out *WeeklyMaintenanceWindowStartTimeObservation) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WeeklyMaintenanceWindowStartTimeObservation. +func (in *WeeklyMaintenanceWindowStartTimeObservation) DeepCopy() *WeeklyMaintenanceWindowStartTimeObservation { + if in == nil { + return nil + } + out := new(WeeklyMaintenanceWindowStartTimeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WeeklyMaintenanceWindowStartTimeParameters) DeepCopyInto(out *WeeklyMaintenanceWindowStartTimeParameters) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WeeklyMaintenanceWindowStartTimeParameters. +func (in *WeeklyMaintenanceWindowStartTimeParameters) DeepCopy() *WeeklyMaintenanceWindowStartTimeParameters { + if in == nil { + return nil + } + out := new(WeeklyMaintenanceWindowStartTimeParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ZoneDistributionConfigInitParameters) DeepCopyInto(out *ZoneDistributionConfigInitParameters) { *out = *in diff --git a/apis/redis/v1beta1/zz_generated.resolvers.go b/apis/redis/v1beta1/zz_generated.resolvers.go index 580b88472..0dcd0838e 100644 --- a/apis/redis/v1beta1/zz_generated.resolvers.go +++ b/apis/redis/v1beta1/zz_generated.resolvers.go @@ -27,6 +27,29 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error var rsp reference.ResolutionResponse var err error + if mg.Spec.ForProvider.CrossClusterReplicationConfig != nil { + if mg.Spec.ForProvider.CrossClusterReplicationConfig.PrimaryCluster != nil { + { + m, l, err = apisresolver.GetManagedResource("redis.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.CrossClusterReplicationConfig.PrimaryCluster.Cluster), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.CrossClusterReplicationConfig.PrimaryCluster.ClusterRef, + Selector: mg.Spec.ForProvider.CrossClusterReplicationConfig.PrimaryCluster.ClusterSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.CrossClusterReplicationConfig.PrimaryCluster.Cluster") + } + mg.Spec.ForProvider.CrossClusterReplicationConfig.PrimaryCluster.Cluster = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.CrossClusterReplicationConfig.PrimaryCluster.ClusterRef = rsp.ResolvedReference + + } + } for i3 := 0; i3 < len(mg.Spec.ForProvider.PscConfigs); i3++ { { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") @@ -48,6 +71,29 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.PscConfigs[i3].NetworkRef = rsp.ResolvedReference } + if mg.Spec.InitProvider.CrossClusterReplicationConfig != nil { + if mg.Spec.InitProvider.CrossClusterReplicationConfig.PrimaryCluster != nil { + { + m, l, err = apisresolver.GetManagedResource("redis.gcp.upbound.io", "v1beta1", "Cluster", "ClusterList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.CrossClusterReplicationConfig.PrimaryCluster.Cluster), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.CrossClusterReplicationConfig.PrimaryCluster.ClusterRef, + Selector: mg.Spec.InitProvider.CrossClusterReplicationConfig.PrimaryCluster.ClusterSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.CrossClusterReplicationConfig.PrimaryCluster.Cluster") + } + mg.Spec.InitProvider.CrossClusterReplicationConfig.PrimaryCluster.Cluster = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.CrossClusterReplicationConfig.PrimaryCluster.ClusterRef = rsp.ResolvedReference + + } + } for i3 := 0; i3 < len(mg.Spec.InitProvider.PscConfigs); i3++ { { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") diff --git a/examples-generated/redis/v1beta1/cluster.yaml b/examples-generated/redis/v1beta1/cluster.yaml index ede766320..ece0ebaa2 100644 --- a/examples-generated/redis/v1beta1/cluster.yaml +++ b/examples-generated/redis/v1beta1/cluster.yaml @@ -9,6 +9,15 @@ metadata: spec: forProvider: authorizationMode: AUTH_MODE_DISABLED + deletionProtectionEnabled: true + maintenancePolicy: + - weeklyMaintenanceWindow: + - day: MONDAY + startTime: + - hours: 1 + minutes: 0 + nanos: 0 + seconds: 0 nodeType: REDIS_SHARED_CORE_NANO pscConfigs: - networkSelector: diff --git a/examples/redis/v1beta1/cluster.yaml b/examples/redis/v1beta1/cluster.yaml index 94d1a936e..e57d2d7bb 100644 --- a/examples/redis/v1beta1/cluster.yaml +++ b/examples/redis/v1beta1/cluster.yaml @@ -10,6 +10,15 @@ metadata: spec: forProvider: authorizationMode: AUTH_MODE_DISABLED + deletionProtectionEnabled: false + maintenancePolicy: + - weeklyMaintenanceWindow: + - day: MONDAY + startTime: + - hours: 1 + minutes: 0 + nanos: 0 + seconds: 0 nodeType: REDIS_SHARED_CORE_NANO pscConfigs: - networkSelector: diff --git a/package/crds/redis.gcp.upbound.io_clusters.yaml b/package/crds/redis.gcp.upbound.io_clusters.yaml index fcb58b097..e9a772c07 100644 --- a/package/crds/redis.gcp.upbound.io_clusters.yaml +++ b/package/crds/redis.gcp.upbound.io_clusters.yaml @@ -79,12 +79,202 @@ spec: Default value is AUTH_MODE_DISABLED. Possible values are: AUTH_MODE_UNSPECIFIED, AUTH_MODE_IAM_AUTH, AUTH_MODE_DISABLED. type: string + crossClusterReplicationConfig: + description: field to the configuration file to match the latest + value in the state. + properties: + clusterRole: + description: from SECONDARY to PRIMARY. + type: string + primaryCluster: + description: field. + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + clusterRef: + description: Reference to a Cluster in redis to populate + cluster. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterSelector: + description: Selector for a Cluster in redis to populate + cluster. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + secondaryClusters: + description: list with the new secondaries. The new secondaries + are the current primary and other secondary clusters(if + any). + items: + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + type: object + type: array + type: object + deletionProtectionEnabled: + description: |- + Optional. Indicates if the cluster is deletion protected or not. + If the value if set to true, any delete cluster operation will fail. + Default value is true. + type: boolean + maintenancePolicy: + description: |- + Maintenance policy for a cluster + Structure is documented below. + properties: + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + Structure is documented below. + items: + properties: + day: + description: Required. The day of week that maintenance + updates occur. + type: string + startTime: + description: |- + Required. Start time of the window in UTC time. + Structure is documented below. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: number + minutes: + description: Minutes of hour of day. Must be from + 0 to 59. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: number + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: number + type: object + type: object + type: array + type: object nodeType: description: |- The nodeType for the Redis cluster. If not provided, REDIS_HIGHMEM_MEDIUM will be used as default Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. type: string + persistenceConfig: + description: |- + Persistence config (RDB, AOF) for the cluster. + Structure is documented below. + properties: + aofConfig: + description: |- + AOF configuration. This field will be ignored if mode is not AOF. + Structure is documented below. + properties: + appendFsync: + description: Optional. Available fsync modes. + type: string + type: object + mode: + description: Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be + used. + type: string + rdbConfig: + description: |- + RDB configuration. This field will be ignored if mode is not RDB. + Structure is documented below. + properties: + rdbSnapshotPeriod: + description: Optional. Available snapshot periods for + scheduling. + type: string + rdbSnapshotStartTime: + description: |- + The time that the first snapshot was/will be attempted, and to which + future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object project: description: |- The ID of the project in which the resource belongs. @@ -245,12 +435,202 @@ spec: Default value is AUTH_MODE_DISABLED. Possible values are: AUTH_MODE_UNSPECIFIED, AUTH_MODE_IAM_AUTH, AUTH_MODE_DISABLED. type: string + crossClusterReplicationConfig: + description: field to the configuration file to match the latest + value in the state. + properties: + clusterRole: + description: from SECONDARY to PRIMARY. + type: string + primaryCluster: + description: field. + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + clusterRef: + description: Reference to a Cluster in redis to populate + cluster. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clusterSelector: + description: Selector for a Cluster in redis to populate + cluster. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + secondaryClusters: + description: list with the new secondaries. The new secondaries + are the current primary and other secondary clusters(if + any). + items: + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + type: object + type: array + type: object + deletionProtectionEnabled: + description: |- + Optional. Indicates if the cluster is deletion protected or not. + If the value if set to true, any delete cluster operation will fail. + Default value is true. + type: boolean + maintenancePolicy: + description: |- + Maintenance policy for a cluster + Structure is documented below. + properties: + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + Structure is documented below. + items: + properties: + day: + description: Required. The day of week that maintenance + updates occur. + type: string + startTime: + description: |- + Required. Start time of the window in UTC time. + Structure is documented below. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: number + minutes: + description: Minutes of hour of day. Must be from + 0 to 59. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: number + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: number + type: object + type: object + type: array + type: object nodeType: description: |- The nodeType for the Redis cluster. If not provided, REDIS_HIGHMEM_MEDIUM will be used as default Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. type: string + persistenceConfig: + description: |- + Persistence config (RDB, AOF) for the cluster. + Structure is documented below. + properties: + aofConfig: + description: |- + AOF configuration. This field will be ignored if mode is not AOF. + Structure is documented below. + properties: + appendFsync: + description: Optional. Available fsync modes. + type: string + type: object + mode: + description: Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be + used. + type: string + rdbConfig: + description: |- + RDB configuration. This field will be ignored if mode is not RDB. + Structure is documented below. + properties: + rdbSnapshotPeriod: + description: Optional. Available snapshot periods for + scheduling. + type: string + rdbSnapshotStartTime: + description: |- + The time that the first snapshot was/will be attempted, and to which + future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object project: description: |- The ID of the project in which the resource belongs. @@ -580,6 +960,96 @@ spec: RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string + crossClusterReplicationConfig: + description: field to the configuration file to match the latest + value in the state. + properties: + clusterRole: + description: from SECONDARY to PRIMARY. + type: string + membership: + description: |- + (Output) + An output only view of all the member clusters participating in cross cluster replication. This field is populated for all the member clusters irrespective of their cluster role. + Structure is documented below. + items: + properties: + primaryCluster: + description: |- + (Output) + Details of the primary cluster that is used as the replication source for all the secondary clusters. + Structure is documented below. + items: + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + uid: + description: System assigned, unique identifier + for the cluster. + type: string + type: object + type: array + secondaryClusters: + description: |- + (Output) + List of secondary clusters that are replicating from the primary cluster. + Structure is documented below. + items: + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + uid: + description: System assigned, unique identifier + for the cluster. + type: string + type: object + type: array + type: object + type: array + primaryCluster: + description: field. + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + uid: + description: System assigned, unique identifier for the + cluster. + type: string + type: object + secondaryClusters: + description: list with the new secondaries. The new secondaries + are the current primary and other secondary clusters(if + any). + items: + properties: + cluster: + description: 'The full resource path of the secondary + cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}' + type: string + uid: + description: System assigned, unique identifier for + the cluster. + type: string + type: object + type: array + updateTime: + description: |- + (Output) + The last time cross cluster replication config was updated. + type: string + type: object + deletionProtectionEnabled: + description: |- + Optional. Indicates if the cluster is deletion protected or not. + If the value if set to true, any delete cluster operation will fail. + Default value is true. + type: boolean discoveryEndpoints: description: |- Output only. Endpoints created on each given network, @@ -612,12 +1082,144 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/locations/{{region}}/clusters/{{name}} type: string + maintenancePolicy: + description: |- + Maintenance policy for a cluster + Structure is documented below. + properties: + createTime: + description: |- + (Output) + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + updateTime: + description: |- + (Output) + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + Structure is documented below. + items: + properties: + day: + description: Required. The day of week that maintenance + updates occur. + type: string + duration: + description: |- + (Output) + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: |- + Required. Start time of the window in UTC time. + Structure is documented below. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: number + minutes: + description: Minutes of hour of day. Must be from + 0 to 59. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: number + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: number + type: object + type: object + type: array + type: object + maintenanceSchedule: + description: |- + Upcoming maintenance schedule. + Structure is documented below. + items: + properties: + endTime: + description: |- + (Output) + Output only. The end time of any upcoming scheduled maintenance for this cluster. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + (Output) + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + (Output) + Output only. The start time of any upcoming scheduled maintenance for this cluster. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array nodeType: description: |- The nodeType for the Redis cluster. If not provided, REDIS_HIGHMEM_MEDIUM will be used as default Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. type: string + persistenceConfig: + description: |- + Persistence config (RDB, AOF) for the cluster. + Structure is documented below. + properties: + aofConfig: + description: |- + AOF configuration. This field will be ignored if mode is not AOF. + Structure is documented below. + properties: + appendFsync: + description: Optional. Available fsync modes. + type: string + type: object + mode: + description: Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be + used. + type: string + rdbConfig: + description: |- + RDB configuration. This field will be ignored if mode is not RDB. + Structure is documented below. + properties: + rdbSnapshotPeriod: + description: Optional. Available snapshot periods for + scheduling. + type: string + rdbSnapshotStartTime: + description: |- + The time that the first snapshot was/will be attempted, and to which + future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object preciseSizeGb: description: Output only. Redis memory precise size in GB for the entire cluster. @@ -705,7 +1307,7 @@ spec: properties: updateInfo: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: targetReplicaCount: From 05da4e9bc711fa38894c9996e8f496016faa23a0 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:29:09 +0100 Subject: [PATCH 20/47] spanner: multiple changes Signed-off-by: Rickard von Essen --- apis/spanner/v1beta2/zz_database_types.go | 15 +- apis/spanner/v1beta2/zz_generated.deepcopy.go | 405 ++++++++++++++++-- apis/spanner/v1beta2/zz_instance_types.go | 217 ++++++++-- .../spanner/v1beta2/instance.yaml | 1 + examples/spanner/v1beta2/instance.yaml | 1 + .../spanner.gcp.upbound.io_databases.yaml | 21 + .../spanner.gcp.upbound.io_instances.yaml | 159 ++++++- 7 files changed, 721 insertions(+), 98 deletions(-) diff --git a/apis/spanner/v1beta2/zz_database_types.go b/apis/spanner/v1beta2/zz_database_types.go index b5ee77815..2f7dab33b 100755 --- a/apis/spanner/v1beta2/zz_database_types.go +++ b/apis/spanner/v1beta2/zz_database_types.go @@ -164,6 +164,10 @@ type EncryptionConfigInitParameters struct { // Fully qualified name of the KMS key to use to encrypt this database. This key must exist // in the same location as the Spanner Database. KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + + // Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist + // in the same locations as the Spanner Database. + KMSKeyNames []*string `json:"kmsKeyNames,omitempty" tf:"kms_key_names,omitempty"` } type EncryptionConfigObservation struct { @@ -171,6 +175,10 @@ type EncryptionConfigObservation struct { // Fully qualified name of the KMS key to use to encrypt this database. This key must exist // in the same location as the Spanner Database. KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + + // Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist + // in the same locations as the Spanner Database. + KMSKeyNames []*string `json:"kmsKeyNames,omitempty" tf:"kms_key_names,omitempty"` } type EncryptionConfigParameters struct { @@ -178,7 +186,12 @@ type EncryptionConfigParameters struct { // Fully qualified name of the KMS key to use to encrypt this database. This key must exist // in the same location as the Spanner Database. // +kubebuilder:validation:Optional - KMSKeyName *string `json:"kmsKeyName" tf:"kms_key_name,omitempty"` + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + + // Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist + // in the same locations as the Spanner Database. + // +kubebuilder:validation:Optional + KMSKeyNames []*string `json:"kmsKeyNames,omitempty" tf:"kms_key_names,omitempty"` } // DatabaseSpec defines the desired state of Database diff --git a/apis/spanner/v1beta2/zz_generated.deepcopy.go b/apis/spanner/v1beta2/zz_generated.deepcopy.go index decdb1b40..cd9ff14a4 100644 --- a/apis/spanner/v1beta2/zz_generated.deepcopy.go +++ b/apis/spanner/v1beta2/zz_generated.deepcopy.go @@ -13,12 +13,199 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AsymmetricAutoscalingOptionsInitParameters) DeepCopyInto(out *AsymmetricAutoscalingOptionsInitParameters) { + *out = *in + if in.Overrides != nil { + in, out := &in.Overrides, &out.Overrides + *out = new(OverridesInitParameters) + (*in).DeepCopyInto(*out) + } + if in.ReplicaSelection != nil { + in, out := &in.ReplicaSelection, &out.ReplicaSelection + *out = new(ReplicaSelectionInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AsymmetricAutoscalingOptionsInitParameters. +func (in *AsymmetricAutoscalingOptionsInitParameters) DeepCopy() *AsymmetricAutoscalingOptionsInitParameters { + if in == nil { + return nil + } + out := new(AsymmetricAutoscalingOptionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AsymmetricAutoscalingOptionsObservation) DeepCopyInto(out *AsymmetricAutoscalingOptionsObservation) { + *out = *in + if in.Overrides != nil { + in, out := &in.Overrides, &out.Overrides + *out = new(OverridesObservation) + (*in).DeepCopyInto(*out) + } + if in.ReplicaSelection != nil { + in, out := &in.ReplicaSelection, &out.ReplicaSelection + *out = new(ReplicaSelectionObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AsymmetricAutoscalingOptionsObservation. +func (in *AsymmetricAutoscalingOptionsObservation) DeepCopy() *AsymmetricAutoscalingOptionsObservation { + if in == nil { + return nil + } + out := new(AsymmetricAutoscalingOptionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AsymmetricAutoscalingOptionsParameters) DeepCopyInto(out *AsymmetricAutoscalingOptionsParameters) { + *out = *in + if in.Overrides != nil { + in, out := &in.Overrides, &out.Overrides + *out = new(OverridesParameters) + (*in).DeepCopyInto(*out) + } + if in.ReplicaSelection != nil { + in, out := &in.ReplicaSelection, &out.ReplicaSelection + *out = new(ReplicaSelectionParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AsymmetricAutoscalingOptionsParameters. +func (in *AsymmetricAutoscalingOptionsParameters) DeepCopy() *AsymmetricAutoscalingOptionsParameters { + if in == nil { + return nil + } + out := new(AsymmetricAutoscalingOptionsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingConfigAutoscalingLimitsInitParameters) DeepCopyInto(out *AutoscalingConfigAutoscalingLimitsInitParameters) { + *out = *in + if in.MaxNodes != nil { + in, out := &in.MaxNodes, &out.MaxNodes + *out = new(float64) + **out = **in + } + if in.MaxProcessingUnits != nil { + in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits + *out = new(float64) + **out = **in + } + if in.MinNodes != nil { + in, out := &in.MinNodes, &out.MinNodes + *out = new(float64) + **out = **in + } + if in.MinProcessingUnits != nil { + in, out := &in.MinProcessingUnits, &out.MinProcessingUnits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingConfigAutoscalingLimitsInitParameters. +func (in *AutoscalingConfigAutoscalingLimitsInitParameters) DeepCopy() *AutoscalingConfigAutoscalingLimitsInitParameters { + if in == nil { + return nil + } + out := new(AutoscalingConfigAutoscalingLimitsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingConfigAutoscalingLimitsObservation) DeepCopyInto(out *AutoscalingConfigAutoscalingLimitsObservation) { + *out = *in + if in.MaxNodes != nil { + in, out := &in.MaxNodes, &out.MaxNodes + *out = new(float64) + **out = **in + } + if in.MaxProcessingUnits != nil { + in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits + *out = new(float64) + **out = **in + } + if in.MinNodes != nil { + in, out := &in.MinNodes, &out.MinNodes + *out = new(float64) + **out = **in + } + if in.MinProcessingUnits != nil { + in, out := &in.MinProcessingUnits, &out.MinProcessingUnits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingConfigAutoscalingLimitsObservation. +func (in *AutoscalingConfigAutoscalingLimitsObservation) DeepCopy() *AutoscalingConfigAutoscalingLimitsObservation { + if in == nil { + return nil + } + out := new(AutoscalingConfigAutoscalingLimitsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutoscalingConfigAutoscalingLimitsParameters) DeepCopyInto(out *AutoscalingConfigAutoscalingLimitsParameters) { + *out = *in + if in.MaxNodes != nil { + in, out := &in.MaxNodes, &out.MaxNodes + *out = new(float64) + **out = **in + } + if in.MaxProcessingUnits != nil { + in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits + *out = new(float64) + **out = **in + } + if in.MinNodes != nil { + in, out := &in.MinNodes, &out.MinNodes + *out = new(float64) + **out = **in + } + if in.MinProcessingUnits != nil { + in, out := &in.MinProcessingUnits, &out.MinProcessingUnits + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingConfigAutoscalingLimitsParameters. +func (in *AutoscalingConfigAutoscalingLimitsParameters) DeepCopy() *AutoscalingConfigAutoscalingLimitsParameters { + if in == nil { + return nil + } + out := new(AutoscalingConfigAutoscalingLimitsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AutoscalingConfigInitParameters) DeepCopyInto(out *AutoscalingConfigInitParameters) { *out = *in + if in.AsymmetricAutoscalingOptions != nil { + in, out := &in.AsymmetricAutoscalingOptions, &out.AsymmetricAutoscalingOptions + *out = make([]AsymmetricAutoscalingOptionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoscalingLimits != nil { in, out := &in.AutoscalingLimits, &out.AutoscalingLimits - *out = new(AutoscalingLimitsInitParameters) + *out = new(AutoscalingConfigAutoscalingLimitsInitParameters) (*in).DeepCopyInto(*out) } if in.AutoscalingTargets != nil { @@ -41,9 +228,16 @@ func (in *AutoscalingConfigInitParameters) DeepCopy() *AutoscalingConfigInitPara // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AutoscalingConfigObservation) DeepCopyInto(out *AutoscalingConfigObservation) { *out = *in + if in.AsymmetricAutoscalingOptions != nil { + in, out := &in.AsymmetricAutoscalingOptions, &out.AsymmetricAutoscalingOptions + *out = make([]AsymmetricAutoscalingOptionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoscalingLimits != nil { in, out := &in.AutoscalingLimits, &out.AutoscalingLimits - *out = new(AutoscalingLimitsObservation) + *out = new(AutoscalingConfigAutoscalingLimitsObservation) (*in).DeepCopyInto(*out) } if in.AutoscalingTargets != nil { @@ -66,9 +260,16 @@ func (in *AutoscalingConfigObservation) DeepCopy() *AutoscalingConfigObservation // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AutoscalingConfigParameters) DeepCopyInto(out *AutoscalingConfigParameters) { *out = *in + if in.AsymmetricAutoscalingOptions != nil { + in, out := &in.AsymmetricAutoscalingOptions, &out.AsymmetricAutoscalingOptions + *out = make([]AsymmetricAutoscalingOptionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.AutoscalingLimits != nil { in, out := &in.AutoscalingLimits, &out.AutoscalingLimits - *out = new(AutoscalingLimitsParameters) + *out = new(AutoscalingConfigAutoscalingLimitsParameters) (*in).DeepCopyInto(*out) } if in.AutoscalingTargets != nil { @@ -96,21 +297,11 @@ func (in *AutoscalingLimitsInitParameters) DeepCopyInto(out *AutoscalingLimitsIn *out = new(float64) **out = **in } - if in.MaxProcessingUnits != nil { - in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits - *out = new(float64) - **out = **in - } if in.MinNodes != nil { in, out := &in.MinNodes, &out.MinNodes *out = new(float64) **out = **in } - if in.MinProcessingUnits != nil { - in, out := &in.MinProcessingUnits, &out.MinProcessingUnits - *out = new(float64) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingLimitsInitParameters. @@ -131,21 +322,11 @@ func (in *AutoscalingLimitsObservation) DeepCopyInto(out *AutoscalingLimitsObser *out = new(float64) **out = **in } - if in.MaxProcessingUnits != nil { - in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits - *out = new(float64) - **out = **in - } if in.MinNodes != nil { in, out := &in.MinNodes, &out.MinNodes *out = new(float64) **out = **in } - if in.MinProcessingUnits != nil { - in, out := &in.MinProcessingUnits, &out.MinProcessingUnits - *out = new(float64) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingLimitsObservation. @@ -166,21 +347,11 @@ func (in *AutoscalingLimitsParameters) DeepCopyInto(out *AutoscalingLimitsParame *out = new(float64) **out = **in } - if in.MaxProcessingUnits != nil { - in, out := &in.MaxProcessingUnits, &out.MaxProcessingUnits - *out = new(float64) - **out = **in - } if in.MinNodes != nil { in, out := &in.MinNodes, &out.MinNodes *out = new(float64) **out = **in } - if in.MinProcessingUnits != nil { - in, out := &in.MinProcessingUnits, &out.MinProcessingUnits - *out = new(float64) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoscalingLimitsParameters. @@ -937,6 +1108,17 @@ func (in *EncryptionConfigInitParameters) DeepCopyInto(out *EncryptionConfigInit *out = new(string) **out = **in } + if in.KMSKeyNames != nil { + in, out := &in.KMSKeyNames, &out.KMSKeyNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfigInitParameters. @@ -957,6 +1139,17 @@ func (in *EncryptionConfigObservation) DeepCopyInto(out *EncryptionConfigObserva *out = new(string) **out = **in } + if in.KMSKeyNames != nil { + in, out := &in.KMSKeyNames, &out.KMSKeyNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfigObservation. @@ -977,6 +1170,17 @@ func (in *EncryptionConfigParameters) DeepCopyInto(out *EncryptionConfigParamete *out = new(string) **out = **in } + if in.KMSKeyNames != nil { + in, out := &in.KMSKeyNames, &out.KMSKeyNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfigParameters. @@ -1373,6 +1577,11 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(string) **out = **in } + if in.Edition != nil { + in, out := &in.Edition, &out.Edition + *out = new(string) + **out = **in + } if in.ForceDestroy != nil { in, out := &in.ForceDestroy, &out.ForceDestroy *out = new(bool) @@ -1476,6 +1685,11 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.Edition != nil { + in, out := &in.Edition, &out.Edition + *out = new(string) + **out = **in + } if in.EffectiveLabels != nil { in, out := &in.EffectiveLabels, &out.EffectiveLabels *out = make(map[string]*string, len(*in)) @@ -1589,6 +1803,11 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(string) **out = **in } + if in.Edition != nil { + in, out := &in.Edition, &out.Edition + *out = new(string) + **out = **in + } if in.ForceDestroy != nil { in, out := &in.ForceDestroy, &out.ForceDestroy *out = new(bool) @@ -1671,3 +1890,123 @@ func (in *InstanceStatus) DeepCopy() *InstanceStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OverridesInitParameters) DeepCopyInto(out *OverridesInitParameters) { + *out = *in + if in.AutoscalingLimits != nil { + in, out := &in.AutoscalingLimits, &out.AutoscalingLimits + *out = new(AutoscalingLimitsInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverridesInitParameters. +func (in *OverridesInitParameters) DeepCopy() *OverridesInitParameters { + if in == nil { + return nil + } + out := new(OverridesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OverridesObservation) DeepCopyInto(out *OverridesObservation) { + *out = *in + if in.AutoscalingLimits != nil { + in, out := &in.AutoscalingLimits, &out.AutoscalingLimits + *out = new(AutoscalingLimitsObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverridesObservation. +func (in *OverridesObservation) DeepCopy() *OverridesObservation { + if in == nil { + return nil + } + out := new(OverridesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OverridesParameters) DeepCopyInto(out *OverridesParameters) { + *out = *in + if in.AutoscalingLimits != nil { + in, out := &in.AutoscalingLimits, &out.AutoscalingLimits + *out = new(AutoscalingLimitsParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverridesParameters. +func (in *OverridesParameters) DeepCopy() *OverridesParameters { + if in == nil { + return nil + } + out := new(OverridesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplicaSelectionInitParameters) DeepCopyInto(out *ReplicaSelectionInitParameters) { + *out = *in + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSelectionInitParameters. +func (in *ReplicaSelectionInitParameters) DeepCopy() *ReplicaSelectionInitParameters { + if in == nil { + return nil + } + out := new(ReplicaSelectionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplicaSelectionObservation) DeepCopyInto(out *ReplicaSelectionObservation) { + *out = *in + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSelectionObservation. +func (in *ReplicaSelectionObservation) DeepCopy() *ReplicaSelectionObservation { + if in == nil { + return nil + } + out := new(ReplicaSelectionObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplicaSelectionParameters) DeepCopyInto(out *ReplicaSelectionParameters) { + *out = *in + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplicaSelectionParameters. +func (in *ReplicaSelectionParameters) DeepCopy() *ReplicaSelectionParameters { + if in == nil { + return nil + } + out := new(ReplicaSelectionParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/spanner/v1beta2/zz_instance_types.go b/apis/spanner/v1beta2/zz_instance_types.go index dda8d3fd3..f862239ec 100755 --- a/apis/spanner/v1beta2/zz_instance_types.go +++ b/apis/spanner/v1beta2/zz_instance_types.go @@ -13,8 +13,105 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AsymmetricAutoscalingOptionsInitParameters struct { + + // A nested object resource. + // Structure is documented below. + Overrides *OverridesInitParameters `json:"overrides,omitempty" tf:"overrides,omitempty"` + + // A nested object resource. + // Structure is documented below. + ReplicaSelection *ReplicaSelectionInitParameters `json:"replicaSelection,omitempty" tf:"replica_selection,omitempty"` +} + +type AsymmetricAutoscalingOptionsObservation struct { + + // A nested object resource. + // Structure is documented below. + Overrides *OverridesObservation `json:"overrides,omitempty" tf:"overrides,omitempty"` + + // A nested object resource. + // Structure is documented below. + ReplicaSelection *ReplicaSelectionObservation `json:"replicaSelection,omitempty" tf:"replica_selection,omitempty"` +} + +type AsymmetricAutoscalingOptionsParameters struct { + + // A nested object resource. + // Structure is documented below. + // +kubebuilder:validation:Optional + Overrides *OverridesParameters `json:"overrides" tf:"overrides,omitempty"` + + // A nested object resource. + // Structure is documented below. + // +kubebuilder:validation:Optional + ReplicaSelection *ReplicaSelectionParameters `json:"replicaSelection" tf:"replica_selection,omitempty"` +} + +type AutoscalingConfigAutoscalingLimitsInitParameters struct { + + // The maximum number of nodes for this specific replica. + MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` + + // Specifies maximum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000 and be greater than or equal to + // min_processing_units. + MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` + + // The minimum number of nodes for this specific replica. + MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` + + // Specifies minimum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000. + MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` +} + +type AutoscalingConfigAutoscalingLimitsObservation struct { + + // The maximum number of nodes for this specific replica. + MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` + + // Specifies maximum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000 and be greater than or equal to + // min_processing_units. + MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` + + // The minimum number of nodes for this specific replica. + MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` + + // Specifies minimum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000. + MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` +} + +type AutoscalingConfigAutoscalingLimitsParameters struct { + + // The maximum number of nodes for this specific replica. + // +kubebuilder:validation:Optional + MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` + + // Specifies maximum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000 and be greater than or equal to + // min_processing_units. + // +kubebuilder:validation:Optional + MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` + + // The minimum number of nodes for this specific replica. + // +kubebuilder:validation:Optional + MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` + + // Specifies minimum number of processing units allocated to the instance. + // If set, this number should be multiples of 1000. + // +kubebuilder:validation:Optional + MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` +} + type AutoscalingConfigInitParameters struct { + // Asymmetric autoscaling options for specific replicas. + // Structure is documented below. + AsymmetricAutoscalingOptions []AsymmetricAutoscalingOptionsInitParameters `json:"asymmetricAutoscalingOptions,omitempty" tf:"asymmetric_autoscaling_options,omitempty"` + // Defines scale in controls to reduce the risk of response latency // and outages due to abrupt scale-in events. Users can define the minimum and // maximum compute capacity allocated to the instance, and the autoscaler will @@ -22,7 +119,7 @@ type AutoscalingConfigInitParameters struct { // units to specify the limits, but should use the same unit to set both the // min_limit and max_limit. // Structure is documented below. - AutoscalingLimits *AutoscalingLimitsInitParameters `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` + AutoscalingLimits *AutoscalingConfigAutoscalingLimitsInitParameters `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` // Defines scale in controls to reduce the risk of response latency // and outages due to abrupt scale-in events @@ -32,6 +129,10 @@ type AutoscalingConfigInitParameters struct { type AutoscalingConfigObservation struct { + // Asymmetric autoscaling options for specific replicas. + // Structure is documented below. + AsymmetricAutoscalingOptions []AsymmetricAutoscalingOptionsObservation `json:"asymmetricAutoscalingOptions,omitempty" tf:"asymmetric_autoscaling_options,omitempty"` + // Defines scale in controls to reduce the risk of response latency // and outages due to abrupt scale-in events. Users can define the minimum and // maximum compute capacity allocated to the instance, and the autoscaler will @@ -39,7 +140,7 @@ type AutoscalingConfigObservation struct { // units to specify the limits, but should use the same unit to set both the // min_limit and max_limit. // Structure is documented below. - AutoscalingLimits *AutoscalingLimitsObservation `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` + AutoscalingLimits *AutoscalingConfigAutoscalingLimitsObservation `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` // Defines scale in controls to reduce the risk of response latency // and outages due to abrupt scale-in events @@ -49,6 +150,11 @@ type AutoscalingConfigObservation struct { type AutoscalingConfigParameters struct { + // Asymmetric autoscaling options for specific replicas. + // Structure is documented below. + // +kubebuilder:validation:Optional + AsymmetricAutoscalingOptions []AsymmetricAutoscalingOptionsParameters `json:"asymmetricAutoscalingOptions,omitempty" tf:"asymmetric_autoscaling_options,omitempty"` + // Defines scale in controls to reduce the risk of response latency // and outages due to abrupt scale-in events. Users can define the minimum and // maximum compute capacity allocated to the instance, and the autoscaler will @@ -57,7 +163,7 @@ type AutoscalingConfigParameters struct { // min_limit and max_limit. // Structure is documented below. // +kubebuilder:validation:Optional - AutoscalingLimits *AutoscalingLimitsParameters `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` + AutoscalingLimits *AutoscalingConfigAutoscalingLimitsParameters `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` // Defines scale in controls to reduce the risk of response latency // and outages due to abrupt scale-in events @@ -68,66 +174,31 @@ type AutoscalingConfigParameters struct { type AutoscalingLimitsInitParameters struct { - // Specifies maximum number of nodes allocated to the instance. If set, this number - // should be greater than or equal to min_nodes. + // The maximum number of nodes for this specific replica. MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` - // Specifies maximum number of processing units allocated to the instance. - // If set, this number should be multiples of 1000 and be greater than or equal to - // min_processing_units. - MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` - - // Specifies number of nodes allocated to the instance. If set, this number - // should be greater than or equal to 1. + // The minimum number of nodes for this specific replica. MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` - - // Specifies minimum number of processing units allocated to the instance. - // If set, this number should be multiples of 1000. - MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` } type AutoscalingLimitsObservation struct { - // Specifies maximum number of nodes allocated to the instance. If set, this number - // should be greater than or equal to min_nodes. + // The maximum number of nodes for this specific replica. MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` - // Specifies maximum number of processing units allocated to the instance. - // If set, this number should be multiples of 1000 and be greater than or equal to - // min_processing_units. - MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` - - // Specifies number of nodes allocated to the instance. If set, this number - // should be greater than or equal to 1. + // The minimum number of nodes for this specific replica. MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` - - // Specifies minimum number of processing units allocated to the instance. - // If set, this number should be multiples of 1000. - MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` } type AutoscalingLimitsParameters struct { - // Specifies maximum number of nodes allocated to the instance. If set, this number - // should be greater than or equal to min_nodes. + // The maximum number of nodes for this specific replica. // +kubebuilder:validation:Optional - MaxNodes *float64 `json:"maxNodes,omitempty" tf:"max_nodes,omitempty"` - - // Specifies maximum number of processing units allocated to the instance. - // If set, this number should be multiples of 1000 and be greater than or equal to - // min_processing_units. - // +kubebuilder:validation:Optional - MaxProcessingUnits *float64 `json:"maxProcessingUnits,omitempty" tf:"max_processing_units,omitempty"` + MaxNodes *float64 `json:"maxNodes" tf:"max_nodes,omitempty"` - // Specifies number of nodes allocated to the instance. If set, this number - // should be greater than or equal to 1. + // The minimum number of nodes for this specific replica. // +kubebuilder:validation:Optional - MinNodes *float64 `json:"minNodes,omitempty" tf:"min_nodes,omitempty"` - - // Specifies minimum number of processing units allocated to the instance. - // If set, this number should be multiples of 1000. - // +kubebuilder:validation:Optional - MinProcessingUnits *float64 `json:"minProcessingUnits,omitempty" tf:"min_processing_units,omitempty"` + MinNodes *float64 `json:"minNodes" tf:"min_nodes,omitempty"` } type AutoscalingTargetsInitParameters struct { @@ -198,6 +269,10 @@ type InstanceInitParameters struct { // unique per project and between 4 and 30 characters in length. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // The edition selected for this instance. Different editions provide different capabilities at different price points. + // Possible values are: EDITION_UNSPECIFIED, STANDARD, ENTERPRISE, ENTERPRISE_PLUS. + Edition *string `json:"edition,omitempty" tf:"edition,omitempty"` + // When deleting a spanner instance, this boolean option will delete all backups of this instance. // This must be set to true if you created a backup manually in the console. ForceDestroy *bool `json:"forceDestroy,omitempty" tf:"force_destroy,omitempty"` @@ -245,6 +320,10 @@ type InstanceObservation struct { // unique per project and between 4 and 30 characters in length. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // The edition selected for this instance. Different editions provide different capabilities at different price points. + // Possible values are: EDITION_UNSPECIFIED, STANDARD, ENTERPRISE, ENTERPRISE_PLUS. + Edition *string `json:"edition,omitempty" tf:"edition,omitempty"` + // for all of the labels present on the resource. // +mapType=granular EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` @@ -311,6 +390,11 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // The edition selected for this instance. Different editions provide different capabilities at different price points. + // Possible values are: EDITION_UNSPECIFIED, STANDARD, ENTERPRISE, ENTERPRISE_PLUS. + // +kubebuilder:validation:Optional + Edition *string `json:"edition,omitempty" tf:"edition,omitempty"` + // When deleting a spanner instance, this boolean option will delete all backups of this instance. // This must be set to true if you created a backup manually in the console. // +kubebuilder:validation:Optional @@ -336,6 +420,47 @@ type InstanceParameters struct { Project *string `json:"project,omitempty" tf:"project,omitempty"` } +type OverridesInitParameters struct { + + // A nested object resource. + // Structure is documented below. + AutoscalingLimits *AutoscalingLimitsInitParameters `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` +} + +type OverridesObservation struct { + + // A nested object resource. + // Structure is documented below. + AutoscalingLimits *AutoscalingLimitsObservation `json:"autoscalingLimits,omitempty" tf:"autoscaling_limits,omitempty"` +} + +type OverridesParameters struct { + + // A nested object resource. + // Structure is documented below. + // +kubebuilder:validation:Optional + AutoscalingLimits *AutoscalingLimitsParameters `json:"autoscalingLimits" tf:"autoscaling_limits,omitempty"` +} + +type ReplicaSelectionInitParameters struct { + + // The location of the replica to apply asymmetric autoscaling options. + Location *string `json:"location,omitempty" tf:"location,omitempty"` +} + +type ReplicaSelectionObservation struct { + + // The location of the replica to apply asymmetric autoscaling options. + Location *string `json:"location,omitempty" tf:"location,omitempty"` +} + +type ReplicaSelectionParameters struct { + + // The location of the replica to apply asymmetric autoscaling options. + // +kubebuilder:validation:Optional + Location *string `json:"location" tf:"location,omitempty"` +} + // InstanceSpec defines the desired state of Instance type InstanceSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/examples-generated/spanner/v1beta2/instance.yaml b/examples-generated/spanner/v1beta2/instance.yaml index ffc0fd209..558253dd5 100644 --- a/examples-generated/spanner/v1beta2/instance.yaml +++ b/examples-generated/spanner/v1beta2/instance.yaml @@ -11,6 +11,7 @@ spec: config: regional-us-central1 defaultBackupScheduleType: AUTOMATIC displayName: Test Spanner Instance + edition: STANDARD labels: foo: bar numNodes: 2 diff --git a/examples/spanner/v1beta2/instance.yaml b/examples/spanner/v1beta2/instance.yaml index 9cf770111..b87bb9f01 100644 --- a/examples/spanner/v1beta2/instance.yaml +++ b/examples/spanner/v1beta2/instance.yaml @@ -14,6 +14,7 @@ spec: forProvider: config: regional-us-central1 displayName: Test Spanner Instance + edition: STANDARD labels: foo: bar numNodes: 2 diff --git a/package/crds/spanner.gcp.upbound.io_databases.yaml b/package/crds/spanner.gcp.upbound.io_databases.yaml index 93617e126..d9c9556c1 100644 --- a/package/crds/spanner.gcp.upbound.io_databases.yaml +++ b/package/crds/spanner.gcp.upbound.io_databases.yaml @@ -653,6 +653,13 @@ spec: Fully qualified name of the KMS key to use to encrypt this database. This key must exist in the same location as the Spanner Database. type: string + kmsKeyNames: + description: |- + Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist + in the same locations as the Spanner Database. + items: + type: string + type: array type: object instance: description: The instance to create the database on. @@ -795,6 +802,13 @@ spec: Fully qualified name of the KMS key to use to encrypt this database. This key must exist in the same location as the Spanner Database. type: string + kmsKeyNames: + description: |- + Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist + in the same locations as the Spanner Database. + items: + type: string + type: array type: object project: description: |- @@ -1019,6 +1033,13 @@ spec: Fully qualified name of the KMS key to use to encrypt this database. This key must exist in the same location as the Spanner Database. type: string + kmsKeyNames: + description: |- + Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist + in the same locations as the Spanner Database. + items: + type: string + type: array type: object id: description: an identifier for the resource with format {{instance}}/{{name}} diff --git a/package/crds/spanner.gcp.upbound.io_instances.yaml b/package/crds/spanner.gcp.upbound.io_instances.yaml index 318c3aa10..ee9cce40f 100644 --- a/package/crds/spanner.gcp.upbound.io_instances.yaml +++ b/package/crds/spanner.gcp.upbound.io_instances.yaml @@ -750,6 +750,44 @@ spec: the instance. Structure is documented below. properties: + asymmetricAutoscalingOptions: + description: |- + Asymmetric autoscaling options for specific replicas. + Structure is documented below. + items: + properties: + overrides: + description: |- + A nested object resource. + Structure is documented below. + properties: + autoscalingLimits: + description: |- + A nested object resource. + Structure is documented below. + properties: + maxNodes: + description: The maximum number of nodes for + this specific replica. + type: number + minNodes: + description: The minimum number of nodes for + this specific replica. + type: number + type: object + type: object + replicaSelection: + description: |- + A nested object resource. + Structure is documented below. + properties: + location: + description: The location of the replica to apply + asymmetric autoscaling options. + type: string + type: object + type: object + type: array autoscalingLimits: description: |- Defines scale in controls to reduce the risk of response latency @@ -761,9 +799,8 @@ spec: Structure is documented below. properties: maxNodes: - description: |- - Specifies maximum number of nodes allocated to the instance. If set, this number - should be greater than or equal to min_nodes. + description: The maximum number of nodes for this specific + replica. type: number maxProcessingUnits: description: |- @@ -772,9 +809,8 @@ spec: min_processing_units. type: number minNodes: - description: |- - Specifies number of nodes allocated to the instance. If set, this number - should be greater than or equal to 1. + description: The minimum number of nodes for this specific + replica. type: number minProcessingUnits: description: |- @@ -823,6 +859,11 @@ spec: The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. type: string + edition: + description: |- + The edition selected for this instance. Different editions provide different capabilities at different price points. + Possible values are: EDITION_UNSPECIFIED, STANDARD, ENTERPRISE, ENTERPRISE_PLUS. + type: string forceDestroy: description: |- When deleting a spanner instance, this boolean option will delete all backups of this instance. @@ -870,6 +911,44 @@ spec: the instance. Structure is documented below. properties: + asymmetricAutoscalingOptions: + description: |- + Asymmetric autoscaling options for specific replicas. + Structure is documented below. + items: + properties: + overrides: + description: |- + A nested object resource. + Structure is documented below. + properties: + autoscalingLimits: + description: |- + A nested object resource. + Structure is documented below. + properties: + maxNodes: + description: The maximum number of nodes for + this specific replica. + type: number + minNodes: + description: The minimum number of nodes for + this specific replica. + type: number + type: object + type: object + replicaSelection: + description: |- + A nested object resource. + Structure is documented below. + properties: + location: + description: The location of the replica to apply + asymmetric autoscaling options. + type: string + type: object + type: object + type: array autoscalingLimits: description: |- Defines scale in controls to reduce the risk of response latency @@ -881,9 +960,8 @@ spec: Structure is documented below. properties: maxNodes: - description: |- - Specifies maximum number of nodes allocated to the instance. If set, this number - should be greater than or equal to min_nodes. + description: The maximum number of nodes for this specific + replica. type: number maxProcessingUnits: description: |- @@ -892,9 +970,8 @@ spec: min_processing_units. type: number minNodes: - description: |- - Specifies number of nodes allocated to the instance. If set, this number - should be greater than or equal to 1. + description: The minimum number of nodes for this specific + replica. type: number minProcessingUnits: description: |- @@ -943,6 +1020,11 @@ spec: The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. type: string + edition: + description: |- + The edition selected for this instance. Different editions provide different capabilities at different price points. + Possible values are: EDITION_UNSPECIFIED, STANDARD, ENTERPRISE, ENTERPRISE_PLUS. + type: string forceDestroy: description: |- When deleting a spanner instance, this boolean option will delete all backups of this instance. @@ -1158,6 +1240,44 @@ spec: the instance. Structure is documented below. properties: + asymmetricAutoscalingOptions: + description: |- + Asymmetric autoscaling options for specific replicas. + Structure is documented below. + items: + properties: + overrides: + description: |- + A nested object resource. + Structure is documented below. + properties: + autoscalingLimits: + description: |- + A nested object resource. + Structure is documented below. + properties: + maxNodes: + description: The maximum number of nodes for + this specific replica. + type: number + minNodes: + description: The minimum number of nodes for + this specific replica. + type: number + type: object + type: object + replicaSelection: + description: |- + A nested object resource. + Structure is documented below. + properties: + location: + description: The location of the replica to apply + asymmetric autoscaling options. + type: string + type: object + type: object + type: array autoscalingLimits: description: |- Defines scale in controls to reduce the risk of response latency @@ -1169,9 +1289,8 @@ spec: Structure is documented below. properties: maxNodes: - description: |- - Specifies maximum number of nodes allocated to the instance. If set, this number - should be greater than or equal to min_nodes. + description: The maximum number of nodes for this specific + replica. type: number maxProcessingUnits: description: |- @@ -1180,9 +1299,8 @@ spec: min_processing_units. type: number minNodes: - description: |- - Specifies number of nodes allocated to the instance. If set, this number - should be greater than or equal to 1. + description: The minimum number of nodes for this specific + replica. type: number minProcessingUnits: description: |- @@ -1231,6 +1349,11 @@ spec: The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. type: string + edition: + description: |- + The edition selected for this instance. Different editions provide different capabilities at different price points. + Possible values are: EDITION_UNSPECIFIED, STANDARD, ENTERPRISE, ENTERPRISE_PLUS. + type: string effectiveLabels: additionalProperties: type: string From 72e6e185942d06d80a286533000f258ca8b1a892 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:32:10 +0100 Subject: [PATCH 21/47] sql: multiple changes Signed-off-by: Rickard von Essen --- apis/sql/v1beta2/zz_databaseinstance_types.go | 133 ++++++++--- apis/sql/v1beta2/zz_generated.deepcopy.go | 174 ++++++++++++-- apis/sql/v1beta2/zz_user_types.go | 21 +- examples-generated/sql/v1beta1/database.yaml | 2 +- .../sql.gcp.upbound.io_databaseinstances.yaml | 224 +++++++++++++----- package/crds/sql.gcp.upbound.io_users.yaml | 21 +- 6 files changed, 445 insertions(+), 130 deletions(-) diff --git a/apis/sql/v1beta2/zz_databaseinstance_types.go b/apis/sql/v1beta2/zz_databaseinstance_types.go index 342aa7916..965591c67 100755 --- a/apis/sql/v1beta2/zz_databaseinstance_types.go +++ b/apis/sql/v1beta2/zz_databaseinstance_types.go @@ -340,9 +340,9 @@ type DatabaseInstanceInitParameters struct { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include MYSQL_5_6, - // MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, - // POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, - // SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. + // MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, + // POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, + // SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. // SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, // SQLSERVER_2019_WEB. // Database Version Policies @@ -378,9 +378,12 @@ type DatabaseInstanceInitParameters struct { Region *string `json:"region,omitempty" tf:"region,omitempty"` // The configuration for replication. The - // configuration is detailed below. Valid only for MySQL instances. + // configuration is detailed below. ReplicaConfiguration *ReplicaConfigurationInitParameters `json:"replicaConfiguration,omitempty" tf:"replica_configuration,omitempty"` + // List of replica names. Can be updated. + ReplicaNames []*string `json:"replicaNames,omitempty" tf:"replica_names,omitempty"` + // The context needed to restore the database to a backup run. The configuration is detailed below. Adding or modifying this // block during resource creation/update will trigger the restore action after the resource is created/updated. RestoreBackupContext *RestoreBackupContextInitParameters `json:"restoreBackupContext,omitempty" tf:"restore_backup_context,omitempty"` @@ -406,15 +409,14 @@ type DatabaseInstanceObservation struct { // connection strings. For example, when connecting with Cloud SQL Proxy. ConnectionName *string `json:"connectionName,omitempty" tf:"connection_name,omitempty"` - // The name of the instance. This is done because after a name is used, it cannot be reused for - // up to one week. + // The DNS name of the instance. See Connect to an instance using Private Service Connect for more details. DNSName *string `json:"dnsName,omitempty" tf:"dns_name,omitempty"` // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include MYSQL_5_6, - // MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, - // POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, - // SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. + // MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, + // POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, + // SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. // SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, // SQLSERVER_2019_WEB. // Database Version Policies @@ -470,9 +472,12 @@ type DatabaseInstanceObservation struct { Region *string `json:"region,omitempty" tf:"region,omitempty"` // The configuration for replication. The - // configuration is detailed below. Valid only for MySQL instances. + // configuration is detailed below. ReplicaConfiguration *ReplicaConfigurationObservation `json:"replicaConfiguration,omitempty" tf:"replica_configuration,omitempty"` + // List of replica names. Can be updated. + ReplicaNames []*string `json:"replicaNames,omitempty" tf:"replica_names,omitempty"` + // The context needed to restore the database to a backup run. The configuration is detailed below. Adding or modifying this // block during resource creation/update will trigger the restore action after the resource is created/updated. RestoreBackupContext *RestoreBackupContextObservation `json:"restoreBackupContext,omitempty" tf:"restore_backup_context,omitempty"` @@ -498,9 +503,9 @@ type DatabaseInstanceParameters struct { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include MYSQL_5_6, - // MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, - // POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, - // SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. + // MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, + // POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, + // SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. // SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, // SQLSERVER_2019_WEB. // Database Version Policies @@ -543,10 +548,14 @@ type DatabaseInstanceParameters struct { Region *string `json:"region,omitempty" tf:"region,omitempty"` // The configuration for replication. The - // configuration is detailed below. Valid only for MySQL instances. + // configuration is detailed below. // +kubebuilder:validation:Optional ReplicaConfiguration *ReplicaConfigurationParameters `json:"replicaConfiguration,omitempty" tf:"replica_configuration,omitempty"` + // List of replica names. Can be updated. + // +kubebuilder:validation:Optional + ReplicaNames []*string `json:"replicaNames,omitempty" tf:"replica_names,omitempty"` + // The context needed to restore the database to a backup run. The configuration is detailed below. Adding or modifying this // block during resource creation/update will trigger the restore action after the resource is created/updated. // +kubebuilder:validation:Optional @@ -654,14 +663,14 @@ type IPConfigurationInitParameters struct { PscConfig []PscConfigInitParameters `json:"pscConfig,omitempty" tf:"psc_config,omitempty"` - // Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode. It will be fully deprecated in a future major release. For now, please use ssl_mode with a compatible require_ssl value instead. - RequireSSL *bool `json:"requireSsl,omitempty" tf:"require_ssl,omitempty"` - - // Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcement options compared to require_ssl. To change this field, also set the correspoding value in require_ssl. + // Specify how SSL connection should be enforced in DB connections. Supported values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY, and TRUSTED_CLIENT_CERTIFICATE_REQUIRED (not supported for SQL Server). See API reference doc for details. SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` - // Specify how the server certificate's Certificate Authority is hosted. Supported value is GOOGLE_MANAGED_INTERNAL_CA. + // Specify how the server certificate's Certificate Authority is hosted. Supported values are GOOGLE_MANAGED_INTERNAL_CA and GOOGLE_MANAGED_CAS_CA. ServerCAMode *string `json:"serverCaMode,omitempty" tf:"server_ca_mode,omitempty"` + + // The resource name of the server CA pool for an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. + ServerCAPool *string `json:"serverCaPool,omitempty" tf:"server_ca_pool,omitempty"` } type IPConfigurationObservation struct { @@ -688,14 +697,14 @@ type IPConfigurationObservation struct { PscConfig []PscConfigObservation `json:"pscConfig,omitempty" tf:"psc_config,omitempty"` - // Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode. It will be fully deprecated in a future major release. For now, please use ssl_mode with a compatible require_ssl value instead. - RequireSSL *bool `json:"requireSsl,omitempty" tf:"require_ssl,omitempty"` - - // Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcement options compared to require_ssl. To change this field, also set the correspoding value in require_ssl. + // Specify how SSL connection should be enforced in DB connections. Supported values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY, and TRUSTED_CLIENT_CERTIFICATE_REQUIRED (not supported for SQL Server). See API reference doc for details. SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` - // Specify how the server certificate's Certificate Authority is hosted. Supported value is GOOGLE_MANAGED_INTERNAL_CA. + // Specify how the server certificate's Certificate Authority is hosted. Supported values are GOOGLE_MANAGED_INTERNAL_CA and GOOGLE_MANAGED_CAS_CA. ServerCAMode *string `json:"serverCaMode,omitempty" tf:"server_ca_mode,omitempty"` + + // The resource name of the server CA pool for an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. + ServerCAPool *string `json:"serverCaPool,omitempty" tf:"server_ca_pool,omitempty"` } type IPConfigurationParameters struct { @@ -738,17 +747,17 @@ type IPConfigurationParameters struct { // +kubebuilder:validation:Optional PscConfig []PscConfigParameters `json:"pscConfig,omitempty" tf:"psc_config,omitempty"` - // Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode. It will be fully deprecated in a future major release. For now, please use ssl_mode with a compatible require_ssl value instead. - // +kubebuilder:validation:Optional - RequireSSL *bool `json:"requireSsl,omitempty" tf:"require_ssl,omitempty"` - - // Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcement options compared to require_ssl. To change this field, also set the correspoding value in require_ssl. + // Specify how SSL connection should be enforced in DB connections. Supported values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY, and TRUSTED_CLIENT_CERTIFICATE_REQUIRED (not supported for SQL Server). See API reference doc for details. // +kubebuilder:validation:Optional SSLMode *string `json:"sslMode,omitempty" tf:"ssl_mode,omitempty"` - // Specify how the server certificate's Certificate Authority is hosted. Supported value is GOOGLE_MANAGED_INTERNAL_CA. + // Specify how the server certificate's Certificate Authority is hosted. Supported values are GOOGLE_MANAGED_INTERNAL_CA and GOOGLE_MANAGED_CAS_CA. // +kubebuilder:validation:Optional ServerCAMode *string `json:"serverCaMode,omitempty" tf:"server_ca_mode,omitempty"` + + // The resource name of the server CA pool for an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. + // +kubebuilder:validation:Optional + ServerCAPool *string `json:"serverCaPool,omitempty" tf:"server_ca_pool,omitempty"` } type InsightsConfigInitParameters struct { @@ -963,12 +972,44 @@ type PasswordValidationPolicyParameters struct { ReuseInterval *float64 `json:"reuseInterval,omitempty" tf:"reuse_interval,omitempty"` } +type PscAutoConnectionsInitParameters struct { + + // "The consumer network of this consumer endpoint. This must be a resource path that includes both the host project and the network name. For example, projects/project1/global/networks/network1. The consumer host project of this network might be different from the consumer service project." + ConsumerNetwork *string `json:"consumerNetwork,omitempty" tf:"consumer_network,omitempty"` + + // The project ID of consumer service project of this consumer endpoint. + ConsumerServiceProjectID *string `json:"consumerServiceProjectId,omitempty" tf:"consumer_service_project_id,omitempty"` +} + +type PscAutoConnectionsObservation struct { + + // "The consumer network of this consumer endpoint. This must be a resource path that includes both the host project and the network name. For example, projects/project1/global/networks/network1. The consumer host project of this network might be different from the consumer service project." + ConsumerNetwork *string `json:"consumerNetwork,omitempty" tf:"consumer_network,omitempty"` + + // The project ID of consumer service project of this consumer endpoint. + ConsumerServiceProjectID *string `json:"consumerServiceProjectId,omitempty" tf:"consumer_service_project_id,omitempty"` +} + +type PscAutoConnectionsParameters struct { + + // "The consumer network of this consumer endpoint. This must be a resource path that includes both the host project and the network name. For example, projects/project1/global/networks/network1. The consumer host project of this network might be different from the consumer service project." + // +kubebuilder:validation:Optional + ConsumerNetwork *string `json:"consumerNetwork" tf:"consumer_network,omitempty"` + + // The project ID of consumer service project of this consumer endpoint. + // +kubebuilder:validation:Optional + ConsumerServiceProjectID *string `json:"consumerServiceProjectId,omitempty" tf:"consumer_service_project_id,omitempty"` +} + type PscConfigInitParameters struct { // List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric). // +listType=set AllowedConsumerProjects []*string `json:"allowedConsumerProjects,omitempty" tf:"allowed_consumer_projects,omitempty"` + // A comma-separated list of networks or a comma-separated list of network-project pairs. Each project in this list is represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be created automatically for the specified networks. + PscAutoConnections []PscAutoConnectionsInitParameters `json:"pscAutoConnections,omitempty" tf:"psc_auto_connections,omitempty"` + // Whether PSC connectivity is enabled for this instance. PscEnabled *bool `json:"pscEnabled,omitempty" tf:"psc_enabled,omitempty"` } @@ -979,6 +1020,9 @@ type PscConfigObservation struct { // +listType=set AllowedConsumerProjects []*string `json:"allowedConsumerProjects,omitempty" tf:"allowed_consumer_projects,omitempty"` + // A comma-separated list of networks or a comma-separated list of network-project pairs. Each project in this list is represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be created automatically for the specified networks. + PscAutoConnections []PscAutoConnectionsObservation `json:"pscAutoConnections,omitempty" tf:"psc_auto_connections,omitempty"` + // Whether PSC connectivity is enabled for this instance. PscEnabled *bool `json:"pscEnabled,omitempty" tf:"psc_enabled,omitempty"` } @@ -990,6 +1034,10 @@ type PscConfigParameters struct { // +listType=set AllowedConsumerProjects []*string `json:"allowedConsumerProjects,omitempty" tf:"allowed_consumer_projects,omitempty"` + // A comma-separated list of networks or a comma-separated list of network-project pairs. Each project in this list is represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be created automatically for the specified networks. + // +kubebuilder:validation:Optional + PscAutoConnections []PscAutoConnectionsParameters `json:"pscAutoConnections,omitempty" tf:"psc_auto_connections,omitempty"` + // Whether PSC connectivity is enabled for this instance. // +kubebuilder:validation:Optional PscEnabled *bool `json:"pscEnabled,omitempty" tf:"psc_enabled,omitempty"` @@ -1001,6 +1049,9 @@ type ReplicaConfigurationInitParameters struct { // certificate. CACertificate *string `json:"caCertificate,omitempty" tf:"ca_certificate,omitempty"` + // Specifies if the replica is a cascadable replica. If true, instance must be in different region from primary. + CascadableReplica *bool `json:"cascadableReplica,omitempty" tf:"cascadable_replica,omitempty"` + // PEM representation of the replica's x509 // certificate. ClientCertificate *string `json:"clientCertificate,omitempty" tf:"client_certificate,omitempty"` @@ -1014,7 +1065,8 @@ type ReplicaConfigurationInitParameters struct { ConnectRetryInterval *float64 `json:"connectRetryInterval,omitempty" tf:"connect_retry_interval,omitempty"` // Path to a SQL file in GCS from which replica - // instances are created. Format is gs://bucket/filename. + // instances are created. Format is gs://bucket/filename. Note, if the master + // instance is a source representation instance this field must be present. DumpFilePath *string `json:"dumpFilePath,omitempty" tf:"dump_file_path,omitempty"` // Specifies if the replica is the failover target. @@ -1048,6 +1100,9 @@ type ReplicaConfigurationObservation struct { // certificate. CACertificate *string `json:"caCertificate,omitempty" tf:"ca_certificate,omitempty"` + // Specifies if the replica is a cascadable replica. If true, instance must be in different region from primary. + CascadableReplica *bool `json:"cascadableReplica,omitempty" tf:"cascadable_replica,omitempty"` + // PEM representation of the replica's x509 // certificate. ClientCertificate *string `json:"clientCertificate,omitempty" tf:"client_certificate,omitempty"` @@ -1061,7 +1116,8 @@ type ReplicaConfigurationObservation struct { ConnectRetryInterval *float64 `json:"connectRetryInterval,omitempty" tf:"connect_retry_interval,omitempty"` // Path to a SQL file in GCS from which replica - // instances are created. Format is gs://bucket/filename. + // instances are created. Format is gs://bucket/filename. Note, if the master + // instance is a source representation instance this field must be present. DumpFilePath *string `json:"dumpFilePath,omitempty" tf:"dump_file_path,omitempty"` // Specifies if the replica is the failover target. @@ -1093,6 +1149,10 @@ type ReplicaConfigurationParameters struct { // +kubebuilder:validation:Optional CACertificate *string `json:"caCertificate,omitempty" tf:"ca_certificate,omitempty"` + // Specifies if the replica is a cascadable replica. If true, instance must be in different region from primary. + // +kubebuilder:validation:Optional + CascadableReplica *bool `json:"cascadableReplica,omitempty" tf:"cascadable_replica,omitempty"` + // PEM representation of the replica's x509 // certificate. // +kubebuilder:validation:Optional @@ -1109,7 +1169,8 @@ type ReplicaConfigurationParameters struct { ConnectRetryInterval *float64 `json:"connectRetryInterval,omitempty" tf:"connect_retry_interval,omitempty"` // Path to a SQL file in GCS from which replica - // instances are created. Format is gs://bucket/filename. + // instances are created. Format is gs://bucket/filename. Note, if the master + // instance is a source representation instance this field must be present. // +kubebuilder:validation:Optional DumpFilePath *string `json:"dumpFilePath,omitempty" tf:"dump_file_path,omitempty"` @@ -1273,7 +1334,7 @@ type SettingsInitParameters struct { // The name of server instance collation. Collation *string `json:"collation,omitempty" tf:"collation,omitempty"` - // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + // Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be REQUIRED or NOT_REQUIRED. If enabled, all the direct connections are rejected. ConnectorEnforcement *string `json:"connectorEnforcement,omitempty" tf:"connector_enforcement,omitempty"` DataCacheConfig *DataCacheConfigInitParameters `json:"dataCacheConfig,omitempty" tf:"data_cache_config,omitempty"` @@ -1357,7 +1418,7 @@ type SettingsObservation struct { // The name of server instance collation. Collation *string `json:"collation,omitempty" tf:"collation,omitempty"` - // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + // Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be REQUIRED or NOT_REQUIRED. If enabled, all the direct connections are rejected. ConnectorEnforcement *string `json:"connectorEnforcement,omitempty" tf:"connector_enforcement,omitempty"` DataCacheConfig *DataCacheConfigObservation `json:"dataCacheConfig,omitempty" tf:"data_cache_config,omitempty"` @@ -1451,7 +1512,7 @@ type SettingsParameters struct { // +kubebuilder:validation:Optional Collation *string `json:"collation,omitempty" tf:"collation,omitempty"` - // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + // Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be REQUIRED or NOT_REQUIRED. If enabled, all the direct connections are rejected. // +kubebuilder:validation:Optional ConnectorEnforcement *string `json:"connectorEnforcement,omitempty" tf:"connector_enforcement,omitempty"` diff --git a/apis/sql/v1beta2/zz_generated.deepcopy.go b/apis/sql/v1beta2/zz_generated.deepcopy.go index 98ef24a13..2ceb527c4 100644 --- a/apis/sql/v1beta2/zz_generated.deepcopy.go +++ b/apis/sql/v1beta2/zz_generated.deepcopy.go @@ -796,6 +796,17 @@ func (in *DatabaseInstanceInitParameters) DeepCopyInto(out *DatabaseInstanceInit *out = new(ReplicaConfigurationInitParameters) (*in).DeepCopyInto(*out) } + if in.ReplicaNames != nil { + in, out := &in.ReplicaNames, &out.ReplicaNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.RestoreBackupContext != nil { in, out := &in.RestoreBackupContext, &out.RestoreBackupContext *out = new(RestoreBackupContextInitParameters) @@ -961,6 +972,17 @@ func (in *DatabaseInstanceObservation) DeepCopyInto(out *DatabaseInstanceObserva *out = new(ReplicaConfigurationObservation) (*in).DeepCopyInto(*out) } + if in.ReplicaNames != nil { + in, out := &in.ReplicaNames, &out.ReplicaNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.RestoreBackupContext != nil { in, out := &in.RestoreBackupContext, &out.RestoreBackupContext *out = new(RestoreBackupContextObservation) @@ -1041,6 +1063,17 @@ func (in *DatabaseInstanceParameters) DeepCopyInto(out *DatabaseInstanceParamete *out = new(ReplicaConfigurationParameters) (*in).DeepCopyInto(*out) } + if in.ReplicaNames != nil { + in, out := &in.ReplicaNames, &out.ReplicaNames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.RestoreBackupContext != nil { in, out := &in.RestoreBackupContext, &out.RestoreBackupContext *out = new(RestoreBackupContextParameters) @@ -1300,11 +1333,6 @@ func (in *IPConfigurationInitParameters) DeepCopyInto(out *IPConfigurationInitPa (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequireSSL != nil { - in, out := &in.RequireSSL, &out.RequireSSL - *out = new(bool) - **out = **in - } if in.SSLMode != nil { in, out := &in.SSLMode, &out.SSLMode *out = new(string) @@ -1315,6 +1343,11 @@ func (in *IPConfigurationInitParameters) DeepCopyInto(out *IPConfigurationInitPa *out = new(string) **out = **in } + if in.ServerCAPool != nil { + in, out := &in.ServerCAPool, &out.ServerCAPool + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPConfigurationInitParameters. @@ -1364,11 +1397,6 @@ func (in *IPConfigurationObservation) DeepCopyInto(out *IPConfigurationObservati (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequireSSL != nil { - in, out := &in.RequireSSL, &out.RequireSSL - *out = new(bool) - **out = **in - } if in.SSLMode != nil { in, out := &in.SSLMode, &out.SSLMode *out = new(string) @@ -1379,6 +1407,11 @@ func (in *IPConfigurationObservation) DeepCopyInto(out *IPConfigurationObservati *out = new(string) **out = **in } + if in.ServerCAPool != nil { + in, out := &in.ServerCAPool, &out.ServerCAPool + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPConfigurationObservation. @@ -1438,11 +1471,6 @@ func (in *IPConfigurationParameters) DeepCopyInto(out *IPConfigurationParameters (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.RequireSSL != nil { - in, out := &in.RequireSSL, &out.RequireSSL - *out = new(bool) - **out = **in - } if in.SSLMode != nil { in, out := &in.SSLMode, &out.SSLMode *out = new(string) @@ -1453,6 +1481,11 @@ func (in *IPConfigurationParameters) DeepCopyInto(out *IPConfigurationParameters *out = new(string) **out = **in } + if in.ServerCAPool != nil { + in, out := &in.ServerCAPool, &out.ServerCAPool + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPConfigurationParameters. @@ -2012,6 +2045,81 @@ func (in *PasswordValidationPolicyParameters) DeepCopy() *PasswordValidationPoli return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscAutoConnectionsInitParameters) DeepCopyInto(out *PscAutoConnectionsInitParameters) { + *out = *in + if in.ConsumerNetwork != nil { + in, out := &in.ConsumerNetwork, &out.ConsumerNetwork + *out = new(string) + **out = **in + } + if in.ConsumerServiceProjectID != nil { + in, out := &in.ConsumerServiceProjectID, &out.ConsumerServiceProjectID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscAutoConnectionsInitParameters. +func (in *PscAutoConnectionsInitParameters) DeepCopy() *PscAutoConnectionsInitParameters { + if in == nil { + return nil + } + out := new(PscAutoConnectionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscAutoConnectionsObservation) DeepCopyInto(out *PscAutoConnectionsObservation) { + *out = *in + if in.ConsumerNetwork != nil { + in, out := &in.ConsumerNetwork, &out.ConsumerNetwork + *out = new(string) + **out = **in + } + if in.ConsumerServiceProjectID != nil { + in, out := &in.ConsumerServiceProjectID, &out.ConsumerServiceProjectID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscAutoConnectionsObservation. +func (in *PscAutoConnectionsObservation) DeepCopy() *PscAutoConnectionsObservation { + if in == nil { + return nil + } + out := new(PscAutoConnectionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PscAutoConnectionsParameters) DeepCopyInto(out *PscAutoConnectionsParameters) { + *out = *in + if in.ConsumerNetwork != nil { + in, out := &in.ConsumerNetwork, &out.ConsumerNetwork + *out = new(string) + **out = **in + } + if in.ConsumerServiceProjectID != nil { + in, out := &in.ConsumerServiceProjectID, &out.ConsumerServiceProjectID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PscAutoConnectionsParameters. +func (in *PscAutoConnectionsParameters) DeepCopy() *PscAutoConnectionsParameters { + if in == nil { + return nil + } + out := new(PscAutoConnectionsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PscConfigInitParameters) DeepCopyInto(out *PscConfigInitParameters) { *out = *in @@ -2026,6 +2134,13 @@ func (in *PscConfigInitParameters) DeepCopyInto(out *PscConfigInitParameters) { } } } + if in.PscAutoConnections != nil { + in, out := &in.PscAutoConnections, &out.PscAutoConnections + *out = make([]PscAutoConnectionsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PscEnabled != nil { in, out := &in.PscEnabled, &out.PscEnabled *out = new(bool) @@ -2057,6 +2172,13 @@ func (in *PscConfigObservation) DeepCopyInto(out *PscConfigObservation) { } } } + if in.PscAutoConnections != nil { + in, out := &in.PscAutoConnections, &out.PscAutoConnections + *out = make([]PscAutoConnectionsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PscEnabled != nil { in, out := &in.PscEnabled, &out.PscEnabled *out = new(bool) @@ -2088,6 +2210,13 @@ func (in *PscConfigParameters) DeepCopyInto(out *PscConfigParameters) { } } } + if in.PscAutoConnections != nil { + in, out := &in.PscAutoConnections, &out.PscAutoConnections + *out = make([]PscAutoConnectionsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.PscEnabled != nil { in, out := &in.PscEnabled, &out.PscEnabled *out = new(bool) @@ -2113,6 +2242,11 @@ func (in *ReplicaConfigurationInitParameters) DeepCopyInto(out *ReplicaConfigura *out = new(string) **out = **in } + if in.CascadableReplica != nil { + in, out := &in.CascadableReplica, &out.CascadableReplica + *out = new(bool) + **out = **in + } if in.ClientCertificate != nil { in, out := &in.ClientCertificate, &out.ClientCertificate *out = new(string) @@ -2183,6 +2317,11 @@ func (in *ReplicaConfigurationObservation) DeepCopyInto(out *ReplicaConfiguratio *out = new(string) **out = **in } + if in.CascadableReplica != nil { + in, out := &in.CascadableReplica, &out.CascadableReplica + *out = new(bool) + **out = **in + } if in.ClientCertificate != nil { in, out := &in.ClientCertificate, &out.ClientCertificate *out = new(string) @@ -2248,6 +2387,11 @@ func (in *ReplicaConfigurationParameters) DeepCopyInto(out *ReplicaConfiguration *out = new(string) **out = **in } + if in.CascadableReplica != nil { + in, out := &in.CascadableReplica, &out.CascadableReplica + *out = new(bool) + **out = **in + } if in.ClientCertificate != nil { in, out := &in.ClientCertificate, &out.ClientCertificate *out = new(string) diff --git a/apis/sql/v1beta2/zz_user_types.go b/apis/sql/v1beta2/zz_user_types.go index 8839d8db2..62f0c4cab 100755 --- a/apis/sql/v1beta2/zz_user_types.go +++ b/apis/sql/v1beta2/zz_user_types.go @@ -130,9 +130,10 @@ type UserInitParameters struct { // The user type. It determines the method to authenticate the // user during login. The default is the database's built-in user type. Flags - // include "BUILT_IN", "CLOUD_IAM_USER", and "CLOUD_IAM_SERVICE_ACCOUNT" for both - // Postgres and MySQL. - // MySQL also includes "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT". + // include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", + // "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for + // Postgres + // and MySQL. Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -164,9 +165,10 @@ type UserObservation struct { // The user type. It determines the method to authenticate the // user during login. The default is the database's built-in user type. Flags - // include "BUILT_IN", "CLOUD_IAM_USER", and "CLOUD_IAM_SERVICE_ACCOUNT" for both - // Postgres and MySQL. - // MySQL also includes "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT". + // include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", + // "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for + // Postgres + // and MySQL. Type *string `json:"type,omitempty" tf:"type,omitempty"` } @@ -215,9 +217,10 @@ type UserParameters struct { // The user type. It determines the method to authenticate the // user during login. The default is the database's built-in user type. Flags - // include "BUILT_IN", "CLOUD_IAM_USER", and "CLOUD_IAM_SERVICE_ACCOUNT" for both - // Postgres and MySQL. - // MySQL also includes "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT". + // include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", + // "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for + // Postgres + // and MySQL. // +kubebuilder:validation:Optional Type *string `json:"type,omitempty" tf:"type,omitempty"` } diff --git a/examples-generated/sql/v1beta1/database.yaml b/examples-generated/sql/v1beta1/database.yaml index b21d9327c..1b0e0c1c4 100644 --- a/examples-generated/sql/v1beta1/database.yaml +++ b/examples-generated/sql/v1beta1/database.yaml @@ -25,7 +25,7 @@ metadata: spec: forProvider: databaseVersion: MYSQL_8_0 - deletionProtection: "true" + deletionProtection: true region: us-central1 settings: - tier: db-f1-micro diff --git a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml index ba69edee3..16fc1fa4b 100644 --- a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml +++ b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml @@ -2427,9 +2427,9 @@ spec: description: |- The MySQL, PostgreSQL or SQL Server version to use. Supported values include MYSQL_5_6, - MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, - POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, - SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. + MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, + POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, SQLSERVER_2019_WEB. Database Version Policies @@ -2476,13 +2476,17 @@ spec: replicaConfiguration: description: |- The configuration for replication. The - configuration is detailed below. Valid only for MySQL instances. + configuration is detailed below. properties: caCertificate: description: |- PEM representation of the trusted CA's x509 certificate. type: string + cascadableReplica: + description: Specifies if the replica is a cascadable replica. + If true, instance must be in different region from primary. + type: boolean clientCertificate: description: |- PEM representation of the replica's x509 @@ -2501,7 +2505,8 @@ spec: dumpFilePath: description: |- Path to a SQL file in GCS from which replica - instances are created. Format is gs://bucket/filename. + instances are created. Format is gs://bucket/filename. Note, if the master + instance is a source representation instance this field must be present. type: string failoverTarget: description: |- @@ -2545,6 +2550,11 @@ spec: value is checked during the SSL handshake. type: boolean type: object + replicaNames: + description: List of replica names. Can be updated. + items: + type: string + type: array restoreBackupContext: description: |- The context needed to restore the database to a backup run. The configuration is detailed below. Adding or modifying this @@ -2664,9 +2674,10 @@ spec: description: The name of server instance collation. type: string connectorEnforcement: - description: Enables the enforcement of Cloud SQL Auth Proxy - or Cloud SQL connectors for all the connections. If enabled, - all the direct connections are rejected. + description: Control the enforcement of Cloud SQL Auth Proxy + or Cloud SQL connectors for all the connections, can be + REQUIRED or NOT_REQUIRED. If enabled, all the direct connections + are rejected. type: string dataCacheConfig: properties: @@ -2920,28 +2931,52 @@ spec: type: string type: array x-kubernetes-list-type: set + pscAutoConnections: + description: A comma-separated list of networks + or a comma-separated list of network-project pairs. + Each project in this list is represented by a + project number (numeric) or by a project ID (alphanumeric). + This allows Private Service Connect connections + to be created automatically for the specified + networks. + items: + properties: + consumerNetwork: + description: '"The consumer network of this + consumer endpoint. This must be a resource + path that includes both the host project + and the network name. For example, projects/project1/global/networks/network1. + The consumer host project of this network + might be different from the consumer service + project."' + type: string + consumerServiceProjectId: + description: The project ID of consumer service + project of this consumer endpoint. + type: string + type: object + type: array pscEnabled: description: Whether PSC connectivity is enabled for this instance. type: boolean type: object type: array - requireSsl: - description: Whether SSL connections over IP are enforced - or not. To change this field, also set the corresponding - value in ssl_mode. It will be fully deprecated in a - future major release. For now, please use ssl_mode with - a compatible require_ssl value instead. - type: boolean serverCaMode: description: Specify how the server certificate's Certificate - Authority is hosted. Supported value is GOOGLE_MANAGED_INTERNAL_CA. + Authority is hosted. Supported values are GOOGLE_MANAGED_INTERNAL_CA + and GOOGLE_MANAGED_CAS_CA. + type: string + serverCaPool: + description: The resource name of the server CA pool for + an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. type: string sslMode: description: Specify how SSL connection should be enforced - in DB connections. This field provides more SSL enforcement - options compared to require_ssl. To change this field, - also set the correspoding value in require_ssl. + in DB connections. Supported values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, + ENCRYPTED_ONLY, and TRUSTED_CLIENT_CERTIFICATE_REQUIRED + (not supported for SQL Server). See API reference doc + for details. type: string type: object locationPreference: @@ -3093,9 +3128,9 @@ spec: description: |- The MySQL, PostgreSQL or SQL Server version to use. Supported values include MYSQL_5_6, - MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, - POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, - SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. + MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, + POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, SQLSERVER_2019_WEB. Database Version Policies @@ -3142,13 +3177,17 @@ spec: replicaConfiguration: description: |- The configuration for replication. The - configuration is detailed below. Valid only for MySQL instances. + configuration is detailed below. properties: caCertificate: description: |- PEM representation of the trusted CA's x509 certificate. type: string + cascadableReplica: + description: Specifies if the replica is a cascadable replica. + If true, instance must be in different region from primary. + type: boolean clientCertificate: description: |- PEM representation of the replica's x509 @@ -3167,7 +3206,8 @@ spec: dumpFilePath: description: |- Path to a SQL file in GCS from which replica - instances are created. Format is gs://bucket/filename. + instances are created. Format is gs://bucket/filename. Note, if the master + instance is a source representation instance this field must be present. type: string failoverTarget: description: |- @@ -3211,6 +3251,11 @@ spec: value is checked during the SSL handshake. type: boolean type: object + replicaNames: + description: List of replica names. Can be updated. + items: + type: string + type: array restoreBackupContext: description: |- The context needed to restore the database to a backup run. The configuration is detailed below. Adding or modifying this @@ -3330,9 +3375,10 @@ spec: description: The name of server instance collation. type: string connectorEnforcement: - description: Enables the enforcement of Cloud SQL Auth Proxy - or Cloud SQL connectors for all the connections. If enabled, - all the direct connections are rejected. + description: Control the enforcement of Cloud SQL Auth Proxy + or Cloud SQL connectors for all the connections, can be + REQUIRED or NOT_REQUIRED. If enabled, all the direct connections + are rejected. type: string dataCacheConfig: properties: @@ -3586,28 +3632,52 @@ spec: type: string type: array x-kubernetes-list-type: set + pscAutoConnections: + description: A comma-separated list of networks + or a comma-separated list of network-project pairs. + Each project in this list is represented by a + project number (numeric) or by a project ID (alphanumeric). + This allows Private Service Connect connections + to be created automatically for the specified + networks. + items: + properties: + consumerNetwork: + description: '"The consumer network of this + consumer endpoint. This must be a resource + path that includes both the host project + and the network name. For example, projects/project1/global/networks/network1. + The consumer host project of this network + might be different from the consumer service + project."' + type: string + consumerServiceProjectId: + description: The project ID of consumer service + project of this consumer endpoint. + type: string + type: object + type: array pscEnabled: description: Whether PSC connectivity is enabled for this instance. type: boolean type: object type: array - requireSsl: - description: Whether SSL connections over IP are enforced - or not. To change this field, also set the corresponding - value in ssl_mode. It will be fully deprecated in a - future major release. For now, please use ssl_mode with - a compatible require_ssl value instead. - type: boolean serverCaMode: description: Specify how the server certificate's Certificate - Authority is hosted. Supported value is GOOGLE_MANAGED_INTERNAL_CA. + Authority is hosted. Supported values are GOOGLE_MANAGED_INTERNAL_CA + and GOOGLE_MANAGED_CAS_CA. + type: string + serverCaPool: + description: The resource name of the server CA pool for + an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. type: string sslMode: description: Specify how SSL connection should be enforced - in DB connections. This field provides more SSL enforcement - options compared to require_ssl. To change this field, - also set the correspoding value in require_ssl. + in DB connections. Supported values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, + ENCRYPTED_ONLY, and TRUSTED_CLIENT_CERTIFICATE_REQUIRED + (not supported for SQL Server). See API reference doc + for details. type: string type: object locationPreference: @@ -3934,9 +4004,9 @@ spec: description: |- The MySQL, PostgreSQL or SQL Server version to use. Supported values include MYSQL_5_6, - MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, - POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, - SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. + MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, + POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, SQLSERVER_2019_WEB. Database Version Policies @@ -3947,9 +4017,8 @@ spec: is allowed. type: boolean dnsName: - description: |- - The name of the instance. This is done because after a name is used, it cannot be reused for - up to one week. + description: The DNS name of the instance. See Connect to an instance + using Private Service Connect for more details. type: string encryptionKeyName: description: |- @@ -4025,13 +4094,17 @@ spec: replicaConfiguration: description: |- The configuration for replication. The - configuration is detailed below. Valid only for MySQL instances. + configuration is detailed below. properties: caCertificate: description: |- PEM representation of the trusted CA's x509 certificate. type: string + cascadableReplica: + description: Specifies if the replica is a cascadable replica. + If true, instance must be in different region from primary. + type: boolean clientCertificate: description: |- PEM representation of the replica's x509 @@ -4050,7 +4123,8 @@ spec: dumpFilePath: description: |- Path to a SQL file in GCS from which replica - instances are created. Format is gs://bucket/filename. + instances are created. Format is gs://bucket/filename. Note, if the master + instance is a source representation instance this field must be present. type: string failoverTarget: description: |- @@ -4077,6 +4151,11 @@ spec: value is checked during the SSL handshake. type: boolean type: object + replicaNames: + description: List of replica names. Can be updated. + items: + type: string + type: array restoreBackupContext: description: |- The context needed to restore the database to a backup run. The configuration is detailed below. Adding or modifying this @@ -4186,9 +4265,10 @@ spec: description: The name of server instance collation. type: string connectorEnforcement: - description: Enables the enforcement of Cloud SQL Auth Proxy - or Cloud SQL connectors for all the connections. If enabled, - all the direct connections are rejected. + description: Control the enforcement of Cloud SQL Auth Proxy + or Cloud SQL connectors for all the connections, can be + REQUIRED or NOT_REQUIRED. If enabled, all the direct connections + are rejected. type: string dataCacheConfig: properties: @@ -4366,28 +4446,52 @@ spec: type: string type: array x-kubernetes-list-type: set + pscAutoConnections: + description: A comma-separated list of networks + or a comma-separated list of network-project pairs. + Each project in this list is represented by a + project number (numeric) or by a project ID (alphanumeric). + This allows Private Service Connect connections + to be created automatically for the specified + networks. + items: + properties: + consumerNetwork: + description: '"The consumer network of this + consumer endpoint. This must be a resource + path that includes both the host project + and the network name. For example, projects/project1/global/networks/network1. + The consumer host project of this network + might be different from the consumer service + project."' + type: string + consumerServiceProjectId: + description: The project ID of consumer service + project of this consumer endpoint. + type: string + type: object + type: array pscEnabled: description: Whether PSC connectivity is enabled for this instance. type: boolean type: object type: array - requireSsl: - description: Whether SSL connections over IP are enforced - or not. To change this field, also set the corresponding - value in ssl_mode. It will be fully deprecated in a - future major release. For now, please use ssl_mode with - a compatible require_ssl value instead. - type: boolean serverCaMode: description: Specify how the server certificate's Certificate - Authority is hosted. Supported value is GOOGLE_MANAGED_INTERNAL_CA. + Authority is hosted. Supported values are GOOGLE_MANAGED_INTERNAL_CA + and GOOGLE_MANAGED_CAS_CA. + type: string + serverCaPool: + description: The resource name of the server CA pool for + an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. type: string sslMode: description: Specify how SSL connection should be enforced - in DB connections. This field provides more SSL enforcement - options compared to require_ssl. To change this field, - also set the correspoding value in require_ssl. + in DB connections. Supported values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, + ENCRYPTED_ONLY, and TRUSTED_CLIENT_CERTIFICATE_REQUIRED + (not supported for SQL Server). See API reference doc + for details. type: string type: object locationPreference: diff --git a/package/crds/sql.gcp.upbound.io_users.yaml b/package/crds/sql.gcp.upbound.io_users.yaml index cfd2b7c16..49279452d 100644 --- a/package/crds/sql.gcp.upbound.io_users.yaml +++ b/package/crds/sql.gcp.upbound.io_users.yaml @@ -890,9 +890,10 @@ spec: description: |- The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", and "CLOUD_IAM_SERVICE_ACCOUNT" for both - Postgres and MySQL. - MySQL also includes "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", + "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for + Postgres + and MySQL. type: string type: object initProvider: @@ -1051,9 +1052,10 @@ spec: description: |- The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", and "CLOUD_IAM_SERVICE_ACCOUNT" for both - Postgres and MySQL. - MySQL also includes "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", + "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for + Postgres + and MySQL. type: string type: object managementPolicies: @@ -1300,9 +1302,10 @@ spec: description: |- The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", and "CLOUD_IAM_SERVICE_ACCOUNT" for both - Postgres and MySQL. - MySQL also includes "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", + "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for + Postgres + and MySQL. type: string type: object conditions: From 368fd84381279b5da419f03c813a39fe6605c9cf Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:35:06 +0100 Subject: [PATCH 22/47] tags: doc updates only Signed-off-by: Rickard von Essen --- apis/tags/v1beta1/zz_tagvalue_types.go | 6 +++--- examples-generated/tags/v1beta1/tagbinding.yaml | 1 + package/crds/tags.gcp.upbound.io_tagvalues.yaml | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/apis/tags/v1beta1/zz_tagvalue_types.go b/apis/tags/v1beta1/zz_tagvalue_types.go index 1cfc768e8..832f18ec6 100755 --- a/apis/tags/v1beta1/zz_tagvalue_types.go +++ b/apis/tags/v1beta1/zz_tagvalue_types.go @@ -32,7 +32,7 @@ type TagValueInitParameters struct { ParentSelector *v1.Selector `json:"parentSelector,omitempty" tf:"-"` // Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - // The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + // The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). ShortName *string `json:"shortName,omitempty" tf:"short_name,omitempty"` } @@ -58,7 +58,7 @@ type TagValueObservation struct { Parent *string `json:"parent,omitempty" tf:"parent,omitempty"` // Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - // The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + // The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). ShortName *string `json:"shortName,omitempty" tf:"short_name,omitempty"` // Output only. Update time. @@ -87,7 +87,7 @@ type TagValueParameters struct { ParentSelector *v1.Selector `json:"parentSelector,omitempty" tf:"-"` // Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - // The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + // The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). // +kubebuilder:validation:Optional ShortName *string `json:"shortName,omitempty" tf:"short_name,omitempty"` } diff --git a/examples-generated/tags/v1beta1/tagbinding.yaml b/examples-generated/tags/v1beta1/tagbinding.yaml index f0f58aba2..a999f5940 100644 --- a/examples-generated/tags/v1beta1/tagbinding.yaml +++ b/examples-generated/tags/v1beta1/tagbinding.yaml @@ -25,6 +25,7 @@ metadata: name: project spec: forProvider: + deletionPolicy: DELETE name: project_id orgId: "123456789" projectId: project_id diff --git a/package/crds/tags.gcp.upbound.io_tagvalues.yaml b/package/crds/tags.gcp.upbound.io_tagvalues.yaml index 21ecf5133..82fb121c9 100644 --- a/package/crds/tags.gcp.upbound.io_tagvalues.yaml +++ b/package/crds/tags.gcp.upbound.io_tagvalues.yaml @@ -158,7 +158,7 @@ spec: shortName: description: |- Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). type: string type: object initProvider: @@ -259,7 +259,7 @@ spec: shortName: description: |- Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). type: string type: object managementPolicies: @@ -465,7 +465,7 @@ spec: shortName: description: |- Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). type: string updateTime: description: |- From 2f519c595491161d31522bb376be46eb0c1b3950 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:38:14 +0100 Subject: [PATCH 23/47] vpcaccess: doc and test updates only Signed-off-by: Rickard von Essen --- apis/vpcaccess/v1beta2/zz_connector_types.go | 21 ++++++++----------- .../vpcaccess/v1beta2/connector.yaml | 2 ++ examples/vpcaccess/v1beta2/connector.yaml | 2 ++ .../vpcaccess.gcp.upbound.io_connectors.yaml | 21 ++++++++----------- 4 files changed, 22 insertions(+), 24 deletions(-) diff --git a/apis/vpcaccess/v1beta2/zz_connector_types.go b/apis/vpcaccess/v1beta2/zz_connector_types.go index 2466ee1af..0fcd2efe7 100755 --- a/apis/vpcaccess/v1beta2/zz_connector_types.go +++ b/apis/vpcaccess/v1beta2/zz_connector_types.go @@ -27,8 +27,7 @@ type ConnectorInitParameters struct { // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput // when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by - // min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of - // max_throughput is discouraged in favor of max_instances. + // min_throughput. Only one of max_throughput and max_instances can be specified. The use of max_throughput is discouraged in favor of max_instances. MaxThroughput *float64 `json:"maxThroughput,omitempty" tf:"max_throughput,omitempty"` // Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be @@ -36,8 +35,8 @@ type ConnectorInitParameters struct { MinInstances *float64 `json:"minInstances,omitempty" tf:"min_instances,omitempty"` // Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. - // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and - // min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. + // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. + // Only one of min_throughput and min_instances can be specified. The use of min_throughput is discouraged in favor of min_instances. MinThroughput *float64 `json:"minThroughput,omitempty" tf:"min_throughput,omitempty"` // Name or self_link of the VPC network. Required if ip_cidr_range is set. @@ -81,8 +80,7 @@ type ConnectorObservation struct { // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput // when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by - // min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of - // max_throughput is discouraged in favor of max_instances. + // min_throughput. Only one of max_throughput and max_instances can be specified. The use of max_throughput is discouraged in favor of max_instances. MaxThroughput *float64 `json:"maxThroughput,omitempty" tf:"max_throughput,omitempty"` // Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be @@ -90,8 +88,8 @@ type ConnectorObservation struct { MinInstances *float64 `json:"minInstances,omitempty" tf:"min_instances,omitempty"` // Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. - // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and - // min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. + // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. + // Only one of min_throughput and min_instances can be specified. The use of min_throughput is discouraged in favor of min_instances. MinThroughput *float64 `json:"minThroughput,omitempty" tf:"min_throughput,omitempty"` // Name or self_link of the VPC network. Required if ip_cidr_range is set. @@ -132,8 +130,7 @@ type ConnectorParameters struct { // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput // when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by - // min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of - // max_throughput is discouraged in favor of max_instances. + // min_throughput. Only one of max_throughput and max_instances can be specified. The use of max_throughput is discouraged in favor of max_instances. // +kubebuilder:validation:Optional MaxThroughput *float64 `json:"maxThroughput,omitempty" tf:"max_throughput,omitempty"` @@ -143,8 +140,8 @@ type ConnectorParameters struct { MinInstances *float64 `json:"minInstances,omitempty" tf:"min_instances,omitempty"` // Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. - // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and - // min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. + // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. + // Only one of min_throughput and min_instances can be specified. The use of min_throughput is discouraged in favor of min_instances. // +kubebuilder:validation:Optional MinThroughput *float64 `json:"minThroughput,omitempty" tf:"min_throughput,omitempty"` diff --git a/examples-generated/vpcaccess/v1beta2/connector.yaml b/examples-generated/vpcaccess/v1beta2/connector.yaml index 55b5505f6..89d774d42 100644 --- a/examples-generated/vpcaccess/v1beta2/connector.yaml +++ b/examples-generated/vpcaccess/v1beta2/connector.yaml @@ -9,6 +9,8 @@ metadata: spec: forProvider: ipCidrRange: 10.8.0.0/28 + maxInstances: 3 + minInstances: 2 networkSelector: matchLabels: testing.upbound.io/example-name: example diff --git a/examples/vpcaccess/v1beta2/connector.yaml b/examples/vpcaccess/v1beta2/connector.yaml index 55b5505f6..89d774d42 100644 --- a/examples/vpcaccess/v1beta2/connector.yaml +++ b/examples/vpcaccess/v1beta2/connector.yaml @@ -9,6 +9,8 @@ metadata: spec: forProvider: ipCidrRange: 10.8.0.0/28 + maxInstances: 3 + minInstances: 2 networkSelector: matchLabels: testing.upbound.io/example-name: example diff --git a/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml b/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml index 79909ec9c..4556631b0 100644 --- a/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml +++ b/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml @@ -871,8 +871,7 @@ spec: description: |- Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by - min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of - max_throughput is discouraged in favor of max_instances. + min_throughput. Only one of max_throughput and max_instances can be specified. The use of max_throughput is discouraged in favor of max_instances. type: number minInstances: description: |- @@ -882,8 +881,8 @@ spec: minThroughput: description: |- Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. - Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and - min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. + Only one of min_throughput and min_instances can be specified. The use of min_throughput is discouraged in favor of min_instances. type: number network: description: Name or self_link of the VPC network. Required if @@ -1097,8 +1096,7 @@ spec: description: |- Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by - min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of - max_throughput is discouraged in favor of max_instances. + min_throughput. Only one of max_throughput and max_instances can be specified. The use of max_throughput is discouraged in favor of max_instances. type: number minInstances: description: |- @@ -1108,8 +1106,8 @@ spec: minThroughput: description: |- Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. - Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and - min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. + Only one of min_throughput and min_instances can be specified. The use of min_throughput is discouraged in favor of min_instances. type: number network: description: Name or self_link of the VPC network. Required if @@ -1484,8 +1482,7 @@ spec: description: |- Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by - min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of - max_throughput is discouraged in favor of max_instances. + min_throughput. Only one of max_throughput and max_instances can be specified. The use of max_throughput is discouraged in favor of max_instances. type: number minInstances: description: |- @@ -1495,8 +1492,8 @@ spec: minThroughput: description: |- Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. - Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and - min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. + Only one of min_throughput and min_instances can be specified. The use of min_throughput is discouraged in favor of min_instances. type: number network: description: Name or self_link of the VPC network. Required if From 00c0909c32e8671db0f5e5fcefb18017528f2dce Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 15:42:59 +0100 Subject: [PATCH 24/47] workflows: added deletionProtection Signed-off-by: Rickard von Essen --- apis/workflows/v1beta1/zz_generated.deepcopy.go | 15 +++++++++++++++ apis/workflows/v1beta1/zz_workflow_types.go | 13 +++++++++++++ .../workflows/v1beta1/workflow.yaml | 1 + examples/workflows/v1beta1/workflow.yaml | 1 + .../crds/workflows.gcp.upbound.io_workflows.yaml | 15 +++++++++++++++ 5 files changed, 45 insertions(+) diff --git a/apis/workflows/v1beta1/zz_generated.deepcopy.go b/apis/workflows/v1beta1/zz_generated.deepcopy.go index cfc1cf3c2..a8912971a 100644 --- a/apis/workflows/v1beta1/zz_generated.deepcopy.go +++ b/apis/workflows/v1beta1/zz_generated.deepcopy.go @@ -53,6 +53,11 @@ func (in *WorkflowInitParameters) DeepCopyInto(out *WorkflowInitParameters) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -192,6 +197,11 @@ func (in *WorkflowObservation) DeepCopyInto(out *WorkflowObservation) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -336,6 +346,11 @@ func (in *WorkflowParameters) DeepCopyInto(out *WorkflowParameters) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/workflows/v1beta1/zz_workflow_types.go b/apis/workflows/v1beta1/zz_workflow_types.go index 8f25cdc77..2a4e8b209 100755 --- a/apis/workflows/v1beta1/zz_workflow_types.go +++ b/apis/workflows/v1beta1/zz_workflow_types.go @@ -25,6 +25,10 @@ type WorkflowInitParameters struct { // Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} CryptoKeyName *string `json:"cryptoKeyName,omitempty" tf:"crypto_key_name,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the workflow is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Description of the workflow provided by the user. Must be at most 1000 unicode characters long. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -88,6 +92,10 @@ type WorkflowObservation struct { // Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} CryptoKeyName *string `json:"cryptoKeyName,omitempty" tf:"crypto_key_name,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the workflow is allowed. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Description of the workflow provided by the user. Must be at most 1000 unicode characters long. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -161,6 +169,11 @@ type WorkflowParameters struct { // +kubebuilder:validation:Optional CryptoKeyName *string `json:"cryptoKeyName,omitempty" tf:"crypto_key_name,omitempty"` + // Defaults to true. + // When the field is set to false, deleting the workflow is allowed. + // +kubebuilder:validation:Optional + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Description of the workflow provided by the user. Must be at most 1000 unicode characters long. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/examples-generated/workflows/v1beta1/workflow.yaml b/examples-generated/workflows/v1beta1/workflow.yaml index 6b0828788..eab9b410c 100644 --- a/examples-generated/workflows/v1beta1/workflow.yaml +++ b/examples-generated/workflows/v1beta1/workflow.yaml @@ -9,6 +9,7 @@ metadata: spec: forProvider: callLogLevel: LOG_ERRORS_ONLY + deletionProtection: false description: Magic labels: env: test diff --git a/examples/workflows/v1beta1/workflow.yaml b/examples/workflows/v1beta1/workflow.yaml index 4a6d01df2..1fade5c10 100644 --- a/examples/workflows/v1beta1/workflow.yaml +++ b/examples/workflows/v1beta1/workflow.yaml @@ -12,6 +12,7 @@ metadata: name: example spec: forProvider: + deletionProtection: false description: Magic name: workflow region: us-central1 diff --git a/package/crds/workflows.gcp.upbound.io_workflows.yaml b/package/crds/workflows.gcp.upbound.io_workflows.yaml index 42142cd73..e28e1cbca 100644 --- a/package/crds/workflows.gcp.upbound.io_workflows.yaml +++ b/package/crds/workflows.gcp.upbound.io_workflows.yaml @@ -85,6 +85,11 @@ spec: The KMS key used to encrypt workflow and execution data. Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} type: string + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the workflow is allowed. + type: boolean description: description: Description of the workflow provided by the user. Must be at most 1000 unicode characters long. @@ -236,6 +241,11 @@ spec: The KMS key used to encrypt workflow and execution data. Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} type: string + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the workflow is allowed. + type: boolean description: description: Description of the workflow provided by the user. Must be at most 1000 unicode characters long. @@ -551,6 +561,11 @@ spec: The KMS key used to encrypt workflow and execution data. Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} type: string + deletionProtection: + description: |- + Defaults to true. + When the field is set to false, deleting the workflow is allowed. + type: boolean description: description: Description of the workflow provided by the user. Must be at most 1000 unicode characters long. From 3b9dd1c64986c9699a25e6196d115d256edfe500 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:19:46 +0100 Subject: [PATCH 25/47] Doc updates only Signed-off-by: Rickard von Essen --- .../v1beta2/zz_accesslevel_types.go | 6 +- .../v1beta2/zz_serviceperimeter_types.go | 96 +++++++++++------- .../v1beta2/zz_workflowtemplate_types.go | 62 ++++++------ apis/healthcare/v1beta1/zz_dataset_types.go | 6 +- ...xtmanager.gcp.upbound.io_accesslevels.yaml | 12 +-- ...ager.gcp.upbound.io_serviceperimeters.yaml | 96 +++++++++++------- ....io_networkfirewallpolicyassociations.yaml | 16 ++- .../crds/compute.gcp.upbound.io_networks.yaml | 7 +- ...gionnetworkfirewallpolicyassociations.yaml | 16 ++- ...proc.gcp.upbound.io_workflowtemplates.yaml | 99 ++++++++++--------- .../healthcare.gcp.upbound.io_datasets.yaml | 6 +- 11 files changed, 247 insertions(+), 175 deletions(-) diff --git a/apis/accesscontextmanager/v1beta2/zz_accesslevel_types.go b/apis/accesscontextmanager/v1beta2/zz_accesslevel_types.go index 9cfb05408..ef2704a1f 100755 --- a/apis/accesscontextmanager/v1beta2/zz_accesslevel_types.go +++ b/apis/accesscontextmanager/v1beta2/zz_accesslevel_types.go @@ -555,7 +555,7 @@ type VPCSubnetworkInitParameters struct { // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. Network *string `json:"network,omitempty" tf:"network,omitempty"` - // CIDR block IP subnetwork specification. Must be IPv4. + // A list of CIDR block IP subnetwork specification. Must be IPv4. VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` } @@ -564,7 +564,7 @@ type VPCSubnetworkObservation struct { // Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller. Network *string `json:"network,omitempty" tf:"network,omitempty"` - // CIDR block IP subnetwork specification. Must be IPv4. + // A list of CIDR block IP subnetwork specification. Must be IPv4. VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` } @@ -574,7 +574,7 @@ type VPCSubnetworkParameters struct { // +kubebuilder:validation:Optional Network *string `json:"network" tf:"network,omitempty"` - // CIDR block IP subnetwork specification. Must be IPv4. + // A list of CIDR block IP subnetwork specification. Must be IPv4. // +kubebuilder:validation:Optional VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"` } diff --git a/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go b/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go index c519a5e1e..bc7485829 100755 --- a/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go +++ b/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go @@ -15,9 +15,11 @@ import ( type EgressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -38,9 +40,11 @@ type EgressFromInitParameters struct { type EgressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -61,9 +65,11 @@ type EgressFromObservation struct { type EgressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -128,9 +134,11 @@ type EgressFromSourcesParameters struct { type EgressPoliciesEgressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -151,9 +159,11 @@ type EgressPoliciesEgressFromInitParameters struct { type EgressPoliciesEgressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -174,9 +184,11 @@ type EgressPoliciesEgressFromObservation struct { type EgressPoliciesEgressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -450,9 +462,11 @@ type EgressToParameters struct { type IngressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -469,9 +483,11 @@ type IngressFromInitParameters struct { type IngressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -488,9 +504,11 @@ type IngressFromObservation struct { type IngressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -584,9 +602,11 @@ type IngressFromSourcesParameters struct { type IngressPoliciesIngressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -603,9 +623,11 @@ type IngressPoliciesIngressFromInitParameters struct { type IngressPoliciesIngressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -622,9 +644,11 @@ type IngressPoliciesIngressFromObservation struct { type IngressPoliciesIngressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // Identities can be an individual user, service account, Google group, + // or third-party identity. For third-party identity, only single identities + // are supported and other identity types are not supported.The v1 identities + // that have the prefix user, group and serviceAccount in + // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` diff --git a/apis/dataproc/v1beta2/zz_workflowtemplate_types.go b/apis/dataproc/v1beta2/zz_workflowtemplate_types.go index 63b878cb2..0539e64b5 100755 --- a/apis/dataproc/v1beta2/zz_workflowtemplate_types.go +++ b/apis/dataproc/v1beta2/zz_workflowtemplate_types.go @@ -111,7 +111,7 @@ type ConfigGceClusterConfigInitParameters struct { // If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This internal_ip_only restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses. InternalIPOnly *bool `json:"internalIpOnly,omitempty" tf:"internal_ip_only,omitempty"` - // The Compute Engine metadata entries to add to all instances (see (https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + // The Compute Engine metadata entries to add to all instances (see About VM metadata). // +mapType=granular Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` @@ -139,7 +139,7 @@ type ConfigGceClusterConfigInitParameters struct { // The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * https://www.googleapis.com/compute/v1/projects//regions/us-east1/subnetworks/sub0 * sub0 Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` - // The Compute Engine tags to add to all instances (see (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + // The Compute Engine tags to add to all instances (see Manage tags for resources). // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` @@ -152,7 +152,7 @@ type ConfigGceClusterConfigObservation struct { // If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This internal_ip_only restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses. InternalIPOnly *bool `json:"internalIpOnly,omitempty" tf:"internal_ip_only,omitempty"` - // The Compute Engine metadata entries to add to all instances (see (https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + // The Compute Engine metadata entries to add to all instances (see About VM metadata). // +mapType=granular Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` @@ -180,7 +180,7 @@ type ConfigGceClusterConfigObservation struct { // The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * https://www.googleapis.com/compute/v1/projects//regions/us-east1/subnetworks/sub0 * sub0 Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` - // The Compute Engine tags to add to all instances (see (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + // The Compute Engine tags to add to all instances (see Manage tags for resources). // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` @@ -194,7 +194,7 @@ type ConfigGceClusterConfigParameters struct { // +kubebuilder:validation:Optional InternalIPOnly *bool `json:"internalIpOnly,omitempty" tf:"internal_ip_only,omitempty"` - // The Compute Engine metadata entries to add to all instances (see (https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + // The Compute Engine metadata entries to add to all instances (see About VM metadata). // +kubebuilder:validation:Optional // +mapType=granular Metadata map[string]*string `json:"metadata,omitempty" tf:"metadata,omitempty"` @@ -231,7 +231,7 @@ type ConfigGceClusterConfigParameters struct { // +kubebuilder:validation:Optional Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` - // The Compute Engine tags to add to all instances (see (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + // The Compute Engine tags to add to all instances (see Manage tags for resources). // +kubebuilder:validation:Optional // +listType=set Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` @@ -243,42 +243,42 @@ type ConfigGceClusterConfigParameters struct { type ConfigLifecycleConfigInitParameters struct { - // The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + // The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3)). AutoDeleteTTL *string `json:"autoDeleteTtl,omitempty" tf:"auto_delete_ttl,omitempty"` - // The time when cluster will be auto-deleted (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + // The time when cluster will be auto-deleted (see JSON representation of JSON Mapping - Language Guide (proto 3)). AutoDeleteTime *string `json:"autoDeleteTime,omitempty" tf:"auto_delete_time,omitempty"` - // The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json). + // The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3). IdleDeleteTTL *string `json:"idleDeleteTtl,omitempty" tf:"idle_delete_ttl,omitempty"` } type ConfigLifecycleConfigObservation struct { - // The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + // The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3)). AutoDeleteTTL *string `json:"autoDeleteTtl,omitempty" tf:"auto_delete_ttl,omitempty"` - // The time when cluster will be auto-deleted (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + // The time when cluster will be auto-deleted (see JSON representation of JSON Mapping - Language Guide (proto 3)). AutoDeleteTime *string `json:"autoDeleteTime,omitempty" tf:"auto_delete_time,omitempty"` - // The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json). + // The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3). IdleDeleteTTL *string `json:"idleDeleteTtl,omitempty" tf:"idle_delete_ttl,omitempty"` - // Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + // Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of JSON Mapping - Language Guide (proto 3)). IdleStartTime *string `json:"idleStartTime,omitempty" tf:"idle_start_time,omitempty"` } type ConfigLifecycleConfigParameters struct { - // The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + // The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3)). // +kubebuilder:validation:Optional AutoDeleteTTL *string `json:"autoDeleteTtl,omitempty" tf:"auto_delete_ttl,omitempty"` - // The time when cluster will be auto-deleted (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + // The time when cluster will be auto-deleted (see JSON representation of JSON Mapping - Language Guide (proto 3)). // +kubebuilder:validation:Optional AutoDeleteTime *string `json:"autoDeleteTime,omitempty" tf:"auto_delete_time,omitempty"` - // The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json). + // The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3). // +kubebuilder:validation:Optional IdleDeleteTTL *string `json:"idleDeleteTtl,omitempty" tf:"idle_delete_ttl,omitempty"` } @@ -365,7 +365,7 @@ type ConfigMasterConfigInitParameters struct { // The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * https://www.googleapis.com/compute/v1/projects/(https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, n1-standard-2`. MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` // The number of VM instances in the instance group. For master instance groups, must be set to 1. @@ -398,7 +398,7 @@ type ConfigMasterConfigObservation struct { // Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. ManagedGroupConfig []ManagedGroupConfigObservation `json:"managedGroupConfig,omitempty" tf:"managed_group_config,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` // The number of VM instances in the instance group. For master instance groups, must be set to 1. @@ -426,7 +426,7 @@ type ConfigMasterConfigParameters struct { // +kubebuilder:validation:Optional MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. // +kubebuilder:validation:Optional MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` @@ -453,7 +453,7 @@ type ConfigSecondaryWorkerConfigInitParameters struct { // The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * https://www.googleapis.com/compute/v1/projects/(https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, n1-standard-2`. MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` // The number of VM instances in the instance group. For master instance groups, must be set to 1. @@ -486,7 +486,7 @@ type ConfigSecondaryWorkerConfigObservation struct { // Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. ManagedGroupConfig []SecondaryWorkerConfigManagedGroupConfigObservation `json:"managedGroupConfig,omitempty" tf:"managed_group_config,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` // The number of VM instances in the instance group. For master instance groups, must be set to 1. @@ -514,7 +514,7 @@ type ConfigSecondaryWorkerConfigParameters struct { // +kubebuilder:validation:Optional MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. // +kubebuilder:validation:Optional MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` @@ -670,7 +670,7 @@ type ConfigWorkerConfigInitParameters struct { // The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * https://www.googleapis.com/compute/v1/projects/(https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, n1-standard-2`. MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` // The number of VM instances in the instance group. For master instance groups, must be set to 1. @@ -703,7 +703,7 @@ type ConfigWorkerConfigObservation struct { // Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups. ManagedGroupConfig []WorkerConfigManagedGroupConfigObservation `json:"managedGroupConfig,omitempty" tf:"managed_group_config,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` // The number of VM instances in the instance group. For master instance groups, must be set to 1. @@ -731,7 +731,7 @@ type ConfigWorkerConfigParameters struct { // +kubebuilder:validation:Optional MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + // Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. // +kubebuilder:validation:Optional MinCPUPlatform *string `json:"minCpuPlatform,omitempty" tf:"min_cpu_platform,omitempty"` @@ -1035,7 +1035,7 @@ type InitializationActionsInitParameters struct { // Required. Cloud Storage URI of executable file. ExecutableFile *string `json:"executableFile,omitempty" tf:"executable_file,omitempty"` - // Amount of time executable has to complete. Default is 10 minutes (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. + // Amount of time executable has to complete. Default is 10 minutes (see JSON representation of JSON Mapping - Language Guide (proto 3)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. ExecutionTimeout *string `json:"executionTimeout,omitempty" tf:"execution_timeout,omitempty"` } @@ -1044,7 +1044,7 @@ type InitializationActionsObservation struct { // Required. Cloud Storage URI of executable file. ExecutableFile *string `json:"executableFile,omitempty" tf:"executable_file,omitempty"` - // Amount of time executable has to complete. Default is 10 minutes (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. + // Amount of time executable has to complete. Default is 10 minutes (see JSON representation of JSON Mapping - Language Guide (proto 3)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. ExecutionTimeout *string `json:"executionTimeout,omitempty" tf:"execution_timeout,omitempty"` } @@ -1054,7 +1054,7 @@ type InitializationActionsParameters struct { // +kubebuilder:validation:Optional ExecutableFile *string `json:"executableFile,omitempty" tf:"executable_file,omitempty"` - // Amount of time executable has to complete. Default is 10 minutes (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. + // Amount of time executable has to complete. Default is 10 minutes (see JSON representation of JSON Mapping - Language Guide (proto 3)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. // +kubebuilder:validation:Optional ExecutionTimeout *string `json:"executionTimeout,omitempty" tf:"execution_timeout,omitempty"` } @@ -1252,7 +1252,7 @@ type ManagedClusterConfigInitParameters struct { // The config settings for software inside the cluster. SoftwareConfig *ConfigSoftwareConfigInitParameters `json:"softwareConfig,omitempty" tf:"software_config,omitempty"` - // A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). + // A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging and temp buckets). StagingBucket *string `json:"stagingBucket,omitempty" tf:"staging_bucket,omitempty"` // A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. @@ -1294,7 +1294,7 @@ type ManagedClusterConfigObservation struct { // The config settings for software inside the cluster. SoftwareConfig *ConfigSoftwareConfigObservation `json:"softwareConfig,omitempty" tf:"software_config,omitempty"` - // A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). + // A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging and temp buckets). StagingBucket *string `json:"stagingBucket,omitempty" tf:"staging_bucket,omitempty"` // A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. @@ -1346,7 +1346,7 @@ type ManagedClusterConfigParameters struct { // +kubebuilder:validation:Optional SoftwareConfig *ConfigSoftwareConfigParameters `json:"softwareConfig,omitempty" tf:"software_config,omitempty"` - // A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). + // A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging and temp buckets). // +kubebuilder:validation:Optional StagingBucket *string `json:"stagingBucket,omitempty" tf:"staging_bucket,omitempty"` diff --git a/apis/healthcare/v1beta1/zz_dataset_types.go b/apis/healthcare/v1beta1/zz_dataset_types.go index f68cf8a0b..eaba365d3 100755 --- a/apis/healthcare/v1beta1/zz_dataset_types.go +++ b/apis/healthcare/v1beta1/zz_dataset_types.go @@ -15,7 +15,7 @@ import ( type DatasetInitParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. EncryptionSpec *EncryptionSpecInitParameters `json:"encryptionSpec,omitempty" tf:"encryption_spec,omitempty"` @@ -37,7 +37,7 @@ type DatasetInitParameters struct { type DatasetObservation struct { - // A nested object resource + // A nested object resource. // Structure is documented below. EncryptionSpec *EncryptionSpecObservation `json:"encryptionSpec,omitempty" tf:"encryption_spec,omitempty"` @@ -65,7 +65,7 @@ type DatasetObservation struct { type DatasetParameters struct { - // A nested object resource + // A nested object resource. // Structure is documented below. // +kubebuilder:validation:Optional EncryptionSpec *EncryptionSpecParameters `json:"encryptionSpec,omitempty" tf:"encryption_spec,omitempty"` diff --git a/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml b/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml index 59324798e..b252cebc7 100644 --- a/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml +++ b/package/crds/accesscontextmanager.gcp.upbound.io_accesslevels.yaml @@ -1216,8 +1216,8 @@ spec: permission to be granted to caller. type: string vpcIpSubnetworks: - description: CIDR block IP subnetwork specification. - Must be IPv4. + description: A list of CIDR block IP subnetwork + specification. Must be IPv4. items: type: string type: array @@ -1442,8 +1442,8 @@ spec: permission to be granted to caller. type: string vpcIpSubnetworks: - description: CIDR block IP subnetwork specification. - Must be IPv4. + description: A list of CIDR block IP subnetwork + specification. Must be IPv4. items: type: string type: array @@ -1840,8 +1840,8 @@ spec: permission to be granted to caller. type: string vpcIpSubnetworks: - description: CIDR block IP subnetwork specification. - Must be IPv4. + description: A list of CIDR block IP subnetwork + specification. Must be IPv4. items: type: string type: array diff --git a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml index cf91e0d8c..e007fe9ce 100644 --- a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml +++ b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml @@ -3035,9 +3035,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -3155,9 +3157,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -3414,9 +3418,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -3534,9 +3540,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -3934,9 +3942,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -4054,9 +4064,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -4313,9 +4325,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -4433,9 +4447,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -4932,9 +4948,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -5052,9 +5070,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -5232,9 +5252,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array @@ -5352,9 +5374,11 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. items: type: string type: array diff --git a/package/crds/compute.gcp.upbound.io_networkfirewallpolicyassociations.yaml b/package/crds/compute.gcp.upbound.io_networkfirewallpolicyassociations.yaml index 9e5448c55..5c7ee2f8e 100644 --- a/package/crds/compute.gcp.upbound.io_networkfirewallpolicyassociations.yaml +++ b/package/crds/compute.gcp.upbound.io_networkfirewallpolicyassociations.yaml @@ -152,7 +152,7 @@ spec: type: object type: object firewallPolicy: - description: The firewall policy ID of the association. + description: The firewall policy of the resource. type: string firewallPolicyRef: description: Reference to a NetworkFirewallPolicy in compute to @@ -231,7 +231,9 @@ spec: type: object type: object project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string type: object initProvider: @@ -325,7 +327,9 @@ spec: type: object type: object project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string type: object managementPolicies: @@ -505,13 +509,15 @@ spec: description: The target that the firewall policy is attached to. type: string firewallPolicy: - description: The firewall policy ID of the association. + description: The firewall policy of the resource. type: string id: description: an identifier for the resource with format projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/associations/{{name}} type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string shortName: description: The short name of the firewall policy of the association. diff --git a/package/crds/compute.gcp.upbound.io_networks.yaml b/package/crds/compute.gcp.upbound.io_networks.yaml index 454e55cd9..a32a69fda 100644 --- a/package/crds/compute.gcp.upbound.io_networks.yaml +++ b/package/crds/compute.gcp.upbound.io_networks.yaml @@ -431,10 +431,15 @@ spec: Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL. type: string - numericId: + networkId: description: The unique identifier for the resource. This identifier is defined by the server. type: string + numericId: + description: |- + (Deprecated) + The unique identifier for the resource. This identifier is defined by the server. + type: string project: description: |- The ID of the project in which the resource belongs. diff --git a/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicyassociations.yaml b/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicyassociations.yaml index 5d37c0b37..7f5f8f314 100644 --- a/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicyassociations.yaml +++ b/package/crds/compute.gcp.upbound.io_regionnetworkfirewallpolicyassociations.yaml @@ -153,7 +153,7 @@ spec: type: object type: object firewallPolicy: - description: The firewall policy ID of the association. + description: The firewall policy of the resource. type: string firewallPolicyRef: description: Reference to a RegionNetworkFirewallPolicy in compute @@ -232,7 +232,9 @@ spec: type: object type: object project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string region: description: The location of this resource. @@ -329,7 +331,9 @@ spec: type: object type: object project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string type: object managementPolicies: @@ -509,13 +513,15 @@ spec: description: The target that the firewall policy is attached to. type: string firewallPolicy: - description: The firewall policy ID of the association. + description: The firewall policy of the resource. type: string id: description: an identifier for the resource with format projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/associations/{{name}} type: string project: - description: The project for the resource + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. type: string region: description: The location of this resource. diff --git a/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml b/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml index d2fb2ff84..637c93aa7 100644 --- a/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml +++ b/package/crds/dataproc.gcp.upbound.io_workflowtemplates.yaml @@ -5517,7 +5517,7 @@ spec: additionalProperties: type: string description: The Compute Engine metadata entries - to add to all instances (see (https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + to add to all instances (see About VM metadata). type: object x-kubernetes-map-type: granular network: @@ -5608,7 +5608,7 @@ spec: type: string tags: description: The Compute Engine tags to add to - all instances (see (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + all instances (see Manage tags for resources). items: type: string type: array @@ -5644,12 +5644,12 @@ spec: executionTimeout: description: Amount of time executable has to complete. Default is 10 minutes (see JSON - representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory - error message (the name of the executable - that caused the error and the exceeded timeout - period) if the executable is not completed - at end of the timeout period. + representation of JSON Mapping - Language + Guide (proto 3)). Cluster creation fails with + an explanatory error message (the name of + the executable that caused the error and the + exceeded timeout period) if the executable + is not completed at end of the timeout period. type: string type: object type: array @@ -5658,14 +5658,15 @@ spec: properties: autoDeleteTime: description: The time when cluster will be auto-deleted - (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + (see JSON representation of JSON Mapping - Language + Guide (proto 3)). type: string autoDeleteTtl: description: The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation - of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + of JSON Mapping - Language Guide (proto 3)). type: string idleDeleteTtl: description: The duration to keep the cluster @@ -5673,7 +5674,7 @@ spec: Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of - (https://developers.google.com/protocol-buffers/docs/proto3#json). + JSON Mapping - Language Guide (proto 3). type: string type: object masterConfig: @@ -5741,7 +5742,7 @@ spec: type: string minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -5822,7 +5823,7 @@ spec: type: string minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -5968,7 +5969,8 @@ spec: (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage - this project-level, per-location bucket (see (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). + this project-level, per-location bucket (see Dataproc + staging and temp buckets). type: string tempBucket: description: A Cloud Storage bucket used to store @@ -6047,7 +6049,7 @@ spec: type: string minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -6800,7 +6802,7 @@ spec: additionalProperties: type: string description: The Compute Engine metadata entries - to add to all instances (see (https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + to add to all instances (see About VM metadata). type: object x-kubernetes-map-type: granular network: @@ -6891,7 +6893,7 @@ spec: type: string tags: description: The Compute Engine tags to add to - all instances (see (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + all instances (see Manage tags for resources). items: type: string type: array @@ -6927,12 +6929,12 @@ spec: executionTimeout: description: Amount of time executable has to complete. Default is 10 minutes (see JSON - representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory - error message (the name of the executable - that caused the error and the exceeded timeout - period) if the executable is not completed - at end of the timeout period. + representation of JSON Mapping - Language + Guide (proto 3)). Cluster creation fails with + an explanatory error message (the name of + the executable that caused the error and the + exceeded timeout period) if the executable + is not completed at end of the timeout period. type: string type: object type: array @@ -6941,14 +6943,15 @@ spec: properties: autoDeleteTime: description: The time when cluster will be auto-deleted - (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + (see JSON representation of JSON Mapping - Language + Guide (proto 3)). type: string autoDeleteTtl: description: The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation - of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + of JSON Mapping - Language Guide (proto 3)). type: string idleDeleteTtl: description: The duration to keep the cluster @@ -6956,7 +6959,7 @@ spec: Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of - (https://developers.google.com/protocol-buffers/docs/proto3#json). + JSON Mapping - Language Guide (proto 3). type: string type: object masterConfig: @@ -7024,7 +7027,7 @@ spec: type: string minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -7105,7 +7108,7 @@ spec: type: string minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -7251,7 +7254,8 @@ spec: (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage - this project-level, per-location bucket (see (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). + this project-level, per-location bucket (see Dataproc + staging and temp buckets). type: string tempBucket: description: A Cloud Storage bucket used to store @@ -7330,7 +7334,7 @@ spec: type: string minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -8271,7 +8275,7 @@ spec: additionalProperties: type: string description: The Compute Engine metadata entries - to add to all instances (see (https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + to add to all instances (see About VM metadata). type: object x-kubernetes-map-type: granular network: @@ -8362,7 +8366,7 @@ spec: type: string tags: description: The Compute Engine tags to add to - all instances (see (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + all instances (see Manage tags for resources). items: type: string type: array @@ -8398,12 +8402,12 @@ spec: executionTimeout: description: Amount of time executable has to complete. Default is 10 minutes (see JSON - representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory - error message (the name of the executable - that caused the error and the exceeded timeout - period) if the executable is not completed - at end of the timeout period. + representation of JSON Mapping - Language + Guide (proto 3)). Cluster creation fails with + an explanatory error message (the name of + the executable that caused the error and the + exceeded timeout period) if the executable + is not completed at end of the timeout period. type: string type: object type: array @@ -8412,14 +8416,15 @@ spec: properties: autoDeleteTime: description: The time when cluster will be auto-deleted - (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + (see JSON representation of JSON Mapping - Language + Guide (proto 3)). type: string autoDeleteTtl: description: The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation - of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + of JSON Mapping - Language Guide (proto 3)). type: string idleDeleteTtl: description: The duration to keep the cluster @@ -8427,13 +8432,14 @@ spec: Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of - (https://developers.google.com/protocol-buffers/docs/proto3#json). + JSON Mapping - Language Guide (proto 3). type: string idleStartTime: description: Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON - representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + representation of JSON Mapping - Language Guide + (proto 3)). type: string type: object masterConfig: @@ -8543,7 +8549,7 @@ spec: type: array minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -8666,7 +8672,7 @@ spec: type: array minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the @@ -8812,7 +8818,8 @@ spec: (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage - this project-level, per-location bucket (see (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). + this project-level, per-location bucket (see Dataproc + staging and temp buckets). type: string tempBucket: description: A Cloud Storage bucket used to store @@ -8933,7 +8940,7 @@ spec: type: array minCpuPlatform: description: Specifies the minimum cpu platform - for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + for the Instance Group. See Minimum CPU platform. type: string numInstances: description: The number of VM instances in the diff --git a/package/crds/healthcare.gcp.upbound.io_datasets.yaml b/package/crds/healthcare.gcp.upbound.io_datasets.yaml index 0aa96876a..9a983081c 100644 --- a/package/crds/healthcare.gcp.upbound.io_datasets.yaml +++ b/package/crds/healthcare.gcp.upbound.io_datasets.yaml @@ -74,7 +74,7 @@ spec: properties: encryptionSpec: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: kmsKeyName: @@ -192,7 +192,7 @@ spec: properties: encryptionSpec: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: kmsKeyName: @@ -478,7 +478,7 @@ spec: properties: encryptionSpec: description: |- - A nested object resource + A nested object resource. Structure is documented below. properties: kmsKeyName: From 1ebf9f826d238bb99b100b50388aa83f2ee055ac Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:36:39 +0100 Subject: [PATCH 26/47] alloydb: multiple changes Signed-off-by: Rickard von Essen --- apis/alloydb/v1beta2/zz_cluster_types.go | 74 ++++--- apis/alloydb/v1beta2/zz_generated.deepcopy.go | 148 ++++++++++--- .../alloydb/v1beta2/zz_generated.resolvers.go | 38 ---- apis/alloydb/v1beta2/zz_instance_types.go | 15 ++ .../crds/alloydb.gcp.upbound.io_clusters.yaml | 202 ++++-------------- .../alloydb.gcp.upbound.io_instances.yaml | 17 ++ 6 files changed, 225 insertions(+), 269 deletions(-) diff --git a/apis/alloydb/v1beta2/zz_cluster_types.go b/apis/alloydb/v1beta2/zz_cluster_types.go index 0bf45c33e..9b462b484 100755 --- a/apis/alloydb/v1beta2/zz_cluster_types.go +++ b/apis/alloydb/v1beta2/zz_cluster_types.go @@ -214,6 +214,7 @@ type ClusterInitParameters struct { // Policy to determine if the cluster should be deleted forcefully. // Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. // Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + // Possible values: DEFAULT, FORCE DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` // User-settable and human-readable display name for the Cluster. @@ -240,24 +241,10 @@ type ClusterInitParameters struct { // Structure is documented below. MaintenanceUpdatePolicy *MaintenanceUpdatePolicyInitParameters `json:"maintenanceUpdatePolicy,omitempty" tf:"maintenance_update_policy,omitempty"` - // The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - // "projects/{projectNumber}/global/networks/{network_id}". - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() - Network *string `json:"network,omitempty" tf:"network,omitempty"` - // Metadata related to network configuration. // Structure is documented below. NetworkConfig *NetworkConfigInitParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` - // Reference to a Network in compute to populate network. - // +kubebuilder:validation:Optional - NetworkRef *v1.Reference `json:"networkRef,omitempty" tf:"-"` - - // Selector for a Network in compute to populate network. - // +kubebuilder:validation:Optional - NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` - // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -277,6 +264,10 @@ type ClusterInitParameters struct { // Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY. // Structure is documented below. SecondaryConfig *SecondaryConfigInitParameters `json:"secondaryConfig,omitempty" tf:"secondary_config,omitempty"` + + // The subscrition type of cluster. + // Possible values are: TRIAL, STANDARD. + SubscriptionType *string `json:"subscriptionType,omitempty" tf:"subscription_type,omitempty"` } type ClusterObservation struct { @@ -314,6 +305,7 @@ type ClusterObservation struct { // Policy to determine if the cluster should be deleted forcefully. // Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. // Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + // Possible values: DEFAULT, FORCE DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` // User-settable and human-readable display name for the Cluster. @@ -364,10 +356,6 @@ type ClusterObservation struct { // The name of the cluster resource. Name *string `json:"name,omitempty" tf:"name,omitempty"` - // The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - // "projects/{projectNumber}/global/networks/{network_id}". - Network *string `json:"network,omitempty" tf:"network,omitempty"` - // Metadata related to network configuration. // Structure is documented below. NetworkConfig *NetworkConfigObservation `json:"networkConfig,omitempty" tf:"network_config,omitempty"` @@ -400,11 +388,19 @@ type ClusterObservation struct { // Output only. The current serving state of the cluster. State *string `json:"state,omitempty" tf:"state,omitempty"` + // The subscrition type of cluster. + // Possible values are: TRIAL, STANDARD. + SubscriptionType *string `json:"subscriptionType,omitempty" tf:"subscription_type,omitempty"` + // The combination of labels configured directly on the resource // and default labels configured on the provider. // +mapType=granular TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // Contains information and all metadata related to TRIAL clusters. + // Structure is documented below. + TrialMetadata []TrialMetadataObservation `json:"trialMetadata,omitempty" tf:"trial_metadata,omitempty"` + // The system-generated UID of the resource. UID *string `json:"uid,omitempty" tf:"uid,omitempty"` } @@ -441,6 +437,7 @@ type ClusterParameters struct { // Policy to determine if the cluster should be deleted forcefully. // Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. // Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + // Possible values: DEFAULT, FORCE // +kubebuilder:validation:Optional DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` @@ -478,26 +475,11 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional MaintenanceUpdatePolicy *MaintenanceUpdatePolicyParameters `json:"maintenanceUpdatePolicy,omitempty" tf:"maintenance_update_policy,omitempty"` - // The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - // "projects/{projectNumber}/global/networks/{network_id}". - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() - // +kubebuilder:validation:Optional - Network *string `json:"network,omitempty" tf:"network,omitempty"` - // Metadata related to network configuration. // Structure is documented below. // +kubebuilder:validation:Optional NetworkConfig *NetworkConfigParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` - // Reference to a Network in compute to populate network. - // +kubebuilder:validation:Optional - NetworkRef *v1.Reference `json:"networkRef,omitempty" tf:"-"` - - // Selector for a Network in compute to populate network. - // +kubebuilder:validation:Optional - NetworkSelector *v1.Selector `json:"networkSelector,omitempty" tf:"-"` - // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional @@ -522,6 +504,11 @@ type ClusterParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional SecondaryConfig *SecondaryConfigParameters `json:"secondaryConfig,omitempty" tf:"secondary_config,omitempty"` + + // The subscrition type of cluster. + // Possible values are: TRIAL, STANDARD. + // +kubebuilder:validation:Optional + SubscriptionType *string `json:"subscriptionType,omitempty" tf:"subscription_type,omitempty"` } type ContinuousBackupConfigEncryptionConfigInitParameters struct { @@ -1077,6 +1064,27 @@ type TimeBasedRetentionParameters struct { RetentionPeriod *string `json:"retentionPeriod,omitempty" tf:"retention_period,omitempty"` } +type TrialMetadataInitParameters struct { +} + +type TrialMetadataObservation struct { + + // End time of the trial cluster. + EndTime *string `json:"endTime,omitempty" tf:"end_time,omitempty"` + + // Grace end time of the trial cluster. + GraceEndTime *string `json:"graceEndTime,omitempty" tf:"grace_end_time,omitempty"` + + // Start time of the trial cluster. + StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` + + // Upgrade time of the trial cluster to standard cluster. + UpgradeTime *string `json:"upgradeTime,omitempty" tf:"upgrade_time,omitempty"` +} + +type TrialMetadataParameters struct { +} + type WeeklyScheduleInitParameters struct { // The days of the week to perform a backup. At least one day of the week must be provided. diff --git a/apis/alloydb/v1beta2/zz_generated.deepcopy.go b/apis/alloydb/v1beta2/zz_generated.deepcopy.go index 799a3ed2f..4ccfc9639 100644 --- a/apis/alloydb/v1beta2/zz_generated.deepcopy.go +++ b/apis/alloydb/v1beta2/zz_generated.deepcopy.go @@ -1161,26 +1161,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(MaintenanceUpdatePolicyInitParameters) (*in).DeepCopyInto(*out) } - if in.Network != nil { - in, out := &in.Network, &out.Network - *out = new(string) - **out = **in - } if in.NetworkConfig != nil { in, out := &in.NetworkConfig, &out.NetworkConfig *out = new(NetworkConfigInitParameters) (*in).DeepCopyInto(*out) } - if in.NetworkRef != nil { - in, out := &in.NetworkRef, &out.NetworkRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.NetworkSelector != nil { - in, out := &in.NetworkSelector, &out.NetworkSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -1206,6 +1191,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(SecondaryConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.SubscriptionType != nil { + in, out := &in.SubscriptionType, &out.SubscriptionType + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInitParameters. @@ -1410,11 +1400,6 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } - if in.Network != nil { - in, out := &in.Network, &out.Network - *out = new(string) - **out = **in - } if in.NetworkConfig != nil { in, out := &in.NetworkConfig, &out.NetworkConfig *out = new(NetworkConfigObservation) @@ -1455,6 +1440,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.SubscriptionType != nil { + in, out := &in.SubscriptionType, &out.SubscriptionType + *out = new(string) + **out = **in + } if in.TerraformLabels != nil { in, out := &in.TerraformLabels, &out.TerraformLabels *out = make(map[string]*string, len(*in)) @@ -1471,6 +1461,13 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { (*out)[key] = outVal } } + if in.TrialMetadata != nil { + in, out := &in.TrialMetadata, &out.TrialMetadata + *out = make([]TrialMetadataObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.UID != nil { in, out := &in.UID, &out.UID *out = new(string) @@ -1578,26 +1575,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(MaintenanceUpdatePolicyParameters) (*in).DeepCopyInto(*out) } - if in.Network != nil { - in, out := &in.Network, &out.Network - *out = new(string) - **out = **in - } if in.NetworkConfig != nil { in, out := &in.NetworkConfig, &out.NetworkConfig *out = new(NetworkConfigParameters) (*in).DeepCopyInto(*out) } - if in.NetworkRef != nil { - in, out := &in.NetworkRef, &out.NetworkRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.NetworkSelector != nil { - in, out := &in.NetworkSelector, &out.NetworkSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -1623,6 +1605,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(SecondaryConfigParameters) (*in).DeepCopyInto(*out) } + if in.SubscriptionType != nil { + in, out := &in.SubscriptionType, &out.SubscriptionType + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterParameters. @@ -2384,6 +2371,11 @@ func (in *InstanceNetworkConfigInitParameters) DeepCopyInto(out *InstanceNetwork (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EnableOutboundPublicIP != nil { + in, out := &in.EnableOutboundPublicIP, &out.EnableOutboundPublicIP + *out = new(bool) + **out = **in + } if in.EnablePublicIP != nil { in, out := &in.EnablePublicIP, &out.EnablePublicIP *out = new(bool) @@ -2411,6 +2403,11 @@ func (in *InstanceNetworkConfigObservation) DeepCopyInto(out *InstanceNetworkCon (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EnableOutboundPublicIP != nil { + in, out := &in.EnableOutboundPublicIP, &out.EnableOutboundPublicIP + *out = new(bool) + **out = **in + } if in.EnablePublicIP != nil { in, out := &in.EnablePublicIP, &out.EnablePublicIP *out = new(bool) @@ -2438,6 +2435,11 @@ func (in *InstanceNetworkConfigParameters) DeepCopyInto(out *InstanceNetworkConf (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.EnableOutboundPublicIP != nil { + in, out := &in.EnableOutboundPublicIP, &out.EnableOutboundPublicIP + *out = new(bool) + **out = **in + } if in.EnablePublicIP != nil { in, out := &in.EnablePublicIP, &out.EnablePublicIP *out = new(bool) @@ -2598,6 +2600,17 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(InstanceNetworkConfigObservation) (*in).DeepCopyInto(*out) } + if in.OutboundPublicIPAddresses != nil { + in, out := &in.OutboundPublicIPAddresses, &out.OutboundPublicIPAddresses + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.PscInstanceConfig != nil { in, out := &in.PscInstanceConfig, &out.PscInstanceConfig *out = new(PscInstanceConfigObservation) @@ -4153,6 +4166,71 @@ func (in *TimeBasedRetentionParameters) DeepCopy() *TimeBasedRetentionParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrialMetadataInitParameters) DeepCopyInto(out *TrialMetadataInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrialMetadataInitParameters. +func (in *TrialMetadataInitParameters) DeepCopy() *TrialMetadataInitParameters { + if in == nil { + return nil + } + out := new(TrialMetadataInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrialMetadataObservation) DeepCopyInto(out *TrialMetadataObservation) { + *out = *in + if in.EndTime != nil { + in, out := &in.EndTime, &out.EndTime + *out = new(string) + **out = **in + } + if in.GraceEndTime != nil { + in, out := &in.GraceEndTime, &out.GraceEndTime + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(string) + **out = **in + } + if in.UpgradeTime != nil { + in, out := &in.UpgradeTime, &out.UpgradeTime + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrialMetadataObservation. +func (in *TrialMetadataObservation) DeepCopy() *TrialMetadataObservation { + if in == nil { + return nil + } + out := new(TrialMetadataObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrialMetadataParameters) DeepCopyInto(out *TrialMetadataParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrialMetadataParameters. +func (in *TrialMetadataParameters) DeepCopy() *TrialMetadataParameters { + if in == nil { + return nil + } + out := new(TrialMetadataParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WeeklyScheduleInitParameters) DeepCopyInto(out *WeeklyScheduleInitParameters) { *out = *in diff --git a/apis/alloydb/v1beta2/zz_generated.resolvers.go b/apis/alloydb/v1beta2/zz_generated.resolvers.go index 54366ecc3..998e48dc2 100644 --- a/apis/alloydb/v1beta2/zz_generated.resolvers.go +++ b/apis/alloydb/v1beta2/zz_generated.resolvers.go @@ -76,25 +76,6 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error var rsp reference.ResolutionResponse var err error - { - m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Network), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.ForProvider.NetworkRef, - Selector: mg.Spec.ForProvider.NetworkSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.ForProvider.Network") - } - mg.Spec.ForProvider.Network = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.ForProvider.NetworkRef = rsp.ResolvedReference if mg.Spec.ForProvider.NetworkConfig != nil { { @@ -180,25 +161,6 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.SecondaryConfig.PrimaryClusterNameRef = rsp.ResolvedReference } - { - m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Network), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.InitProvider.NetworkRef, - Selector: mg.Spec.InitProvider.NetworkSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.InitProvider.Network") - } - mg.Spec.InitProvider.Network = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.InitProvider.NetworkRef = rsp.ResolvedReference - if mg.Spec.InitProvider.NetworkConfig != nil { { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") diff --git a/apis/alloydb/v1beta2/zz_instance_types.go b/apis/alloydb/v1beta2/zz_instance_types.go index 82299e3d1..13ade47bd 100755 --- a/apis/alloydb/v1beta2/zz_instance_types.go +++ b/apis/alloydb/v1beta2/zz_instance_types.go @@ -148,6 +148,9 @@ type InstanceNetworkConfigInitParameters struct { // Structure is documented below. AuthorizedExternalNetworks []AuthorizedExternalNetworksInitParameters `json:"authorizedExternalNetworks,omitempty" tf:"authorized_external_networks,omitempty"` + // Enabling outbound public ip for the instance. + EnableOutboundPublicIP *bool `json:"enableOutboundPublicIp,omitempty" tf:"enable_outbound_public_ip,omitempty"` + // Enabling public ip for the instance. If a user wishes to disable this, // please also clear the list of the authorized external networks set on // the same instance. @@ -162,6 +165,9 @@ type InstanceNetworkConfigObservation struct { // Structure is documented below. AuthorizedExternalNetworks []AuthorizedExternalNetworksObservation `json:"authorizedExternalNetworks,omitempty" tf:"authorized_external_networks,omitempty"` + // Enabling outbound public ip for the instance. + EnableOutboundPublicIP *bool `json:"enableOutboundPublicIp,omitempty" tf:"enable_outbound_public_ip,omitempty"` + // Enabling public ip for the instance. If a user wishes to disable this, // please also clear the list of the authorized external networks set on // the same instance. @@ -177,6 +183,10 @@ type InstanceNetworkConfigParameters struct { // +kubebuilder:validation:Optional AuthorizedExternalNetworks []AuthorizedExternalNetworksParameters `json:"authorizedExternalNetworks,omitempty" tf:"authorized_external_networks,omitempty"` + // Enabling outbound public ip for the instance. + // +kubebuilder:validation:Optional + EnableOutboundPublicIP *bool `json:"enableOutboundPublicIp,omitempty" tf:"enable_outbound_public_ip,omitempty"` + // Enabling public ip for the instance. If a user wishes to disable this, // please also clear the list of the authorized external networks set on // the same instance. @@ -259,6 +269,11 @@ type InstanceObservation struct { // Structure is documented below. NetworkConfig *InstanceNetworkConfigObservation `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // The outbound public IP addresses for the instance. This is available ONLY when + // networkConfig.enableOutboundPublicIp is set to true. These IP addresses are used + // for outbound connections. + OutboundPublicIPAddresses []*string `json:"outboundPublicIpAddresses,omitempty" tf:"outbound_public_ip_addresses,omitempty"` + // Configuration for Private Service Connect (PSC) for the instance. // Structure is documented below. PscInstanceConfig *PscInstanceConfigObservation `json:"pscInstanceConfig,omitempty" tf:"psc_instance_config,omitempty"` diff --git a/package/crds/alloydb.gcp.upbound.io_clusters.yaml b/package/crds/alloydb.gcp.upbound.io_clusters.yaml index 5e9c9fd28..5e06d5ef7 100644 --- a/package/crds/alloydb.gcp.upbound.io_clusters.yaml +++ b/package/crds/alloydb.gcp.upbound.io_clusters.yaml @@ -2431,6 +2431,7 @@ spec: Policy to determine if the cluster should be deleted forcefully. Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + Possible values: DEFAULT, FORCE type: string displayName: description: User-settable and human-readable display name for @@ -2533,11 +2534,6 @@ spec: type: object type: array type: object - network: - description: |- - The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - "projects/{projectNumber}/global/networks/{network_id}". - type: string networkConfig: description: |- Metadata related to network configuration. @@ -2630,80 +2626,6 @@ spec: type: object type: object type: object - networkRef: - description: Reference to a Network in compute to populate network. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - networkSelector: - description: Selector for a Network in compute to populate network. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object project: description: |- The ID of the project in which the resource belongs. @@ -2982,6 +2904,11 @@ spec: type: object type: object type: object + subscriptionType: + description: |- + The subscrition type of cluster. + Possible values are: TRIAL, STANDARD. + type: string required: - location type: object @@ -3141,6 +3068,7 @@ spec: Policy to determine if the cluster should be deleted forcefully. Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + Possible values: DEFAULT, FORCE type: string displayName: description: User-settable and human-readable display name for @@ -3242,11 +3170,6 @@ spec: type: object type: array type: object - network: - description: |- - The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - "projects/{projectNumber}/global/networks/{network_id}". - type: string networkConfig: description: |- Metadata related to network configuration. @@ -3339,80 +3262,6 @@ spec: type: object type: object type: object - networkRef: - description: Reference to a Network in compute to populate network. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - networkSelector: - description: Selector for a Network in compute to populate network. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object project: description: |- The ID of the project in which the resource belongs. @@ -3691,6 +3540,11 @@ spec: type: object type: object type: object + subscriptionType: + description: |- + The subscrition type of cluster. + Possible values are: TRIAL, STANDARD. + type: string type: object managementPolicies: default: @@ -4069,6 +3923,7 @@ spec: Policy to determine if the cluster should be deleted forcefully. Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + Possible values: DEFAULT, FORCE type: string displayName: description: User-settable and human-readable display name for @@ -4208,11 +4063,6 @@ spec: name: description: The name of the cluster resource. type: string - network: - description: |- - The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - "projects/{projectNumber}/global/networks/{network_id}". - type: string networkConfig: description: |- Metadata related to network configuration. @@ -4288,6 +4138,11 @@ spec: state: description: Output only. The current serving state of the cluster. type: string + subscriptionType: + description: |- + The subscrition type of cluster. + Possible values are: TRIAL, STANDARD. + type: string terraformLabels: additionalProperties: type: string @@ -4296,6 +4151,27 @@ spec: and default labels configured on the provider. type: object x-kubernetes-map-type: granular + trialMetadata: + description: |- + Contains information and all metadata related to TRIAL clusters. + Structure is documented below. + items: + properties: + endTime: + description: End time of the trial cluster. + type: string + graceEndTime: + description: Grace end time of the trial cluster. + type: string + startTime: + description: Start time of the trial cluster. + type: string + upgradeTime: + description: Upgrade time of the trial cluster to standard + cluster. + type: string + type: object + type: array uid: description: The system-generated UID of the resource. type: string diff --git a/package/crds/alloydb.gcp.upbound.io_instances.yaml b/package/crds/alloydb.gcp.upbound.io_instances.yaml index 6629c2d68..0dea08000 100644 --- a/package/crds/alloydb.gcp.upbound.io_instances.yaml +++ b/package/crds/alloydb.gcp.upbound.io_instances.yaml @@ -1467,6 +1467,9 @@ spec: type: string type: object type: array + enableOutboundPublicIp: + description: Enabling outbound public ip for the instance. + type: boolean enablePublicIp: description: |- Enabling public ip for the instance. If a user wishes to disable this, @@ -1717,6 +1720,9 @@ spec: type: string type: object type: array + enableOutboundPublicIp: + description: Enabling outbound public ip for the instance. + type: boolean enablePublicIp: description: |- Enabling public ip for the instance. If a user wishes to disable this, @@ -2080,6 +2086,9 @@ spec: type: string type: object type: array + enableOutboundPublicIp: + description: Enabling outbound public ip for the instance. + type: boolean enablePublicIp: description: |- Enabling public ip for the instance. If a user wishes to disable this, @@ -2087,6 +2096,14 @@ spec: the same instance. type: boolean type: object + outboundPublicIpAddresses: + description: |- + The outbound public IP addresses for the instance. This is available ONLY when + networkConfig.enableOutboundPublicIp is set to true. These IP addresses are used + for outbound connections. + items: + type: string + type: array pscInstanceConfig: description: |- Configuration for Private Service Connect (PSC) for the instance. From 542be5ed33706bdbe94e50bb120b7124b0367f75 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:38:15 +0100 Subject: [PATCH 27/47] artifact: multiple changes Signed-off-by: Rickard von Essen --- .../artifact/v1beta2/zz_generated.deepcopy.go | 180 ++++++++++++ .../v1beta2/zz_generated.resolvers.go | 46 +++ .../v1beta2/zz_registryrepository_types.go | 133 ++++++++- ...t.gcp.upbound.io_registryrepositories.yaml | 264 ++++++++++++++++-- 4 files changed, 593 insertions(+), 30 deletions(-) diff --git a/apis/artifact/v1beta2/zz_generated.deepcopy.go b/apis/artifact/v1beta2/zz_generated.deepcopy.go index d89abd415..96758239a 100644 --- a/apis/artifact/v1beta2/zz_generated.deepcopy.go +++ b/apis/artifact/v1beta2/zz_generated.deepcopy.go @@ -178,6 +178,86 @@ func (in *CleanupPoliciesParameters) DeepCopy() *CleanupPoliciesParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonRepositoryInitParameters) DeepCopyInto(out *CommonRepositoryInitParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } + if in.URIRef != nil { + in, out := &in.URIRef, &out.URIRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.URISelector != nil { + in, out := &in.URISelector, &out.URISelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonRepositoryInitParameters. +func (in *CommonRepositoryInitParameters) DeepCopy() *CommonRepositoryInitParameters { + if in == nil { + return nil + } + out := new(CommonRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonRepositoryObservation) DeepCopyInto(out *CommonRepositoryObservation) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonRepositoryObservation. +func (in *CommonRepositoryObservation) DeepCopy() *CommonRepositoryObservation { + if in == nil { + return nil + } + out := new(CommonRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonRepositoryParameters) DeepCopyInto(out *CommonRepositoryParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } + if in.URIRef != nil { + in, out := &in.URIRef, &out.URIRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.URISelector != nil { + in, out := &in.URISelector, &out.URISelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonRepositoryParameters. +func (in *CommonRepositoryParameters) DeepCopy() *CommonRepositoryParameters { + if in == nil { + return nil + } + out := new(CommonRepositoryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { *out = *in @@ -1642,6 +1722,11 @@ func (in *RegistryRepositoryInitParameters) DeepCopyInto(out *RegistryRepository *out = new(VirtualRepositoryConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.VulnerabilityScanningConfig != nil { + in, out := &in.VulnerabilityScanningConfig, &out.VulnerabilityScanningConfig + *out = new(VulnerabilityScanningConfigInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryRepositoryInitParameters. @@ -1819,6 +1904,11 @@ func (in *RegistryRepositoryObservation) DeepCopyInto(out *RegistryRepositoryObs *out = new(VirtualRepositoryConfigObservation) (*in).DeepCopyInto(*out) } + if in.VulnerabilityScanningConfig != nil { + in, out := &in.VulnerabilityScanningConfig, &out.VulnerabilityScanningConfig + *out = new(VulnerabilityScanningConfigObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryRepositoryObservation. @@ -1912,6 +2002,11 @@ func (in *RegistryRepositoryParameters) DeepCopyInto(out *RegistryRepositoryPara *out = new(VirtualRepositoryConfigParameters) (*in).DeepCopyInto(*out) } + if in.VulnerabilityScanningConfig != nil { + in, out := &in.VulnerabilityScanningConfig, &out.VulnerabilityScanningConfig + *out = new(VulnerabilityScanningConfigParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryRepositoryParameters. @@ -1967,6 +2062,11 @@ func (in *RemoteRepositoryConfigInitParameters) DeepCopyInto(out *RemoteReposito *out = new(AptRepositoryInitParameters) (*in).DeepCopyInto(*out) } + if in.CommonRepository != nil { + in, out := &in.CommonRepository, &out.CommonRepository + *out = new(CommonRepositoryInitParameters) + (*in).DeepCopyInto(*out) + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -2027,6 +2127,11 @@ func (in *RemoteRepositoryConfigObservation) DeepCopyInto(out *RemoteRepositoryC *out = new(AptRepositoryObservation) (*in).DeepCopyInto(*out) } + if in.CommonRepository != nil { + in, out := &in.CommonRepository, &out.CommonRepository + *out = new(CommonRepositoryObservation) + (*in).DeepCopyInto(*out) + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -2087,6 +2192,11 @@ func (in *RemoteRepositoryConfigParameters) DeepCopyInto(out *RemoteRepositoryCo *out = new(AptRepositoryParameters) (*in).DeepCopyInto(*out) } + if in.CommonRepository != nil { + in, out := &in.CommonRepository, &out.CommonRepository + *out = new(CommonRepositoryParameters) + (*in).DeepCopyInto(*out) + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -2470,6 +2580,76 @@ func (in *VirtualRepositoryConfigParameters) DeepCopy() *VirtualRepositoryConfig return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VulnerabilityScanningConfigInitParameters) DeepCopyInto(out *VulnerabilityScanningConfigInitParameters) { + *out = *in + if in.EnablementConfig != nil { + in, out := &in.EnablementConfig, &out.EnablementConfig + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VulnerabilityScanningConfigInitParameters. +func (in *VulnerabilityScanningConfigInitParameters) DeepCopy() *VulnerabilityScanningConfigInitParameters { + if in == nil { + return nil + } + out := new(VulnerabilityScanningConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VulnerabilityScanningConfigObservation) DeepCopyInto(out *VulnerabilityScanningConfigObservation) { + *out = *in + if in.EnablementConfig != nil { + in, out := &in.EnablementConfig, &out.EnablementConfig + *out = new(string) + **out = **in + } + if in.EnablementState != nil { + in, out := &in.EnablementState, &out.EnablementState + *out = new(string) + **out = **in + } + if in.EnablementStateReason != nil { + in, out := &in.EnablementStateReason, &out.EnablementStateReason + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VulnerabilityScanningConfigObservation. +func (in *VulnerabilityScanningConfigObservation) DeepCopy() *VulnerabilityScanningConfigObservation { + if in == nil { + return nil + } + out := new(VulnerabilityScanningConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VulnerabilityScanningConfigParameters) DeepCopyInto(out *VulnerabilityScanningConfigParameters) { + *out = *in + if in.EnablementConfig != nil { + in, out := &in.EnablementConfig, &out.EnablementConfig + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VulnerabilityScanningConfigParameters. +func (in *VulnerabilityScanningConfigParameters) DeepCopy() *VulnerabilityScanningConfigParameters { + if in == nil { + return nil + } + out := new(VulnerabilityScanningConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *YumRepositoryInitParameters) DeepCopyInto(out *YumRepositoryInitParameters) { *out = *in diff --git a/apis/artifact/v1beta2/zz_generated.resolvers.go b/apis/artifact/v1beta2/zz_generated.resolvers.go index 2f780f043..a08a16e03 100644 --- a/apis/artifact/v1beta2/zz_generated.resolvers.go +++ b/apis/artifact/v1beta2/zz_generated.resolvers.go @@ -26,6 +26,29 @@ func (mg *RegistryRepository) ResolveReferences( // ResolveReferences of this Re var rsp reference.ResolutionResponse var err error + if mg.Spec.ForProvider.RemoteRepositoryConfig != nil { + if mg.Spec.ForProvider.RemoteRepositoryConfig.CommonRepository != nil { + { + m, l, err = apisresolver.GetManagedResource("artifact.gcp.upbound.io", "v1beta2", "RegistryRepository", "RegistryRepositoryList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RemoteRepositoryConfig.CommonRepository.URI), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.RemoteRepositoryConfig.CommonRepository.URIRef, + Selector: mg.Spec.ForProvider.RemoteRepositoryConfig.CommonRepository.URISelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RemoteRepositoryConfig.CommonRepository.URI") + } + mg.Spec.ForProvider.RemoteRepositoryConfig.CommonRepository.URI = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RemoteRepositoryConfig.CommonRepository.URIRef = rsp.ResolvedReference + + } + } if mg.Spec.ForProvider.RemoteRepositoryConfig != nil { if mg.Spec.ForProvider.RemoteRepositoryConfig.UpstreamCredentials != nil { if mg.Spec.ForProvider.RemoteRepositoryConfig.UpstreamCredentials.UsernamePasswordCredentials != nil { @@ -74,6 +97,29 @@ func (mg *RegistryRepository) ResolveReferences( // ResolveReferences of this Re } } + if mg.Spec.InitProvider.RemoteRepositoryConfig != nil { + if mg.Spec.InitProvider.RemoteRepositoryConfig.CommonRepository != nil { + { + m, l, err = apisresolver.GetManagedResource("artifact.gcp.upbound.io", "v1beta2", "RegistryRepository", "RegistryRepositoryList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RemoteRepositoryConfig.CommonRepository.URI), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.RemoteRepositoryConfig.CommonRepository.URIRef, + Selector: mg.Spec.InitProvider.RemoteRepositoryConfig.CommonRepository.URISelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RemoteRepositoryConfig.CommonRepository.URI") + } + mg.Spec.InitProvider.RemoteRepositoryConfig.CommonRepository.URI = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RemoteRepositoryConfig.CommonRepository.URIRef = rsp.ResolvedReference + + } + } if mg.Spec.InitProvider.RemoteRepositoryConfig != nil { if mg.Spec.InitProvider.RemoteRepositoryConfig.UpstreamCredentials != nil { if mg.Spec.InitProvider.RemoteRepositoryConfig.UpstreamCredentials.UsernamePasswordCredentials != nil { diff --git a/apis/artifact/v1beta2/zz_registryrepository_types.go b/apis/artifact/v1beta2/zz_registryrepository_types.go index 8a451e2e5..bed4341c6 100755 --- a/apis/artifact/v1beta2/zz_registryrepository_types.go +++ b/apis/artifact/v1beta2/zz_registryrepository_types.go @@ -96,6 +96,45 @@ type CleanupPoliciesParameters struct { MostRecentVersions *MostRecentVersionsParameters `json:"mostRecentVersions,omitempty" tf:"most_recent_versions,omitempty"` } +type CommonRepositoryInitParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/artifact/v1beta2.RegistryRepository + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` + + // Reference to a RegistryRepository in artifact to populate uri. + // +kubebuilder:validation:Optional + URIRef *v1.Reference `json:"uriRef,omitempty" tf:"-"` + + // Selector for a RegistryRepository in artifact to populate uri. + // +kubebuilder:validation:Optional + URISelector *v1.Selector `json:"uriSelector,omitempty" tf:"-"` +} + +type CommonRepositoryObservation struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type CommonRepositoryParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/artifact/v1beta2.RegistryRepository + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` + + // Reference to a RegistryRepository in artifact to populate uri. + // +kubebuilder:validation:Optional + URIRef *v1.Reference `json:"uriRef,omitempty" tf:"-"` + + // Selector for a RegistryRepository in artifact to populate uri. + // +kubebuilder:validation:Optional + URISelector *v1.Selector `json:"uriSelector,omitempty" tf:"-"` +} + type ConditionInitParameters struct { // Match versions newer than a duration. @@ -211,7 +250,7 @@ type DockerConfigParameters struct { type DockerRepositoryInitParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *CustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -222,7 +261,7 @@ type DockerRepositoryInitParameters struct { type DockerRepositoryObservation struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *CustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -233,7 +272,7 @@ type DockerRepositoryObservation struct { type DockerRepositoryParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. // +kubebuilder:validation:Optional CustomRepository *CustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -303,7 +342,7 @@ type MavenRepositoryCustomRepositoryParameters struct { type MavenRepositoryInitParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *MavenRepositoryCustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -314,7 +353,7 @@ type MavenRepositoryInitParameters struct { type MavenRepositoryObservation struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *MavenRepositoryCustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -325,7 +364,7 @@ type MavenRepositoryObservation struct { type MavenRepositoryParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. // +kubebuilder:validation:Optional CustomRepository *MavenRepositoryCustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -386,7 +425,7 @@ type NpmRepositoryCustomRepositoryParameters struct { type NpmRepositoryInitParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *NpmRepositoryCustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -397,7 +436,7 @@ type NpmRepositoryInitParameters struct { type NpmRepositoryObservation struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *NpmRepositoryCustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -408,7 +447,7 @@ type NpmRepositoryObservation struct { type NpmRepositoryParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. // +kubebuilder:validation:Optional CustomRepository *NpmRepositoryCustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -472,7 +511,7 @@ type PythonRepositoryCustomRepositoryParameters struct { type PythonRepositoryInitParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *PythonRepositoryCustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -483,7 +522,7 @@ type PythonRepositoryInitParameters struct { type PythonRepositoryObservation struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. CustomRepository *PythonRepositoryCustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -494,7 +533,7 @@ type PythonRepositoryObservation struct { type PythonRepositoryParameters struct { - // Settings for a remote repository with a custom uri. + // [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. // Structure is documented below. // +kubebuilder:validation:Optional CustomRepository *PythonRepositoryCustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` @@ -567,6 +606,10 @@ type RegistryRepositoryInitParameters struct { // Configuration specific for a Virtual Repository. // Structure is documented below. VirtualRepositoryConfig *VirtualRepositoryConfigInitParameters `json:"virtualRepositoryConfig,omitempty" tf:"virtual_repository_config,omitempty"` + + // Configuration for vulnerability scanning of artifacts stored in this repository. + // Structure is documented below. + VulnerabilityScanningConfig *VulnerabilityScanningConfigInitParameters `json:"vulnerabilityScanningConfig,omitempty" tf:"vulnerability_scanning_config,omitempty"` } type RegistryRepositoryObservation struct { @@ -619,7 +662,12 @@ type RegistryRepositoryObservation struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // The name of the location this repository is located in. + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are asia, europe, and us. + // See here, + // or use the + // google_artifact_registry_locations + // data source for possible values. Location *string `json:"location,omitempty" tf:"location,omitempty"` // MavenRepositoryConfig is maven related repository details. @@ -656,6 +704,10 @@ type RegistryRepositoryObservation struct { // Configuration specific for a Virtual Repository. // Structure is documented below. VirtualRepositoryConfig *VirtualRepositoryConfigObservation `json:"virtualRepositoryConfig,omitempty" tf:"virtual_repository_config,omitempty"` + + // Configuration for vulnerability scanning of artifacts stored in this repository. + // Structure is documented below. + VulnerabilityScanningConfig *VulnerabilityScanningConfigObservation `json:"vulnerabilityScanningConfig,omitempty" tf:"vulnerability_scanning_config,omitempty"` } type RegistryRepositoryParameters struct { @@ -705,7 +757,12 @@ type RegistryRepositoryParameters struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // The name of the location this repository is located in. + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are asia, europe, and us. + // See here, + // or use the + // google_artifact_registry_locations + // data source for possible values. // +kubebuilder:validation:Optional Location *string `json:"location,omitempty" tf:"location,omitempty"` @@ -736,6 +793,11 @@ type RegistryRepositoryParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional VirtualRepositoryConfig *VirtualRepositoryConfigParameters `json:"virtualRepositoryConfig,omitempty" tf:"virtual_repository_config,omitempty"` + + // Configuration for vulnerability scanning of artifacts stored in this repository. + // Structure is documented below. + // +kubebuilder:validation:Optional + VulnerabilityScanningConfig *VulnerabilityScanningConfigParameters `json:"vulnerabilityScanningConfig,omitempty" tf:"vulnerability_scanning_config,omitempty"` } type RemoteRepositoryConfigInitParameters struct { @@ -744,6 +806,10 @@ type RemoteRepositoryConfigInitParameters struct { // Structure is documented below. AptRepository *AptRepositoryInitParameters `json:"aptRepository,omitempty" tf:"apt_repository,omitempty"` + // Specific settings for an Artifact Registory remote repository. + // Structure is documented below. + CommonRepository *CommonRepositoryInitParameters `json:"commonRepository,omitempty" tf:"common_repository,omitempty"` + // The description of the remote source. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -782,6 +848,10 @@ type RemoteRepositoryConfigObservation struct { // Structure is documented below. AptRepository *AptRepositoryObservation `json:"aptRepository,omitempty" tf:"apt_repository,omitempty"` + // Specific settings for an Artifact Registory remote repository. + // Structure is documented below. + CommonRepository *CommonRepositoryObservation `json:"commonRepository,omitempty" tf:"common_repository,omitempty"` + // The description of the remote source. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -821,6 +891,11 @@ type RemoteRepositoryConfigParameters struct { // +kubebuilder:validation:Optional AptRepository *AptRepositoryParameters `json:"aptRepository,omitempty" tf:"apt_repository,omitempty"` + // Specific settings for an Artifact Registory remote repository. + // Structure is documented below. + // +kubebuilder:validation:Optional + CommonRepository *CommonRepositoryParameters `json:"commonRepository,omitempty" tf:"common_repository,omitempty"` + // The description of the remote source. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1025,6 +1100,36 @@ type VirtualRepositoryConfigParameters struct { UpstreamPolicies []UpstreamPoliciesParameters `json:"upstreamPolicies,omitempty" tf:"upstream_policies,omitempty"` } +type VulnerabilityScanningConfigInitParameters struct { + + // This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + // Possible values are: INHERITED, DISABLED. + EnablementConfig *string `json:"enablementConfig,omitempty" tf:"enablement_config,omitempty"` +} + +type VulnerabilityScanningConfigObservation struct { + + // This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + // Possible values are: INHERITED, DISABLED. + EnablementConfig *string `json:"enablementConfig,omitempty" tf:"enablement_config,omitempty"` + + // (Output) + // This field returns whether scanning is active for this repository. + EnablementState *string `json:"enablementState,omitempty" tf:"enablement_state,omitempty"` + + // (Output) + // This provides an explanation for the state of scanning on this repository. + EnablementStateReason *string `json:"enablementStateReason,omitempty" tf:"enablement_state_reason,omitempty"` +} + +type VulnerabilityScanningConfigParameters struct { + + // This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + // Possible values are: INHERITED, DISABLED. + // +kubebuilder:validation:Optional + EnablementConfig *string `json:"enablementConfig,omitempty" tf:"enablement_config,omitempty"` +} + type YumRepositoryInitParameters struct { // One of the publicly available Yum repositories supported by Artifact Registry. diff --git a/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml b/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml index f89eb9f9d..c3558566f 100644 --- a/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml +++ b/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml @@ -1967,8 +1967,13 @@ spec: type: object x-kubernetes-map-type: granular location: - description: The name of the location this repository is located - in. + description: |- + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are asia, europe, and us. + See here, + or use the + google_artifact_registry_locations + data source for possible values. type: string mavenConfig: description: |- @@ -2026,6 +2031,91 @@ spec: type: string type: object type: object + commonRepository: + description: |- + Specific settings for an Artifact Registory remote repository. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + uriRef: + description: Reference to a RegistryRepository in artifact + to populate uri. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + uriSelector: + description: Selector for a RegistryRepository in artifact + to populate uri. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object description: description: The description of the remote source. type: string @@ -2041,7 +2131,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2061,7 +2151,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2081,7 +2171,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2101,7 +2191,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2336,6 +2426,17 @@ spec: type: object type: array type: object + vulnerabilityScanningConfig: + description: |- + Configuration for vulnerability scanning of artifacts stored in this repository. + Structure is documented below. + properties: + enablementConfig: + description: |- + This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + Possible values are: INHERITED, DISABLED. + type: string + type: object type: object initProvider: description: |- @@ -2522,6 +2623,91 @@ spec: type: string type: object type: object + commonRepository: + description: |- + Specific settings for an Artifact Registory remote repository. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + uriRef: + description: Reference to a RegistryRepository in artifact + to populate uri. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + uriSelector: + description: Selector for a RegistryRepository in artifact + to populate uri. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object description: description: The description of the remote source. type: string @@ -2537,7 +2723,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2557,7 +2743,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2577,7 +2763,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2597,7 +2783,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -2832,6 +3018,17 @@ spec: type: object type: array type: object + vulnerabilityScanningConfig: + description: |- + Configuration for vulnerability scanning of artifacts stored in this repository. + Structure is documented below. + properties: + enablementConfig: + description: |- + This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + Possible values are: INHERITED, DISABLED. + type: string + type: object type: object managementPolicies: default: @@ -3139,8 +3336,13 @@ spec: type: object x-kubernetes-map-type: granular location: - description: The name of the location this repository is located - in. + description: |- + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are asia, europe, and us. + See here, + or use the + google_artifact_registry_locations + data source for possible values. type: string mavenConfig: description: |- @@ -3203,6 +3405,15 @@ spec: type: string type: object type: object + commonRepository: + description: |- + Specific settings for an Artifact Registory remote repository. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object description: description: The description of the remote source. type: string @@ -3218,7 +3429,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -3238,7 +3449,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -3258,7 +3469,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -3278,7 +3489,7 @@ spec: properties: customRepository: description: |- - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. properties: uri: @@ -3372,6 +3583,27 @@ spec: type: object type: array type: object + vulnerabilityScanningConfig: + description: |- + Configuration for vulnerability scanning of artifacts stored in this repository. + Structure is documented below. + properties: + enablementConfig: + description: |- + This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + Possible values are: INHERITED, DISABLED. + type: string + enablementState: + description: |- + (Output) + This field returns whether scanning is active for this repository. + type: string + enablementStateReason: + description: |- + (Output) + This provides an explanation for the state of scanning on this repository. + type: string + type: object type: object conditions: description: Conditions of the resource. From ebe7a09af433f95162e35ae22e4b151230ef5b9c Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:39:01 +0100 Subject: [PATCH 28/47] bigquery: multiple changes Signed-off-by: Rickard von Essen --- .../zz_analyticshubdataexchange_types.go | 63 ++ .../bigquery/v1beta1/zz_generated.deepcopy.go | 180 +++++ .../v1beta2/zz_analyticshublisting_types.go | 62 +- apis/bigquery/v1beta2/zz_dataset_types.go | 89 +++ .../v1beta2/zz_datasetaccess_types.go | 74 +++ .../v1beta2/zz_datatransferconfig_types.go | 52 ++ .../bigquery/v1beta2/zz_generated.deepcopy.go | 621 ++++++++++++++++-- .../v1beta2/zz_generated.resolvers.go | 137 ++-- apis/bigquery/v1beta2/zz_job_types.go | 22 +- apis/bigquery/v1beta2/zz_reservation_types.go | 13 - apis/bigquery/v1beta2/zz_table_types.go | 219 +++--- ....upbound.io_analyticshubdataexchanges.yaml | 45 ++ ...y.gcp.upbound.io_analyticshublistings.yaml | 202 +++++- ...gquery.gcp.upbound.io_datasetaccesses.yaml | 78 +++ .../bigquery.gcp.upbound.io_datasets.yaml | 90 +++ ...ry.gcp.upbound.io_datatransferconfigs.yaml | 178 +++++ .../crds/bigquery.gcp.upbound.io_jobs.yaml | 152 ----- .../bigquery.gcp.upbound.io_reservations.yaml | 15 - .../crds/bigquery.gcp.upbound.io_tables.yaml | 184 ++++-- 19 files changed, 2026 insertions(+), 450 deletions(-) diff --git a/apis/bigquery/v1beta1/zz_analyticshubdataexchange_types.go b/apis/bigquery/v1beta1/zz_analyticshubdataexchange_types.go index 116152bf0..fe10d7933 100755 --- a/apis/bigquery/v1beta1/zz_analyticshubdataexchange_types.go +++ b/apis/bigquery/v1beta1/zz_analyticshubdataexchange_types.go @@ -39,6 +39,11 @@ type AnalyticsHubDataExchangeInitParameters struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Configurable data sharing environment option for a data exchange. + // This field is required for data clean room exchanges. + // Structure is documented below. + SharingEnvironmentConfig *SharingEnvironmentConfigInitParameters `json:"sharingEnvironmentConfig,omitempty" tf:"sharing_environment_config,omitempty"` } type AnalyticsHubDataExchangeObservation struct { @@ -77,6 +82,11 @@ type AnalyticsHubDataExchangeObservation struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Configurable data sharing environment option for a data exchange. + // This field is required for data clean room exchanges. + // Structure is documented below. + SharingEnvironmentConfig *SharingEnvironmentConfigObservation `json:"sharingEnvironmentConfig,omitempty" tf:"sharing_environment_config,omitempty"` } type AnalyticsHubDataExchangeParameters struct { @@ -113,6 +123,59 @@ type AnalyticsHubDataExchangeParameters struct { // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // Configurable data sharing environment option for a data exchange. + // This field is required for data clean room exchanges. + // Structure is documented below. + // +kubebuilder:validation:Optional + SharingEnvironmentConfig *SharingEnvironmentConfigParameters `json:"sharingEnvironmentConfig,omitempty" tf:"sharing_environment_config,omitempty"` +} + +type DcrExchangeConfigInitParameters struct { +} + +type DcrExchangeConfigObservation struct { +} + +type DcrExchangeConfigParameters struct { +} + +type DefaultExchangeConfigInitParameters struct { +} + +type DefaultExchangeConfigObservation struct { +} + +type DefaultExchangeConfigParameters struct { +} + +type SharingEnvironmentConfigInitParameters struct { + + // Data Clean Room (DCR), used for privacy-safe and secured data sharing. + DcrExchangeConfig *DcrExchangeConfigInitParameters `json:"dcrExchangeConfig,omitempty" tf:"dcr_exchange_config,omitempty"` + + // Default Analytics Hub data exchange, used for secured data sharing. + DefaultExchangeConfig *DefaultExchangeConfigInitParameters `json:"defaultExchangeConfig,omitempty" tf:"default_exchange_config,omitempty"` +} + +type SharingEnvironmentConfigObservation struct { + + // Data Clean Room (DCR), used for privacy-safe and secured data sharing. + DcrExchangeConfig *DcrExchangeConfigParameters `json:"dcrExchangeConfig,omitempty" tf:"dcr_exchange_config,omitempty"` + + // Default Analytics Hub data exchange, used for secured data sharing. + DefaultExchangeConfig *DefaultExchangeConfigParameters `json:"defaultExchangeConfig,omitempty" tf:"default_exchange_config,omitempty"` +} + +type SharingEnvironmentConfigParameters struct { + + // Data Clean Room (DCR), used for privacy-safe and secured data sharing. + // +kubebuilder:validation:Optional + DcrExchangeConfig *DcrExchangeConfigParameters `json:"dcrExchangeConfig,omitempty" tf:"dcr_exchange_config,omitempty"` + + // Default Analytics Hub data exchange, used for secured data sharing. + // +kubebuilder:validation:Optional + DefaultExchangeConfig *DefaultExchangeConfigParameters `json:"defaultExchangeConfig,omitempty" tf:"default_exchange_config,omitempty"` } // AnalyticsHubDataExchangeSpec defines the desired state of AnalyticsHubDataExchange diff --git a/apis/bigquery/v1beta1/zz_generated.deepcopy.go b/apis/bigquery/v1beta1/zz_generated.deepcopy.go index a7fae3a3d..9e41e76b8 100644 --- a/apis/bigquery/v1beta1/zz_generated.deepcopy.go +++ b/apis/bigquery/v1beta1/zz_generated.deepcopy.go @@ -730,6 +730,11 @@ func (in *AnalyticsHubDataExchangeInitParameters) DeepCopyInto(out *AnalyticsHub *out = new(string) **out = **in } + if in.SharingEnvironmentConfig != nil { + in, out := &in.SharingEnvironmentConfig, &out.SharingEnvironmentConfig + *out = new(SharingEnvironmentConfigInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalyticsHubDataExchangeInitParameters. @@ -832,6 +837,11 @@ func (in *AnalyticsHubDataExchangeObservation) DeepCopyInto(out *AnalyticsHubDat *out = new(string) **out = **in } + if in.SharingEnvironmentConfig != nil { + in, out := &in.SharingEnvironmentConfig, &out.SharingEnvironmentConfig + *out = new(SharingEnvironmentConfigObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalyticsHubDataExchangeObservation. @@ -887,6 +897,11 @@ func (in *AnalyticsHubDataExchangeParameters) DeepCopyInto(out *AnalyticsHubData *out = new(string) **out = **in } + if in.SharingEnvironmentConfig != nil { + in, out := &in.SharingEnvironmentConfig, &out.SharingEnvironmentConfig + *out = new(SharingEnvironmentConfigParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalyticsHubDataExchangeParameters. @@ -6216,6 +6231,51 @@ func (in *DatasetStatus) DeepCopy() *DatasetStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DcrExchangeConfigInitParameters) DeepCopyInto(out *DcrExchangeConfigInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DcrExchangeConfigInitParameters. +func (in *DcrExchangeConfigInitParameters) DeepCopy() *DcrExchangeConfigInitParameters { + if in == nil { + return nil + } + out := new(DcrExchangeConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DcrExchangeConfigObservation) DeepCopyInto(out *DcrExchangeConfigObservation) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DcrExchangeConfigObservation. +func (in *DcrExchangeConfigObservation) DeepCopy() *DcrExchangeConfigObservation { + if in == nil { + return nil + } + out := new(DcrExchangeConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DcrExchangeConfigParameters) DeepCopyInto(out *DcrExchangeConfigParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DcrExchangeConfigParameters. +func (in *DcrExchangeConfigParameters) DeepCopy() *DcrExchangeConfigParameters { + if in == nil { + return nil + } + out := new(DcrExchangeConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DefaultDatasetInitParameters) DeepCopyInto(out *DefaultDatasetInitParameters) { *out = *in @@ -6391,6 +6451,51 @@ func (in *DefaultEncryptionConfigurationParameters) DeepCopy() *DefaultEncryptio return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultExchangeConfigInitParameters) DeepCopyInto(out *DefaultExchangeConfigInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultExchangeConfigInitParameters. +func (in *DefaultExchangeConfigInitParameters) DeepCopy() *DefaultExchangeConfigInitParameters { + if in == nil { + return nil + } + out := new(DefaultExchangeConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultExchangeConfigObservation) DeepCopyInto(out *DefaultExchangeConfigObservation) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultExchangeConfigObservation. +func (in *DefaultExchangeConfigObservation) DeepCopy() *DefaultExchangeConfigObservation { + if in == nil { + return nil + } + out := new(DefaultExchangeConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultExchangeConfigParameters) DeepCopyInto(out *DefaultExchangeConfigParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultExchangeConfigParameters. +func (in *DefaultExchangeConfigParameters) DeepCopy() *DefaultExchangeConfigParameters { + if in == nil { + return nil + } + out := new(DefaultExchangeConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DestinationEncryptionConfigurationInitParameters) DeepCopyInto(out *DestinationEncryptionConfigurationInitParameters) { *out = *in @@ -11646,6 +11751,81 @@ func (in *SensitiveParamsParameters) DeepCopy() *SensitiveParamsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharingEnvironmentConfigInitParameters) DeepCopyInto(out *SharingEnvironmentConfigInitParameters) { + *out = *in + if in.DcrExchangeConfig != nil { + in, out := &in.DcrExchangeConfig, &out.DcrExchangeConfig + *out = new(DcrExchangeConfigInitParameters) + **out = **in + } + if in.DefaultExchangeConfig != nil { + in, out := &in.DefaultExchangeConfig, &out.DefaultExchangeConfig + *out = new(DefaultExchangeConfigInitParameters) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharingEnvironmentConfigInitParameters. +func (in *SharingEnvironmentConfigInitParameters) DeepCopy() *SharingEnvironmentConfigInitParameters { + if in == nil { + return nil + } + out := new(SharingEnvironmentConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharingEnvironmentConfigObservation) DeepCopyInto(out *SharingEnvironmentConfigObservation) { + *out = *in + if in.DcrExchangeConfig != nil { + in, out := &in.DcrExchangeConfig, &out.DcrExchangeConfig + *out = new(DcrExchangeConfigParameters) + **out = **in + } + if in.DefaultExchangeConfig != nil { + in, out := &in.DefaultExchangeConfig, &out.DefaultExchangeConfig + *out = new(DefaultExchangeConfigParameters) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharingEnvironmentConfigObservation. +func (in *SharingEnvironmentConfigObservation) DeepCopy() *SharingEnvironmentConfigObservation { + if in == nil { + return nil + } + out := new(SharingEnvironmentConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SharingEnvironmentConfigParameters) DeepCopyInto(out *SharingEnvironmentConfigParameters) { + *out = *in + if in.DcrExchangeConfig != nil { + in, out := &in.DcrExchangeConfig, &out.DcrExchangeConfig + *out = new(DcrExchangeConfigParameters) + **out = **in + } + if in.DefaultExchangeConfig != nil { + in, out := &in.DefaultExchangeConfig, &out.DefaultExchangeConfig + *out = new(DefaultExchangeConfigParameters) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SharingEnvironmentConfigParameters. +func (in *SharingEnvironmentConfigParameters) DeepCopy() *SharingEnvironmentConfigParameters { + if in == nil { + return nil + } + out := new(SharingEnvironmentConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SourceModelInitParameters) DeepCopyInto(out *SourceModelInitParameters) { *out = *in diff --git a/apis/bigquery/v1beta2/zz_analyticshublisting_types.go b/apis/bigquery/v1beta2/zz_analyticshublisting_types.go index 6a4161107..2ee7cedaf 100755 --- a/apis/bigquery/v1beta2/zz_analyticshublisting_types.go +++ b/apis/bigquery/v1beta2/zz_analyticshublisting_types.go @@ -38,7 +38,7 @@ type AnalyticsHubListingInitParameters struct { // Base64 encoded image representing the listing. Icon *string `json:"icon,omitempty" tf:"icon,omitempty"` - // Email or URL of the listing publisher. + // Email or URL of the primary point of contact of the listing. PrimaryContact *string `json:"primaryContact,omitempty" tf:"primary_contact,omitempty"` // The ID of the project in which the resource belongs. @@ -94,7 +94,7 @@ type AnalyticsHubListingObservation struct { // The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456" Name *string `json:"name,omitempty" tf:"name,omitempty"` - // Email or URL of the listing publisher. + // Email or URL of the primary point of contact of the listing. PrimaryContact *string `json:"primaryContact,omitempty" tf:"primary_contact,omitempty"` // The ID of the project in which the resource belongs. @@ -163,7 +163,7 @@ type AnalyticsHubListingParameters struct { // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` - // Email or URL of the listing publisher. + // Email or URL of the primary point of contact of the listing. // +kubebuilder:validation:Optional PrimaryContact *string `json:"primaryContact,omitempty" tf:"primary_contact,omitempty"` @@ -201,12 +201,20 @@ type BigqueryDatasetInitParameters struct { // Selector for a Dataset in bigquery to populate dataset. // +kubebuilder:validation:Optional DatasetSelector *v1.Selector `json:"datasetSelector,omitempty" tf:"-"` + + // Resource in this dataset that is selectively shared. This field is required for data clean room exchanges. + // Structure is documented below. + SelectedResources []SelectedResourcesInitParameters `json:"selectedResources,omitempty" tf:"selected_resources,omitempty"` } type BigqueryDatasetObservation struct { // Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123 Dataset *string `json:"dataset,omitempty" tf:"dataset,omitempty"` + + // Resource in this dataset that is selectively shared. This field is required for data clean room exchanges. + // Structure is documented below. + SelectedResources []SelectedResourcesObservation `json:"selectedResources,omitempty" tf:"selected_resources,omitempty"` } type BigqueryDatasetParameters struct { @@ -224,6 +232,11 @@ type BigqueryDatasetParameters struct { // Selector for a Dataset in bigquery to populate dataset. // +kubebuilder:validation:Optional DatasetSelector *v1.Selector `json:"datasetSelector,omitempty" tf:"-"` + + // Resource in this dataset that is selectively shared. This field is required for data clean room exchanges. + // Structure is documented below. + // +kubebuilder:validation:Optional + SelectedResources []SelectedResourcesParameters `json:"selectedResources,omitempty" tf:"selected_resources,omitempty"` } type DataProviderInitParameters struct { @@ -298,6 +311,10 @@ type RestrictedExportConfigObservation struct { // If true, enable restricted export. Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + // (Output) + // If true, restrict direct table access(read api/tabledata.list) on linked table. + RestrictDirectTableAccess *bool `json:"restrictDirectTableAccess,omitempty" tf:"restrict_direct_table_access,omitempty"` + // If true, restrict export of query result derived from restricted linked dataset table. RestrictQueryResult *bool `json:"restrictQueryResult,omitempty" tf:"restrict_query_result,omitempty"` } @@ -313,6 +330,45 @@ type RestrictedExportConfigParameters struct { RestrictQueryResult *bool `json:"restrictQueryResult,omitempty" tf:"restrict_query_result,omitempty"` } +type SelectedResourcesInitParameters struct { + + // Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} Example:"projects/test_project/datasets/test_dataset/tables/test_table" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigquery/v1beta2.Table + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + Table *string `json:"table,omitempty" tf:"table,omitempty"` + + // Reference to a Table in bigquery to populate table. + // +kubebuilder:validation:Optional + TableRef *v1.Reference `json:"tableRef,omitempty" tf:"-"` + + // Selector for a Table in bigquery to populate table. + // +kubebuilder:validation:Optional + TableSelector *v1.Selector `json:"tableSelector,omitempty" tf:"-"` +} + +type SelectedResourcesObservation struct { + + // Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} Example:"projects/test_project/datasets/test_dataset/tables/test_table" + Table *string `json:"table,omitempty" tf:"table,omitempty"` +} + +type SelectedResourcesParameters struct { + + // Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} Example:"projects/test_project/datasets/test_dataset/tables/test_table" + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigquery/v1beta2.Table + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + Table *string `json:"table,omitempty" tf:"table,omitempty"` + + // Reference to a Table in bigquery to populate table. + // +kubebuilder:validation:Optional + TableRef *v1.Reference `json:"tableRef,omitempty" tf:"-"` + + // Selector for a Table in bigquery to populate table. + // +kubebuilder:validation:Optional + TableSelector *v1.Selector `json:"tableSelector,omitempty" tf:"-"` +} + // AnalyticsHubListingSpec defines the desired state of AnalyticsHubListing type AnalyticsHubListingSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/bigquery/v1beta2/zz_dataset_types.go b/apis/bigquery/v1beta2/zz_dataset_types.go index 7e1b2d88c..48855bb5e 100755 --- a/apis/bigquery/v1beta2/zz_dataset_types.go +++ b/apis/bigquery/v1beta2/zz_dataset_types.go @@ -13,6 +13,79 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AccessConditionInitParameters struct { + + // A user-friendly description of the dataset + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Textual representation of an expression in Common Expression Language syntax. + Expression *string `json:"expression,omitempty" tf:"expression,omitempty"` + + // The geographic location where the dataset should reside. + // See official docs. + // There are two types of locations, regional or multi-regional. A regional + // location is a specific geographic place, such as Tokyo, and a multi-regional + // location is a large geographic area, such as the United States, that + // contains at least two geographic places. + // The default value is multi-regional location US. + // Changing this forces a new resource to be created. + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // Title for the expression, i.e. a short string describing its purpose. + // This can be used e.g. in UIs which allow to enter the expression. + Title *string `json:"title,omitempty" tf:"title,omitempty"` +} + +type AccessConditionObservation struct { + + // A user-friendly description of the dataset + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Textual representation of an expression in Common Expression Language syntax. + Expression *string `json:"expression,omitempty" tf:"expression,omitempty"` + + // The geographic location where the dataset should reside. + // See official docs. + // There are two types of locations, regional or multi-regional. A regional + // location is a specific geographic place, such as Tokyo, and a multi-regional + // location is a large geographic area, such as the United States, that + // contains at least two geographic places. + // The default value is multi-regional location US. + // Changing this forces a new resource to be created. + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // Title for the expression, i.e. a short string describing its purpose. + // This can be used e.g. in UIs which allow to enter the expression. + Title *string `json:"title,omitempty" tf:"title,omitempty"` +} + +type AccessConditionParameters struct { + + // A user-friendly description of the dataset + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Textual representation of an expression in Common Expression Language syntax. + // +kubebuilder:validation:Optional + Expression *string `json:"expression" tf:"expression,omitempty"` + + // The geographic location where the dataset should reside. + // See official docs. + // There are two types of locations, regional or multi-regional. A regional + // location is a specific geographic place, such as Tokyo, and a multi-regional + // location is a large geographic area, such as the United States, that + // contains at least two geographic places. + // The default value is multi-regional location US. + // Changing this forces a new resource to be created. + // +kubebuilder:validation:Optional + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // Title for the expression, i.e. a short string describing its purpose. + // This can be used e.g. in UIs which allow to enter the expression. + // +kubebuilder:validation:Optional + Title *string `json:"title,omitempty" tf:"title,omitempty"` +} + type AccessDatasetInitParameters struct { // The dataset this entry applies to @@ -50,6 +123,11 @@ type AccessDatasetParameters struct { type AccessInitParameters struct { + // Condition for the binding. If CEL expression in this field is true, this + // access binding will be considered. + // Structure is documented below. + Condition *AccessConditionInitParameters `json:"condition,omitempty" tf:"condition,omitempty"` + // Grants all resources of particular types in a particular dataset read access to the current dataset. // Structure is documented below. Dataset *AccessDatasetInitParameters `json:"dataset,omitempty" tf:"dataset,omitempty"` @@ -108,6 +186,11 @@ type AccessInitParameters struct { type AccessObservation struct { + // Condition for the binding. If CEL expression in this field is true, this + // access binding will be considered. + // Structure is documented below. + Condition *AccessConditionObservation `json:"condition,omitempty" tf:"condition,omitempty"` + // Grants all resources of particular types in a particular dataset read access to the current dataset. // Structure is documented below. Dataset *AccessDatasetObservation `json:"dataset,omitempty" tf:"dataset,omitempty"` @@ -156,6 +239,12 @@ type AccessObservation struct { type AccessParameters struct { + // Condition for the binding. If CEL expression in this field is true, this + // access binding will be considered. + // Structure is documented below. + // +kubebuilder:validation:Optional + Condition *AccessConditionParameters `json:"condition,omitempty" tf:"condition,omitempty"` + // Grants all resources of particular types in a particular dataset read access to the current dataset. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/bigquery/v1beta2/zz_datasetaccess_types.go b/apis/bigquery/v1beta2/zz_datasetaccess_types.go index 2971b7567..24245c4c5 100755 --- a/apis/bigquery/v1beta2/zz_datasetaccess_types.go +++ b/apis/bigquery/v1beta2/zz_datasetaccess_types.go @@ -13,6 +13,64 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type DatasetAccessConditionInitParameters struct { + + // Description of the expression. This is a longer text which describes the expression, + // e.g. when hovered over it in a UI. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Textual representation of an expression in Common Expression Language syntax. + Expression *string `json:"expression,omitempty" tf:"expression,omitempty"` + + // String indicating the location of the expression for error reporting, e.g. a file + // name and a position in the file. + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // Title for the expression, i.e. a short string describing its purpose. + // This can be used e.g. in UIs which allow to enter the expression. + Title *string `json:"title,omitempty" tf:"title,omitempty"` +} + +type DatasetAccessConditionObservation struct { + + // Description of the expression. This is a longer text which describes the expression, + // e.g. when hovered over it in a UI. + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Textual representation of an expression in Common Expression Language syntax. + Expression *string `json:"expression,omitempty" tf:"expression,omitempty"` + + // String indicating the location of the expression for error reporting, e.g. a file + // name and a position in the file. + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // Title for the expression, i.e. a short string describing its purpose. + // This can be used e.g. in UIs which allow to enter the expression. + Title *string `json:"title,omitempty" tf:"title,omitempty"` +} + +type DatasetAccessConditionParameters struct { + + // Description of the expression. This is a longer text which describes the expression, + // e.g. when hovered over it in a UI. + // +kubebuilder:validation:Optional + Description *string `json:"description,omitempty" tf:"description,omitempty"` + + // Textual representation of an expression in Common Expression Language syntax. + // +kubebuilder:validation:Optional + Expression *string `json:"expression" tf:"expression,omitempty"` + + // String indicating the location of the expression for error reporting, e.g. a file + // name and a position in the file. + // +kubebuilder:validation:Optional + Location *string `json:"location,omitempty" tf:"location,omitempty"` + + // Title for the expression, i.e. a short string describing its purpose. + // This can be used e.g. in UIs which allow to enter the expression. + // +kubebuilder:validation:Optional + Title *string `json:"title,omitempty" tf:"title,omitempty"` +} + type DatasetAccessDatasetDatasetInitParameters struct { // The ID of the dataset containing this table. @@ -97,6 +155,11 @@ type DatasetAccessDatasetParameters struct { type DatasetAccessInitParameters struct { + // Condition for the binding. If CEL expression in this field is true, this + // access binding will be considered. + // Structure is documented below. + Condition *DatasetAccessConditionInitParameters `json:"condition,omitempty" tf:"condition,omitempty"` + // Grants all resources of particular types in a particular dataset read access to the current dataset. // Structure is documented below. Dataset *DatasetAccessDatasetInitParameters `json:"dataset,omitempty" tf:"dataset,omitempty"` @@ -175,6 +238,11 @@ type DatasetAccessInitParameters struct { type DatasetAccessObservation struct { APIUpdatedMember *bool `json:"apiUpdatedMember,omitempty" tf:"api_updated_member,omitempty"` + // Condition for the binding. If CEL expression in this field is true, this + // access binding will be considered. + // Structure is documented below. + Condition *DatasetAccessConditionObservation `json:"condition,omitempty" tf:"condition,omitempty"` + // Grants all resources of particular types in a particular dataset read access to the current dataset. // Structure is documented below. Dataset *DatasetAccessDatasetObservation `json:"dataset,omitempty" tf:"dataset,omitempty"` @@ -236,6 +304,12 @@ type DatasetAccessObservation struct { type DatasetAccessParameters struct { + // Condition for the binding. If CEL expression in this field is true, this + // access binding will be considered. + // Structure is documented below. + // +kubebuilder:validation:Optional + Condition *DatasetAccessConditionParameters `json:"condition,omitempty" tf:"condition,omitempty"` + // Grants all resources of particular types in a particular dataset read access to the current dataset. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/bigquery/v1beta2/zz_datatransferconfig_types.go b/apis/bigquery/v1beta2/zz_datatransferconfig_types.go index 349bc48a2..3ca6bbcdf 100755 --- a/apis/bigquery/v1beta2/zz_datatransferconfig_types.go +++ b/apis/bigquery/v1beta2/zz_datatransferconfig_types.go @@ -48,6 +48,10 @@ type DataTransferConfigInitParameters struct { // Structure is documented below. EmailPreferences *EmailPreferencesInitParameters `json:"emailPreferences,omitempty" tf:"email_preferences,omitempty"` + // Represents the encryption configuration for a transfer. + // Structure is documented below. + EncryptionConfiguration *EncryptionConfigurationInitParameters `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` + // The geographic location where the transfer config should reside. // Examples: US, EU, asia-northeast1. The default value is US. Location *string `json:"location,omitempty" tf:"location,omitempty"` @@ -123,6 +127,10 @@ type DataTransferConfigObservation struct { // Structure is documented below. EmailPreferences *EmailPreferencesObservation `json:"emailPreferences,omitempty" tf:"email_preferences,omitempty"` + // Represents the encryption configuration for a transfer. + // Structure is documented below. + EncryptionConfiguration *EncryptionConfigurationObservation `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` + // an identifier for the resource with format {{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -223,6 +231,11 @@ type DataTransferConfigParameters struct { // +kubebuilder:validation:Optional EmailPreferences *EmailPreferencesParameters `json:"emailPreferences,omitempty" tf:"email_preferences,omitempty"` + // Represents the encryption configuration for a transfer. + // Structure is documented below. + // +kubebuilder:validation:Optional + EncryptionConfiguration *EncryptionConfigurationParameters `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` + // The geographic location where the transfer config should reside. // Examples: US, EU, asia-northeast1. The default value is US. // +kubebuilder:validation:Optional @@ -299,6 +312,45 @@ type EmailPreferencesParameters struct { EnableFailureEmail *bool `json:"enableFailureEmail" tf:"enable_failure_email,omitempty"` } +type EncryptionConfigurationInitParameters struct { + + // The name of the KMS key used for encrypting BigQuery data. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/kms/v1beta2.CryptoKey + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + + // Reference to a CryptoKey in kms to populate kmsKeyName. + // +kubebuilder:validation:Optional + KMSKeyNameRef *v1.Reference `json:"kmsKeyNameRef,omitempty" tf:"-"` + + // Selector for a CryptoKey in kms to populate kmsKeyName. + // +kubebuilder:validation:Optional + KMSKeyNameSelector *v1.Selector `json:"kmsKeyNameSelector,omitempty" tf:"-"` +} + +type EncryptionConfigurationObservation struct { + + // The name of the KMS key used for encrypting BigQuery data. + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` +} + +type EncryptionConfigurationParameters struct { + + // The name of the KMS key used for encrypting BigQuery data. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/kms/v1beta2.CryptoKey + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + + // Reference to a CryptoKey in kms to populate kmsKeyName. + // +kubebuilder:validation:Optional + KMSKeyNameRef *v1.Reference `json:"kmsKeyNameRef,omitempty" tf:"-"` + + // Selector for a CryptoKey in kms to populate kmsKeyName. + // +kubebuilder:validation:Optional + KMSKeyNameSelector *v1.Selector `json:"kmsKeyNameSelector,omitempty" tf:"-"` +} + type ScheduleOptionsInitParameters struct { // If true, automatic scheduling of data transfer runs for this diff --git a/apis/bigquery/v1beta2/zz_generated.deepcopy.go b/apis/bigquery/v1beta2/zz_generated.deepcopy.go index 808e3387b..f82342d5a 100644 --- a/apis/bigquery/v1beta2/zz_generated.deepcopy.go +++ b/apis/bigquery/v1beta2/zz_generated.deepcopy.go @@ -13,6 +13,111 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessConditionInitParameters) DeepCopyInto(out *AccessConditionInitParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessConditionInitParameters. +func (in *AccessConditionInitParameters) DeepCopy() *AccessConditionInitParameters { + if in == nil { + return nil + } + out := new(AccessConditionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessConditionObservation) DeepCopyInto(out *AccessConditionObservation) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessConditionObservation. +func (in *AccessConditionObservation) DeepCopy() *AccessConditionObservation { + if in == nil { + return nil + } + out := new(AccessConditionObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessConditionParameters) DeepCopyInto(out *AccessConditionParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessConditionParameters. +func (in *AccessConditionParameters) DeepCopy() *AccessConditionParameters { + if in == nil { + return nil + } + out := new(AccessConditionParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessDatasetInitParameters) DeepCopyInto(out *AccessDatasetInitParameters) { *out = *in @@ -109,6 +214,11 @@ func (in *AccessDatasetParameters) DeepCopy() *AccessDatasetParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessInitParameters) DeepCopyInto(out *AccessInitParameters) { *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(AccessConditionInitParameters) + (*in).DeepCopyInto(*out) + } if in.Dataset != nil { in, out := &in.Dataset, &out.Dataset *out = new(AccessDatasetInitParameters) @@ -179,6 +289,11 @@ func (in *AccessInitParameters) DeepCopy() *AccessInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessObservation) DeepCopyInto(out *AccessObservation) { *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(AccessConditionObservation) + (*in).DeepCopyInto(*out) + } if in.Dataset != nil { in, out := &in.Dataset, &out.Dataset *out = new(AccessDatasetObservation) @@ -239,6 +354,11 @@ func (in *AccessObservation) DeepCopy() *AccessObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessParameters) DeepCopyInto(out *AccessParameters) { *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(AccessConditionParameters) + (*in).DeepCopyInto(*out) + } if in.Dataset != nil { in, out := &in.Dataset, &out.Dataset *out = new(AccessDatasetParameters) @@ -1397,6 +1517,111 @@ func (in *AzureParameters) DeepCopy() *AzureParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BiglakeConfigurationInitParameters) DeepCopyInto(out *BiglakeConfigurationInitParameters) { + *out = *in + if in.ConnectionID != nil { + in, out := &in.ConnectionID, &out.ConnectionID + *out = new(string) + **out = **in + } + if in.FileFormat != nil { + in, out := &in.FileFormat, &out.FileFormat + *out = new(string) + **out = **in + } + if in.StorageURI != nil { + in, out := &in.StorageURI, &out.StorageURI + *out = new(string) + **out = **in + } + if in.TableFormat != nil { + in, out := &in.TableFormat, &out.TableFormat + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BiglakeConfigurationInitParameters. +func (in *BiglakeConfigurationInitParameters) DeepCopy() *BiglakeConfigurationInitParameters { + if in == nil { + return nil + } + out := new(BiglakeConfigurationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BiglakeConfigurationObservation) DeepCopyInto(out *BiglakeConfigurationObservation) { + *out = *in + if in.ConnectionID != nil { + in, out := &in.ConnectionID, &out.ConnectionID + *out = new(string) + **out = **in + } + if in.FileFormat != nil { + in, out := &in.FileFormat, &out.FileFormat + *out = new(string) + **out = **in + } + if in.StorageURI != nil { + in, out := &in.StorageURI, &out.StorageURI + *out = new(string) + **out = **in + } + if in.TableFormat != nil { + in, out := &in.TableFormat, &out.TableFormat + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BiglakeConfigurationObservation. +func (in *BiglakeConfigurationObservation) DeepCopy() *BiglakeConfigurationObservation { + if in == nil { + return nil + } + out := new(BiglakeConfigurationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BiglakeConfigurationParameters) DeepCopyInto(out *BiglakeConfigurationParameters) { + *out = *in + if in.ConnectionID != nil { + in, out := &in.ConnectionID, &out.ConnectionID + *out = new(string) + **out = **in + } + if in.FileFormat != nil { + in, out := &in.FileFormat, &out.FileFormat + *out = new(string) + **out = **in + } + if in.StorageURI != nil { + in, out := &in.StorageURI, &out.StorageURI + *out = new(string) + **out = **in + } + if in.TableFormat != nil { + in, out := &in.TableFormat, &out.TableFormat + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BiglakeConfigurationParameters. +func (in *BiglakeConfigurationParameters) DeepCopy() *BiglakeConfigurationParameters { + if in == nil { + return nil + } + out := new(BiglakeConfigurationParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BigqueryDatasetInitParameters) DeepCopyInto(out *BigqueryDatasetInitParameters) { *out = *in @@ -1415,6 +1640,13 @@ func (in *BigqueryDatasetInitParameters) DeepCopyInto(out *BigqueryDatasetInitPa *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SelectedResources != nil { + in, out := &in.SelectedResources, &out.SelectedResources + *out = make([]SelectedResourcesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BigqueryDatasetInitParameters. @@ -1435,6 +1667,13 @@ func (in *BigqueryDatasetObservation) DeepCopyInto(out *BigqueryDatasetObservati *out = new(string) **out = **in } + if in.SelectedResources != nil { + in, out := &in.SelectedResources, &out.SelectedResources + *out = make([]SelectedResourcesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BigqueryDatasetObservation. @@ -1465,6 +1704,13 @@ func (in *BigqueryDatasetParameters) DeepCopyInto(out *BigqueryDatasetParameters *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SelectedResources != nil { + in, out := &in.SelectedResources, &out.SelectedResources + *out = make([]SelectedResourcesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BigqueryDatasetParameters. @@ -3171,6 +3417,11 @@ func (in *DataTransferConfigInitParameters) DeepCopyInto(out *DataTransferConfig *out = new(EmailPreferencesInitParameters) (*in).DeepCopyInto(*out) } + if in.EncryptionConfiguration != nil { + in, out := &in.EncryptionConfiguration, &out.EncryptionConfiguration + *out = new(EncryptionConfigurationInitParameters) + (*in).DeepCopyInto(*out) + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -3299,6 +3550,11 @@ func (in *DataTransferConfigObservation) DeepCopyInto(out *DataTransferConfigObs *out = new(EmailPreferencesObservation) (*in).DeepCopyInto(*out) } + if in.EncryptionConfiguration != nil { + in, out := &in.EncryptionConfiguration, &out.EncryptionConfiguration + *out = new(EncryptionConfigurationObservation) + (*in).DeepCopyInto(*out) + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -3415,6 +3671,11 @@ func (in *DataTransferConfigParameters) DeepCopyInto(out *DataTransferConfigPara *out = new(EmailPreferencesParameters) (*in).DeepCopyInto(*out) } + if in.EncryptionConfiguration != nil { + in, out := &in.EncryptionConfiguration, &out.EncryptionConfiguration + *out = new(EncryptionConfigurationParameters) + (*in).DeepCopyInto(*out) + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -3567,6 +3828,111 @@ func (in *DatasetAccess) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DatasetAccessConditionInitParameters) DeepCopyInto(out *DatasetAccessConditionInitParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatasetAccessConditionInitParameters. +func (in *DatasetAccessConditionInitParameters) DeepCopy() *DatasetAccessConditionInitParameters { + if in == nil { + return nil + } + out := new(DatasetAccessConditionInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DatasetAccessConditionObservation) DeepCopyInto(out *DatasetAccessConditionObservation) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatasetAccessConditionObservation. +func (in *DatasetAccessConditionObservation) DeepCopy() *DatasetAccessConditionObservation { + if in == nil { + return nil + } + out := new(DatasetAccessConditionObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DatasetAccessConditionParameters) DeepCopyInto(out *DatasetAccessConditionParameters) { + *out = *in + if in.Description != nil { + in, out := &in.Description, &out.Description + *out = new(string) + **out = **in + } + if in.Expression != nil { + in, out := &in.Expression, &out.Expression + *out = new(string) + **out = **in + } + if in.Location != nil { + in, out := &in.Location, &out.Location + *out = new(string) + **out = **in + } + if in.Title != nil { + in, out := &in.Title, &out.Title + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatasetAccessConditionParameters. +func (in *DatasetAccessConditionParameters) DeepCopy() *DatasetAccessConditionParameters { + if in == nil { + return nil + } + out := new(DatasetAccessConditionParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DatasetAccessDatasetDatasetInitParameters) DeepCopyInto(out *DatasetAccessDatasetDatasetInitParameters) { *out = *in @@ -3758,6 +4124,11 @@ func (in *DatasetAccessDatasetParameters) DeepCopy() *DatasetAccessDatasetParame // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DatasetAccessInitParameters) DeepCopyInto(out *DatasetAccessInitParameters) { *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(DatasetAccessConditionInitParameters) + (*in).DeepCopyInto(*out) + } if in.Dataset != nil { in, out := &in.Dataset, &out.Dataset *out = new(DatasetAccessDatasetInitParameters) @@ -3885,6 +4256,11 @@ func (in *DatasetAccessObservation) DeepCopyInto(out *DatasetAccessObservation) *out = new(bool) **out = **in } + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(DatasetAccessConditionObservation) + (*in).DeepCopyInto(*out) + } if in.Dataset != nil { in, out := &in.Dataset, &out.Dataset *out = new(DatasetAccessDatasetObservation) @@ -3960,6 +4336,11 @@ func (in *DatasetAccessObservation) DeepCopy() *DatasetAccessObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DatasetAccessParameters) DeepCopyInto(out *DatasetAccessParameters) { *out = *in + if in.Condition != nil { + in, out := &in.Condition, &out.Condition + *out = new(DatasetAccessConditionParameters) + (*in).DeepCopyInto(*out) + } if in.Dataset != nil { in, out := &in.Dataset, &out.Dataset *out = new(DatasetAccessDatasetParameters) @@ -5757,16 +6138,6 @@ func (in *DestinationEncryptionConfigurationInitParameters) DeepCopyInto(out *De *out = new(string) **out = **in } - if in.KMSKeyNameRef != nil { - in, out := &in.KMSKeyNameRef, &out.KMSKeyNameRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.KMSKeyNameSelector != nil { - in, out := &in.KMSKeyNameSelector, &out.KMSKeyNameSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationEncryptionConfigurationInitParameters. @@ -5812,16 +6183,6 @@ func (in *DestinationEncryptionConfigurationParameters) DeepCopyInto(out *Destin *out = new(string) **out = **in } - if in.KMSKeyNameRef != nil { - in, out := &in.KMSKeyNameRef, &out.KMSKeyNameRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.KMSKeyNameSelector != nil { - in, out := &in.KMSKeyNameSelector, &out.KMSKeyNameSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationEncryptionConfigurationParameters. @@ -6032,6 +6393,16 @@ func (in *EncryptionConfigurationInitParameters) DeepCopyInto(out *EncryptionCon *out = new(string) **out = **in } + if in.KMSKeyNameRef != nil { + in, out := &in.KMSKeyNameRef, &out.KMSKeyNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.KMSKeyNameSelector != nil { + in, out := &in.KMSKeyNameSelector, &out.KMSKeyNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfigurationInitParameters. @@ -6052,11 +6423,6 @@ func (in *EncryptionConfigurationObservation) DeepCopyInto(out *EncryptionConfig *out = new(string) **out = **in } - if in.KMSKeyVersion != nil { - in, out := &in.KMSKeyVersion, &out.KMSKeyVersion - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfigurationObservation. @@ -6077,6 +6443,16 @@ func (in *EncryptionConfigurationParameters) DeepCopyInto(out *EncryptionConfigu *out = new(string) **out = **in } + if in.KMSKeyNameRef != nil { + in, out := &in.KMSKeyNameRef, &out.KMSKeyNameRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.KMSKeyNameSelector != nil { + in, out := &in.KMSKeyNameSelector, &out.KMSKeyNameSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfigurationParameters. @@ -9560,11 +9936,6 @@ func (in *ReservationInitParameters) DeepCopyInto(out *ReservationInitParameters *out = new(bool) **out = **in } - if in.MultiRegionAuxiliary != nil { - in, out := &in.MultiRegionAuxiliary, &out.MultiRegionAuxiliary - *out = new(bool) - **out = **in - } if in.SlotCapacity != nil { in, out := &in.SlotCapacity, &out.SlotCapacity *out = new(float64) @@ -9647,11 +10018,6 @@ func (in *ReservationObservation) DeepCopyInto(out *ReservationObservation) { *out = new(string) **out = **in } - if in.MultiRegionAuxiliary != nil { - in, out := &in.MultiRegionAuxiliary, &out.MultiRegionAuxiliary - *out = new(bool) - **out = **in - } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -9702,11 +10068,6 @@ func (in *ReservationParameters) DeepCopyInto(out *ReservationParameters) { *out = new(string) **out = **in } - if in.MultiRegionAuxiliary != nil { - in, out := &in.MultiRegionAuxiliary, &out.MultiRegionAuxiliary - *out = new(bool) - **out = **in - } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -9797,6 +10158,11 @@ func (in *RestrictedExportConfigObservation) DeepCopyInto(out *RestrictedExportC *out = new(bool) **out = **in } + if in.RestrictDirectTableAccess != nil { + in, out := &in.RestrictDirectTableAccess, &out.RestrictDirectTableAccess + *out = new(bool) + **out = **in + } if in.RestrictQueryResult != nil { in, out := &in.RestrictQueryResult, &out.RestrictQueryResult *out = new(bool) @@ -10562,6 +10928,86 @@ func (in *ScriptOptionsParameters) DeepCopy() *ScriptOptionsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SelectedResourcesInitParameters) DeepCopyInto(out *SelectedResourcesInitParameters) { + *out = *in + if in.Table != nil { + in, out := &in.Table, &out.Table + *out = new(string) + **out = **in + } + if in.TableRef != nil { + in, out := &in.TableRef, &out.TableRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TableSelector != nil { + in, out := &in.TableSelector, &out.TableSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectedResourcesInitParameters. +func (in *SelectedResourcesInitParameters) DeepCopy() *SelectedResourcesInitParameters { + if in == nil { + return nil + } + out := new(SelectedResourcesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SelectedResourcesObservation) DeepCopyInto(out *SelectedResourcesObservation) { + *out = *in + if in.Table != nil { + in, out := &in.Table, &out.Table + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectedResourcesObservation. +func (in *SelectedResourcesObservation) DeepCopy() *SelectedResourcesObservation { + if in == nil { + return nil + } + out := new(SelectedResourcesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SelectedResourcesParameters) DeepCopyInto(out *SelectedResourcesParameters) { + *out = *in + if in.Table != nil { + in, out := &in.Table, &out.Table + *out = new(string) + **out = **in + } + if in.TableRef != nil { + in, out := &in.TableRef, &out.TableRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.TableSelector != nil { + in, out := &in.TableSelector, &out.TableSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectedResourcesParameters. +func (in *SelectedResourcesParameters) DeepCopy() *SelectedResourcesParameters { + if in == nil { + return nil + } + out := new(SelectedResourcesParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SensitiveParamsInitParameters) DeepCopyInto(out *SensitiveParamsInitParameters) { *out = *in @@ -11571,6 +12017,71 @@ func (in *TableConstraintsParameters) DeepCopy() *TableConstraintsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableEncryptionConfigurationInitParameters) DeepCopyInto(out *TableEncryptionConfigurationInitParameters) { + *out = *in + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableEncryptionConfigurationInitParameters. +func (in *TableEncryptionConfigurationInitParameters) DeepCopy() *TableEncryptionConfigurationInitParameters { + if in == nil { + return nil + } + out := new(TableEncryptionConfigurationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableEncryptionConfigurationObservation) DeepCopyInto(out *TableEncryptionConfigurationObservation) { + *out = *in + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } + if in.KMSKeyVersion != nil { + in, out := &in.KMSKeyVersion, &out.KMSKeyVersion + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableEncryptionConfigurationObservation. +func (in *TableEncryptionConfigurationObservation) DeepCopy() *TableEncryptionConfigurationObservation { + if in == nil { + return nil + } + out := new(TableEncryptionConfigurationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TableEncryptionConfigurationParameters) DeepCopyInto(out *TableEncryptionConfigurationParameters) { + *out = *in + if in.KMSKeyName != nil { + in, out := &in.KMSKeyName, &out.KMSKeyName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TableEncryptionConfigurationParameters. +func (in *TableEncryptionConfigurationParameters) DeepCopy() *TableEncryptionConfigurationParameters { + if in == nil { + return nil + } + out := new(TableEncryptionConfigurationParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TableIAMBinding) DeepCopyInto(out *TableIAMBinding) { *out = *in @@ -12290,10 +12801,10 @@ func (in *TableIAMMemberStatus) DeepCopy() *TableIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TableInitParameters) DeepCopyInto(out *TableInitParameters) { *out = *in - if in.AllowResourceTagsOnDeletion != nil { - in, out := &in.AllowResourceTagsOnDeletion, &out.AllowResourceTagsOnDeletion - *out = new(bool) - **out = **in + if in.BiglakeConfiguration != nil { + in, out := &in.BiglakeConfiguration, &out.BiglakeConfiguration + *out = new(BiglakeConfigurationInitParameters) + (*in).DeepCopyInto(*out) } if in.Clustering != nil { in, out := &in.Clustering, &out.Clustering @@ -12318,7 +12829,7 @@ func (in *TableInitParameters) DeepCopyInto(out *TableInitParameters) { } if in.EncryptionConfiguration != nil { in, out := &in.EncryptionConfiguration, &out.EncryptionConfiguration - *out = new(EncryptionConfigurationInitParameters) + *out = new(TableEncryptionConfigurationInitParameters) (*in).DeepCopyInto(*out) } if in.ExpirationTime != nil { @@ -12460,10 +12971,10 @@ func (in *TableList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TableObservation) DeepCopyInto(out *TableObservation) { *out = *in - if in.AllowResourceTagsOnDeletion != nil { - in, out := &in.AllowResourceTagsOnDeletion, &out.AllowResourceTagsOnDeletion - *out = new(bool) - **out = **in + if in.BiglakeConfiguration != nil { + in, out := &in.BiglakeConfiguration, &out.BiglakeConfiguration + *out = new(BiglakeConfigurationObservation) + (*in).DeepCopyInto(*out) } if in.Clustering != nil { in, out := &in.Clustering, &out.Clustering @@ -12514,7 +13025,7 @@ func (in *TableObservation) DeepCopyInto(out *TableObservation) { } if in.EncryptionConfiguration != nil { in, out := &in.EncryptionConfiguration, &out.EncryptionConfiguration - *out = new(EncryptionConfigurationObservation) + *out = new(TableEncryptionConfigurationObservation) (*in).DeepCopyInto(*out) } if in.Etag != nil { @@ -12690,10 +13201,10 @@ func (in *TableObservation) DeepCopy() *TableObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TableParameters) DeepCopyInto(out *TableParameters) { *out = *in - if in.AllowResourceTagsOnDeletion != nil { - in, out := &in.AllowResourceTagsOnDeletion, &out.AllowResourceTagsOnDeletion - *out = new(bool) - **out = **in + if in.BiglakeConfiguration != nil { + in, out := &in.BiglakeConfiguration, &out.BiglakeConfiguration + *out = new(BiglakeConfigurationParameters) + (*in).DeepCopyInto(*out) } if in.Clustering != nil { in, out := &in.Clustering, &out.Clustering @@ -12733,7 +13244,7 @@ func (in *TableParameters) DeepCopyInto(out *TableParameters) { } if in.EncryptionConfiguration != nil { in, out := &in.EncryptionConfiguration, &out.EncryptionConfiguration - *out = new(EncryptionConfigurationParameters) + *out = new(TableEncryptionConfigurationParameters) (*in).DeepCopyInto(*out) } if in.ExpirationTime != nil { diff --git a/apis/bigquery/v1beta2/zz_generated.resolvers.go b/apis/bigquery/v1beta2/zz_generated.resolvers.go index 65851bc01..34f9726a0 100644 --- a/apis/bigquery/v1beta2/zz_generated.resolvers.go +++ b/apis/bigquery/v1beta2/zz_generated.resolvers.go @@ -97,6 +97,29 @@ func (mg *AnalyticsHubListing) ResolveReferences(ctx context.Context, c client.R mg.Spec.ForProvider.BigqueryDataset.DatasetRef = rsp.ResolvedReference } + if mg.Spec.ForProvider.BigqueryDataset != nil { + for i4 := 0; i4 < len(mg.Spec.ForProvider.BigqueryDataset.SelectedResources); i4++ { + { + m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta2", "Table", "TableList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.BigqueryDataset.SelectedResources[i4].Table), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.BigqueryDataset.SelectedResources[i4].TableRef, + Selector: mg.Spec.ForProvider.BigqueryDataset.SelectedResources[i4].TableSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.BigqueryDataset.SelectedResources[i4].Table") + } + mg.Spec.ForProvider.BigqueryDataset.SelectedResources[i4].Table = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.BigqueryDataset.SelectedResources[i4].TableRef = rsp.ResolvedReference + + } + } { m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta1", "AnalyticsHubDataExchange", "AnalyticsHubDataExchangeList") if err != nil { @@ -137,6 +160,29 @@ func (mg *AnalyticsHubListing) ResolveReferences(ctx context.Context, c client.R mg.Spec.InitProvider.BigqueryDataset.DatasetRef = rsp.ResolvedReference } + if mg.Spec.InitProvider.BigqueryDataset != nil { + for i4 := 0; i4 < len(mg.Spec.InitProvider.BigqueryDataset.SelectedResources); i4++ { + { + m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta2", "Table", "TableList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.BigqueryDataset.SelectedResources[i4].Table), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.BigqueryDataset.SelectedResources[i4].TableRef, + Selector: mg.Spec.InitProvider.BigqueryDataset.SelectedResources[i4].TableSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.BigqueryDataset.SelectedResources[i4].Table") + } + mg.Spec.InitProvider.BigqueryDataset.SelectedResources[i4].Table = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.BigqueryDataset.SelectedResources[i4].TableRef = rsp.ResolvedReference + + } + } return nil } @@ -357,12 +403,33 @@ func (mg *DataTransferConfig) ResolveReferences(ctx context.Context, c client.Re } mg.Spec.ForProvider.DestinationDatasetID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.DestinationDatasetIDRef = rsp.ResolvedReference + + if mg.Spec.ForProvider.EncryptionConfiguration != nil { + { + m, l, err = apisresolver.GetManagedResource("kms.gcp.upbound.io", "v1beta2", "CryptoKey", "CryptoKeyList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.EncryptionConfiguration.KMSKeyName), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.EncryptionConfiguration.KMSKeyNameRef, + Selector: mg.Spec.ForProvider.EncryptionConfiguration.KMSKeyNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.EncryptionConfiguration.KMSKeyName") + } + mg.Spec.ForProvider.EncryptionConfiguration.KMSKeyName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.EncryptionConfiguration.KMSKeyNameRef = rsp.ResolvedReference + + } { m, l, err = apisresolver.GetManagedResource("bigquery.gcp.upbound.io", "v1beta2", "Dataset", "DatasetList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.DestinationDatasetID), Extract: reference.ExternalName(), @@ -377,6 +444,28 @@ func (mg *DataTransferConfig) ResolveReferences(ctx context.Context, c client.Re mg.Spec.InitProvider.DestinationDatasetID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.DestinationDatasetIDRef = rsp.ResolvedReference + if mg.Spec.InitProvider.EncryptionConfiguration != nil { + { + m, l, err = apisresolver.GetManagedResource("kms.gcp.upbound.io", "v1beta2", "CryptoKey", "CryptoKeyList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.EncryptionConfiguration.KMSKeyName), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.EncryptionConfiguration.KMSKeyNameRef, + Selector: mg.Spec.InitProvider.EncryptionConfiguration.KMSKeyNameSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.EncryptionConfiguration.KMSKeyName") + } + mg.Spec.InitProvider.EncryptionConfiguration.KMSKeyName = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.EncryptionConfiguration.KMSKeyNameRef = rsp.ResolvedReference + + } + return nil } @@ -1081,29 +1170,6 @@ func (mg *Job) ResolveReferences(ctx context.Context, c client.Reader) error { var rsp reference.ResolutionResponse var err error - if mg.Spec.ForProvider.Copy != nil { - if mg.Spec.ForProvider.Copy.DestinationEncryptionConfiguration != nil { - { - m, l, err = apisresolver.GetManagedResource("kms.gcp.upbound.io", "v1beta2", "CryptoKey", "CryptoKeyList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Copy.DestinationEncryptionConfiguration.KMSKeyName), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.ForProvider.Copy.DestinationEncryptionConfiguration.KMSKeyNameRef, - Selector: mg.Spec.ForProvider.Copy.DestinationEncryptionConfiguration.KMSKeyNameSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.ForProvider.Copy.DestinationEncryptionConfiguration.KMSKeyName") - } - mg.Spec.ForProvider.Copy.DestinationEncryptionConfiguration.KMSKeyName = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.ForProvider.Copy.DestinationEncryptionConfiguration.KMSKeyNameRef = rsp.ResolvedReference - - } - } if mg.Spec.ForProvider.Copy != nil { if mg.Spec.ForProvider.Copy.DestinationTable != nil { { @@ -1311,29 +1377,6 @@ func (mg *Job) ResolveReferences(ctx context.Context, c client.Reader) error { } } - if mg.Spec.InitProvider.Copy != nil { - if mg.Spec.InitProvider.Copy.DestinationEncryptionConfiguration != nil { - { - m, l, err = apisresolver.GetManagedResource("kms.gcp.upbound.io", "v1beta2", "CryptoKey", "CryptoKeyList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Copy.DestinationEncryptionConfiguration.KMSKeyName), - Extract: resource.ExtractResourceID(), - Reference: mg.Spec.InitProvider.Copy.DestinationEncryptionConfiguration.KMSKeyNameRef, - Selector: mg.Spec.InitProvider.Copy.DestinationEncryptionConfiguration.KMSKeyNameSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.InitProvider.Copy.DestinationEncryptionConfiguration.KMSKeyName") - } - mg.Spec.InitProvider.Copy.DestinationEncryptionConfiguration.KMSKeyName = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.InitProvider.Copy.DestinationEncryptionConfiguration.KMSKeyNameRef = rsp.ResolvedReference - - } - } if mg.Spec.InitProvider.Copy != nil { if mg.Spec.InitProvider.Copy.DestinationTable != nil { { diff --git a/apis/bigquery/v1beta2/zz_job_types.go b/apis/bigquery/v1beta2/zz_job_types.go index cc4193698..e49adb116 100755 --- a/apis/bigquery/v1beta2/zz_job_types.go +++ b/apis/bigquery/v1beta2/zz_job_types.go @@ -170,17 +170,7 @@ type DestinationEncryptionConfigurationInitParameters struct { // Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. // The BigQuery Service Account associated with your project requires access to this encryption key. - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/kms/v1beta2.CryptoKey - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` - - // Reference to a CryptoKey in kms to populate kmsKeyName. - // +kubebuilder:validation:Optional - KMSKeyNameRef *v1.Reference `json:"kmsKeyNameRef,omitempty" tf:"-"` - - // Selector for a CryptoKey in kms to populate kmsKeyName. - // +kubebuilder:validation:Optional - KMSKeyNameSelector *v1.Selector `json:"kmsKeyNameSelector,omitempty" tf:"-"` } type DestinationEncryptionConfigurationObservation struct { @@ -198,18 +188,8 @@ type DestinationEncryptionConfigurationParameters struct { // Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. // The BigQuery Service Account associated with your project requires access to this encryption key. - // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/kms/v1beta2.CryptoKey - // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() // +kubebuilder:validation:Optional - KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` - - // Reference to a CryptoKey in kms to populate kmsKeyName. - // +kubebuilder:validation:Optional - KMSKeyNameRef *v1.Reference `json:"kmsKeyNameRef,omitempty" tf:"-"` - - // Selector for a CryptoKey in kms to populate kmsKeyName. - // +kubebuilder:validation:Optional - KMSKeyNameSelector *v1.Selector `json:"kmsKeyNameSelector,omitempty" tf:"-"` + KMSKeyName *string `json:"kmsKeyName" tf:"kms_key_name,omitempty"` } type DestinationTableInitParameters struct { diff --git a/apis/bigquery/v1beta2/zz_reservation_types.go b/apis/bigquery/v1beta2/zz_reservation_types.go index 49f2cadf0..edd29df64 100755 --- a/apis/bigquery/v1beta2/zz_reservation_types.go +++ b/apis/bigquery/v1beta2/zz_reservation_types.go @@ -53,10 +53,6 @@ type ReservationInitParameters struct { // capacity specified above at most. IgnoreIdleSlots *bool `json:"ignoreIdleSlots,omitempty" tf:"ignore_idle_slots,omitempty"` - // Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - // If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. - MultiRegionAuxiliary *bool `json:"multiRegionAuxiliary,omitempty" tf:"multi_region_auxiliary,omitempty"` - // Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the // unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. SlotCapacity *float64 `json:"slotCapacity,omitempty" tf:"slot_capacity,omitempty"` @@ -86,10 +82,6 @@ type ReservationObservation struct { // Examples: US, EU, asia-northeast1. The default value is US. Location *string `json:"location,omitempty" tf:"location,omitempty"` - // Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - // If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. - MultiRegionAuxiliary *bool `json:"multiRegionAuxiliary,omitempty" tf:"multi_region_auxiliary,omitempty"` - // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -125,11 +117,6 @@ type ReservationParameters struct { // +kubebuilder:validation:Optional Location *string `json:"location,omitempty" tf:"location,omitempty"` - // Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - // If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. - // +kubebuilder:validation:Optional - MultiRegionAuxiliary *bool `json:"multiRegionAuxiliary,omitempty" tf:"multi_region_auxiliary,omitempty"` - // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional diff --git a/apis/bigquery/v1beta2/zz_table_types.go b/apis/bigquery/v1beta2/zz_table_types.go index 7aa16427d..97204eaaa 100755 --- a/apis/bigquery/v1beta2/zz_table_types.go +++ b/apis/bigquery/v1beta2/zz_table_types.go @@ -38,6 +38,67 @@ type AvroOptionsParameters struct { UseAvroLogicalTypes *bool `json:"useAvroLogicalTypes" tf:"use_avro_logical_types,omitempty"` } +type BiglakeConfigurationInitParameters struct { + + // The connection specifying the credentials to be used to + // read and write to external storage, such as Cloud Storage. The connection_id can + // have the form ".." or + // projects//locations//connections/". + ConnectionID *string `json:"connectionId,omitempty" tf:"connection_id,omitempty"` + + // The file format the table data is stored in. + FileFormat *string `json:"fileFormat,omitempty" tf:"file_format,omitempty"` + + // The fully qualified location prefix of the external folder where table data + // is stored. The '*' wildcard character is not allowed. The URI should be in the format "gs://bucket/path_to_table/" + StorageURI *string `json:"storageUri,omitempty" tf:"storage_uri,omitempty"` + + // The table format the metadata only snapshots are stored in. + TableFormat *string `json:"tableFormat,omitempty" tf:"table_format,omitempty"` +} + +type BiglakeConfigurationObservation struct { + + // The connection specifying the credentials to be used to + // read and write to external storage, such as Cloud Storage. The connection_id can + // have the form ".." or + // projects//locations//connections/". + ConnectionID *string `json:"connectionId,omitempty" tf:"connection_id,omitempty"` + + // The file format the table data is stored in. + FileFormat *string `json:"fileFormat,omitempty" tf:"file_format,omitempty"` + + // The fully qualified location prefix of the external folder where table data + // is stored. The '*' wildcard character is not allowed. The URI should be in the format "gs://bucket/path_to_table/" + StorageURI *string `json:"storageUri,omitempty" tf:"storage_uri,omitempty"` + + // The table format the metadata only snapshots are stored in. + TableFormat *string `json:"tableFormat,omitempty" tf:"table_format,omitempty"` +} + +type BiglakeConfigurationParameters struct { + + // The connection specifying the credentials to be used to + // read and write to external storage, such as Cloud Storage. The connection_id can + // have the form ".." or + // projects//locations//connections/". + // +kubebuilder:validation:Optional + ConnectionID *string `json:"connectionId" tf:"connection_id,omitempty"` + + // The file format the table data is stored in. + // +kubebuilder:validation:Optional + FileFormat *string `json:"fileFormat" tf:"file_format,omitempty"` + + // The fully qualified location prefix of the external folder where table data + // is stored. The '*' wildcard character is not allowed. The URI should be in the format "gs://bucket/path_to_table/" + // +kubebuilder:validation:Optional + StorageURI *string `json:"storageUri" tf:"storage_uri,omitempty"` + + // The table format the metadata only snapshots are stored in. + // +kubebuilder:validation:Optional + TableFormat *string `json:"tableFormat" tf:"table_format,omitempty"` +} + type BigtableOptionsInitParameters struct { // A list of column families to expose in the table schema along with their types. This list restricts the column families that can be referenced in queries and specifies their value types. You can use this list to do type conversions - see the 'type' field for more details. If you leave this list empty, all column families are present in the table schema and their values are read as BYTES. During a query only the column families referenced in that query are read from Bigtable. Structure is documented below. @@ -217,32 +278,32 @@ type ColumnParameters struct { type ColumnReferencesInitParameters struct { - // : The column in the primary key that are + // The column in the primary key that are // referenced by the referencingColumn ReferencedColumn *string `json:"referencedColumn,omitempty" tf:"referenced_column,omitempty"` - // : The column that composes the foreign key. + // The column that composes the foreign key. ReferencingColumn *string `json:"referencingColumn,omitempty" tf:"referencing_column,omitempty"` } type ColumnReferencesObservation struct { - // : The column in the primary key that are + // The column in the primary key that are // referenced by the referencingColumn ReferencedColumn *string `json:"referencedColumn,omitempty" tf:"referenced_column,omitempty"` - // : The column that composes the foreign key. + // The column that composes the foreign key. ReferencingColumn *string `json:"referencingColumn,omitempty" tf:"referencing_column,omitempty"` } type ColumnReferencesParameters struct { - // : The column in the primary key that are + // The column in the primary key that are // referenced by the referencingColumn // +kubebuilder:validation:Optional ReferencedColumn *string `json:"referencedColumn" tf:"referenced_column,omitempty"` - // : The column that composes the foreign key. + // The column that composes the foreign key. // +kubebuilder:validation:Optional ReferencingColumn *string `json:"referencingColumn" tf:"referencing_column,omitempty"` } @@ -340,43 +401,9 @@ type CsvOptionsParameters struct { SkipLeadingRows *float64 `json:"skipLeadingRows,omitempty" tf:"skip_leading_rows,omitempty"` } -type EncryptionConfigurationInitParameters struct { - - // The self link or full name of a key which should be used to - // encrypt this table. Note that the default bigquery service account will need to have - // encrypt/decrypt permissions on this key - you may want to see the - // google_bigquery_default_service_account datasource and the - // google_kms_crypto_key_iam_binding resource. - KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` -} - -type EncryptionConfigurationObservation struct { - - // The self link or full name of a key which should be used to - // encrypt this table. Note that the default bigquery service account will need to have - // encrypt/decrypt permissions on this key - you may want to see the - // google_bigquery_default_service_account datasource and the - // google_kms_crypto_key_iam_binding resource. - KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` - - // The self link or full name of the kms key version used to encrypt this table. - KMSKeyVersion *string `json:"kmsKeyVersion,omitempty" tf:"kms_key_version,omitempty"` -} - -type EncryptionConfigurationParameters struct { - - // The self link or full name of a key which should be used to - // encrypt this table. Note that the default bigquery service account will need to have - // encrypt/decrypt permissions on this key - you may want to see the - // google_bigquery_default_service_account datasource and the - // google_kms_crypto_key_iam_binding resource. - // +kubebuilder:validation:Optional - KMSKeyName *string `json:"kmsKeyName" tf:"kms_key_name,omitempty"` -} - type ExternalDataConfigurationInitParameters struct { - // - Let BigQuery try to autodetect the schema + // Let BigQuery try to autodetect the schema // and format of the table. Autodetect *bool `json:"autodetect,omitempty" tf:"autodetect,omitempty"` @@ -476,7 +503,7 @@ type ExternalDataConfigurationInitParameters struct { type ExternalDataConfigurationObservation struct { - // - Let BigQuery try to autodetect the schema + // Let BigQuery try to autodetect the schema // and format of the table. Autodetect *bool `json:"autodetect,omitempty" tf:"autodetect,omitempty"` @@ -576,7 +603,7 @@ type ExternalDataConfigurationObservation struct { type ExternalDataConfigurationParameters struct { - // - Let BigQuery try to autodetect the schema + // Let BigQuery try to autodetect the schema // and format of the table. // +kubebuilder:validation:Optional Autodetect *bool `json:"autodetect" tf:"autodetect,omitempty"` @@ -725,14 +752,16 @@ type ExternalDataConfigurationParquetOptionsParameters struct { type ForeignKeysInitParameters struct { - // : The pair of the foreign key column and primary key column. + // The pair of the foreign key column and primary key column. // Structure is documented below. ColumnReferences *ColumnReferencesInitParameters `json:"columnReferences,omitempty" tf:"column_references,omitempty"` - // : Set only if the foreign key constraint is named. + // ) + // Name of the SerDe. + // The maximum length is 256 characters. Name *string `json:"name,omitempty" tf:"name,omitempty"` - // : The table that holds the primary key + // The table that holds the primary key // and is referenced by this foreign key. // Structure is documented below. ReferencedTable *ReferencedTableInitParameters `json:"referencedTable,omitempty" tf:"referenced_table,omitempty"` @@ -740,14 +769,16 @@ type ForeignKeysInitParameters struct { type ForeignKeysObservation struct { - // : The pair of the foreign key column and primary key column. + // The pair of the foreign key column and primary key column. // Structure is documented below. ColumnReferences *ColumnReferencesObservation `json:"columnReferences,omitempty" tf:"column_references,omitempty"` - // : Set only if the foreign key constraint is named. + // ) + // Name of the SerDe. + // The maximum length is 256 characters. Name *string `json:"name,omitempty" tf:"name,omitempty"` - // : The table that holds the primary key + // The table that holds the primary key // and is referenced by this foreign key. // Structure is documented below. ReferencedTable *ReferencedTableObservation `json:"referencedTable,omitempty" tf:"referenced_table,omitempty"` @@ -755,16 +786,18 @@ type ForeignKeysObservation struct { type ForeignKeysParameters struct { - // : The pair of the foreign key column and primary key column. + // The pair of the foreign key column and primary key column. // Structure is documented below. // +kubebuilder:validation:Optional ColumnReferences *ColumnReferencesParameters `json:"columnReferences" tf:"column_references,omitempty"` - // : Set only if the foreign key constraint is named. + // ) + // Name of the SerDe. + // The maximum length is 256 characters. // +kubebuilder:validation:Optional Name *string `json:"name,omitempty" tf:"name,omitempty"` - // : The table that holds the primary key + // The table that holds the primary key // and is referenced by this foreign key. // Structure is documented below. // +kubebuilder:validation:Optional @@ -960,19 +993,19 @@ type MaterializedViewParameters struct { type PrimaryKeyInitParameters struct { - // : The columns that are composed of the primary key constraint. + // The columns that are composed of the primary key constraint. Columns []*string `json:"columns,omitempty" tf:"columns,omitempty"` } type PrimaryKeyObservation struct { - // : The columns that are composed of the primary key constraint. + // The columns that are composed of the primary key constraint. Columns []*string `json:"columns,omitempty" tf:"columns,omitempty"` } type PrimaryKeyParameters struct { - // : The columns that are composed of the primary key constraint. + // The columns that are composed of the primary key constraint. // +kubebuilder:validation:Optional Columns []*string `json:"columns" tf:"columns,omitempty"` } @@ -1053,7 +1086,7 @@ type RangePartitioningParameters struct { type ReferencedTableInitParameters struct { - // : The ID of the project containing this table. + // The ID of the project containing this table. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // A unique ID for the resource. @@ -1063,10 +1096,10 @@ type ReferencedTableInitParameters struct { type ReferencedTableObservation struct { - // : The ID of the dataset containing this table. + // The ID of the dataset containing this table. DatasetID *string `json:"datasetId,omitempty" tf:"dataset_id,omitempty"` - // : The ID of the project containing this table. + // The ID of the project containing this table. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // A unique ID for the resource. @@ -1076,11 +1109,11 @@ type ReferencedTableObservation struct { type ReferencedTableParameters struct { - // : The ID of the dataset containing this table. + // The ID of the dataset containing this table. // +kubebuilder:validation:Required DatasetID *string `json:"datasetId" tf:"dataset_id,omitempty"` - // : The ID of the project containing this table. + // The ID of the project containing this table. // +kubebuilder:validation:Optional ProjectID *string `json:"projectId" tf:"project_id,omitempty"` @@ -1134,12 +1167,44 @@ type TableConstraintsParameters struct { PrimaryKey *PrimaryKeyParameters `json:"primaryKey,omitempty" tf:"primary_key,omitempty"` } +type TableEncryptionConfigurationInitParameters struct { + + // The self link or full name of a key which should be used to + // encrypt this table. Note that the default bigquery service account will need to have + // encrypt/decrypt permissions on this key - you may want to see the + // google_bigquery_default_service_account datasource and the + // google_kms_crypto_key_iam_binding resource. + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` +} + +type TableEncryptionConfigurationObservation struct { + + // The self link or full name of a key which should be used to + // encrypt this table. Note that the default bigquery service account will need to have + // encrypt/decrypt permissions on this key - you may want to see the + // google_bigquery_default_service_account datasource and the + // google_kms_crypto_key_iam_binding resource. + KMSKeyName *string `json:"kmsKeyName,omitempty" tf:"kms_key_name,omitempty"` + + // The self link or full name of the kms key version used to encrypt this table. + KMSKeyVersion *string `json:"kmsKeyVersion,omitempty" tf:"kms_key_version,omitempty"` +} + +type TableEncryptionConfigurationParameters struct { + + // The self link or full name of a key which should be used to + // encrypt this table. Note that the default bigquery service account will need to have + // encrypt/decrypt permissions on this key - you may want to see the + // google_bigquery_default_service_account datasource and the + // google_kms_crypto_key_iam_binding resource. + // +kubebuilder:validation:Optional + KMSKeyName *string `json:"kmsKeyName" tf:"kms_key_name,omitempty"` +} + type TableInitParameters struct { - // If set to true, it allows table - // deletion when there are still resource tags attached. The default value is - // false. - AllowResourceTagsOnDeletion *bool `json:"allowResourceTagsOnDeletion,omitempty" tf:"allow_resource_tags_on_deletion,omitempty"` + // Specifies the configuration of a BigLake managed table. Structure is documented below + BiglakeConfiguration *BiglakeConfigurationInitParameters `json:"biglakeConfiguration,omitempty" tf:"biglake_configuration,omitempty"` // Specifies column names to use for data clustering. // Up to four top-level columns are allowed, and should be specified in @@ -1155,7 +1220,7 @@ type TableInitParameters struct { // Specifies how the table should be encrypted. // If left blank, the table will be encrypted with a Google-managed key; that process // is transparent to the user. Structure is documented below. - EncryptionConfiguration *EncryptionConfigurationInitParameters `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` + EncryptionConfiguration *TableEncryptionConfigurationInitParameters `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` // The time when this table expires, in // milliseconds since the epoch. If not present, the table will persist @@ -1180,7 +1245,7 @@ type TableInitParameters struct { // Structure is documented below. MaterializedView *MaterializedViewInitParameters `json:"materializedView,omitempty" tf:"materialized_view,omitempty"` - // : The maximum staleness of data that could be + // The maximum staleness of data that could be // returned when the table (or stale MV) is queried. Staleness encoded as a // string encoding of SQL IntervalValue // type. @@ -1227,10 +1292,8 @@ type TableInitParameters struct { type TableObservation struct { - // If set to true, it allows table - // deletion when there are still resource tags attached. The default value is - // false. - AllowResourceTagsOnDeletion *bool `json:"allowResourceTagsOnDeletion,omitempty" tf:"allow_resource_tags_on_deletion,omitempty"` + // Specifies the configuration of a BigLake managed table. Structure is documented below + BiglakeConfiguration *BiglakeConfigurationObservation `json:"biglakeConfiguration,omitempty" tf:"biglake_configuration,omitempty"` // Specifies column names to use for data clustering. // Up to four top-level columns are allowed, and should be specified in @@ -1256,7 +1319,7 @@ type TableObservation struct { // Specifies how the table should be encrypted. // If left blank, the table will be encrypted with a Google-managed key; that process // is transparent to the user. Structure is documented below. - EncryptionConfiguration *EncryptionConfigurationObservation `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` + EncryptionConfiguration *TableEncryptionConfigurationObservation `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` // A hash of the resource. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` @@ -1276,7 +1339,7 @@ type TableObservation struct { // A descriptive name for the table. FriendlyName *string `json:"friendlyName,omitempty" tf:"friendly_name,omitempty"` - // an identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + // An identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // A mapping of labels to assign to the resource. @@ -1293,7 +1356,7 @@ type TableObservation struct { // Structure is documented below. MaterializedView *MaterializedViewObservation `json:"materializedView,omitempty" tf:"materialized_view,omitempty"` - // : The maximum staleness of data that could be + // The maximum staleness of data that could be // returned when the table (or stale MV) is queried. Staleness encoded as a // string encoding of SQL IntervalValue // type. @@ -1363,11 +1426,9 @@ type TableObservation struct { type TableParameters struct { - // If set to true, it allows table - // deletion when there are still resource tags attached. The default value is - // false. + // Specifies the configuration of a BigLake managed table. Structure is documented below // +kubebuilder:validation:Optional - AllowResourceTagsOnDeletion *bool `json:"allowResourceTagsOnDeletion,omitempty" tf:"allow_resource_tags_on_deletion,omitempty"` + BiglakeConfiguration *BiglakeConfigurationParameters `json:"biglakeConfiguration,omitempty" tf:"biglake_configuration,omitempty"` // Specifies column names to use for data clustering. // Up to four top-level columns are allowed, and should be specified in @@ -1401,7 +1462,7 @@ type TableParameters struct { // If left blank, the table will be encrypted with a Google-managed key; that process // is transparent to the user. Structure is documented below. // +kubebuilder:validation:Optional - EncryptionConfiguration *EncryptionConfigurationParameters `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` + EncryptionConfiguration *TableEncryptionConfigurationParameters `json:"encryptionConfiguration,omitempty" tf:"encryption_configuration,omitempty"` // The time when this table expires, in // milliseconds since the epoch. If not present, the table will persist @@ -1431,7 +1492,7 @@ type TableParameters struct { // +kubebuilder:validation:Optional MaterializedView *MaterializedViewParameters `json:"materializedView,omitempty" tf:"materialized_view,omitempty"` - // : The maximum staleness of data that could be + // The maximum staleness of data that could be // returned when the table (or stale MV) is queried. Staleness encoded as a // string encoding of SQL IntervalValue // type. diff --git a/package/crds/bigquery.gcp.upbound.io_analyticshubdataexchanges.yaml b/package/crds/bigquery.gcp.upbound.io_analyticshubdataexchanges.yaml index a1c847d13..846a4c018 100644 --- a/package/crds/bigquery.gcp.upbound.io_analyticshubdataexchanges.yaml +++ b/package/crds/bigquery.gcp.upbound.io_analyticshubdataexchanges.yaml @@ -106,6 +106,21 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + sharingEnvironmentConfig: + description: |- + Configurable data sharing environment option for a data exchange. + This field is required for data clean room exchanges. + Structure is documented below. + properties: + dcrExchangeConfig: + description: Data Clean Room (DCR), used for privacy-safe + and secured data sharing. + type: object + defaultExchangeConfig: + description: Default Analytics Hub data exchange, used for + secured data sharing. + type: object + type: object type: object initProvider: description: |- @@ -152,6 +167,21 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + sharingEnvironmentConfig: + description: |- + Configurable data sharing environment option for a data exchange. + This field is required for data clean room exchanges. + Structure is documented below. + properties: + dcrExchangeConfig: + description: Data Clean Room (DCR), used for privacy-safe + and secured data sharing. + type: object + defaultExchangeConfig: + description: Default Analytics Hub data exchange, used for + secured data sharing. + type: object + type: object type: object managementPolicies: default: @@ -382,6 +412,21 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + sharingEnvironmentConfig: + description: |- + Configurable data sharing environment option for a data exchange. + This field is required for data clean room exchanges. + Structure is documented below. + properties: + dcrExchangeConfig: + description: Data Clean Room (DCR), used for privacy-safe + and secured data sharing. + type: object + defaultExchangeConfig: + description: Default Analytics Hub data exchange, used for + secured data sharing. + type: object + type: object type: object conditions: description: Conditions of the resource. diff --git a/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml b/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml index 8e63f68a3..eab2581bf 100644 --- a/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml +++ b/package/crds/bigquery.gcp.upbound.io_analyticshublistings.yaml @@ -996,6 +996,94 @@ spec: type: string type: object type: object + selectedResources: + description: |- + Resource in this dataset that is selectively shared. This field is required for data clean room exchanges. + Structure is documented below. + items: + properties: + table: + description: 'Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} + Example:"projects/test_project/datasets/test_dataset/tables/test_table"' + type: string + tableRef: + description: Reference to a Table in bigquery to populate + table. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + tableSelector: + description: Selector for a Table in bigquery to populate + table. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array type: object categories: description: Categories of the listing. Up to two categories are @@ -1118,7 +1206,8 @@ spec: description: The name of the location this data exchange listing. type: string primaryContact: - description: Email or URL of the listing publisher. + description: Email or URL of the primary point of contact of the + listing. type: string project: description: |- @@ -1255,6 +1344,94 @@ spec: type: string type: object type: object + selectedResources: + description: |- + Resource in this dataset that is selectively shared. This field is required for data clean room exchanges. + Structure is documented below. + items: + properties: + table: + description: 'Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} + Example:"projects/test_project/datasets/test_dataset/tables/test_table"' + type: string + tableRef: + description: Reference to a Table in bigquery to populate + table. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + tableSelector: + description: Selector for a Table in bigquery to populate + table. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array type: object categories: description: Categories of the listing. Up to two categories are @@ -1293,7 +1470,8 @@ spec: description: Base64 encoded image representing the listing. type: string primaryContact: - description: Email or URL of the listing publisher. + description: Email or URL of the primary point of contact of the + listing. type: string project: description: |- @@ -1520,6 +1698,18 @@ spec: description: Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123 type: string + selectedResources: + description: |- + Resource in this dataset that is selectively shared. This field is required for data clean room exchanges. + Structure is documented below. + items: + properties: + table: + description: 'Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} + Example:"projects/test_project/datasets/test_dataset/tables/test_table"' + type: string + type: object + type: array type: object categories: description: Categories of the listing. Up to two categories are @@ -1572,7 +1762,8 @@ spec: description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456" type: string primaryContact: - description: Email or URL of the listing publisher. + description: Email or URL of the primary point of contact of the + listing. type: string project: description: |- @@ -1603,6 +1794,11 @@ spec: enabled: description: If true, enable restricted export. type: boolean + restrictDirectTableAccess: + description: |- + (Output) + If true, restrict direct table access(read api/tabledata.list) on linked table. + type: boolean restrictQueryResult: description: If true, restrict export of query result derived from restricted linked dataset table. diff --git a/package/crds/bigquery.gcp.upbound.io_datasetaccesses.yaml b/package/crds/bigquery.gcp.upbound.io_datasetaccesses.yaml index 33aac8a86..2a2ede898 100644 --- a/package/crds/bigquery.gcp.upbound.io_datasetaccesses.yaml +++ b/package/crds/bigquery.gcp.upbound.io_datasetaccesses.yaml @@ -1960,6 +1960,32 @@ spec: type: string forProvider: properties: + condition: + description: |- + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + type: object dataset: description: |- Grants all resources of particular types in a particular dataset read access to the current dataset. @@ -2692,6 +2718,32 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + condition: + description: |- + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + type: object dataset: description: |- Grants all resources of particular types in a particular dataset read access to the current dataset. @@ -3585,6 +3637,32 @@ spec: properties: apiUpdatedMember: type: boolean + condition: + description: |- + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + type: object dataset: description: |- Grants all resources of particular types in a particular dataset read access to the current dataset. diff --git a/package/crds/bigquery.gcp.upbound.io_datasets.yaml b/package/crds/bigquery.gcp.upbound.io_datasets.yaml index c54eb8fa2..7eaa93fe0 100644 --- a/package/crds/bigquery.gcp.upbound.io_datasets.yaml +++ b/package/crds/bigquery.gcp.upbound.io_datasets.yaml @@ -2019,6 +2019,36 @@ spec: Structure is documented below. items: properties: + condition: + description: |- + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. + properties: + description: + description: A user-friendly description of the dataset + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See official docs. + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + The default value is multi-regional location US. + Changing this forces a new resource to be created. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + type: object dataset: description: |- Grants all resources of particular types in a particular dataset read access to the current dataset. @@ -2729,6 +2759,36 @@ spec: Structure is documented below. items: properties: + condition: + description: |- + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. + properties: + description: + description: A user-friendly description of the dataset + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See official docs. + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + The default value is multi-regional location US. + Changing this forces a new resource to be created. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + type: object dataset: description: |- Grants all resources of particular types in a particular dataset read access to the current dataset. @@ -3593,6 +3653,36 @@ spec: Structure is documented below. items: properties: + condition: + description: |- + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. + properties: + description: + description: A user-friendly description of the dataset + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See official docs. + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + The default value is multi-regional location US. + Changing this forces a new resource to be created. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + type: object dataset: description: |- Grants all resources of particular types in a particular dataset read access to the current dataset. diff --git a/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml b/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml index adcf7bd0b..a3ad889e4 100644 --- a/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml +++ b/package/crds/bigquery.gcp.upbound.io_datatransferconfigs.yaml @@ -1064,6 +1064,90 @@ spec: transfer run failures. type: boolean type: object + encryptionConfiguration: + description: |- + Represents the encryption configuration for a transfer. + Structure is documented below. + properties: + kmsKeyName: + description: The name of the KMS key used for encrypting BigQuery + data. + type: string + kmsKeyNameRef: + description: Reference to a CryptoKey in kms to populate kmsKeyName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + kmsKeyNameSelector: + description: Selector for a CryptoKey in kms to populate kmsKeyName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object location: description: |- The geographic location where the transfer config should reside. @@ -1288,6 +1372,90 @@ spec: transfer run failures. type: boolean type: object + encryptionConfiguration: + description: |- + Represents the encryption configuration for a transfer. + Structure is documented below. + properties: + kmsKeyName: + description: The name of the KMS key used for encrypting BigQuery + data. + type: string + kmsKeyNameRef: + description: Reference to a CryptoKey in kms to populate kmsKeyName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + kmsKeyNameSelector: + description: Selector for a CryptoKey in kms to populate kmsKeyName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object location: description: |- The geographic location where the transfer config should reside. @@ -1612,6 +1780,16 @@ spec: transfer run failures. type: boolean type: object + encryptionConfiguration: + description: |- + Represents the encryption configuration for a transfer. + Structure is documented below. + properties: + kmsKeyName: + description: The name of the KMS key used for encrypting BigQuery + data. + type: string + type: object id: description: an identifier for the resource with format {{name}} type: string diff --git a/package/crds/bigquery.gcp.upbound.io_jobs.yaml b/package/crds/bigquery.gcp.upbound.io_jobs.yaml index 1a8087608..a2e2dda1b 100644 --- a/package/crds/bigquery.gcp.upbound.io_jobs.yaml +++ b/package/crds/bigquery.gcp.upbound.io_jobs.yaml @@ -3764,82 +3764,6 @@ spec: Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. type: string - kmsKeyNameRef: - description: Reference to a CryptoKey in kms to populate - kmsKeyName. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - kmsKeyNameSelector: - description: Selector for a CryptoKey in kms to populate - kmsKeyName. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching - labels is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object type: object destinationTable: description: |- @@ -5072,82 +4996,6 @@ spec: Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key. type: string - kmsKeyNameRef: - description: Reference to a CryptoKey in kms to populate - kmsKeyName. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - kmsKeyNameSelector: - description: Selector for a CryptoKey in kms to populate - kmsKeyName. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching - labels is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object type: object destinationTable: description: |- diff --git a/package/crds/bigquery.gcp.upbound.io_reservations.yaml b/package/crds/bigquery.gcp.upbound.io_reservations.yaml index a848bb32d..b190f5836 100644 --- a/package/crds/bigquery.gcp.upbound.io_reservations.yaml +++ b/package/crds/bigquery.gcp.upbound.io_reservations.yaml @@ -555,11 +555,6 @@ spec: The geographic location where the transfer config should reside. Examples: US, EU, asia-northeast1. The default value is US. type: string - multiRegionAuxiliary: - description: |- - Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. - type: boolean project: description: |- The ID of the project in which the resource belongs. @@ -610,11 +605,6 @@ spec: the same admin project. If true, a query using this reservation will execute with the slot capacity specified above at most. type: boolean - multiRegionAuxiliary: - description: |- - Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. - type: boolean slotCapacity: description: |- Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the @@ -837,11 +827,6 @@ spec: The geographic location where the transfer config should reside. Examples: US, EU, asia-northeast1. The default value is US. type: string - multiRegionAuxiliary: - description: |- - Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. - type: boolean project: description: |- The ID of the project in which the resource belongs. diff --git a/package/crds/bigquery.gcp.upbound.io_tables.yaml b/package/crds/bigquery.gcp.upbound.io_tables.yaml index a1c79e0b3..84001f662 100644 --- a/package/crds/bigquery.gcp.upbound.io_tables.yaml +++ b/package/crds/bigquery.gcp.upbound.io_tables.yaml @@ -2441,12 +2441,30 @@ spec: type: string forProvider: properties: - allowResourceTagsOnDeletion: - description: |- - If set to true, it allows table - deletion when there are still resource tags attached. The default value is - false. - type: boolean + biglakeConfiguration: + description: Specifies the configuration of a BigLake managed + table. Structure is documented below + properties: + connectionId: + description: |- + The connection specifying the credentials to be used to + read and write to external storage, such as Cloud Storage. The connection_id can + have the form ".." or + projects//locations//connections/". + type: string + fileFormat: + description: The file format the table data is stored in. + type: string + storageUri: + description: |- + The fully qualified location prefix of the external folder where table data + is stored. The '*' wildcard character is not allowed. The URI should be in the format "gs://bucket/path_to_table/" + type: string + tableFormat: + description: The table format the metadata only snapshots + are stored in. + type: string + type: object clustering: description: |- Specifies column names to use for data clustering. @@ -2572,7 +2590,7 @@ spec: properties: autodetect: description: |- - - Let BigQuery try to autodetect the schema + Let BigQuery try to autodetect the schema and format of the table. type: boolean avroOptions: @@ -2927,7 +2945,7 @@ spec: type: object maxStaleness: description: |- - : The maximum staleness of data that could be + The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of SQL IntervalValue type. @@ -2997,36 +3015,38 @@ spec: properties: columnReferences: description: |- - : The pair of the foreign key column and primary key column. + The pair of the foreign key column and primary key column. Structure is documented below. properties: referencedColumn: description: |- - : The column in the primary key that are + The column in the primary key that are referenced by the referencingColumn type: string referencingColumn: - description: ': The column that composes the foreign - key.' + description: The column that composes the foreign + key. type: string type: object name: - description: ': Set only if the foreign key constraint - is named.' + description: |- + ) + Name of the SerDe. + The maximum length is 256 characters. type: string referencedTable: description: |- - : The table that holds the primary key + The table that holds the primary key and is referenced by this foreign key. Structure is documented below. properties: datasetId: - description: ': The ID of the dataset containing - this table.' + description: The ID of the dataset containing this + table. type: string projectId: - description: ': The ID of the project containing - this table.' + description: The ID of the project containing this + table. type: string tableId: description: |- @@ -3046,8 +3066,8 @@ spec: Structure is documented below. properties: columns: - description: ': The columns that are composed of the - primary key constraint.' + description: The columns that are composed of the primary + key constraint. items: type: string type: array @@ -3133,12 +3153,30 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: - allowResourceTagsOnDeletion: - description: |- - If set to true, it allows table - deletion when there are still resource tags attached. The default value is - false. - type: boolean + biglakeConfiguration: + description: Specifies the configuration of a BigLake managed + table. Structure is documented below + properties: + connectionId: + description: |- + The connection specifying the credentials to be used to + read and write to external storage, such as Cloud Storage. The connection_id can + have the form ".." or + projects//locations//connections/". + type: string + fileFormat: + description: The file format the table data is stored in. + type: string + storageUri: + description: |- + The fully qualified location prefix of the external folder where table data + is stored. The '*' wildcard character is not allowed. The URI should be in the format "gs://bucket/path_to_table/" + type: string + tableFormat: + description: The table format the metadata only snapshots + are stored in. + type: string + type: object clustering: description: |- Specifies column names to use for data clustering. @@ -3185,7 +3223,7 @@ spec: properties: autodetect: description: |- - - Let BigQuery try to autodetect the schema + Let BigQuery try to autodetect the schema and format of the table. type: boolean avroOptions: @@ -3540,7 +3578,7 @@ spec: type: object maxStaleness: description: |- - : The maximum staleness of data that could be + The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of SQL IntervalValue type. @@ -3605,32 +3643,34 @@ spec: properties: columnReferences: description: |- - : The pair of the foreign key column and primary key column. + The pair of the foreign key column and primary key column. Structure is documented below. properties: referencedColumn: description: |- - : The column in the primary key that are + The column in the primary key that are referenced by the referencingColumn type: string referencingColumn: - description: ': The column that composes the foreign - key.' + description: The column that composes the foreign + key. type: string type: object name: - description: ': Set only if the foreign key constraint - is named.' + description: |- + ) + Name of the SerDe. + The maximum length is 256 characters. type: string referencedTable: description: |- - : The table that holds the primary key + The table that holds the primary key and is referenced by this foreign key. Structure is documented below. properties: projectId: - description: ': The ID of the project containing - this table.' + description: The ID of the project containing this + table. type: string tableId: description: |- @@ -3648,8 +3688,8 @@ spec: Structure is documented below. properties: columns: - description: ': The columns that are composed of the - primary key constraint.' + description: The columns that are composed of the primary + key constraint. items: type: string type: array @@ -3894,12 +3934,30 @@ spec: properties: atProvider: properties: - allowResourceTagsOnDeletion: - description: |- - If set to true, it allows table - deletion when there are still resource tags attached. The default value is - false. - type: boolean + biglakeConfiguration: + description: Specifies the configuration of a BigLake managed + table. Structure is documented below + properties: + connectionId: + description: |- + The connection specifying the credentials to be used to + read and write to external storage, such as Cloud Storage. The connection_id can + have the form ".." or + projects//locations//connections/". + type: string + fileFormat: + description: The file format the table data is stored in. + type: string + storageUri: + description: |- + The fully qualified location prefix of the external folder where table data + is stored. The '*' wildcard character is not allowed. The URI should be in the format "gs://bucket/path_to_table/" + type: string + tableFormat: + description: The table format the metadata only snapshots + are stored in. + type: string + type: object clustering: description: |- Specifies column names to use for data clustering. @@ -3967,7 +4025,7 @@ spec: properties: autodetect: description: |- - - Let BigQuery try to autodetect the schema + Let BigQuery try to autodetect the schema and format of the table. type: boolean avroOptions: @@ -4291,7 +4349,7 @@ spec: description: A descriptive name for the table. type: string id: - description: an identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}} + description: An identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}} type: string labels: additionalProperties: @@ -4333,7 +4391,7 @@ spec: type: object maxStaleness: description: |- - : The maximum staleness of data that could be + The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of SQL IntervalValue type. @@ -4418,36 +4476,38 @@ spec: properties: columnReferences: description: |- - : The pair of the foreign key column and primary key column. + The pair of the foreign key column and primary key column. Structure is documented below. properties: referencedColumn: description: |- - : The column in the primary key that are + The column in the primary key that are referenced by the referencingColumn type: string referencingColumn: - description: ': The column that composes the foreign - key.' + description: The column that composes the foreign + key. type: string type: object name: - description: ': Set only if the foreign key constraint - is named.' + description: |- + ) + Name of the SerDe. + The maximum length is 256 characters. type: string referencedTable: description: |- - : The table that holds the primary key + The table that holds the primary key and is referenced by this foreign key. Structure is documented below. properties: datasetId: - description: ': The ID of the dataset containing - this table.' + description: The ID of the dataset containing this + table. type: string projectId: - description: ': The ID of the project containing - this table.' + description: The ID of the project containing this + table. type: string tableId: description: |- @@ -4465,8 +4525,8 @@ spec: Structure is documented below. properties: columns: - description: ': The columns that are composed of the - primary key constraint.' + description: The columns that are composed of the primary + key constraint. items: type: string type: array From 91fd32c6d9cf58b5bf5eb2b877ac1a5d4566b57a Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:42:23 +0100 Subject: [PATCH 29/47] certificatemanager: add san_dnsnames Signed-off-by: Rickard von Essen --- .../v1beta2/zz_certificate_types.go | 3 +++ .../v1beta2/zz_generated.deepcopy.go | 11 +++++++++++ ...ertificatemanager.gcp.upbound.io_certificates.yaml | 6 ++++++ 3 files changed, 20 insertions(+) diff --git a/apis/certificatemanager/v1beta2/zz_certificate_types.go b/apis/certificatemanager/v1beta2/zz_certificate_types.go index 5d374a52f..330d397fe 100755 --- a/apis/certificatemanager/v1beta2/zz_certificate_types.go +++ b/apis/certificatemanager/v1beta2/zz_certificate_types.go @@ -107,6 +107,9 @@ type CertificateObservation struct { // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6) + SanDnsnames []*string `json:"sanDnsnames,omitempty" tf:"san_dnsnames,omitempty"` + // The scope of the certificate. // DEFAULT: Certificates with default scope are served from core Google data centers. // If unsure, choose this option. diff --git a/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go b/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go index c80f0d917..c5077962d 100644 --- a/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go +++ b/apis/certificatemanager/v1beta2/zz_generated.deepcopy.go @@ -253,6 +253,17 @@ func (in *CertificateObservation) DeepCopyInto(out *CertificateObservation) { *out = new(string) **out = **in } + if in.SanDnsnames != nil { + in, out := &in.SanDnsnames, &out.SanDnsnames + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Scope != nil { in, out := &in.Scope, &out.Scope *out = new(string) diff --git a/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml b/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml index f3d946fb5..c87b4ee73 100644 --- a/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml +++ b/package/crds/certificatemanager.gcp.upbound.io_certificates.yaml @@ -1981,6 +1981,12 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + sanDnsnames: + description: The list of Subject Alternative Names of dnsName + type defined in the certificate (see RFC 5280 4.2.1.6) + items: + type: string + type: array scope: description: |- The scope of the certificate. From f17b0f3f44d6138928c0204804c9aa733b75697c Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:43:39 +0100 Subject: [PATCH 30/47] cloudbuild: add private_service_connect Signed-off-by: Rickard von Essen --- .../v1beta2/zz_generated.deepcopy.go | 90 +++++++++++++++++++ .../cloudbuild/v1beta2/zz_workerpool_types.go | 40 +++++++-- ...cloudbuild.gcp.upbound.io_workerpools.yaml | 45 ++++++---- 3 files changed, 154 insertions(+), 21 deletions(-) diff --git a/apis/cloudbuild/v1beta2/zz_generated.deepcopy.go b/apis/cloudbuild/v1beta2/zz_generated.deepcopy.go index 5736a326d..4708fb77c 100644 --- a/apis/cloudbuild/v1beta2/zz_generated.deepcopy.go +++ b/apis/cloudbuild/v1beta2/zz_generated.deepcopy.go @@ -1846,6 +1846,81 @@ func (in *OptionsParameters) DeepCopy() *OptionsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrivateServiceConnectInitParameters) DeepCopyInto(out *PrivateServiceConnectInitParameters) { + *out = *in + if in.NetworkAttachment != nil { + in, out := &in.NetworkAttachment, &out.NetworkAttachment + *out = new(string) + **out = **in + } + if in.RouteAllTraffic != nil { + in, out := &in.RouteAllTraffic, &out.RouteAllTraffic + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceConnectInitParameters. +func (in *PrivateServiceConnectInitParameters) DeepCopy() *PrivateServiceConnectInitParameters { + if in == nil { + return nil + } + out := new(PrivateServiceConnectInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrivateServiceConnectObservation) DeepCopyInto(out *PrivateServiceConnectObservation) { + *out = *in + if in.NetworkAttachment != nil { + in, out := &in.NetworkAttachment, &out.NetworkAttachment + *out = new(string) + **out = **in + } + if in.RouteAllTraffic != nil { + in, out := &in.RouteAllTraffic, &out.RouteAllTraffic + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceConnectObservation. +func (in *PrivateServiceConnectObservation) DeepCopy() *PrivateServiceConnectObservation { + if in == nil { + return nil + } + out := new(PrivateServiceConnectObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrivateServiceConnectParameters) DeepCopyInto(out *PrivateServiceConnectParameters) { + *out = *in + if in.NetworkAttachment != nil { + in, out := &in.NetworkAttachment, &out.NetworkAttachment + *out = new(string) + **out = **in + } + if in.RouteAllTraffic != nil { + in, out := &in.RouteAllTraffic, &out.RouteAllTraffic + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateServiceConnectParameters. +func (in *PrivateServiceConnectParameters) DeepCopy() *PrivateServiceConnectParameters { + if in == nil { + return nil + } + out := new(PrivateServiceConnectParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PubsubConfigInitParameters) DeepCopyInto(out *PubsubConfigInitParameters) { *out = *in @@ -4718,6 +4793,11 @@ func (in *WorkerPoolInitParameters) DeepCopyInto(out *WorkerPoolInitParameters) *out = new(NetworkConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.PrivateServiceConnect != nil { + in, out := &in.PrivateServiceConnect, &out.PrivateServiceConnect + *out = new(PrivateServiceConnectInitParameters) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -4837,6 +4917,11 @@ func (in *WorkerPoolObservation) DeepCopyInto(out *WorkerPoolObservation) { *out = new(NetworkConfigObservation) (*in).DeepCopyInto(*out) } + if in.PrivateServiceConnect != nil { + in, out := &in.PrivateServiceConnect, &out.PrivateServiceConnect + *out = new(PrivateServiceConnectObservation) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -4908,6 +4993,11 @@ func (in *WorkerPoolParameters) DeepCopyInto(out *WorkerPoolParameters) { *out = new(NetworkConfigParameters) (*in).DeepCopyInto(*out) } + if in.PrivateServiceConnect != nil { + in, out := &in.PrivateServiceConnect, &out.PrivateServiceConnect + *out = new(PrivateServiceConnectParameters) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) diff --git a/apis/cloudbuild/v1beta2/zz_workerpool_types.go b/apis/cloudbuild/v1beta2/zz_workerpool_types.go index ec1b57014..407941d86 100755 --- a/apis/cloudbuild/v1beta2/zz_workerpool_types.go +++ b/apis/cloudbuild/v1beta2/zz_workerpool_types.go @@ -62,12 +62,33 @@ type NetworkConfigParameters struct { PeeredNetworkSelector *v1.Selector `json:"peeredNetworkSelector,omitempty" tf:"-"` } +type PrivateServiceConnectInitParameters struct { + NetworkAttachment *string `json:"networkAttachment,omitempty" tf:"network_attachment,omitempty"` + + RouteAllTraffic *bool `json:"routeAllTraffic,omitempty" tf:"route_all_traffic,omitempty"` +} + +type PrivateServiceConnectObservation struct { + NetworkAttachment *string `json:"networkAttachment,omitempty" tf:"network_attachment,omitempty"` + + RouteAllTraffic *bool `json:"routeAllTraffic,omitempty" tf:"route_all_traffic,omitempty"` +} + +type PrivateServiceConnectParameters struct { + + // +kubebuilder:validation:Optional + NetworkAttachment *string `json:"networkAttachment" tf:"network_attachment,omitempty"` + + // +kubebuilder:validation:Optional + RouteAllTraffic *bool `json:"routeAllTraffic,omitempty" tf:"route_all_traffic,omitempty"` +} + type WorkerConfigInitParameters struct { - // Size of the disk attached to the worker, in GB. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. + // Size of the disk attached to the worker, in GB. See diskSizeGb. Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` - // Machine type of a worker, such as n1-standard-1. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use n1-standard-1. + // Machine type of a worker, such as n1-standard-1. See machineType. If left blank, Cloud Build will use n1-standard-1. MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` // If true, workers are created without any public address, which prevents network egress to public IPs. @@ -76,10 +97,10 @@ type WorkerConfigInitParameters struct { type WorkerConfigObservation struct { - // Size of the disk attached to the worker, in GB. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. + // Size of the disk attached to the worker, in GB. See diskSizeGb. Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` - // Machine type of a worker, such as n1-standard-1. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use n1-standard-1. + // Machine type of a worker, such as n1-standard-1. See machineType. If left blank, Cloud Build will use n1-standard-1. MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` // If true, workers are created without any public address, which prevents network egress to public IPs. @@ -88,11 +109,11 @@ type WorkerConfigObservation struct { type WorkerConfigParameters struct { - // Size of the disk attached to the worker, in GB. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. + // Size of the disk attached to the worker, in GB. See diskSizeGb. Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. // +kubebuilder:validation:Optional DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` - // Machine type of a worker, such as n1-standard-1. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use n1-standard-1. + // Machine type of a worker, such as n1-standard-1. See machineType. If left blank, Cloud Build will use n1-standard-1. // +kubebuilder:validation:Optional MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` @@ -112,6 +133,8 @@ type WorkerPoolInitParameters struct { // Network configuration for the WorkerPool. Structure is documented below. NetworkConfig *NetworkConfigInitParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + PrivateServiceConnect *PrivateServiceConnectInitParameters `json:"privateServiceConnect,omitempty" tf:"private_service_connect,omitempty"` + // The project for the resource Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -145,6 +168,8 @@ type WorkerPoolObservation struct { // Network configuration for the WorkerPool. Structure is documented below. NetworkConfig *NetworkConfigObservation `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + PrivateServiceConnect *PrivateServiceConnectObservation `json:"privateServiceConnect,omitempty" tf:"private_service_connect,omitempty"` + // The project for the resource Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -179,6 +204,9 @@ type WorkerPoolParameters struct { // +kubebuilder:validation:Optional NetworkConfig *NetworkConfigParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // +kubebuilder:validation:Optional + PrivateServiceConnect *PrivateServiceConnectParameters `json:"privateServiceConnect,omitempty" tf:"private_service_connect,omitempty"` + // The project for the resource // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` diff --git a/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml b/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml index 3f7825d4d..3de401ec1 100644 --- a/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml +++ b/package/crds/cloudbuild.gcp.upbound.io_workerpools.yaml @@ -855,6 +855,13 @@ spec: type: object type: object type: object + privateServiceConnect: + properties: + networkAttachment: + type: string + routeAllTraffic: + type: boolean + type: object project: description: The project for the resource type: string @@ -864,14 +871,12 @@ spec: properties: diskSizeGb: description: Size of the disk attached to the worker, in GB. - See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). - Specify a value of up to 1000. If 0 is specified, Cloud - Build will use a standard disk size. + See diskSizeGb. Specify a value of up to 1000. If 0 is specified, + Cloud Build will use a standard disk size. type: number machineType: description: Machine type of a worker, such as n1-standard-1. - See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). - If left blank, Cloud Build will use n1-standard-1. + See machineType. If left blank, Cloud Build will use n1-standard-1. type: string noExternalIp: description: If true, workers are created without any public @@ -1002,6 +1007,13 @@ spec: type: object type: object type: object + privateServiceConnect: + properties: + networkAttachment: + type: string + routeAllTraffic: + type: boolean + type: object project: description: The project for the resource type: string @@ -1011,14 +1023,12 @@ spec: properties: diskSizeGb: description: Size of the disk attached to the worker, in GB. - See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). - Specify a value of up to 1000. If 0 is specified, Cloud - Build will use a standard disk size. + See diskSizeGb. Specify a value of up to 1000. If 0 is specified, + Cloud Build will use a standard disk size. type: number machineType: description: Machine type of a worker, such as n1-standard-1. - See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). - If left blank, Cloud Build will use n1-standard-1. + See machineType. If left blank, Cloud Build will use n1-standard-1. type: string noExternalIp: description: If true, workers are created without any public @@ -1249,6 +1259,13 @@ spec: peered VPC. If unspecified, a value of /24 will be used. type: string type: object + privateServiceConnect: + properties: + networkAttachment: + type: string + routeAllTraffic: + type: boolean + type: object project: description: The project for the resource type: string @@ -1269,14 +1286,12 @@ spec: properties: diskSizeGb: description: Size of the disk attached to the worker, in GB. - See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). - Specify a value of up to 1000. If 0 is specified, Cloud - Build will use a standard disk size. + See diskSizeGb. Specify a value of up to 1000. If 0 is specified, + Cloud Build will use a standard disk size. type: number machineType: description: Machine type of a worker, such as n1-standard-1. - See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). - If left blank, Cloud Build will use n1-standard-1. + See machineType. If left blank, Cloud Build will use n1-standard-1. type: string noExternalIp: description: If true, workers are created without any public From 0da83890d624689cd21dba6b3cb9c403f58d1141 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:54:13 +0100 Subject: [PATCH 31/47] cloudfunctions2: doc updates only Signed-off-by: Rickard von Essen --- .../v1beta2/zz_function_types.go | 18 +++++++++--------- ...oudfunctions2.gcp.upbound.io_functions.yaml | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/apis/cloudfunctions2/v1beta2/zz_function_types.go b/apis/cloudfunctions2/v1beta2/zz_function_types.go index 4c558753b..c8f985f40 100755 --- a/apis/cloudfunctions2/v1beta2/zz_function_types.go +++ b/apis/cloudfunctions2/v1beta2/zz_function_types.go @@ -593,7 +593,7 @@ type RepoSourceInitParameters struct { // NOT match the revision regex. InvertRegex *bool `json:"invertRegex,omitempty" tf:"invert_regex,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // Name of the Cloud Source Repository. @@ -618,7 +618,7 @@ type RepoSourceObservation struct { // NOT match the revision regex. InvertRegex *bool `json:"invertRegex,omitempty" tf:"invert_regex,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // Name of the Cloud Source Repository. @@ -647,7 +647,7 @@ type RepoSourceParameters struct { // +kubebuilder:validation:Optional InvertRegex *bool `json:"invertRegex,omitempty" tf:"invert_regex,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. // +kubebuilder:validation:Optional ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` @@ -665,7 +665,7 @@ type SecretEnvironmentVariablesInitParameters struct { // Name of the environment variable. Key *string `json:"key,omitempty" tf:"key,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // Name of the secret in secret manager (not the full resource name). @@ -689,7 +689,7 @@ type SecretEnvironmentVariablesObservation struct { // Name of the environment variable. Key *string `json:"key,omitempty" tf:"key,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // Name of the secret in secret manager (not the full resource name). @@ -705,7 +705,7 @@ type SecretEnvironmentVariablesParameters struct { // +kubebuilder:validation:Optional Key *string `json:"key" tf:"key,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. // +kubebuilder:validation:Optional ProjectID *string `json:"projectId" tf:"project_id,omitempty"` @@ -732,7 +732,7 @@ type SecretVolumesInitParameters struct { // The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets MountPath *string `json:"mountPath,omitempty" tf:"mount_path,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // Name of the secret in secret manager (not the full resource name). @@ -757,7 +757,7 @@ type SecretVolumesObservation struct { // The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets MountPath *string `json:"mountPath,omitempty" tf:"mount_path,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` // Name of the secret in secret manager (not the full resource name). @@ -774,7 +774,7 @@ type SecretVolumesParameters struct { // +kubebuilder:validation:Optional MountPath *string `json:"mountPath" tf:"mount_path,omitempty"` - // Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + // Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. // +kubebuilder:validation:Optional ProjectID *string `json:"projectId" tf:"project_id,omitempty"` diff --git a/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml b/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml index d7f3cda5e..16025cf82 100644 --- a/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml +++ b/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml @@ -3400,7 +3400,7 @@ spec: NOT match the revision regex. type: boolean projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that @@ -4033,7 +4033,7 @@ spec: description: Name of the environment variable. type: string projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret @@ -4142,7 +4142,7 @@ spec: any other secrets. Recommended mount path: /etc/secrets' type: string projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret @@ -4588,7 +4588,7 @@ spec: NOT match the revision regex. type: boolean projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that @@ -5218,7 +5218,7 @@ spec: description: Name of the environment variable. type: string projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret @@ -5327,7 +5327,7 @@ spec: any other secrets. Recommended mount path: /etc/secrets' type: string projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret @@ -5790,7 +5790,7 @@ spec: NOT match the revision regex. type: boolean projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that @@ -5991,7 +5991,7 @@ spec: description: Name of the environment variable. type: string projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret @@ -6024,7 +6024,7 @@ spec: any other secrets. Recommended mount path: /etc/secrets' type: string projectId: - description: Project identifier (preferrably project + description: Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret From 2079ce9ff88d0c78f670b26ea1fda134b4147316 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:57:51 +0100 Subject: [PATCH 32/47] cloudplatform: multiple changes Signed-off-by: Rickard von Essen --- apis/cloudplatform/v1beta1/zz_folder_types.go | 19 +++ .../v1beta1/zz_generated.deepcopy.go | 120 ++++++++++++++++-- .../cloudplatform/v1beta1/zz_project_types.go | 30 ++--- .../cloudplatform.gcp.upbound.io_folders.yaml | 45 +++++++ ...cloudplatform.gcp.upbound.io_projects.yaml | 69 ++++++---- 5 files changed, 229 insertions(+), 54 deletions(-) diff --git a/apis/cloudplatform/v1beta1/zz_folder_types.go b/apis/cloudplatform/v1beta1/zz_folder_types.go index b4f48eea4..b8deba6c7 100755 --- a/apis/cloudplatform/v1beta1/zz_folder_types.go +++ b/apis/cloudplatform/v1beta1/zz_folder_types.go @@ -14,6 +14,7 @@ import ( ) type FolderInitParameters struct { + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` // The folder’s display name. // A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. @@ -32,6 +33,10 @@ type FolderInitParameters struct { // Selector for a Folder in cloudplatform to populate parent. // +kubebuilder:validation:Optional ParentSelector *v1.Selector `json:"parentSelector,omitempty" tf:"-"` + + // A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } type FolderObservation struct { @@ -40,6 +45,8 @@ type FolderObservation struct { // A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // The folder’s display name. // A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -58,10 +65,17 @@ type FolderObservation struct { // The resource name of the parent Folder or Organization. // Must be of the form folders/{folder_id} or organizations/{org_id}. Parent *string `json:"parent,omitempty" tf:"parent,omitempty"` + + // A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } type FolderParameters struct { + // +kubebuilder:validation:Optional + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // The folder’s display name. // A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. // +kubebuilder:validation:Optional @@ -81,6 +95,11 @@ type FolderParameters struct { // Selector for a Folder in cloudplatform to populate parent. // +kubebuilder:validation:Optional ParentSelector *v1.Selector `json:"parentSelector,omitempty" tf:"-"` + + // A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource. + // +kubebuilder:validation:Optional + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } // FolderSpec defines the desired state of Folder diff --git a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go index c20197320..536b8974c 100644 --- a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go @@ -461,6 +461,11 @@ func (in *FolderIAMMemberStatus) DeepCopy() *FolderIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FolderInitParameters) DeepCopyInto(out *FolderInitParameters) { *out = *in + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -481,6 +486,22 @@ func (in *FolderInitParameters) DeepCopyInto(out *FolderInitParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FolderInitParameters. @@ -533,6 +554,11 @@ func (in *FolderObservation) DeepCopyInto(out *FolderObservation) { *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -563,6 +589,22 @@ func (in *FolderObservation) DeepCopyInto(out *FolderObservation) { *out = new(string) **out = **in } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FolderObservation. @@ -578,6 +620,11 @@ func (in *FolderObservation) DeepCopy() *FolderObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FolderParameters) DeepCopyInto(out *FolderParameters) { *out = *in + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -598,6 +645,22 @@ func (in *FolderParameters) DeepCopyInto(out *FolderParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FolderParameters. @@ -2604,10 +2667,21 @@ func (in *ProjectInitParameters) DeepCopyInto(out *ProjectInitParameters) { *out = new(string) **out = **in } - if in.SkipDelete != nil { - in, out := &in.SkipDelete, &out.SkipDelete - *out = new(bool) - **out = **in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } } @@ -2733,10 +2807,21 @@ func (in *ProjectObservation) DeepCopyInto(out *ProjectObservation) { *out = new(string) **out = **in } - if in.SkipDelete != nil { - in, out := &in.SkipDelete, &out.SkipDelete - *out = new(bool) - **out = **in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } if in.TerraformLabels != nil { in, out := &in.TerraformLabels, &out.TerraformLabels @@ -2830,10 +2915,21 @@ func (in *ProjectParameters) DeepCopyInto(out *ProjectParameters) { *out = new(string) **out = **in } - if in.SkipDelete != nil { - in, out := &in.SkipDelete, &out.SkipDelete - *out = new(bool) - **out = **in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } } } diff --git a/apis/cloudplatform/v1beta1/zz_project_types.go b/apis/cloudplatform/v1beta1/zz_project_types.go index 63d546ff2..4ff8fba33 100755 --- a/apis/cloudplatform/v1beta1/zz_project_types.go +++ b/apis/cloudplatform/v1beta1/zz_project_types.go @@ -29,7 +29,7 @@ type ProjectInitParameters struct { BillingAccount *string `json:"billingAccount,omitempty" tf:"billing_account,omitempty"` // The deletion policy for the Project. Setting ABANDON allows the resource - // to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is DELETE. + // to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is PREVENT. DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` // The numeric ID of the folder this project should be @@ -70,11 +70,9 @@ type ProjectInitParameters struct { // The project ID. Changing this forces a new project to be created. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` - // skip_delete is deprecated and will be - // removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false - // can be changed to a deletion_policy value of DELETE and a skip_delete value of true - // to a deletion_policy value of ABANDON for equivalent behavior. - SkipDelete *bool `json:"skipDelete,omitempty" tf:"skip_delete,omitempty"` + // A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } type ProjectObservation struct { @@ -93,7 +91,7 @@ type ProjectObservation struct { BillingAccount *string `json:"billingAccount,omitempty" tf:"billing_account,omitempty"` // The deletion policy for the Project. Setting ABANDON allows the resource - // to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is DELETE. + // to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is PREVENT. DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` // +mapType=granular @@ -133,11 +131,9 @@ type ProjectObservation struct { // The project ID. Changing this forces a new project to be created. ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` - // skip_delete is deprecated and will be - // removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false - // can be changed to a deletion_policy value of DELETE and a skip_delete value of true - // to a deletion_policy value of ABANDON for equivalent behavior. - SkipDelete *bool `json:"skipDelete,omitempty" tf:"skip_delete,omitempty"` + // A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` // The combination of labels configured directly on the resource and default labels configured on the provider. // +mapType=granular @@ -162,7 +158,7 @@ type ProjectParameters struct { BillingAccount *string `json:"billingAccount,omitempty" tf:"billing_account,omitempty"` // The deletion policy for the Project. Setting ABANDON allows the resource - // to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is DELETE. + // to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is PREVENT. // +kubebuilder:validation:Optional DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` @@ -209,12 +205,10 @@ type ProjectParameters struct { // +kubebuilder:validation:Optional ProjectID *string `json:"projectId,omitempty" tf:"project_id,omitempty"` - // skip_delete is deprecated and will be - // removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false - // can be changed to a deletion_policy value of DELETE and a skip_delete value of true - // to a deletion_policy value of ABANDON for equivalent behavior. + // A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource. // +kubebuilder:validation:Optional - SkipDelete *bool `json:"skipDelete,omitempty" tf:"skip_delete,omitempty"` + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } // ProjectSpec defines the desired state of Project diff --git a/package/crds/cloudplatform.gcp.upbound.io_folders.yaml b/package/crds/cloudplatform.gcp.upbound.io_folders.yaml index 4824d4c89..5b43ad489 100644 --- a/package/crds/cloudplatform.gcp.upbound.io_folders.yaml +++ b/package/crds/cloudplatform.gcp.upbound.io_folders.yaml @@ -73,6 +73,8 @@ spec: type: string forProvider: properties: + deletionProtection: + type: boolean displayName: description: |- The folder’s display name. @@ -159,6 +161,19 @@ spec: type: string type: object type: object + tags: + additionalProperties: + type: string + description: A map of resource manager tags. Resource manager + tag keys and values have the same definition as resource manager + tags. Keys must be in the format tagKeys/{tag_key_id}, and values + are in the format tagValues/456. The field is ignored when empty. + The field is immutable and causes resource replacement when mutated. + This field is only set at create time and modifying this field + after creation will trigger recreation. To apply tags to an + existing resource, see the google_tags_tag_value resource. + type: object + x-kubernetes-map-type: granular type: object initProvider: description: |- @@ -173,6 +188,8 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + deletionProtection: + type: boolean displayName: description: |- The folder’s display name. @@ -259,6 +276,19 @@ spec: type: string type: object type: object + tags: + additionalProperties: + type: string + description: A map of resource manager tags. Resource manager + tag keys and values have the same definition as resource manager + tags. Keys must be in the format tagKeys/{tag_key_id}, and values + are in the format tagValues/456. The field is ignored when empty. + The field is immutable and causes resource replacement when mutated. + This field is only set at create time and modifying this field + after creation will trigger recreation. To apply tags to an + existing resource, see the google_tags_tag_value resource. + type: object + x-kubernetes-map-type: granular type: object managementPolicies: default: @@ -442,6 +472,8 @@ spec: Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". type: string + deletionProtection: + type: boolean displayName: description: |- The folder’s display name. @@ -464,6 +496,19 @@ spec: The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}. type: string + tags: + additionalProperties: + type: string + description: A map of resource manager tags. Resource manager + tag keys and values have the same definition as resource manager + tags. Keys must be in the format tagKeys/{tag_key_id}, and values + are in the format tagValues/456. The field is ignored when empty. + The field is immutable and causes resource replacement when mutated. + This field is only set at create time and modifying this field + after creation will trigger recreation. To apply tags to an + existing resource, see the google_tags_tag_value resource. + type: object + x-kubernetes-map-type: granular type: object conditions: description: Conditions of the resource. diff --git a/package/crds/cloudplatform.gcp.upbound.io_projects.yaml b/package/crds/cloudplatform.gcp.upbound.io_projects.yaml index a48db0ef0..0dd3af36f 100644 --- a/package/crds/cloudplatform.gcp.upbound.io_projects.yaml +++ b/package/crds/cloudplatform.gcp.upbound.io_projects.yaml @@ -91,7 +91,7 @@ spec: deletionPolicy: description: |- The deletion policy for the Project. Setting ABANDON allows the resource - to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is DELETE. + to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is PREVENT. type: string folderId: description: |- @@ -203,13 +203,20 @@ spec: description: The project ID. Changing this forces a new project to be created. type: string - skipDelete: - description: |- - skip_delete is deprecated and will be - removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false - can be changed to a deletion_policy value of DELETE and a skip_delete value of true - to a deletion_policy value of ABANDON for equivalent behavior. - type: boolean + tags: + additionalProperties: + type: string + description: A map of resource manager tags. Resource manager + tag keys and values have the same definition as resource manager + tags. Keys must be in the format tagKeys/{tag_key_id}, and values + are in the format tagValues/456. The field is ignored when empty. + The field is immutable and causes resource replacement when + mutated. This field is only set at create time and modifying + this field after creation will trigger recreation. To apply + tags to an existing resource, see the google_tags_tag_value + resource. + type: object + x-kubernetes-map-type: granular type: object initProvider: description: |- @@ -242,7 +249,7 @@ spec: deletionPolicy: description: |- The deletion policy for the Project. Setting ABANDON allows the resource - to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is DELETE. + to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is PREVENT. type: string folderId: description: |- @@ -354,13 +361,20 @@ spec: description: The project ID. Changing this forces a new project to be created. type: string - skipDelete: - description: |- - skip_delete is deprecated and will be - removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false - can be changed to a deletion_policy value of DELETE and a skip_delete value of true - to a deletion_policy value of ABANDON for equivalent behavior. - type: boolean + tags: + additionalProperties: + type: string + description: A map of resource manager tags. Resource manager + tag keys and values have the same definition as resource manager + tags. Keys must be in the format tagKeys/{tag_key_id}, and values + are in the format tagValues/456. The field is ignored when empty. + The field is immutable and causes resource replacement when + mutated. This field is only set at create time and modifying + this field after creation will trigger recreation. To apply + tags to an existing resource, see the google_tags_tag_value + resource. + type: object + x-kubernetes-map-type: granular type: object managementPolicies: default: @@ -561,7 +575,7 @@ spec: deletionPolicy: description: |- The deletion policy for the Project. Setting ABANDON allows the resource - to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is DELETE. + to be abandoned rather than deleted, i.e. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is PREVENT. type: string effectiveLabels: additionalProperties: @@ -608,13 +622,20 @@ spec: description: The project ID. Changing this forces a new project to be created. type: string - skipDelete: - description: |- - skip_delete is deprecated and will be - removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false - can be changed to a deletion_policy value of DELETE and a skip_delete value of true - to a deletion_policy value of ABANDON for equivalent behavior. - type: boolean + tags: + additionalProperties: + type: string + description: A map of resource manager tags. Resource manager + tag keys and values have the same definition as resource manager + tags. Keys must be in the format tagKeys/{tag_key_id}, and values + are in the format tagValues/456. The field is ignored when empty. + The field is immutable and causes resource replacement when + mutated. This field is only set at create time and modifying + this field after creation will trigger recreation. To apply + tags to an existing resource, see the google_tags_tag_value + resource. + type: object + x-kubernetes-map-type: granular terraformLabels: additionalProperties: type: string From 5ec49c9ed281bba8efadf85d3354cbec9d80fb2a Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:58:51 +0100 Subject: [PATCH 33/47] cloudtasks: multiple changes Signed-off-by: Rickard von Essen --- .../v1beta2/zz_generated.deepcopy.go | 721 ++++++++++++++++++ .../v1beta2/zz_generated.resolvers.go | 97 ++- apis/cloudtasks/v1beta2/zz_queue_types.go | 448 +++++++++++ .../cloudtasks.gcp.upbound.io_queues.yaml | 709 +++++++++++++++++ 4 files changed, 1973 insertions(+), 2 deletions(-) diff --git a/apis/cloudtasks/v1beta2/zz_generated.deepcopy.go b/apis/cloudtasks/v1beta2/zz_generated.deepcopy.go index 6de75b1c3..4ed3aa1b8 100644 --- a/apis/cloudtasks/v1beta2/zz_generated.deepcopy.go +++ b/apis/cloudtasks/v1beta2/zz_generated.deepcopy.go @@ -108,6 +108,577 @@ func (in *AppEngineRoutingOverrideParameters) DeepCopy() *AppEngineRoutingOverri return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPTargetInitParameters) DeepCopyInto(out *HTTPTargetInitParameters) { + *out = *in + if in.HTTPMethod != nil { + in, out := &in.HTTPMethod, &out.HTTPMethod + *out = new(string) + **out = **in + } + if in.HeaderOverrides != nil { + in, out := &in.HeaderOverrides, &out.HeaderOverrides + *out = make([]HeaderOverridesInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OAuthToken != nil { + in, out := &in.OAuthToken, &out.OAuthToken + *out = new(OAuthTokenInitParameters) + (*in).DeepCopyInto(*out) + } + if in.OidcToken != nil { + in, out := &in.OidcToken, &out.OidcToken + *out = new(OidcTokenInitParameters) + (*in).DeepCopyInto(*out) + } + if in.URIOverride != nil { + in, out := &in.URIOverride, &out.URIOverride + *out = new(URIOverrideInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPTargetInitParameters. +func (in *HTTPTargetInitParameters) DeepCopy() *HTTPTargetInitParameters { + if in == nil { + return nil + } + out := new(HTTPTargetInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPTargetObservation) DeepCopyInto(out *HTTPTargetObservation) { + *out = *in + if in.HTTPMethod != nil { + in, out := &in.HTTPMethod, &out.HTTPMethod + *out = new(string) + **out = **in + } + if in.HeaderOverrides != nil { + in, out := &in.HeaderOverrides, &out.HeaderOverrides + *out = make([]HeaderOverridesObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OAuthToken != nil { + in, out := &in.OAuthToken, &out.OAuthToken + *out = new(OAuthTokenObservation) + (*in).DeepCopyInto(*out) + } + if in.OidcToken != nil { + in, out := &in.OidcToken, &out.OidcToken + *out = new(OidcTokenObservation) + (*in).DeepCopyInto(*out) + } + if in.URIOverride != nil { + in, out := &in.URIOverride, &out.URIOverride + *out = new(URIOverrideObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPTargetObservation. +func (in *HTTPTargetObservation) DeepCopy() *HTTPTargetObservation { + if in == nil { + return nil + } + out := new(HTTPTargetObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPTargetParameters) DeepCopyInto(out *HTTPTargetParameters) { + *out = *in + if in.HTTPMethod != nil { + in, out := &in.HTTPMethod, &out.HTTPMethod + *out = new(string) + **out = **in + } + if in.HeaderOverrides != nil { + in, out := &in.HeaderOverrides, &out.HeaderOverrides + *out = make([]HeaderOverridesParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OAuthToken != nil { + in, out := &in.OAuthToken, &out.OAuthToken + *out = new(OAuthTokenParameters) + (*in).DeepCopyInto(*out) + } + if in.OidcToken != nil { + in, out := &in.OidcToken, &out.OidcToken + *out = new(OidcTokenParameters) + (*in).DeepCopyInto(*out) + } + if in.URIOverride != nil { + in, out := &in.URIOverride, &out.URIOverride + *out = new(URIOverrideParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPTargetParameters. +func (in *HTTPTargetParameters) DeepCopy() *HTTPTargetParameters { + if in == nil { + return nil + } + out := new(HTTPTargetParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HeaderInitParameters) DeepCopyInto(out *HeaderInitParameters) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderInitParameters. +func (in *HeaderInitParameters) DeepCopy() *HeaderInitParameters { + if in == nil { + return nil + } + out := new(HeaderInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HeaderObservation) DeepCopyInto(out *HeaderObservation) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderObservation. +func (in *HeaderObservation) DeepCopy() *HeaderObservation { + if in == nil { + return nil + } + out := new(HeaderObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HeaderOverridesInitParameters) DeepCopyInto(out *HeaderOverridesInitParameters) { + *out = *in + if in.Header != nil { + in, out := &in.Header, &out.Header + *out = new(HeaderInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderOverridesInitParameters. +func (in *HeaderOverridesInitParameters) DeepCopy() *HeaderOverridesInitParameters { + if in == nil { + return nil + } + out := new(HeaderOverridesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HeaderOverridesObservation) DeepCopyInto(out *HeaderOverridesObservation) { + *out = *in + if in.Header != nil { + in, out := &in.Header, &out.Header + *out = new(HeaderObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderOverridesObservation. +func (in *HeaderOverridesObservation) DeepCopy() *HeaderOverridesObservation { + if in == nil { + return nil + } + out := new(HeaderOverridesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HeaderOverridesParameters) DeepCopyInto(out *HeaderOverridesParameters) { + *out = *in + if in.Header != nil { + in, out := &in.Header, &out.Header + *out = new(HeaderParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderOverridesParameters. +func (in *HeaderOverridesParameters) DeepCopy() *HeaderOverridesParameters { + if in == nil { + return nil + } + out := new(HeaderOverridesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HeaderParameters) DeepCopyInto(out *HeaderParameters) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(string) + **out = **in + } + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderParameters. +func (in *HeaderParameters) DeepCopy() *HeaderParameters { + if in == nil { + return nil + } + out := new(HeaderParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthTokenInitParameters) DeepCopyInto(out *OAuthTokenInitParameters) { + *out = *in + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } + if in.ServiceAccountEmailRef != nil { + in, out := &in.ServiceAccountEmailRef, &out.ServiceAccountEmailRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountEmailSelector != nil { + in, out := &in.ServiceAccountEmailSelector, &out.ServiceAccountEmailSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthTokenInitParameters. +func (in *OAuthTokenInitParameters) DeepCopy() *OAuthTokenInitParameters { + if in == nil { + return nil + } + out := new(OAuthTokenInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthTokenObservation) DeepCopyInto(out *OAuthTokenObservation) { + *out = *in + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthTokenObservation. +func (in *OAuthTokenObservation) DeepCopy() *OAuthTokenObservation { + if in == nil { + return nil + } + out := new(OAuthTokenObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthTokenParameters) DeepCopyInto(out *OAuthTokenParameters) { + *out = *in + if in.Scope != nil { + in, out := &in.Scope, &out.Scope + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } + if in.ServiceAccountEmailRef != nil { + in, out := &in.ServiceAccountEmailRef, &out.ServiceAccountEmailRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountEmailSelector != nil { + in, out := &in.ServiceAccountEmailSelector, &out.ServiceAccountEmailSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthTokenParameters. +func (in *OAuthTokenParameters) DeepCopy() *OAuthTokenParameters { + if in == nil { + return nil + } + out := new(OAuthTokenParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OidcTokenInitParameters) DeepCopyInto(out *OidcTokenInitParameters) { + *out = *in + if in.Audience != nil { + in, out := &in.Audience, &out.Audience + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } + if in.ServiceAccountEmailRef != nil { + in, out := &in.ServiceAccountEmailRef, &out.ServiceAccountEmailRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountEmailSelector != nil { + in, out := &in.ServiceAccountEmailSelector, &out.ServiceAccountEmailSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcTokenInitParameters. +func (in *OidcTokenInitParameters) DeepCopy() *OidcTokenInitParameters { + if in == nil { + return nil + } + out := new(OidcTokenInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OidcTokenObservation) DeepCopyInto(out *OidcTokenObservation) { + *out = *in + if in.Audience != nil { + in, out := &in.Audience, &out.Audience + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcTokenObservation. +func (in *OidcTokenObservation) DeepCopy() *OidcTokenObservation { + if in == nil { + return nil + } + out := new(OidcTokenObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OidcTokenParameters) DeepCopyInto(out *OidcTokenParameters) { + *out = *in + if in.Audience != nil { + in, out := &in.Audience, &out.Audience + *out = new(string) + **out = **in + } + if in.ServiceAccountEmail != nil { + in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail + *out = new(string) + **out = **in + } + if in.ServiceAccountEmailRef != nil { + in, out := &in.ServiceAccountEmailRef, &out.ServiceAccountEmailRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountEmailSelector != nil { + in, out := &in.ServiceAccountEmailSelector, &out.ServiceAccountEmailSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcTokenParameters. +func (in *OidcTokenParameters) DeepCopy() *OidcTokenParameters { + if in == nil { + return nil + } + out := new(OidcTokenParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PathOverrideInitParameters) DeepCopyInto(out *PathOverrideInitParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathOverrideInitParameters. +func (in *PathOverrideInitParameters) DeepCopy() *PathOverrideInitParameters { + if in == nil { + return nil + } + out := new(PathOverrideInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PathOverrideObservation) DeepCopyInto(out *PathOverrideObservation) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathOverrideObservation. +func (in *PathOverrideObservation) DeepCopy() *PathOverrideObservation { + if in == nil { + return nil + } + out := new(PathOverrideObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PathOverrideParameters) DeepCopyInto(out *PathOverrideParameters) { + *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathOverrideParameters. +func (in *PathOverrideParameters) DeepCopy() *PathOverrideParameters { + if in == nil { + return nil + } + out := new(PathOverrideParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueryOverrideInitParameters) DeepCopyInto(out *QueryOverrideInitParameters) { + *out = *in + if in.QueryParams != nil { + in, out := &in.QueryParams, &out.QueryParams + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryOverrideInitParameters. +func (in *QueryOverrideInitParameters) DeepCopy() *QueryOverrideInitParameters { + if in == nil { + return nil + } + out := new(QueryOverrideInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueryOverrideObservation) DeepCopyInto(out *QueryOverrideObservation) { + *out = *in + if in.QueryParams != nil { + in, out := &in.QueryParams, &out.QueryParams + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryOverrideObservation. +func (in *QueryOverrideObservation) DeepCopy() *QueryOverrideObservation { + if in == nil { + return nil + } + out := new(QueryOverrideObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueryOverrideParameters) DeepCopyInto(out *QueryOverrideParameters) { + *out = *in + if in.QueryParams != nil { + in, out := &in.QueryParams, &out.QueryParams + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryOverrideParameters. +func (in *QueryOverrideParameters) DeepCopy() *QueryOverrideParameters { + if in == nil { + return nil + } + out := new(QueryOverrideParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Queue) DeepCopyInto(out *Queue) { *out = *in @@ -143,6 +714,11 @@ func (in *QueueInitParameters) DeepCopyInto(out *QueueInitParameters) { *out = new(AppEngineRoutingOverrideInitParameters) (*in).DeepCopyInto(*out) } + if in.HTTPTarget != nil { + in, out := &in.HTTPTarget, &out.HTTPTarget + *out = new(HTTPTargetInitParameters) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -225,6 +801,11 @@ func (in *QueueObservation) DeepCopyInto(out *QueueObservation) { *out = new(AppEngineRoutingOverrideObservation) (*in).DeepCopyInto(*out) } + if in.HTTPTarget != nil { + in, out := &in.HTTPTarget, &out.HTTPTarget + *out = new(HTTPTargetObservation) + (*in).DeepCopyInto(*out) + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -275,6 +856,11 @@ func (in *QueueParameters) DeepCopyInto(out *QueueParameters) { *out = new(AppEngineRoutingOverrideParameters) (*in).DeepCopyInto(*out) } + if in.HTTPTarget != nil { + in, out := &in.HTTPTarget, &out.HTTPTarget + *out = new(HTTPTargetParameters) + (*in).DeepCopyInto(*out) + } if in.Location != nil { in, out := &in.Location, &out.Location *out = new(string) @@ -616,3 +1202,138 @@ func (in *StackdriverLoggingConfigParameters) DeepCopy() *StackdriverLoggingConf in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *URIOverrideInitParameters) DeepCopyInto(out *URIOverrideInitParameters) { + *out = *in + if in.Host != nil { + in, out := &in.Host, &out.Host + *out = new(string) + **out = **in + } + if in.PathOverride != nil { + in, out := &in.PathOverride, &out.PathOverride + *out = new(PathOverrideInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(string) + **out = **in + } + if in.QueryOverride != nil { + in, out := &in.QueryOverride, &out.QueryOverride + *out = new(QueryOverrideInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Scheme != nil { + in, out := &in.Scheme, &out.Scheme + *out = new(string) + **out = **in + } + if in.URIOverrideEnforceMode != nil { + in, out := &in.URIOverrideEnforceMode, &out.URIOverrideEnforceMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new URIOverrideInitParameters. +func (in *URIOverrideInitParameters) DeepCopy() *URIOverrideInitParameters { + if in == nil { + return nil + } + out := new(URIOverrideInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *URIOverrideObservation) DeepCopyInto(out *URIOverrideObservation) { + *out = *in + if in.Host != nil { + in, out := &in.Host, &out.Host + *out = new(string) + **out = **in + } + if in.PathOverride != nil { + in, out := &in.PathOverride, &out.PathOverride + *out = new(PathOverrideObservation) + (*in).DeepCopyInto(*out) + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(string) + **out = **in + } + if in.QueryOverride != nil { + in, out := &in.QueryOverride, &out.QueryOverride + *out = new(QueryOverrideObservation) + (*in).DeepCopyInto(*out) + } + if in.Scheme != nil { + in, out := &in.Scheme, &out.Scheme + *out = new(string) + **out = **in + } + if in.URIOverrideEnforceMode != nil { + in, out := &in.URIOverrideEnforceMode, &out.URIOverrideEnforceMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new URIOverrideObservation. +func (in *URIOverrideObservation) DeepCopy() *URIOverrideObservation { + if in == nil { + return nil + } + out := new(URIOverrideObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *URIOverrideParameters) DeepCopyInto(out *URIOverrideParameters) { + *out = *in + if in.Host != nil { + in, out := &in.Host, &out.Host + *out = new(string) + **out = **in + } + if in.PathOverride != nil { + in, out := &in.PathOverride, &out.PathOverride + *out = new(PathOverrideParameters) + (*in).DeepCopyInto(*out) + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(string) + **out = **in + } + if in.QueryOverride != nil { + in, out := &in.QueryOverride, &out.QueryOverride + *out = new(QueryOverrideParameters) + (*in).DeepCopyInto(*out) + } + if in.Scheme != nil { + in, out := &in.Scheme, &out.Scheme + *out = new(string) + **out = **in + } + if in.URIOverrideEnforceMode != nil { + in, out := &in.URIOverrideEnforceMode, &out.URIOverrideEnforceMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new URIOverrideParameters. +func (in *URIOverrideParameters) DeepCopy() *URIOverrideParameters { + if in == nil { + return nil + } + out := new(URIOverrideParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/cloudtasks/v1beta2/zz_generated.resolvers.go b/apis/cloudtasks/v1beta2/zz_generated.resolvers.go index e3ddf56e0..977604906 100644 --- a/apis/cloudtasks/v1beta2/zz_generated.resolvers.go +++ b/apis/cloudtasks/v1beta2/zz_generated.resolvers.go @@ -9,6 +9,7 @@ package v1beta2 import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" + resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" @@ -25,12 +26,58 @@ func (mg *Queue) ResolveReferences(ctx context.Context, c client.Reader) error { var rsp reference.ResolutionResponse var err error + + if mg.Spec.ForProvider.HTTPTarget != nil { + if mg.Spec.ForProvider.HTTPTarget.OAuthToken != nil { + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.HTTPTarget.OAuthToken.ServiceAccountEmail), + Extract: resource.ExtractParamPath("email", true), + Reference: mg.Spec.ForProvider.HTTPTarget.OAuthToken.ServiceAccountEmailRef, + Selector: mg.Spec.ForProvider.HTTPTarget.OAuthToken.ServiceAccountEmailSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.HTTPTarget.OAuthToken.ServiceAccountEmail") + } + mg.Spec.ForProvider.HTTPTarget.OAuthToken.ServiceAccountEmail = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.HTTPTarget.OAuthToken.ServiceAccountEmailRef = rsp.ResolvedReference + + } + } + if mg.Spec.ForProvider.HTTPTarget != nil { + if mg.Spec.ForProvider.HTTPTarget.OidcToken != nil { + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.HTTPTarget.OidcToken.ServiceAccountEmail), + Extract: resource.ExtractParamPath("email", true), + Reference: mg.Spec.ForProvider.HTTPTarget.OidcToken.ServiceAccountEmailRef, + Selector: mg.Spec.ForProvider.HTTPTarget.OidcToken.ServiceAccountEmailSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.HTTPTarget.OidcToken.ServiceAccountEmail") + } + mg.Spec.ForProvider.HTTPTarget.OidcToken.ServiceAccountEmail = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.HTTPTarget.OidcToken.ServiceAccountEmailRef = rsp.ResolvedReference + + } + } { m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "Project", "ProjectList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Project), Extract: reference.ExternalName(), @@ -44,12 +91,58 @@ func (mg *Queue) ResolveReferences(ctx context.Context, c client.Reader) error { } mg.Spec.ForProvider.Project = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.ProjectRef = rsp.ResolvedReference + + if mg.Spec.InitProvider.HTTPTarget != nil { + if mg.Spec.InitProvider.HTTPTarget.OAuthToken != nil { + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.HTTPTarget.OAuthToken.ServiceAccountEmail), + Extract: resource.ExtractParamPath("email", true), + Reference: mg.Spec.InitProvider.HTTPTarget.OAuthToken.ServiceAccountEmailRef, + Selector: mg.Spec.InitProvider.HTTPTarget.OAuthToken.ServiceAccountEmailSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.HTTPTarget.OAuthToken.ServiceAccountEmail") + } + mg.Spec.InitProvider.HTTPTarget.OAuthToken.ServiceAccountEmail = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.HTTPTarget.OAuthToken.ServiceAccountEmailRef = rsp.ResolvedReference + + } + } + if mg.Spec.InitProvider.HTTPTarget != nil { + if mg.Spec.InitProvider.HTTPTarget.OidcToken != nil { + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.HTTPTarget.OidcToken.ServiceAccountEmail), + Extract: resource.ExtractParamPath("email", true), + Reference: mg.Spec.InitProvider.HTTPTarget.OidcToken.ServiceAccountEmailRef, + Selector: mg.Spec.InitProvider.HTTPTarget.OidcToken.ServiceAccountEmailSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.HTTPTarget.OidcToken.ServiceAccountEmail") + } + mg.Spec.InitProvider.HTTPTarget.OidcToken.ServiceAccountEmail = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.HTTPTarget.OidcToken.ServiceAccountEmailRef = rsp.ResolvedReference + + } + } { m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "Project", "ProjectList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Project), Extract: reference.ExternalName(), diff --git a/apis/cloudtasks/v1beta2/zz_queue_types.go b/apis/cloudtasks/v1beta2/zz_queue_types.go index 60dbb4b7a..515c49506 100755 --- a/apis/cloudtasks/v1beta2/zz_queue_types.go +++ b/apis/cloudtasks/v1beta2/zz_queue_types.go @@ -65,6 +65,321 @@ type AppEngineRoutingOverrideParameters struct { Version *string `json:"version,omitempty" tf:"version,omitempty"` } +type HTTPTargetInitParameters struct { + + // The HTTP method to use for the request. + // When specified, it overrides HttpRequest for the task. + // Note that if the value is set to GET the body of the task will be ignored at execution time. + // Possible values are: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS. + HTTPMethod *string `json:"httpMethod,omitempty" tf:"http_method,omitempty"` + + // HTTP target headers. + // This map contains the header field names and values. + // Headers will be set when running the CreateTask and/or BufferTask. + // These headers represent a subset of the headers that will be configured for the task's HTTP request. + // Some HTTP request headers will be ignored or replaced. + // Headers which can have multiple values (according to RFC2616) can be specified using comma-separated values. + // The size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue. + // Structure is documented below. + HeaderOverrides []HeaderOverridesInitParameters `json:"headerOverrides,omitempty" tf:"header_overrides,omitempty"` + + // If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request. + // This type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com. + // Note that both the service account email and the scope MUST be specified when using the queue-level authorization override. + // Structure is documented below. + OAuthToken *OAuthTokenInitParameters `json:"oauthToken,omitempty" tf:"oauth_token,omitempty"` + + // If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request. + // This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. + // Note that both the service account email and the audience MUST be specified when using the queue-level authorization override. + // Structure is documented below. + OidcToken *OidcTokenInitParameters `json:"oidcToken,omitempty" tf:"oidc_token,omitempty"` + + // URI override. + // When specified, overrides the execution URI for all the tasks in the queue. + // Structure is documented below. + URIOverride *URIOverrideInitParameters `json:"uriOverride,omitempty" tf:"uri_override,omitempty"` +} + +type HTTPTargetObservation struct { + + // The HTTP method to use for the request. + // When specified, it overrides HttpRequest for the task. + // Note that if the value is set to GET the body of the task will be ignored at execution time. + // Possible values are: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS. + HTTPMethod *string `json:"httpMethod,omitempty" tf:"http_method,omitempty"` + + // HTTP target headers. + // This map contains the header field names and values. + // Headers will be set when running the CreateTask and/or BufferTask. + // These headers represent a subset of the headers that will be configured for the task's HTTP request. + // Some HTTP request headers will be ignored or replaced. + // Headers which can have multiple values (according to RFC2616) can be specified using comma-separated values. + // The size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue. + // Structure is documented below. + HeaderOverrides []HeaderOverridesObservation `json:"headerOverrides,omitempty" tf:"header_overrides,omitempty"` + + // If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request. + // This type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com. + // Note that both the service account email and the scope MUST be specified when using the queue-level authorization override. + // Structure is documented below. + OAuthToken *OAuthTokenObservation `json:"oauthToken,omitempty" tf:"oauth_token,omitempty"` + + // If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request. + // This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. + // Note that both the service account email and the audience MUST be specified when using the queue-level authorization override. + // Structure is documented below. + OidcToken *OidcTokenObservation `json:"oidcToken,omitempty" tf:"oidc_token,omitempty"` + + // URI override. + // When specified, overrides the execution URI for all the tasks in the queue. + // Structure is documented below. + URIOverride *URIOverrideObservation `json:"uriOverride,omitempty" tf:"uri_override,omitempty"` +} + +type HTTPTargetParameters struct { + + // The HTTP method to use for the request. + // When specified, it overrides HttpRequest for the task. + // Note that if the value is set to GET the body of the task will be ignored at execution time. + // Possible values are: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS. + // +kubebuilder:validation:Optional + HTTPMethod *string `json:"httpMethod,omitempty" tf:"http_method,omitempty"` + + // HTTP target headers. + // This map contains the header field names and values. + // Headers will be set when running the CreateTask and/or BufferTask. + // These headers represent a subset of the headers that will be configured for the task's HTTP request. + // Some HTTP request headers will be ignored or replaced. + // Headers which can have multiple values (according to RFC2616) can be specified using comma-separated values. + // The size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue. + // Structure is documented below. + // +kubebuilder:validation:Optional + HeaderOverrides []HeaderOverridesParameters `json:"headerOverrides,omitempty" tf:"header_overrides,omitempty"` + + // If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request. + // This type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com. + // Note that both the service account email and the scope MUST be specified when using the queue-level authorization override. + // Structure is documented below. + // +kubebuilder:validation:Optional + OAuthToken *OAuthTokenParameters `json:"oauthToken,omitempty" tf:"oauth_token,omitempty"` + + // If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request. + // This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. + // Note that both the service account email and the audience MUST be specified when using the queue-level authorization override. + // Structure is documented below. + // +kubebuilder:validation:Optional + OidcToken *OidcTokenParameters `json:"oidcToken,omitempty" tf:"oidc_token,omitempty"` + + // URI override. + // When specified, overrides the execution URI for all the tasks in the queue. + // Structure is documented below. + // +kubebuilder:validation:Optional + URIOverride *URIOverrideParameters `json:"uriOverride,omitempty" tf:"uri_override,omitempty"` +} + +type HeaderInitParameters struct { + + // The Key of the header. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The Value of the header. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type HeaderObservation struct { + + // The Key of the header. + Key *string `json:"key,omitempty" tf:"key,omitempty"` + + // The Value of the header. + Value *string `json:"value,omitempty" tf:"value,omitempty"` +} + +type HeaderOverridesInitParameters struct { + + // Header embodying a key and a value. + // Structure is documented below. + Header *HeaderInitParameters `json:"header,omitempty" tf:"header,omitempty"` +} + +type HeaderOverridesObservation struct { + + // Header embodying a key and a value. + // Structure is documented below. + Header *HeaderObservation `json:"header,omitempty" tf:"header,omitempty"` +} + +type HeaderOverridesParameters struct { + + // Header embodying a key and a value. + // Structure is documented below. + // +kubebuilder:validation:Optional + Header *HeaderParameters `json:"header" tf:"header,omitempty"` +} + +type HeaderParameters struct { + + // The Key of the header. + // +kubebuilder:validation:Optional + Key *string `json:"key" tf:"key,omitempty"` + + // The Value of the header. + // +kubebuilder:validation:Optional + Value *string `json:"value" tf:"value,omitempty"` +} + +type OAuthTokenInitParameters struct { + + // OAuth scope to be used for generating OAuth access token. + // If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // Service account email to be used for generating OIDC token. + // The service account must be within the same project as the queue. + // The caller must have iam.serviceAccounts.actAs permission for the service account. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailRef *v1.Reference `json:"serviceAccountEmailRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailSelector *v1.Selector `json:"serviceAccountEmailSelector,omitempty" tf:"-"` +} + +type OAuthTokenObservation struct { + + // OAuth scope to be used for generating OAuth access token. + // If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // Service account email to be used for generating OIDC token. + // The service account must be within the same project as the queue. + // The caller must have iam.serviceAccounts.actAs permission for the service account. + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` +} + +type OAuthTokenParameters struct { + + // OAuth scope to be used for generating OAuth access token. + // If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. + // +kubebuilder:validation:Optional + Scope *string `json:"scope,omitempty" tf:"scope,omitempty"` + + // Service account email to be used for generating OIDC token. + // The service account must be within the same project as the queue. + // The caller must have iam.serviceAccounts.actAs permission for the service account. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) + // +kubebuilder:validation:Optional + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailRef *v1.Reference `json:"serviceAccountEmailRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailSelector *v1.Selector `json:"serviceAccountEmailSelector,omitempty" tf:"-"` +} + +type OidcTokenInitParameters struct { + + // Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used. + Audience *string `json:"audience,omitempty" tf:"audience,omitempty"` + + // Service account email to be used for generating OIDC token. + // The service account must be within the same project as the queue. + // The caller must have iam.serviceAccounts.actAs permission for the service account. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailRef *v1.Reference `json:"serviceAccountEmailRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailSelector *v1.Selector `json:"serviceAccountEmailSelector,omitempty" tf:"-"` +} + +type OidcTokenObservation struct { + + // Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used. + Audience *string `json:"audience,omitempty" tf:"audience,omitempty"` + + // Service account email to be used for generating OIDC token. + // The service account must be within the same project as the queue. + // The caller must have iam.serviceAccounts.actAs permission for the service account. + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` +} + +type OidcTokenParameters struct { + + // Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used. + // +kubebuilder:validation:Optional + Audience *string `json:"audience,omitempty" tf:"audience,omitempty"` + + // Service account email to be used for generating OIDC token. + // The service account must be within the same project as the queue. + // The caller must have iam.serviceAccounts.actAs permission for the service account. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) + // +kubebuilder:validation:Optional + ServiceAccountEmail *string `json:"serviceAccountEmail,omitempty" tf:"service_account_email,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailRef *v1.Reference `json:"serviceAccountEmailRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate serviceAccountEmail. + // +kubebuilder:validation:Optional + ServiceAccountEmailSelector *v1.Selector `json:"serviceAccountEmailSelector,omitempty" tf:"-"` +} + +type PathOverrideInitParameters struct { + + // The URI path (e.g., /users/1234). Default is an empty string. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PathOverrideObservation struct { + + // The URI path (e.g., /users/1234). Default is an empty string. + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type PathOverrideParameters struct { + + // The URI path (e.g., /users/1234). Default is an empty string. + // +kubebuilder:validation:Optional + Path *string `json:"path,omitempty" tf:"path,omitempty"` +} + +type QueryOverrideInitParameters struct { + + // The query parameters (e.g., qparam1=123&qparam2=456). Default is an empty string. + QueryParams *string `json:"queryParams,omitempty" tf:"query_params,omitempty"` +} + +type QueryOverrideObservation struct { + + // The query parameters (e.g., qparam1=123&qparam2=456). Default is an empty string. + QueryParams *string `json:"queryParams,omitempty" tf:"query_params,omitempty"` +} + +type QueryOverrideParameters struct { + + // The query parameters (e.g., qparam1=123&qparam2=456). Default is an empty string. + // +kubebuilder:validation:Optional + QueryParams *string `json:"queryParams,omitempty" tf:"query_params,omitempty"` +} + type QueueInitParameters struct { // Overrides for task-level appEngineRouting. These settings apply only @@ -72,6 +387,10 @@ type QueueInitParameters struct { // Structure is documented below. AppEngineRoutingOverride *AppEngineRoutingOverrideInitParameters `json:"appEngineRoutingOverride,omitempty" tf:"app_engine_routing_override,omitempty"` + // Modifies HTTP target for HTTP tasks. + // Structure is documented below. + HTTPTarget *HTTPTargetInitParameters `json:"httpTarget,omitempty" tf:"http_target,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.Project @@ -105,6 +424,10 @@ type QueueObservation struct { // Structure is documented below. AppEngineRoutingOverride *AppEngineRoutingOverrideObservation `json:"appEngineRoutingOverride,omitempty" tf:"app_engine_routing_override,omitempty"` + // Modifies HTTP target for HTTP tasks. + // Structure is documented below. + HTTPTarget *HTTPTargetObservation `json:"httpTarget,omitempty" tf:"http_target,omitempty"` + // an identifier for the resource with format projects/{{project}}/locations/{{location}}/queues/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -136,6 +459,11 @@ type QueueParameters struct { // +kubebuilder:validation:Optional AppEngineRoutingOverride *AppEngineRoutingOverrideParameters `json:"appEngineRoutingOverride,omitempty" tf:"app_engine_routing_override,omitempty"` + // Modifies HTTP target for HTTP tasks. + // Structure is documented below. + // +kubebuilder:validation:Optional + HTTPTarget *HTTPTargetParameters `json:"httpTarget,omitempty" tf:"http_target,omitempty"` + // The location of the queue // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` @@ -357,6 +685,126 @@ type StackdriverLoggingConfigParameters struct { SamplingRatio *float64 `json:"samplingRatio" tf:"sampling_ratio,omitempty"` } +type URIOverrideInitParameters struct { + + // Host override. + // When specified, replaces the host part of the task URL. + // For example, if the task URL is "https://www.google.com", and host value + // is set to "example.net", the overridden URI will be changed to "https://example.net". + // Host value cannot be an empty string (INVALID_ARGUMENT). + Host *string `json:"host,omitempty" tf:"host,omitempty"` + + // URI path. + // When specified, replaces the existing path of the task URL. + // Setting the path value to an empty string clears the URI path segment. + // Structure is documented below. + PathOverride *PathOverrideInitParameters `json:"pathOverride,omitempty" tf:"path_override,omitempty"` + + // Port override. + // When specified, replaces the port part of the task URI. + // For instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo. + // Note that the port value must be a positive integer. + // Setting the port to 0 (Zero) clears the URI port. + Port *string `json:"port,omitempty" tf:"port,omitempty"` + + // URI query. + // When specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment. + // Structure is documented below. + QueryOverride *QueryOverrideInitParameters `json:"queryOverride,omitempty" tf:"query_override,omitempty"` + + // Scheme override. + // When specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). + // Possible values are: HTTP, HTTPS. + Scheme *string `json:"scheme,omitempty" tf:"scheme,omitempty"` + + // URI Override Enforce Mode + // When specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. + // Possible values are: ALWAYS, IF_NOT_EXISTS. + URIOverrideEnforceMode *string `json:"uriOverrideEnforceMode,omitempty" tf:"uri_override_enforce_mode,omitempty"` +} + +type URIOverrideObservation struct { + + // Host override. + // When specified, replaces the host part of the task URL. + // For example, if the task URL is "https://www.google.com", and host value + // is set to "example.net", the overridden URI will be changed to "https://example.net". + // Host value cannot be an empty string (INVALID_ARGUMENT). + Host *string `json:"host,omitempty" tf:"host,omitempty"` + + // URI path. + // When specified, replaces the existing path of the task URL. + // Setting the path value to an empty string clears the URI path segment. + // Structure is documented below. + PathOverride *PathOverrideObservation `json:"pathOverride,omitempty" tf:"path_override,omitempty"` + + // Port override. + // When specified, replaces the port part of the task URI. + // For instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo. + // Note that the port value must be a positive integer. + // Setting the port to 0 (Zero) clears the URI port. + Port *string `json:"port,omitempty" tf:"port,omitempty"` + + // URI query. + // When specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment. + // Structure is documented below. + QueryOverride *QueryOverrideObservation `json:"queryOverride,omitempty" tf:"query_override,omitempty"` + + // Scheme override. + // When specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). + // Possible values are: HTTP, HTTPS. + Scheme *string `json:"scheme,omitempty" tf:"scheme,omitempty"` + + // URI Override Enforce Mode + // When specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. + // Possible values are: ALWAYS, IF_NOT_EXISTS. + URIOverrideEnforceMode *string `json:"uriOverrideEnforceMode,omitempty" tf:"uri_override_enforce_mode,omitempty"` +} + +type URIOverrideParameters struct { + + // Host override. + // When specified, replaces the host part of the task URL. + // For example, if the task URL is "https://www.google.com", and host value + // is set to "example.net", the overridden URI will be changed to "https://example.net". + // Host value cannot be an empty string (INVALID_ARGUMENT). + // +kubebuilder:validation:Optional + Host *string `json:"host,omitempty" tf:"host,omitempty"` + + // URI path. + // When specified, replaces the existing path of the task URL. + // Setting the path value to an empty string clears the URI path segment. + // Structure is documented below. + // +kubebuilder:validation:Optional + PathOverride *PathOverrideParameters `json:"pathOverride,omitempty" tf:"path_override,omitempty"` + + // Port override. + // When specified, replaces the port part of the task URI. + // For instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo. + // Note that the port value must be a positive integer. + // Setting the port to 0 (Zero) clears the URI port. + // +kubebuilder:validation:Optional + Port *string `json:"port,omitempty" tf:"port,omitempty"` + + // URI query. + // When specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment. + // Structure is documented below. + // +kubebuilder:validation:Optional + QueryOverride *QueryOverrideParameters `json:"queryOverride,omitempty" tf:"query_override,omitempty"` + + // Scheme override. + // When specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). + // Possible values are: HTTP, HTTPS. + // +kubebuilder:validation:Optional + Scheme *string `json:"scheme,omitempty" tf:"scheme,omitempty"` + + // URI Override Enforce Mode + // When specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. + // Possible values are: ALWAYS, IF_NOT_EXISTS. + // +kubebuilder:validation:Optional + URIOverrideEnforceMode *string `json:"uriOverrideEnforceMode,omitempty" tf:"uri_override_enforce_mode,omitempty"` +} + // QueueSpec defines the desired state of Queue type QueueSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/package/crds/cloudtasks.gcp.upbound.io_queues.yaml b/package/crds/cloudtasks.gcp.upbound.io_queues.yaml index 76c822215..4003f1044 100644 --- a/package/crds/cloudtasks.gcp.upbound.io_queues.yaml +++ b/package/crds/cloudtasks.gcp.upbound.io_queues.yaml @@ -903,6 +903,293 @@ spec: By default, the task is sent to the version which is the default version when the task is attempted. type: string type: object + httpTarget: + description: |- + Modifies HTTP target for HTTP tasks. + Structure is documented below. + properties: + headerOverrides: + description: |- + HTTP target headers. + This map contains the header field names and values. + Headers will be set when running the CreateTask and/or BufferTask. + These headers represent a subset of the headers that will be configured for the task's HTTP request. + Some HTTP request headers will be ignored or replaced. + Headers which can have multiple values (according to RFC2616) can be specified using comma-separated values. + The size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue. + Structure is documented below. + items: + properties: + header: + description: |- + Header embodying a key and a value. + Structure is documented below. + properties: + key: + description: The Key of the header. + type: string + value: + description: The Value of the header. + type: string + type: object + type: object + type: array + httpMethod: + description: |- + The HTTP method to use for the request. + When specified, it overrides HttpRequest for the task. + Note that if the value is set to GET the body of the task will be ignored at execution time. + Possible values are: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS. + type: string + oauthToken: + description: |- + If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request. + This type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com. + Note that both the service account email and the scope MUST be specified when using the queue-level authorization override. + Structure is documented below. + properties: + scope: + description: |- + OAuth scope to be used for generating OAuth access token. + If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating OIDC token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + type: string + serviceAccountEmailRef: + description: Reference to a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + serviceAccountEmailSelector: + description: Selector for a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + oidcToken: + description: |- + If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request. + This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. + Note that both the service account email and the audience MUST be specified when using the queue-level authorization override. + Structure is documented below. + properties: + audience: + description: Audience to be used when generating OIDC + token. If not specified, the URI specified in target + will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating OIDC token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + type: string + serviceAccountEmailRef: + description: Reference to a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + serviceAccountEmailSelector: + description: Selector for a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + uriOverride: + description: |- + URI override. + When specified, overrides the execution URI for all the tasks in the queue. + Structure is documented below. + properties: + host: + description: |- + Host override. + When specified, replaces the host part of the task URL. + For example, if the task URL is "https://www.google.com", and host value + is set to "example.net", the overridden URI will be changed to "https://example.net". + Host value cannot be an empty string (INVALID_ARGUMENT). + type: string + pathOverride: + description: |- + URI path. + When specified, replaces the existing path of the task URL. + Setting the path value to an empty string clears the URI path segment. + Structure is documented below. + properties: + path: + description: The URI path (e.g., /users/1234). Default + is an empty string. + type: string + type: object + port: + description: |- + Port override. + When specified, replaces the port part of the task URI. + For instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo. + Note that the port value must be a positive integer. + Setting the port to 0 (Zero) clears the URI port. + type: string + queryOverride: + description: |- + URI query. + When specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment. + Structure is documented below. + properties: + queryParams: + description: The query parameters (e.g., qparam1=123&qparam2=456). + Default is an empty string. + type: string + type: object + scheme: + description: |- + Scheme override. + When specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). + Possible values are: HTTP, HTTPS. + type: string + uriOverrideEnforceMode: + description: |- + URI Override Enforce Mode + When specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. + Possible values are: ALWAYS, IF_NOT_EXISTS. + type: string + type: object + type: object location: description: The location of the queue type: string @@ -1099,6 +1386,293 @@ spec: By default, the task is sent to the version which is the default version when the task is attempted. type: string type: object + httpTarget: + description: |- + Modifies HTTP target for HTTP tasks. + Structure is documented below. + properties: + headerOverrides: + description: |- + HTTP target headers. + This map contains the header field names and values. + Headers will be set when running the CreateTask and/or BufferTask. + These headers represent a subset of the headers that will be configured for the task's HTTP request. + Some HTTP request headers will be ignored or replaced. + Headers which can have multiple values (according to RFC2616) can be specified using comma-separated values. + The size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue. + Structure is documented below. + items: + properties: + header: + description: |- + Header embodying a key and a value. + Structure is documented below. + properties: + key: + description: The Key of the header. + type: string + value: + description: The Value of the header. + type: string + type: object + type: object + type: array + httpMethod: + description: |- + The HTTP method to use for the request. + When specified, it overrides HttpRequest for the task. + Note that if the value is set to GET the body of the task will be ignored at execution time. + Possible values are: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS. + type: string + oauthToken: + description: |- + If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request. + This type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com. + Note that both the service account email and the scope MUST be specified when using the queue-level authorization override. + Structure is documented below. + properties: + scope: + description: |- + OAuth scope to be used for generating OAuth access token. + If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating OIDC token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + type: string + serviceAccountEmailRef: + description: Reference to a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + serviceAccountEmailSelector: + description: Selector for a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + oidcToken: + description: |- + If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request. + This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. + Note that both the service account email and the audience MUST be specified when using the queue-level authorization override. + Structure is documented below. + properties: + audience: + description: Audience to be used when generating OIDC + token. If not specified, the URI specified in target + will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating OIDC token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + type: string + serviceAccountEmailRef: + description: Reference to a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + serviceAccountEmailSelector: + description: Selector for a ServiceAccount in cloudplatform + to populate serviceAccountEmail. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + uriOverride: + description: |- + URI override. + When specified, overrides the execution URI for all the tasks in the queue. + Structure is documented below. + properties: + host: + description: |- + Host override. + When specified, replaces the host part of the task URL. + For example, if the task URL is "https://www.google.com", and host value + is set to "example.net", the overridden URI will be changed to "https://example.net". + Host value cannot be an empty string (INVALID_ARGUMENT). + type: string + pathOverride: + description: |- + URI path. + When specified, replaces the existing path of the task URL. + Setting the path value to an empty string clears the URI path segment. + Structure is documented below. + properties: + path: + description: The URI path (e.g., /users/1234). Default + is an empty string. + type: string + type: object + port: + description: |- + Port override. + When specified, replaces the port part of the task URI. + For instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo. + Note that the port value must be a positive integer. + Setting the port to 0 (Zero) clears the URI port. + type: string + queryOverride: + description: |- + URI query. + When specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment. + Structure is documented below. + properties: + queryParams: + description: The query parameters (e.g., qparam1=123&qparam2=456). + Default is an empty string. + type: string + type: object + scheme: + description: |- + Scheme override. + When specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). + Possible values are: HTTP, HTTPS. + type: string + uriOverrideEnforceMode: + description: |- + URI Override Enforce Mode + When specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. + Possible values are: ALWAYS, IF_NOT_EXISTS. + type: string + type: object + type: object project: description: |- The ID of the project in which the resource belongs. @@ -1454,6 +2028,141 @@ spec: By default, the task is sent to the version which is the default version when the task is attempted. type: string type: object + httpTarget: + description: |- + Modifies HTTP target for HTTP tasks. + Structure is documented below. + properties: + headerOverrides: + description: |- + HTTP target headers. + This map contains the header field names and values. + Headers will be set when running the CreateTask and/or BufferTask. + These headers represent a subset of the headers that will be configured for the task's HTTP request. + Some HTTP request headers will be ignored or replaced. + Headers which can have multiple values (according to RFC2616) can be specified using comma-separated values. + The size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue. + Structure is documented below. + items: + properties: + header: + description: |- + Header embodying a key and a value. + Structure is documented below. + properties: + key: + description: The Key of the header. + type: string + value: + description: The Value of the header. + type: string + type: object + type: object + type: array + httpMethod: + description: |- + The HTTP method to use for the request. + When specified, it overrides HttpRequest for the task. + Note that if the value is set to GET the body of the task will be ignored at execution time. + Possible values are: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS. + type: string + oauthToken: + description: |- + If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request. + This type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com. + Note that both the service account email and the scope MUST be specified when using the queue-level authorization override. + Structure is documented below. + properties: + scope: + description: |- + OAuth scope to be used for generating OAuth access token. + If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating OIDC token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + type: string + type: object + oidcToken: + description: |- + If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request. + This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. + Note that both the service account email and the audience MUST be specified when using the queue-level authorization override. + Structure is documented below. + properties: + audience: + description: Audience to be used when generating OIDC + token. If not specified, the URI specified in target + will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating OIDC token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + type: string + type: object + uriOverride: + description: |- + URI override. + When specified, overrides the execution URI for all the tasks in the queue. + Structure is documented below. + properties: + host: + description: |- + Host override. + When specified, replaces the host part of the task URL. + For example, if the task URL is "https://www.google.com", and host value + is set to "example.net", the overridden URI will be changed to "https://example.net". + Host value cannot be an empty string (INVALID_ARGUMENT). + type: string + pathOverride: + description: |- + URI path. + When specified, replaces the existing path of the task URL. + Setting the path value to an empty string clears the URI path segment. + Structure is documented below. + properties: + path: + description: The URI path (e.g., /users/1234). Default + is an empty string. + type: string + type: object + port: + description: |- + Port override. + When specified, replaces the port part of the task URI. + For instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo. + Note that the port value must be a positive integer. + Setting the port to 0 (Zero) clears the URI port. + type: string + queryOverride: + description: |- + URI query. + When specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment. + Structure is documented below. + properties: + queryParams: + description: The query parameters (e.g., qparam1=123&qparam2=456). + Default is an empty string. + type: string + type: object + scheme: + description: |- + Scheme override. + When specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). + Possible values are: HTTP, HTTPS. + type: string + uriOverrideEnforceMode: + description: |- + URI Override Enforce Mode + When specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. + Possible values are: ALWAYS, IF_NOT_EXISTS. + type: string + type: object + type: object id: description: an identifier for the resource with format projects/{{project}}/locations/{{location}}/queues/{{name}} type: string From 02a838c2cac578ef25ce4b906c6ec803cc1b2f32 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 17:59:39 +0100 Subject: [PATCH 34/47] composer: multiple changes Signed-off-by: Rickard von Essen --- apis/composer/v1beta2/zz_environment_types.go | 212 +++++++++- .../composer/v1beta2/zz_generated.deepcopy.go | 366 ++++++++++++++++++ .../composer.gcp.upbound.io_environments.yaml | 201 +++++++++- 3 files changed, 762 insertions(+), 17 deletions(-) diff --git a/apis/composer/v1beta2/zz_environment_types.go b/apis/composer/v1beta2/zz_environment_types.go index f9bb543db..f1a4ed43f 100755 --- a/apis/composer/v1beta2/zz_environment_types.go +++ b/apis/composer/v1beta2/zz_environment_types.go @@ -13,6 +13,27 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AirflowMetadataRetentionConfigInitParameters struct { + RetentionDays *float64 `json:"retentionDays,omitempty" tf:"retention_days,omitempty"` + + RetentionMode *string `json:"retentionMode,omitempty" tf:"retention_mode,omitempty"` +} + +type AirflowMetadataRetentionConfigObservation struct { + RetentionDays *float64 `json:"retentionDays,omitempty" tf:"retention_days,omitempty"` + + RetentionMode *string `json:"retentionMode,omitempty" tf:"retention_mode,omitempty"` +} + +type AirflowMetadataRetentionConfigParameters struct { + + // +kubebuilder:validation:Optional + RetentionDays *float64 `json:"retentionDays,omitempty" tf:"retention_days,omitempty"` + + // +kubebuilder:validation:Optional + RetentionMode *string `json:"retentionMode,omitempty" tf:"retention_mode,omitempty"` +} + type AllowedIPRangeInitParameters struct { // A description of this ip range. @@ -80,9 +101,28 @@ type CidrBlocksParameters struct { DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` } +type CloudDataLineageIntegrationInitParameters struct { + + // When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type CloudDataLineageIntegrationObservation struct { + + // When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type CloudDataLineageIntegrationParameters struct { + + // When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type ConfigInitParameters struct { - // Configuration setting for Airflow database retention mechanism. Structure is + // Configuration setting for airflow data rentention mechanism. Structure is // documented below. DataRetentionConfig *DataRetentionConfigInitParameters `json:"dataRetentionConfig,omitempty" tf:"data_retention_config,omitempty"` @@ -90,6 +130,13 @@ type ConfigInitParameters struct { // by Apache Airflow software. DatabaseConfig *DatabaseConfigInitParameters `json:"databaseConfig,omitempty" tf:"database_config,omitempty"` + // If true, builds performed during operations that install Python packages have only private connectivity to Google services. + // If false, the builds also have access to the internet. + EnablePrivateBuildsOnly *bool `json:"enablePrivateBuildsOnly,omitempty" tf:"enable_private_builds_only,omitempty"` + + // If true, a private Composer environment will be created. + EnablePrivateEnvironment *bool `json:"enablePrivateEnvironment,omitempty" tf:"enable_private_environment,omitempty"` + // The encryption options for the Cloud Composer environment and its // dependencies. EncryptionConfig *EncryptionConfigInitParameters `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` @@ -156,7 +203,7 @@ type ConfigObservation struct { // reside in a simulated directory with this prefix. DagGcsPrefix *string `json:"dagGcsPrefix,omitempty" tf:"dag_gcs_prefix,omitempty"` - // Configuration setting for Airflow database retention mechanism. Structure is + // Configuration setting for airflow data rentention mechanism. Structure is // documented below. DataRetentionConfig *DataRetentionConfigObservation `json:"dataRetentionConfig,omitempty" tf:"data_retention_config,omitempty"` @@ -164,6 +211,13 @@ type ConfigObservation struct { // by Apache Airflow software. DatabaseConfig *DatabaseConfigObservation `json:"databaseConfig,omitempty" tf:"database_config,omitempty"` + // If true, builds performed during operations that install Python packages have only private connectivity to Google services. + // If false, the builds also have access to the internet. + EnablePrivateBuildsOnly *bool `json:"enablePrivateBuildsOnly,omitempty" tf:"enable_private_builds_only,omitempty"` + + // If true, a private Composer environment will be created. + EnablePrivateEnvironment *bool `json:"enablePrivateEnvironment,omitempty" tf:"enable_private_environment,omitempty"` + // The encryption options for the Cloud Composer environment and its // dependencies. EncryptionConfig *EncryptionConfigObservation `json:"encryptionConfig,omitempty" tf:"encryption_config,omitempty"` @@ -222,7 +276,7 @@ type ConfigObservation struct { type ConfigParameters struct { - // Configuration setting for Airflow database retention mechanism. Structure is + // Configuration setting for airflow data rentention mechanism. Structure is // documented below. // +kubebuilder:validation:Optional DataRetentionConfig *DataRetentionConfigParameters `json:"dataRetentionConfig,omitempty" tf:"data_retention_config,omitempty"` @@ -232,6 +286,15 @@ type ConfigParameters struct { // +kubebuilder:validation:Optional DatabaseConfig *DatabaseConfigParameters `json:"databaseConfig,omitempty" tf:"database_config,omitempty"` + // If true, builds performed during operations that install Python packages have only private connectivity to Google services. + // If false, the builds also have access to the internet. + // +kubebuilder:validation:Optional + EnablePrivateBuildsOnly *bool `json:"enablePrivateBuildsOnly,omitempty" tf:"enable_private_builds_only,omitempty"` + + // If true, a private Composer environment will be created. + // +kubebuilder:validation:Optional + EnablePrivateEnvironment *bool `json:"enablePrivateEnvironment,omitempty" tf:"enable_private_environment,omitempty"` + // The encryption options for the Cloud Composer environment and its // dependencies. // +kubebuilder:validation:Optional @@ -298,8 +361,60 @@ type ConfigParameters struct { WorkloadsConfig *WorkloadsConfigParameters `json:"workloadsConfig,omitempty" tf:"workloads_config,omitempty"` } +type DagProcessorInitParameters struct { + + // The number of CPUs for a single Airflow worker. + CPU *float64 `json:"cpu,omitempty" tf:"cpu,omitempty"` + + // The number of Airflow triggerers. + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` + + // The amount of memory (GB) for a single Airflow worker. + MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` + + // The amount of storage (GB) for a single Airflow worker. + StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` +} + +type DagProcessorObservation struct { + + // The number of CPUs for a single Airflow worker. + CPU *float64 `json:"cpu,omitempty" tf:"cpu,omitempty"` + + // The number of Airflow triggerers. + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` + + // The amount of memory (GB) for a single Airflow worker. + MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` + + // The amount of storage (GB) for a single Airflow worker. + StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` +} + +type DagProcessorParameters struct { + + // The number of CPUs for a single Airflow worker. + // +kubebuilder:validation:Optional + CPU *float64 `json:"cpu,omitempty" tf:"cpu,omitempty"` + + // The number of Airflow triggerers. + // +kubebuilder:validation:Optional + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` + + // The amount of memory (GB) for a single Airflow worker. + // +kubebuilder:validation:Optional + MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` + + // The amount of storage (GB) for a single Airflow worker. + // +kubebuilder:validation:Optional + StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` +} + type DataRetentionConfigInitParameters struct { + // Configuration parameters for this environment Structure is documented below. + AirflowMetadataRetentionConfig []AirflowMetadataRetentionConfigInitParameters `json:"airflowMetadataRetentionConfig,omitempty" tf:"airflow_metadata_retention_config,omitempty"` + // The configuration setting for Task Logs. Structure is // documented below. TaskLogsRetentionConfig []TaskLogsRetentionConfigInitParameters `json:"taskLogsRetentionConfig,omitempty" tf:"task_logs_retention_config,omitempty"` @@ -307,6 +422,9 @@ type DataRetentionConfigInitParameters struct { type DataRetentionConfigObservation struct { + // Configuration parameters for this environment Structure is documented below. + AirflowMetadataRetentionConfig []AirflowMetadataRetentionConfigObservation `json:"airflowMetadataRetentionConfig,omitempty" tf:"airflow_metadata_retention_config,omitempty"` + // The configuration setting for Task Logs. Structure is // documented below. TaskLogsRetentionConfig []TaskLogsRetentionConfigObservation `json:"taskLogsRetentionConfig,omitempty" tf:"task_logs_retention_config,omitempty"` @@ -314,10 +432,14 @@ type DataRetentionConfigObservation struct { type DataRetentionConfigParameters struct { + // Configuration parameters for this environment Structure is documented below. + // +kubebuilder:validation:Optional + AirflowMetadataRetentionConfig []AirflowMetadataRetentionConfigParameters `json:"airflowMetadataRetentionConfig,omitempty" tf:"airflow_metadata_retention_config,omitempty"` + // The configuration setting for Task Logs. Structure is // documented below. // +kubebuilder:validation:Optional - TaskLogsRetentionConfig []TaskLogsRetentionConfigParameters `json:"taskLogsRetentionConfig" tf:"task_logs_retention_config,omitempty"` + TaskLogsRetentionConfig []TaskLogsRetentionConfigParameters `json:"taskLogsRetentionConfig,omitempty" tf:"task_logs_retention_config,omitempty"` } type DatabaseConfigInitParameters struct { @@ -515,12 +637,12 @@ type IPAllocationPolicyInitParameters struct { // Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks // (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. // Specify either cluster_secondary_range_name or cluster_ipv4_cidr_block but not both. - ClusterIPv4CidrBlock *string `json:"clusterIpv4CidrBlock,omitempty" tf:"cluster_ipv4_cidr_block"` + ClusterIPv4CidrBlock *string `json:"clusterIpv4CidrBlock,omitempty" tf:"cluster_ipv4_cidr_block,omitempty"` // The name of the cluster's secondary range used to allocate IP addresses to pods. // Specify either cluster_secondary_range_name or cluster_ipv4_cidr_block but not both. // For Cloud Composer 1 environments, this field is applicable only when use_ip_aliases is true. - ClusterSecondaryRangeName *string `json:"clusterSecondaryRangeName,omitempty" tf:"cluster_secondary_range_name"` + ClusterSecondaryRangeName *string `json:"clusterSecondaryRangeName,omitempty" tf:"cluster_secondary_range_name,omitempty"` // The IP address range used to allocate IP addresses in this cluster. // For Cloud Composer 1 environments, this field is applicable only when use_ip_aliases is true. @@ -529,16 +651,16 @@ type IPAllocationPolicyInitParameters struct { // Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks // (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. // Specify either services_secondary_range_name or services_ipv4_cidr_block but not both. - ServicesIPv4CidrBlock *string `json:"servicesIpv4CidrBlock,omitempty" tf:"services_ipv4_cidr_block"` + ServicesIPv4CidrBlock *string `json:"servicesIpv4CidrBlock,omitempty" tf:"services_ipv4_cidr_block,omitempty"` // The name of the services' secondary range used to allocate IP addresses to the cluster. // Specify either services_secondary_range_name or services_ipv4_cidr_block but not both. // For Cloud Composer 1 environments, this field is applicable only when use_ip_aliases is true. - ServicesSecondaryRangeName *string `json:"servicesSecondaryRangeName,omitempty" tf:"services_secondary_range_name"` + ServicesSecondaryRangeName *string `json:"servicesSecondaryRangeName,omitempty" tf:"services_secondary_range_name,omitempty"` // Whether or not to enable Alias IPs in the GKE cluster. If true, a VPC-native cluster is created. // Defaults to true if the ip_allocation_policy block is present in config. - UseIPAliases *bool `json:"useIpAliases,omitempty" tf:"use_ip_aliases"` + UseIPAliases *bool `json:"useIpAliases,omitempty" tf:"use_ip_aliases,omitempty"` } type IPAllocationPolicyObservation struct { @@ -586,13 +708,13 @@ type IPAllocationPolicyParameters struct { // (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. // Specify either cluster_secondary_range_name or cluster_ipv4_cidr_block but not both. // +kubebuilder:validation:Optional - ClusterIPv4CidrBlock *string `json:"clusterIpv4CidrBlock,omitempty" tf:"cluster_ipv4_cidr_block"` + ClusterIPv4CidrBlock *string `json:"clusterIpv4CidrBlock,omitempty" tf:"cluster_ipv4_cidr_block,omitempty"` // The name of the cluster's secondary range used to allocate IP addresses to pods. // Specify either cluster_secondary_range_name or cluster_ipv4_cidr_block but not both. // For Cloud Composer 1 environments, this field is applicable only when use_ip_aliases is true. // +kubebuilder:validation:Optional - ClusterSecondaryRangeName *string `json:"clusterSecondaryRangeName,omitempty" tf:"cluster_secondary_range_name"` + ClusterSecondaryRangeName *string `json:"clusterSecondaryRangeName,omitempty" tf:"cluster_secondary_range_name,omitempty"` // The IP address range used to allocate IP addresses in this cluster. // For Cloud Composer 1 environments, this field is applicable only when use_ip_aliases is true. @@ -602,18 +724,18 @@ type IPAllocationPolicyParameters struct { // (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. // Specify either services_secondary_range_name or services_ipv4_cidr_block but not both. // +kubebuilder:validation:Optional - ServicesIPv4CidrBlock *string `json:"servicesIpv4CidrBlock,omitempty" tf:"services_ipv4_cidr_block"` + ServicesIPv4CidrBlock *string `json:"servicesIpv4CidrBlock,omitempty" tf:"services_ipv4_cidr_block,omitempty"` // The name of the services' secondary range used to allocate IP addresses to the cluster. // Specify either services_secondary_range_name or services_ipv4_cidr_block but not both. // For Cloud Composer 1 environments, this field is applicable only when use_ip_aliases is true. // +kubebuilder:validation:Optional - ServicesSecondaryRangeName *string `json:"servicesSecondaryRangeName,omitempty" tf:"services_secondary_range_name"` + ServicesSecondaryRangeName *string `json:"servicesSecondaryRangeName,omitempty" tf:"services_secondary_range_name,omitempty"` // Whether or not to enable Alias IPs in the GKE cluster. If true, a VPC-native cluster is created. // Defaults to true if the ip_allocation_policy block is present in config. // +kubebuilder:validation:Optional - UseIPAliases *bool `json:"useIpAliases,omitempty" tf:"use_ip_aliases"` + UseIPAliases *bool `json:"useIpAliases,omitempty" tf:"use_ip_aliases,omitempty"` } type MaintenanceWindowInitParameters struct { @@ -695,6 +817,15 @@ type MasterAuthorizedNetworksConfigParameters struct { type NodeConfigInitParameters struct { + // /20 IPv4 cidr range that will be used by Composer internal components. + // Cannot be updated. + ComposerInternalIPv4CidrBlock *string `json:"composerInternalIpv4CidrBlock,omitempty" tf:"composer_internal_ipv4_cidr_block,omitempty"` + + // PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment + // and point Cloud Composer environment to use. It is possible to share network attachment among many environments, + // provided enough IP addresses are available. + ComposerNetworkAttachment *string `json:"composerNetworkAttachment,omitempty" tf:"composer_network_attachment,omitempty"` + // The disk size in GB used for node VMs. Minimum size is 20GB. // If unspecified, defaults to 100GB. Cannot be updated. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` @@ -786,6 +917,15 @@ type NodeConfigInitParameters struct { type NodeConfigObservation struct { + // /20 IPv4 cidr range that will be used by Composer internal components. + // Cannot be updated. + ComposerInternalIPv4CidrBlock *string `json:"composerInternalIpv4CidrBlock,omitempty" tf:"composer_internal_ipv4_cidr_block,omitempty"` + + // PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment + // and point Cloud Composer environment to use. It is possible to share network attachment among many environments, + // provided enough IP addresses are available. + ComposerNetworkAttachment *string `json:"composerNetworkAttachment,omitempty" tf:"composer_network_attachment,omitempty"` + // The disk size in GB used for node VMs. Minimum size is 20GB. // If unspecified, defaults to 100GB. Cannot be updated. DiskSizeGb *float64 `json:"diskSizeGb,omitempty" tf:"disk_size_gb,omitempty"` @@ -847,6 +987,17 @@ type NodeConfigObservation struct { type NodeConfigParameters struct { + // /20 IPv4 cidr range that will be used by Composer internal components. + // Cannot be updated. + // +kubebuilder:validation:Optional + ComposerInternalIPv4CidrBlock *string `json:"composerInternalIpv4CidrBlock,omitempty" tf:"composer_internal_ipv4_cidr_block,omitempty"` + + // PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment + // and point Cloud Composer environment to use. It is possible to share network attachment among many environments, + // provided enough IP addresses are available. + // +kubebuilder:validation:Optional + ComposerNetworkAttachment *string `json:"composerNetworkAttachment,omitempty" tf:"composer_network_attachment,omitempty"` + // The disk size in GB used for node VMs. Minimum size is 20GB. // If unspecified, defaults to 100GB. Cannot be updated. // +kubebuilder:validation:Optional @@ -1189,6 +1340,10 @@ type SoftwareConfigInitParameters struct { // +mapType=granular AirflowConfigOverrides map[string]*string `json:"airflowConfigOverrides,omitempty" tf:"airflow_config_overrides,omitempty"` + // The configuration for Cloud Data Lineage integration. Structure is + // documented below. + CloudDataLineageIntegration *CloudDataLineageIntegrationInitParameters `json:"cloudDataLineageIntegration,omitempty" tf:"cloud_data_lineage_integration,omitempty"` + // Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. // Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. // They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression @@ -1212,6 +1367,9 @@ type SoftwareConfigInitParameters struct { // The number of schedulers for Airflow. SchedulerCount *float64 `json:"schedulerCount,omitempty" tf:"scheduler_count,omitempty"` + + // Web server plugins configuration. Can be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + WebServerPluginsMode *string `json:"webServerPluginsMode,omitempty" tf:"web_server_plugins_mode,omitempty"` } type SoftwareConfigObservation struct { @@ -1221,6 +1379,10 @@ type SoftwareConfigObservation struct { // +mapType=granular AirflowConfigOverrides map[string]*string `json:"airflowConfigOverrides,omitempty" tf:"airflow_config_overrides,omitempty"` + // The configuration for Cloud Data Lineage integration. Structure is + // documented below. + CloudDataLineageIntegration *CloudDataLineageIntegrationObservation `json:"cloudDataLineageIntegration,omitempty" tf:"cloud_data_lineage_integration,omitempty"` + // Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. // Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. // They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression @@ -1244,6 +1406,9 @@ type SoftwareConfigObservation struct { // The number of schedulers for Airflow. SchedulerCount *float64 `json:"schedulerCount,omitempty" tf:"scheduler_count,omitempty"` + + // Web server plugins configuration. Can be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + WebServerPluginsMode *string `json:"webServerPluginsMode,omitempty" tf:"web_server_plugins_mode,omitempty"` } type SoftwareConfigParameters struct { @@ -1254,6 +1419,11 @@ type SoftwareConfigParameters struct { // +mapType=granular AirflowConfigOverrides map[string]*string `json:"airflowConfigOverrides,omitempty" tf:"airflow_config_overrides,omitempty"` + // The configuration for Cloud Data Lineage integration. Structure is + // documented below. + // +kubebuilder:validation:Optional + CloudDataLineageIntegration *CloudDataLineageIntegrationParameters `json:"cloudDataLineageIntegration,omitempty" tf:"cloud_data_lineage_integration,omitempty"` + // Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. // Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. // They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression @@ -1282,6 +1452,10 @@ type SoftwareConfigParameters struct { // The number of schedulers for Airflow. // +kubebuilder:validation:Optional SchedulerCount *float64 `json:"schedulerCount,omitempty" tf:"scheduler_count,omitempty"` + + // Web server plugins configuration. Can be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + // +kubebuilder:validation:Optional + WebServerPluginsMode *string `json:"webServerPluginsMode,omitempty" tf:"web_server_plugins_mode,omitempty"` } type StorageConfigInitParameters struct { @@ -1523,6 +1697,9 @@ type WorkerParameters struct { type WorkloadsConfigInitParameters struct { + // Configuration for resources used by DAG processor. + DagProcessor *DagProcessorInitParameters `json:"dagProcessor,omitempty" tf:"dag_processor,omitempty"` + // Configuration for resources used by Airflow schedulers. Scheduler *SchedulerInitParameters `json:"scheduler,omitempty" tf:"scheduler,omitempty"` @@ -1538,6 +1715,9 @@ type WorkloadsConfigInitParameters struct { type WorkloadsConfigObservation struct { + // Configuration for resources used by DAG processor. + DagProcessor *DagProcessorObservation `json:"dagProcessor,omitempty" tf:"dag_processor,omitempty"` + // Configuration for resources used by Airflow schedulers. Scheduler *SchedulerObservation `json:"scheduler,omitempty" tf:"scheduler,omitempty"` @@ -1553,6 +1733,10 @@ type WorkloadsConfigObservation struct { type WorkloadsConfigParameters struct { + // Configuration for resources used by DAG processor. + // +kubebuilder:validation:Optional + DagProcessor *DagProcessorParameters `json:"dagProcessor,omitempty" tf:"dag_processor,omitempty"` + // Configuration for resources used by Airflow schedulers. // +kubebuilder:validation:Optional Scheduler *SchedulerParameters `json:"scheduler,omitempty" tf:"scheduler,omitempty"` diff --git a/apis/composer/v1beta2/zz_generated.deepcopy.go b/apis/composer/v1beta2/zz_generated.deepcopy.go index e7b087171..3481c9209 100644 --- a/apis/composer/v1beta2/zz_generated.deepcopy.go +++ b/apis/composer/v1beta2/zz_generated.deepcopy.go @@ -13,6 +13,81 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AirflowMetadataRetentionConfigInitParameters) DeepCopyInto(out *AirflowMetadataRetentionConfigInitParameters) { + *out = *in + if in.RetentionDays != nil { + in, out := &in.RetentionDays, &out.RetentionDays + *out = new(float64) + **out = **in + } + if in.RetentionMode != nil { + in, out := &in.RetentionMode, &out.RetentionMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AirflowMetadataRetentionConfigInitParameters. +func (in *AirflowMetadataRetentionConfigInitParameters) DeepCopy() *AirflowMetadataRetentionConfigInitParameters { + if in == nil { + return nil + } + out := new(AirflowMetadataRetentionConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AirflowMetadataRetentionConfigObservation) DeepCopyInto(out *AirflowMetadataRetentionConfigObservation) { + *out = *in + if in.RetentionDays != nil { + in, out := &in.RetentionDays, &out.RetentionDays + *out = new(float64) + **out = **in + } + if in.RetentionMode != nil { + in, out := &in.RetentionMode, &out.RetentionMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AirflowMetadataRetentionConfigObservation. +func (in *AirflowMetadataRetentionConfigObservation) DeepCopy() *AirflowMetadataRetentionConfigObservation { + if in == nil { + return nil + } + out := new(AirflowMetadataRetentionConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AirflowMetadataRetentionConfigParameters) DeepCopyInto(out *AirflowMetadataRetentionConfigParameters) { + *out = *in + if in.RetentionDays != nil { + in, out := &in.RetentionDays, &out.RetentionDays + *out = new(float64) + **out = **in + } + if in.RetentionMode != nil { + in, out := &in.RetentionMode, &out.RetentionMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AirflowMetadataRetentionConfigParameters. +func (in *AirflowMetadataRetentionConfigParameters) DeepCopy() *AirflowMetadataRetentionConfigParameters { + if in == nil { + return nil + } + out := new(AirflowMetadataRetentionConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AllowedIPRangeInitParameters) DeepCopyInto(out *AllowedIPRangeInitParameters) { *out = *in @@ -163,6 +238,66 @@ func (in *CidrBlocksParameters) DeepCopy() *CidrBlocksParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudDataLineageIntegrationInitParameters) DeepCopyInto(out *CloudDataLineageIntegrationInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudDataLineageIntegrationInitParameters. +func (in *CloudDataLineageIntegrationInitParameters) DeepCopy() *CloudDataLineageIntegrationInitParameters { + if in == nil { + return nil + } + out := new(CloudDataLineageIntegrationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudDataLineageIntegrationObservation) DeepCopyInto(out *CloudDataLineageIntegrationObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudDataLineageIntegrationObservation. +func (in *CloudDataLineageIntegrationObservation) DeepCopy() *CloudDataLineageIntegrationObservation { + if in == nil { + return nil + } + out := new(CloudDataLineageIntegrationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudDataLineageIntegrationParameters) DeepCopyInto(out *CloudDataLineageIntegrationParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudDataLineageIntegrationParameters. +func (in *CloudDataLineageIntegrationParameters) DeepCopy() *CloudDataLineageIntegrationParameters { + if in == nil { + return nil + } + out := new(CloudDataLineageIntegrationParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigInitParameters) DeepCopyInto(out *ConfigInitParameters) { *out = *in @@ -176,6 +311,16 @@ func (in *ConfigInitParameters) DeepCopyInto(out *ConfigInitParameters) { *out = new(DatabaseConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.EnablePrivateBuildsOnly != nil { + in, out := &in.EnablePrivateBuildsOnly, &out.EnablePrivateBuildsOnly + *out = new(bool) + **out = **in + } + if in.EnablePrivateEnvironment != nil { + in, out := &in.EnablePrivateEnvironment, &out.EnablePrivateEnvironment + *out = new(bool) + **out = **in + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = new(EncryptionConfigInitParameters) @@ -276,6 +421,16 @@ func (in *ConfigObservation) DeepCopyInto(out *ConfigObservation) { *out = new(DatabaseConfigObservation) (*in).DeepCopyInto(*out) } + if in.EnablePrivateBuildsOnly != nil { + in, out := &in.EnablePrivateBuildsOnly, &out.EnablePrivateBuildsOnly + *out = new(bool) + **out = **in + } + if in.EnablePrivateEnvironment != nil { + in, out := &in.EnablePrivateEnvironment, &out.EnablePrivateEnvironment + *out = new(bool) + **out = **in + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = new(EncryptionConfigObservation) @@ -371,6 +526,16 @@ func (in *ConfigParameters) DeepCopyInto(out *ConfigParameters) { *out = new(DatabaseConfigParameters) (*in).DeepCopyInto(*out) } + if in.EnablePrivateBuildsOnly != nil { + in, out := &in.EnablePrivateBuildsOnly, &out.EnablePrivateBuildsOnly + *out = new(bool) + **out = **in + } + if in.EnablePrivateEnvironment != nil { + in, out := &in.EnablePrivateEnvironment, &out.EnablePrivateEnvironment + *out = new(bool) + **out = **in + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = new(EncryptionConfigParameters) @@ -448,9 +613,121 @@ func (in *ConfigParameters) DeepCopy() *ConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DagProcessorInitParameters) DeepCopyInto(out *DagProcessorInitParameters) { + *out = *in + if in.CPU != nil { + in, out := &in.CPU, &out.CPU + *out = new(float64) + **out = **in + } + if in.Count != nil { + in, out := &in.Count, &out.Count + *out = new(float64) + **out = **in + } + if in.MemoryGb != nil { + in, out := &in.MemoryGb, &out.MemoryGb + *out = new(float64) + **out = **in + } + if in.StorageGb != nil { + in, out := &in.StorageGb, &out.StorageGb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DagProcessorInitParameters. +func (in *DagProcessorInitParameters) DeepCopy() *DagProcessorInitParameters { + if in == nil { + return nil + } + out := new(DagProcessorInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DagProcessorObservation) DeepCopyInto(out *DagProcessorObservation) { + *out = *in + if in.CPU != nil { + in, out := &in.CPU, &out.CPU + *out = new(float64) + **out = **in + } + if in.Count != nil { + in, out := &in.Count, &out.Count + *out = new(float64) + **out = **in + } + if in.MemoryGb != nil { + in, out := &in.MemoryGb, &out.MemoryGb + *out = new(float64) + **out = **in + } + if in.StorageGb != nil { + in, out := &in.StorageGb, &out.StorageGb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DagProcessorObservation. +func (in *DagProcessorObservation) DeepCopy() *DagProcessorObservation { + if in == nil { + return nil + } + out := new(DagProcessorObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DagProcessorParameters) DeepCopyInto(out *DagProcessorParameters) { + *out = *in + if in.CPU != nil { + in, out := &in.CPU, &out.CPU + *out = new(float64) + **out = **in + } + if in.Count != nil { + in, out := &in.Count, &out.Count + *out = new(float64) + **out = **in + } + if in.MemoryGb != nil { + in, out := &in.MemoryGb, &out.MemoryGb + *out = new(float64) + **out = **in + } + if in.StorageGb != nil { + in, out := &in.StorageGb, &out.StorageGb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DagProcessorParameters. +func (in *DagProcessorParameters) DeepCopy() *DagProcessorParameters { + if in == nil { + return nil + } + out := new(DagProcessorParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DataRetentionConfigInitParameters) DeepCopyInto(out *DataRetentionConfigInitParameters) { *out = *in + if in.AirflowMetadataRetentionConfig != nil { + in, out := &in.AirflowMetadataRetentionConfig, &out.AirflowMetadataRetentionConfig + *out = make([]AirflowMetadataRetentionConfigInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TaskLogsRetentionConfig != nil { in, out := &in.TaskLogsRetentionConfig, &out.TaskLogsRetentionConfig *out = make([]TaskLogsRetentionConfigInitParameters, len(*in)) @@ -473,6 +750,13 @@ func (in *DataRetentionConfigInitParameters) DeepCopy() *DataRetentionConfigInit // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DataRetentionConfigObservation) DeepCopyInto(out *DataRetentionConfigObservation) { *out = *in + if in.AirflowMetadataRetentionConfig != nil { + in, out := &in.AirflowMetadataRetentionConfig, &out.AirflowMetadataRetentionConfig + *out = make([]AirflowMetadataRetentionConfigObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TaskLogsRetentionConfig != nil { in, out := &in.TaskLogsRetentionConfig, &out.TaskLogsRetentionConfig *out = make([]TaskLogsRetentionConfigObservation, len(*in)) @@ -495,6 +779,13 @@ func (in *DataRetentionConfigObservation) DeepCopy() *DataRetentionConfigObserva // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DataRetentionConfigParameters) DeepCopyInto(out *DataRetentionConfigParameters) { *out = *in + if in.AirflowMetadataRetentionConfig != nil { + in, out := &in.AirflowMetadataRetentionConfig, &out.AirflowMetadataRetentionConfig + *out = make([]AirflowMetadataRetentionConfigParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TaskLogsRetentionConfig != nil { in, out := &in.TaskLogsRetentionConfig, &out.TaskLogsRetentionConfig *out = make([]TaskLogsRetentionConfigParameters, len(*in)) @@ -1242,6 +1533,16 @@ func (in *MasterAuthorizedNetworksConfigParameters) DeepCopy() *MasterAuthorized // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) { *out = *in + if in.ComposerInternalIPv4CidrBlock != nil { + in, out := &in.ComposerInternalIPv4CidrBlock, &out.ComposerInternalIPv4CidrBlock + *out = new(string) + **out = **in + } + if in.ComposerNetworkAttachment != nil { + in, out := &in.ComposerNetworkAttachment, &out.ComposerNetworkAttachment + *out = new(string) + **out = **in + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -1349,6 +1650,16 @@ func (in *NodeConfigInitParameters) DeepCopy() *NodeConfigInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { *out = *in + if in.ComposerInternalIPv4CidrBlock != nil { + in, out := &in.ComposerInternalIPv4CidrBlock, &out.ComposerInternalIPv4CidrBlock + *out = new(string) + **out = **in + } + if in.ComposerNetworkAttachment != nil { + in, out := &in.ComposerNetworkAttachment, &out.ComposerNetworkAttachment + *out = new(string) + **out = **in + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -1426,6 +1737,16 @@ func (in *NodeConfigObservation) DeepCopy() *NodeConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { *out = *in + if in.ComposerInternalIPv4CidrBlock != nil { + in, out := &in.ComposerInternalIPv4CidrBlock, &out.ComposerInternalIPv4CidrBlock + *out = new(string) + **out = **in + } + if in.ComposerNetworkAttachment != nil { + in, out := &in.ComposerNetworkAttachment, &out.ComposerNetworkAttachment + *out = new(string) + **out = **in + } if in.DiskSizeGb != nil { in, out := &in.DiskSizeGb, &out.DiskSizeGb *out = new(float64) @@ -1984,6 +2305,11 @@ func (in *SoftwareConfigInitParameters) DeepCopyInto(out *SoftwareConfigInitPara (*out)[key] = outVal } } + if in.CloudDataLineageIntegration != nil { + in, out := &in.CloudDataLineageIntegration, &out.CloudDataLineageIntegration + *out = new(CloudDataLineageIntegrationInitParameters) + (*in).DeepCopyInto(*out) + } if in.EnvVariables != nil { in, out := &in.EnvVariables, &out.EnvVariables *out = make(map[string]*string, len(*in)) @@ -2031,6 +2357,11 @@ func (in *SoftwareConfigInitParameters) DeepCopyInto(out *SoftwareConfigInitPara *out = new(float64) **out = **in } + if in.WebServerPluginsMode != nil { + in, out := &in.WebServerPluginsMode, &out.WebServerPluginsMode + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SoftwareConfigInitParameters. @@ -2062,6 +2393,11 @@ func (in *SoftwareConfigObservation) DeepCopyInto(out *SoftwareConfigObservation (*out)[key] = outVal } } + if in.CloudDataLineageIntegration != nil { + in, out := &in.CloudDataLineageIntegration, &out.CloudDataLineageIntegration + *out = new(CloudDataLineageIntegrationObservation) + (*in).DeepCopyInto(*out) + } if in.EnvVariables != nil { in, out := &in.EnvVariables, &out.EnvVariables *out = make(map[string]*string, len(*in)) @@ -2109,6 +2445,11 @@ func (in *SoftwareConfigObservation) DeepCopyInto(out *SoftwareConfigObservation *out = new(float64) **out = **in } + if in.WebServerPluginsMode != nil { + in, out := &in.WebServerPluginsMode, &out.WebServerPluginsMode + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SoftwareConfigObservation. @@ -2140,6 +2481,11 @@ func (in *SoftwareConfigParameters) DeepCopyInto(out *SoftwareConfigParameters) (*out)[key] = outVal } } + if in.CloudDataLineageIntegration != nil { + in, out := &in.CloudDataLineageIntegration, &out.CloudDataLineageIntegration + *out = new(CloudDataLineageIntegrationParameters) + (*in).DeepCopyInto(*out) + } if in.EnvVariables != nil { in, out := &in.EnvVariables, &out.EnvVariables *out = make(map[string]*string, len(*in)) @@ -2187,6 +2533,11 @@ func (in *SoftwareConfigParameters) DeepCopyInto(out *SoftwareConfigParameters) *out = new(float64) **out = **in } + if in.WebServerPluginsMode != nil { + in, out := &in.WebServerPluginsMode, &out.WebServerPluginsMode + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SoftwareConfigParameters. @@ -2748,6 +3099,11 @@ func (in *WorkerParameters) DeepCopy() *WorkerParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadsConfigInitParameters) DeepCopyInto(out *WorkloadsConfigInitParameters) { *out = *in + if in.DagProcessor != nil { + in, out := &in.DagProcessor, &out.DagProcessor + *out = new(DagProcessorInitParameters) + (*in).DeepCopyInto(*out) + } if in.Scheduler != nil { in, out := &in.Scheduler, &out.Scheduler *out = new(SchedulerInitParameters) @@ -2783,6 +3139,11 @@ func (in *WorkloadsConfigInitParameters) DeepCopy() *WorkloadsConfigInitParamete // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadsConfigObservation) DeepCopyInto(out *WorkloadsConfigObservation) { *out = *in + if in.DagProcessor != nil { + in, out := &in.DagProcessor, &out.DagProcessor + *out = new(DagProcessorObservation) + (*in).DeepCopyInto(*out) + } if in.Scheduler != nil { in, out := &in.Scheduler, &out.Scheduler *out = new(SchedulerObservation) @@ -2818,6 +3179,11 @@ func (in *WorkloadsConfigObservation) DeepCopy() *WorkloadsConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadsConfigParameters) DeepCopyInto(out *WorkloadsConfigParameters) { *out = *in + if in.DagProcessor != nil { + in, out := &in.DagProcessor, &out.DagProcessor + *out = new(DagProcessorParameters) + (*in).DeepCopyInto(*out) + } if in.Scheduler != nil { in, out := &in.Scheduler, &out.Scheduler *out = new(SchedulerParameters) diff --git a/package/crds/composer.gcp.upbound.io_environments.yaml b/package/crds/composer.gcp.upbound.io_environments.yaml index 46012da78..d52ce8e71 100644 --- a/package/crds/composer.gcp.upbound.io_environments.yaml +++ b/package/crds/composer.gcp.upbound.io_environments.yaml @@ -2687,9 +2687,20 @@ spec: properties: dataRetentionConfig: description: |- - Configuration setting for Airflow database retention mechanism. Structure is + Configuration setting for airflow data rentention mechanism. Structure is documented below. properties: + airflowMetadataRetentionConfig: + description: Configuration parameters for this environment Structure + is documented below. + items: + properties: + retentionDays: + type: number + retentionMode: + type: string + type: object + type: array taskLogsRetentionConfig: description: |- The configuration setting for Task Logs. Structure is @@ -2725,6 +2736,15 @@ spec: belong to the enclosing environment's project and region. type: string type: object + enablePrivateBuildsOnly: + description: |- + If true, builds performed during operations that install Python packages have only private connectivity to Google services. + If false, the builds also have access to the internet. + type: boolean + enablePrivateEnvironment: + description: If true, a private Composer environment will + be created. + type: boolean encryptionConfig: description: |- The encryption options for the Cloud Composer environment and its @@ -2798,6 +2818,17 @@ spec: description: The configuration used for the Kubernetes Engine cluster. Structure is documented below. properties: + composerInternalIpv4CidrBlock: + description: |- + /20 IPv4 cidr range that will be used by Composer internal components. + Cannot be updated. + type: string + composerNetworkAttachment: + description: |- + PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment + and point Cloud Composer environment to use. It is possible to share network attachment among many environments, + provided enough IP addresses are available. + type: string diskSizeGb: description: |- The disk size in GB used for node VMs. Minimum size is 20GB. @@ -3236,6 +3267,17 @@ spec: separated by a hyphen, for example "core-dags_are_paused_at_creation". type: object x-kubernetes-map-type: granular + cloudDataLineageIntegration: + description: |- + The configuration for Cloud Data Lineage integration. Structure is + documented below. + properties: + enabled: + description: When enabled, Cloud Composer periodically + saves snapshots of your environment to a Cloud Storage + bucket. + type: boolean + type: object envVariables: additionalProperties: type: string @@ -3269,6 +3311,10 @@ spec: schedulerCount: description: The number of schedulers for Airflow. type: number + webServerPluginsMode: + description: Web server plugins configuration. Can be + either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + type: string type: object webServerConfig: description: The configuration settings for the Airflow web @@ -3310,6 +3356,25 @@ spec: The Kubernetes workloads configuration for GKE cluster associated with the Cloud Composer environment. properties: + dagProcessor: + description: Configuration for resources used by DAG processor. + properties: + count: + description: The number of Airflow triggerers. + type: number + cpu: + description: The number of CPUs for a single Airflow + worker. + type: number + memoryGb: + description: The amount of memory (GB) for a single + Airflow worker. + type: number + storageGb: + description: The amount of storage (GB) for a single + Airflow worker. + type: number + type: object scheduler: description: Configuration for resources used by Airflow schedulers. @@ -3523,9 +3588,20 @@ spec: properties: dataRetentionConfig: description: |- - Configuration setting for Airflow database retention mechanism. Structure is + Configuration setting for airflow data rentention mechanism. Structure is documented below. properties: + airflowMetadataRetentionConfig: + description: Configuration parameters for this environment Structure + is documented below. + items: + properties: + retentionDays: + type: number + retentionMode: + type: string + type: object + type: array taskLogsRetentionConfig: description: |- The configuration setting for Task Logs. Structure is @@ -3561,6 +3637,15 @@ spec: belong to the enclosing environment's project and region. type: string type: object + enablePrivateBuildsOnly: + description: |- + If true, builds performed during operations that install Python packages have only private connectivity to Google services. + If false, the builds also have access to the internet. + type: boolean + enablePrivateEnvironment: + description: If true, a private Composer environment will + be created. + type: boolean encryptionConfig: description: |- The encryption options for the Cloud Composer environment and its @@ -3634,6 +3719,17 @@ spec: description: The configuration used for the Kubernetes Engine cluster. Structure is documented below. properties: + composerInternalIpv4CidrBlock: + description: |- + /20 IPv4 cidr range that will be used by Composer internal components. + Cannot be updated. + type: string + composerNetworkAttachment: + description: |- + PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment + and point Cloud Composer environment to use. It is possible to share network attachment among many environments, + provided enough IP addresses are available. + type: string diskSizeGb: description: |- The disk size in GB used for node VMs. Minimum size is 20GB. @@ -4072,6 +4168,17 @@ spec: separated by a hyphen, for example "core-dags_are_paused_at_creation". type: object x-kubernetes-map-type: granular + cloudDataLineageIntegration: + description: |- + The configuration for Cloud Data Lineage integration. Structure is + documented below. + properties: + enabled: + description: When enabled, Cloud Composer periodically + saves snapshots of your environment to a Cloud Storage + bucket. + type: boolean + type: object envVariables: additionalProperties: type: string @@ -4105,6 +4212,10 @@ spec: schedulerCount: description: The number of schedulers for Airflow. type: number + webServerPluginsMode: + description: Web server plugins configuration. Can be + either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + type: string type: object webServerConfig: description: The configuration settings for the Airflow web @@ -4146,6 +4257,25 @@ spec: The Kubernetes workloads configuration for GKE cluster associated with the Cloud Composer environment. properties: + dagProcessor: + description: Configuration for resources used by DAG processor. + properties: + count: + description: The number of Airflow triggerers. + type: number + cpu: + description: The number of CPUs for a single Airflow + worker. + type: number + memoryGb: + description: The amount of memory (GB) for a single + Airflow worker. + type: number + storageGb: + description: The amount of storage (GB) for a single + Airflow worker. + type: number + type: object scheduler: description: Configuration for resources used by Airflow schedulers. @@ -4526,9 +4656,20 @@ spec: type: string dataRetentionConfig: description: |- - Configuration setting for Airflow database retention mechanism. Structure is + Configuration setting for airflow data rentention mechanism. Structure is documented below. properties: + airflowMetadataRetentionConfig: + description: Configuration parameters for this environment Structure + is documented below. + items: + properties: + retentionDays: + type: number + retentionMode: + type: string + type: object + type: array taskLogsRetentionConfig: description: |- The configuration setting for Task Logs. Structure is @@ -4564,6 +4705,15 @@ spec: belong to the enclosing environment's project and region. type: string type: object + enablePrivateBuildsOnly: + description: |- + If true, builds performed during operations that install Python packages have only private connectivity to Google services. + If false, the builds also have access to the internet. + type: boolean + enablePrivateEnvironment: + description: If true, a private Composer environment will + be created. + type: boolean encryptionConfig: description: |- The encryption options for the Cloud Composer environment and its @@ -4641,6 +4791,17 @@ spec: description: The configuration used for the Kubernetes Engine cluster. Structure is documented below. properties: + composerInternalIpv4CidrBlock: + description: |- + /20 IPv4 cidr range that will be used by Composer internal components. + Cannot be updated. + type: string + composerNetworkAttachment: + description: |- + PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment + and point Cloud Composer environment to use. It is possible to share network attachment among many environments, + provided enough IP addresses are available. + type: string diskSizeGb: description: |- The disk size in GB used for node VMs. Minimum size is 20GB. @@ -4851,6 +5012,17 @@ spec: separated by a hyphen, for example "core-dags_are_paused_at_creation". type: object x-kubernetes-map-type: granular + cloudDataLineageIntegration: + description: |- + The configuration for Cloud Data Lineage integration. Structure is + documented below. + properties: + enabled: + description: When enabled, Cloud Composer periodically + saves snapshots of your environment to a Cloud Storage + bucket. + type: boolean + type: object envVariables: additionalProperties: type: string @@ -4884,6 +5056,10 @@ spec: schedulerCount: description: The number of schedulers for Airflow. type: number + webServerPluginsMode: + description: Web server plugins configuration. Can be + either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + type: string type: object webServerConfig: description: The configuration settings for the Airflow web @@ -4925,6 +5101,25 @@ spec: The Kubernetes workloads configuration for GKE cluster associated with the Cloud Composer environment. properties: + dagProcessor: + description: Configuration for resources used by DAG processor. + properties: + count: + description: The number of Airflow triggerers. + type: number + cpu: + description: The number of CPUs for a single Airflow + worker. + type: number + memoryGb: + description: The amount of memory (GB) for a single + Airflow worker. + type: number + storageGb: + description: The amount of storage (GB) for a single + Airflow worker. + type: number + type: object scheduler: description: Configuration for resources used by Airflow schedulers. From 3c1f842f2b98a64f0fed0500b1effcef9b6f3eb1 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 18:51:24 +0100 Subject: [PATCH 35/47] containerattached_cluster: add securityPostureConfig Signed-off-by: Rickard von Essen --- .../v1beta2/zz_cluster_types.go | 41 +++++++++- .../v1beta2/zz_generated.deepcopy.go | 75 +++++++++++++++++++ ...ainerattached.gcp.upbound.io_clusters.yaml | 42 ++++++++++- 3 files changed, 152 insertions(+), 6 deletions(-) diff --git a/apis/containerattached/v1beta2/zz_cluster_types.go b/apis/containerattached/v1beta2/zz_cluster_types.go index 201d1d4ec..bdd25a57b 100755 --- a/apis/containerattached/v1beta2/zz_cluster_types.go +++ b/apis/containerattached/v1beta2/zz_cluster_types.go @@ -107,7 +107,7 @@ type ClusterInitParameters struct { // Structure is documented below. BinaryAuthorization *BinaryAuthorizationInitParameters `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` - // Policy to determine what flags to send on delete. + // Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` // A human readable description of this attached cluster. Cannot be longer @@ -152,6 +152,10 @@ type ClusterInitParameters struct { // Support for proxy configuration. // Structure is documented below. ProxyConfig *ProxyConfigInitParameters `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` + + // Enable/Disable Security Posture API features for the cluster. + // Structure is documented below. + SecurityPostureConfig *SecurityPostureConfigInitParameters `json:"securityPostureConfig,omitempty" tf:"security_posture_config,omitempty"` } type ClusterObservation struct { @@ -181,7 +185,7 @@ type ClusterObservation struct { // Output only. The time at which this cluster was created. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` - // Policy to determine what flags to send on delete. + // Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` // A human readable description of this attached cluster. Cannot be longer @@ -246,6 +250,10 @@ type ClusterObservation struct { // If set, there are currently changes in flight to the cluster. Reconciling *bool `json:"reconciling,omitempty" tf:"reconciling,omitempty"` + // Enable/Disable Security Posture API features for the cluster. + // Structure is documented below. + SecurityPostureConfig *SecurityPostureConfigObservation `json:"securityPostureConfig,omitempty" tf:"security_posture_config,omitempty"` + // The current state of the cluster. Possible values: // STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, // DEGRADED @@ -284,7 +292,7 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional BinaryAuthorization *BinaryAuthorizationParameters `json:"binaryAuthorization,omitempty" tf:"binary_authorization,omitempty"` - // Policy to determine what flags to send on delete. + // Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS // +kubebuilder:validation:Optional DeletionPolicy *string `json:"deletionPolicy,omitempty" tf:"deletion_policy,omitempty"` @@ -343,6 +351,11 @@ type ClusterParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional ProxyConfig *ProxyConfigParameters `json:"proxyConfig,omitempty" tf:"proxy_config,omitempty"` + + // Enable/Disable Security Posture API features for the cluster. + // Structure is documented below. + // +kubebuilder:validation:Optional + SecurityPostureConfig *SecurityPostureConfigParameters `json:"securityPostureConfig,omitempty" tf:"security_posture_config,omitempty"` } type ComponentConfigInitParameters struct { @@ -547,6 +560,28 @@ type ProxyConfigParameters struct { KubernetesSecret *KubernetesSecretParameters `json:"kubernetesSecret,omitempty" tf:"kubernetes_secret,omitempty"` } +type SecurityPostureConfigInitParameters struct { + + // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. + // Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_ENTERPRISE. + VulnerabilityMode *string `json:"vulnerabilityMode,omitempty" tf:"vulnerability_mode,omitempty"` +} + +type SecurityPostureConfigObservation struct { + + // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. + // Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_ENTERPRISE. + VulnerabilityMode *string `json:"vulnerabilityMode,omitempty" tf:"vulnerability_mode,omitempty"` +} + +type SecurityPostureConfigParameters struct { + + // Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. + // Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_ENTERPRISE. + // +kubebuilder:validation:Optional + VulnerabilityMode *string `json:"vulnerabilityMode" tf:"vulnerability_mode,omitempty"` +} + type WorkloadIdentityConfigInitParameters struct { } diff --git a/apis/containerattached/v1beta2/zz_generated.deepcopy.go b/apis/containerattached/v1beta2/zz_generated.deepcopy.go index 56e2c0d1f..af353f11d 100644 --- a/apis/containerattached/v1beta2/zz_generated.deepcopy.go +++ b/apis/containerattached/v1beta2/zz_generated.deepcopy.go @@ -289,6 +289,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(ProxyConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.SecurityPostureConfig != nil { + in, out := &in.SecurityPostureConfig, &out.SecurityPostureConfig + *out = new(SecurityPostureConfigInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInitParameters. @@ -465,6 +470,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(bool) **out = **in } + if in.SecurityPostureConfig != nil { + in, out := &in.SecurityPostureConfig, &out.SecurityPostureConfig + *out = new(SecurityPostureConfigObservation) + (*in).DeepCopyInto(*out) + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) @@ -583,6 +593,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(ProxyConfigParameters) (*in).DeepCopyInto(*out) } + if in.SecurityPostureConfig != nil { + in, out := &in.SecurityPostureConfig, &out.SecurityPostureConfig + *out = new(SecurityPostureConfigParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterParameters. @@ -1213,6 +1228,66 @@ func (in *ProxyConfigParameters) DeepCopy() *ProxyConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecurityPostureConfigInitParameters) DeepCopyInto(out *SecurityPostureConfigInitParameters) { + *out = *in + if in.VulnerabilityMode != nil { + in, out := &in.VulnerabilityMode, &out.VulnerabilityMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPostureConfigInitParameters. +func (in *SecurityPostureConfigInitParameters) DeepCopy() *SecurityPostureConfigInitParameters { + if in == nil { + return nil + } + out := new(SecurityPostureConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecurityPostureConfigObservation) DeepCopyInto(out *SecurityPostureConfigObservation) { + *out = *in + if in.VulnerabilityMode != nil { + in, out := &in.VulnerabilityMode, &out.VulnerabilityMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPostureConfigObservation. +func (in *SecurityPostureConfigObservation) DeepCopy() *SecurityPostureConfigObservation { + if in == nil { + return nil + } + out := new(SecurityPostureConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecurityPostureConfigParameters) DeepCopyInto(out *SecurityPostureConfigParameters) { + *out = *in + if in.VulnerabilityMode != nil { + in, out := &in.VulnerabilityMode, &out.VulnerabilityMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPostureConfigParameters. +func (in *SecurityPostureConfigParameters) DeepCopy() *SecurityPostureConfigParameters { + if in == nil { + return nil + } + out := new(SecurityPostureConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadIdentityConfigInitParameters) DeepCopyInto(out *WorkloadIdentityConfigInitParameters) { *out = *in diff --git a/package/crds/containerattached.gcp.upbound.io_clusters.yaml b/package/crds/containerattached.gcp.upbound.io_clusters.yaml index f2322b3c6..b3c42b46c 100644 --- a/package/crds/containerattached.gcp.upbound.io_clusters.yaml +++ b/package/crds/containerattached.gcp.upbound.io_clusters.yaml @@ -1051,7 +1051,8 @@ spec: type: string type: object deletionPolicy: - description: Policy to determine what flags to send on delete. + description: 'Policy to determine what flags to send on delete. + Possible values: DELETE, DELETE_IGNORE_ERRORS' type: string description: description: |- @@ -1159,6 +1160,17 @@ spec: type: string type: object type: object + securityPostureConfig: + description: |- + Enable/Disable Security Posture API features for the cluster. + Structure is documented below. + properties: + vulnerabilityMode: + description: |- + Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. + Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_ENTERPRISE. + type: string + type: object required: - location type: object @@ -1225,7 +1237,8 @@ spec: type: string type: object deletionPolicy: - description: Policy to determine what flags to send on delete. + description: 'Policy to determine what flags to send on delete. + Possible values: DELETE, DELETE_IGNORE_ERRORS' type: string description: description: |- @@ -1330,6 +1343,17 @@ spec: type: string type: object type: object + securityPostureConfig: + description: |- + Enable/Disable Security Posture API features for the cluster. + Structure is documented below. + properties: + vulnerabilityMode: + description: |- + Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. + Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_ENTERPRISE. + type: string + type: object type: object managementPolicies: default: @@ -1579,7 +1603,8 @@ spec: description: Output only. The time at which this cluster was created. type: string deletionPolicy: - description: Policy to determine what flags to send on delete. + description: 'Policy to determine what flags to send on delete. + Possible values: DELETE, DELETE_IGNORE_ERRORS' type: string description: description: |- @@ -1720,6 +1745,17 @@ spec: description: If set, there are currently changes in flight to the cluster. type: boolean + securityPostureConfig: + description: |- + Enable/Disable Security Posture API features for the cluster. + Structure is documented below. + properties: + vulnerabilityMode: + description: |- + Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. + Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_ENTERPRISE. + type: string + type: object state: description: |- The current state of the cluster. Possible values: From 435b6da0d2f39aa9a0187dd940285fba47581206 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 18:52:23 +0100 Subject: [PATCH 36/47] container: multiple changes Signed-off-by: Rickard von Essen --- apis/container/v1beta2/zz_cluster_types.go | 536 ++++++- .../v1beta2/zz_generated.deepcopy.go | 1238 ++++++++++++++++- apis/container/v1beta2/zz_nodepool_types.go | 82 +- .../container.gcp.upbound.io_clusters.yaml | 555 +++++++- .../container.gcp.upbound.io_nodepools.yaml | 48 + 5 files changed, 2299 insertions(+), 160 deletions(-) diff --git a/apis/container/v1beta2/zz_cluster_types.go b/apis/container/v1beta2/zz_cluster_types.go index b51269e0e..5394a4e5b 100755 --- a/apis/container/v1beta2/zz_cluster_types.go +++ b/apis/container/v1beta2/zz_cluster_types.go @@ -123,6 +123,13 @@ type AddonsConfigInitParameters struct { // Defaults to disabled; set disabled = false to enable. NetworkPolicyConfig *NetworkPolicyConfigInitParameters `json:"networkPolicyConfig,omitempty" tf:"network_policy_config,omitempty"` + // The status of the Parallelstore CSI driver addon, + // which allows the usage of a Parallelstore instances as volumes. + // It is disabled by default for Standard clusters; set enabled = true to enable. + // It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. + // See Enable the Parallelstore CSI driver for more information. + ParallelstoreCsiDriverConfig *ParallelstoreCsiDriverConfigInitParameters `json:"parallelstoreCsiDriverConfig,omitempty" tf:"parallelstore_csi_driver_config,omitempty"` + // . The status of the Ray Operator // addon. // It is disabled by default. Set enabled = true to enable. The minimum @@ -189,6 +196,13 @@ type AddonsConfigObservation struct { // Defaults to disabled; set disabled = false to enable. NetworkPolicyConfig *NetworkPolicyConfigObservation `json:"networkPolicyConfig,omitempty" tf:"network_policy_config,omitempty"` + // The status of the Parallelstore CSI driver addon, + // which allows the usage of a Parallelstore instances as volumes. + // It is disabled by default for Standard clusters; set enabled = true to enable. + // It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. + // See Enable the Parallelstore CSI driver for more information. + ParallelstoreCsiDriverConfig *ParallelstoreCsiDriverConfigObservation `json:"parallelstoreCsiDriverConfig,omitempty" tf:"parallelstore_csi_driver_config,omitempty"` + // . The status of the Ray Operator // addon. // It is disabled by default. Set enabled = true to enable. The minimum @@ -265,6 +279,14 @@ type AddonsConfigParameters struct { // +kubebuilder:validation:Optional NetworkPolicyConfig *NetworkPolicyConfigParameters `json:"networkPolicyConfig,omitempty" tf:"network_policy_config,omitempty"` + // The status of the Parallelstore CSI driver addon, + // which allows the usage of a Parallelstore instances as volumes. + // It is disabled by default for Standard clusters; set enabled = true to enable. + // It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. + // See Enable the Parallelstore CSI driver for more information. + // +kubebuilder:validation:Optional + ParallelstoreCsiDriverConfig *ParallelstoreCsiDriverConfigParameters `json:"parallelstoreCsiDriverConfig,omitempty" tf:"parallelstore_csi_driver_config,omitempty"` + // . The status of the Ray Operator // addon. // It is disabled by default. Set enabled = true to enable. The minimum @@ -286,9 +308,6 @@ type AdvancedDatapathObservabilityConfigInitParameters struct { // Whether or not Relay is enabled. EnableRelay *bool `json:"enableRelay,omitempty" tf:"enable_relay,omitempty"` - - // Mode used to make Relay available. Deprecated in favor of enable_relay field. Remove this attribute's configuration as this field will be removed in the next major release and enable_relay will become a required field. - RelayMode *string `json:"relayMode,omitempty" tf:"relay_mode,omitempty"` } type AdvancedDatapathObservabilityConfigObservation struct { @@ -298,9 +317,6 @@ type AdvancedDatapathObservabilityConfigObservation struct { // Whether or not Relay is enabled. EnableRelay *bool `json:"enableRelay,omitempty" tf:"enable_relay,omitempty"` - - // Mode used to make Relay available. Deprecated in favor of enable_relay field. Remove this attribute's configuration as this field will be removed in the next major release and enable_relay will become a required field. - RelayMode *string `json:"relayMode,omitempty" tf:"relay_mode,omitempty"` } type AdvancedDatapathObservabilityConfigParameters struct { @@ -311,11 +327,7 @@ type AdvancedDatapathObservabilityConfigParameters struct { // Whether or not Relay is enabled. // +kubebuilder:validation:Optional - EnableRelay *bool `json:"enableRelay,omitempty" tf:"enable_relay,omitempty"` - - // Mode used to make Relay available. Deprecated in favor of enable_relay field. Remove this attribute's configuration as this field will be removed in the next major release and enable_relay will become a required field. - // +kubebuilder:validation:Optional - RelayMode *string `json:"relayMode,omitempty" tf:"relay_mode,omitempty"` + EnableRelay *bool `json:"enableRelay" tf:"enable_relay,omitempty"` } type AdvancedMachineFeaturesInitParameters struct { @@ -858,6 +870,10 @@ type ClusterInitParameters struct { // Configuration for Confidential Nodes feature. Structure is documented below documented below. ConfidentialNodes *ConfidentialNodesInitParameters `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // Configuration for all of the cluster's control plane endpoints. + // Structure is documented below. + ControlPlaneEndpointsConfig *ControlPlaneEndpointsConfigInitParameters `json:"controlPlaneEndpointsConfig,omitempty" tf:"control_plane_endpoints_config,omitempty"` + // Configuration for the // Cost Allocation feature. // Structure is documented below. @@ -895,6 +911,9 @@ type ClusterInitParameters struct { // Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. EnableCiliumClusterwideNetworkPolicy *bool `json:"enableCiliumClusterwideNetworkPolicy,omitempty" tf:"enable_cilium_clusterwide_network_policy,omitempty"` + // Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. + EnableFqdnNetworkPolicy *bool `json:"enableFqdnNetworkPolicy,omitempty" tf:"enable_fqdn_network_policy,omitempty"` + // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -926,6 +945,9 @@ type ClusterInitParameters struct { // See the official documentation. EnableTpu *bool `json:"enableTpu,omitempty" tf:"enable_tpu,omitempty"` + // Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below. + EnterpriseConfig *EnterpriseConfigInitParameters `json:"enterpriseConfig,omitempty" tf:"enterprise_config,omitempty"` + // Fleet configuration for the cluster. Structure is documented below. Fleet *FleetInitParameters `json:"fleet,omitempty" tf:"fleet,omitempty"` @@ -1088,6 +1110,11 @@ type ClusterInitParameters struct { // Structure is documented below. ResourceUsageExportConfig *ResourceUsageExportConfigInitParameters `json:"resourceUsageExportConfig,omitempty" tf:"resource_usage_export_config,omitempty"` + // Configuration for the + // SecretManagerConfig feature. + // Structure is documented below. + SecretManagerConfig *SecretManagerConfigInitParameters `json:"secretManagerConfig,omitempty" tf:"secret_manager_config,omitempty"` + // Enable/Disable Security Posture API features for the cluster. Structure is documented below. SecurityPostureConfig *SecurityPostureConfigInitParameters `json:"securityPostureConfig,omitempty" tf:"security_posture_config,omitempty"` @@ -1108,6 +1135,8 @@ type ClusterInitParameters struct { // +kubebuilder:validation:Optional SubnetworkSelector *v1.Selector `json:"subnetworkSelector,omitempty" tf:"-"` + UserManagedKeysConfig *UserManagedKeysConfigInitParameters `json:"userManagedKeysConfig,omitempty" tf:"user_managed_keys_config,omitempty"` + // Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. // Structure is documented below. VerticalPodAutoscaling *VerticalPodAutoscalingInitParameters `json:"verticalPodAutoscaling,omitempty" tf:"vertical_pod_autoscaling,omitempty"` @@ -1154,6 +1183,10 @@ type ClusterObservation struct { // Configuration for Confidential Nodes feature. Structure is documented below documented below. ConfidentialNodes *ConfidentialNodesObservation `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // Configuration for all of the cluster's control plane endpoints. + // Structure is documented below. + ControlPlaneEndpointsConfig *ControlPlaneEndpointsConfigObservation `json:"controlPlaneEndpointsConfig,omitempty" tf:"control_plane_endpoints_config,omitempty"` + // Configuration for the // Cost Allocation feature. // Structure is documented below. @@ -1182,6 +1215,9 @@ type ClusterObservation struct { // Description of the cluster. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // +mapType=granular + EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` + // Enable Autopilot for this cluster. Defaults to false. // Note that when this option is enabled, certain features of Standard GKE are not available. // See the official documentation @@ -1191,6 +1227,9 @@ type ClusterObservation struct { // Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. EnableCiliumClusterwideNetworkPolicy *bool `json:"enableCiliumClusterwideNetworkPolicy,omitempty" tf:"enable_cilium_clusterwide_network_policy,omitempty"` + // Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. + EnableFqdnNetworkPolicy *bool `json:"enableFqdnNetworkPolicy,omitempty" tf:"enable_fqdn_network_policy,omitempty"` + // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -1225,6 +1264,9 @@ type ClusterObservation struct { // The IP address of this cluster's Kubernetes master. Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` + // Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below. + EnterpriseConfig *EnterpriseConfigObservation `json:"enterpriseConfig,omitempty" tf:"enterprise_config,omitempty"` + // Fleet configuration for the cluster. Structure is documented below. Fleet *FleetObservation `json:"fleet,omitempty" tf:"fleet,omitempty"` @@ -1406,6 +1448,11 @@ type ClusterObservation struct { // Structure is documented below. ResourceUsageExportConfig *ResourceUsageExportConfigObservation `json:"resourceUsageExportConfig,omitempty" tf:"resource_usage_export_config,omitempty"` + // Configuration for the + // SecretManagerConfig feature. + // Structure is documented below. + SecretManagerConfig *SecretManagerConfigObservation `json:"secretManagerConfig,omitempty" tf:"secret_manager_config,omitempty"` + // Enable/Disable Security Posture API features for the cluster. Structure is documented below. SecurityPostureConfig *SecurityPostureConfigObservation `json:"securityPostureConfig,omitempty" tf:"security_posture_config,omitempty"` @@ -1425,11 +1472,17 @@ type ClusterObservation struct { // subnetwork in which the cluster's instances are launched. Subnetwork *string `json:"subnetwork,omitempty" tf:"subnetwork,omitempty"` + // The combination of labels configured directly on the resource and default labels configured on the provider. + // +mapType=granular + TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + // The IP address range of the Cloud TPUs in this cluster, in // CIDR // notation (e.g. 1.2.3.4/29). TpuIPv4CidrBlock *string `json:"tpuIpv4CidrBlock,omitempty" tf:"tpu_ipv4_cidr_block,omitempty"` + UserManagedKeysConfig *UserManagedKeysConfigObservation `json:"userManagedKeysConfig,omitempty" tf:"user_managed_keys_config,omitempty"` + // Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. // Structure is documented below. VerticalPodAutoscaling *VerticalPodAutoscalingObservation `json:"verticalPodAutoscaling,omitempty" tf:"vertical_pod_autoscaling,omitempty"` @@ -1483,6 +1536,11 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional ConfidentialNodes *ConfidentialNodesParameters `json:"confidentialNodes,omitempty" tf:"confidential_nodes,omitempty"` + // Configuration for all of the cluster's control plane endpoints. + // Structure is documented below. + // +kubebuilder:validation:Optional + ControlPlaneEndpointsConfig *ControlPlaneEndpointsConfigParameters `json:"controlPlaneEndpointsConfig,omitempty" tf:"control_plane_endpoints_config,omitempty"` + // Configuration for the // Cost Allocation feature. // Structure is documented below. @@ -1530,6 +1588,10 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional EnableCiliumClusterwideNetworkPolicy *bool `json:"enableCiliumClusterwideNetworkPolicy,omitempty" tf:"enable_cilium_clusterwide_network_policy,omitempty"` + // Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. + // +kubebuilder:validation:Optional + EnableFqdnNetworkPolicy *bool `json:"enableFqdnNetworkPolicy,omitempty" tf:"enable_fqdn_network_policy,omitempty"` + // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. // +kubebuilder:validation:Optional EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -1569,6 +1631,10 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional EnableTpu *bool `json:"enableTpu,omitempty" tf:"enable_tpu,omitempty"` + // Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below. + // +kubebuilder:validation:Optional + EnterpriseConfig *EnterpriseConfigParameters `json:"enterpriseConfig,omitempty" tf:"enterprise_config,omitempty"` + // Fleet configuration for the cluster. Structure is documented below. // +kubebuilder:validation:Optional Fleet *FleetParameters `json:"fleet,omitempty" tf:"fleet,omitempty"` @@ -1770,6 +1836,12 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional ResourceUsageExportConfig *ResourceUsageExportConfigParameters `json:"resourceUsageExportConfig,omitempty" tf:"resource_usage_export_config,omitempty"` + // Configuration for the + // SecretManagerConfig feature. + // Structure is documented below. + // +kubebuilder:validation:Optional + SecretManagerConfig *SecretManagerConfigParameters `json:"secretManagerConfig,omitempty" tf:"secret_manager_config,omitempty"` + // Enable/Disable Security Posture API features for the cluster. Structure is documented below. // +kubebuilder:validation:Optional SecurityPostureConfig *SecurityPostureConfigParameters `json:"securityPostureConfig,omitempty" tf:"security_posture_config,omitempty"` @@ -1793,6 +1865,9 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional SubnetworkSelector *v1.Selector `json:"subnetworkSelector,omitempty" tf:"-"` + // +kubebuilder:validation:Optional + UserManagedKeysConfig *UserManagedKeysConfigParameters `json:"userManagedKeysConfig,omitempty" tf:"user_managed_keys_config,omitempty"` + // Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. // Structure is documented below. // +kubebuilder:validation:Optional @@ -1901,6 +1976,25 @@ type ContainerdConfigPrivateRegistryAccessConfigObservation struct { type ContainerdConfigPrivateRegistryAccessConfigParameters struct { } +type ControlPlaneEndpointsConfigInitParameters struct { + + // DNS endpoint configuration. + DNSEndpointConfig *DNSEndpointConfigInitParameters `json:"dnsEndpointConfig,omitempty" tf:"dns_endpoint_config,omitempty"` +} + +type ControlPlaneEndpointsConfigObservation struct { + + // DNS endpoint configuration. + DNSEndpointConfig *DNSEndpointConfigObservation `json:"dnsEndpointConfig,omitempty" tf:"dns_endpoint_config,omitempty"` +} + +type ControlPlaneEndpointsConfigParameters struct { + + // DNS endpoint configuration. + // +kubebuilder:validation:Optional + DNSEndpointConfig *DNSEndpointConfigParameters `json:"dnsEndpointConfig,omitempty" tf:"dns_endpoint_config,omitempty"` +} + type CostManagementConfigInitParameters struct { // Whether to enable the cost allocation feature. @@ -1941,6 +2035,9 @@ type DNSCacheConfigParameters struct { type DNSConfigInitParameters struct { + // This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well. + AdditiveVPCScopeDNSDomain *string `json:"additiveVpcScopeDnsDomain,omitempty" tf:"additive_vpc_scope_dns_domain,omitempty"` + // Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS. ClusterDNS *string `json:"clusterDns,omitempty" tf:"cluster_dns,omitempty"` @@ -1953,6 +2050,9 @@ type DNSConfigInitParameters struct { type DNSConfigObservation struct { + // This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well. + AdditiveVPCScopeDNSDomain *string `json:"additiveVpcScopeDnsDomain,omitempty" tf:"additive_vpc_scope_dns_domain,omitempty"` + // Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS. ClusterDNS *string `json:"clusterDns,omitempty" tf:"cluster_dns,omitempty"` @@ -1965,6 +2065,10 @@ type DNSConfigObservation struct { type DNSConfigParameters struct { + // This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well. + // +kubebuilder:validation:Optional + AdditiveVPCScopeDNSDomain *string `json:"additiveVpcScopeDnsDomain,omitempty" tf:"additive_vpc_scope_dns_domain,omitempty"` + // Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS. // +kubebuilder:validation:Optional ClusterDNS *string `json:"clusterDns,omitempty" tf:"cluster_dns,omitempty"` @@ -1978,6 +2082,35 @@ type DNSConfigParameters struct { ClusterDNSScope *string `json:"clusterDnsScope,omitempty" tf:"cluster_dns_scope,omitempty"` } +type DNSEndpointConfigInitParameters struct { + + // Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false. + AllowExternalTraffic *bool `json:"allowExternalTraffic,omitempty" tf:"allow_external_traffic,omitempty"` + + // (Output) The cluster's DNS endpoint. + Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` +} + +type DNSEndpointConfigObservation struct { + + // Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false. + AllowExternalTraffic *bool `json:"allowExternalTraffic,omitempty" tf:"allow_external_traffic,omitempty"` + + // (Output) The cluster's DNS endpoint. + Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` +} + +type DNSEndpointConfigParameters struct { + + // Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false. + // +kubebuilder:validation:Optional + AllowExternalTraffic *bool `json:"allowExternalTraffic,omitempty" tf:"allow_external_traffic,omitempty"` + + // (Output) The cluster's DNS endpoint. + // +kubebuilder:validation:Optional + Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` +} + type DailyMaintenanceWindowInitParameters struct { StartTime *string `json:"startTime,omitempty" tf:"start_time,omitempty"` } @@ -2086,6 +2219,28 @@ type EnableK8SBetaApisParameters struct { EnabledApis []*string `json:"enabledApis" tf:"enabled_apis,omitempty"` } +type EnterpriseConfigInitParameters struct { + + // Sets the tier of the cluster. Available options include STANDARD and ENTERPRISE. + DesiredTier *string `json:"desiredTier,omitempty" tf:"desired_tier,omitempty"` +} + +type EnterpriseConfigObservation struct { + + // The effective tier of the cluster. + ClusterTier *string `json:"clusterTier,omitempty" tf:"cluster_tier,omitempty"` + + // Sets the tier of the cluster. Available options include STANDARD and ENTERPRISE. + DesiredTier *string `json:"desiredTier,omitempty" tf:"desired_tier,omitempty"` +} + +type EnterpriseConfigParameters struct { + + // Sets the tier of the cluster. Available options include STANDARD and ENTERPRISE. + // +kubebuilder:validation:Optional + DesiredTier *string `json:"desiredTier,omitempty" tf:"desired_tier,omitempty"` +} + type EphemeralStorageLocalSsdConfigInitParameters struct { // The amount of local SSD disks that will be @@ -2327,7 +2482,7 @@ type GpuDriverInstallationConfigInitParameters struct { // Mode for how the GPU driver is installed. // Accepted values are: - GpuDriverVersion *string `json:"gpuDriverVersion,omitempty" tf:"gpu_driver_version"` + GpuDriverVersion *string `json:"gpuDriverVersion,omitempty" tf:"gpu_driver_version,omitempty"` } type GpuDriverInstallationConfigObservation struct { @@ -2342,17 +2497,17 @@ type GpuDriverInstallationConfigParameters struct { // Mode for how the GPU driver is installed. // Accepted values are: // +kubebuilder:validation:Optional - GpuDriverVersion *string `json:"gpuDriverVersion,omitempty" tf:"gpu_driver_version"` + GpuDriverVersion *string `json:"gpuDriverVersion" tf:"gpu_driver_version,omitempty"` } type GpuSharingConfigInitParameters struct { // The type of GPU sharing strategy to enable on the GPU node. // Accepted values are: - GpuSharingStrategy *string `json:"gpuSharingStrategy,omitempty" tf:"gpu_sharing_strategy"` + GpuSharingStrategy *string `json:"gpuSharingStrategy,omitempty" tf:"gpu_sharing_strategy,omitempty"` // The maximum number of containers that can share a GPU. - MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu,omitempty" tf:"max_shared_clients_per_gpu"` + MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu,omitempty" tf:"max_shared_clients_per_gpu,omitempty"` } type GpuSharingConfigObservation struct { @@ -2370,11 +2525,11 @@ type GpuSharingConfigParameters struct { // The type of GPU sharing strategy to enable on the GPU node. // Accepted values are: // +kubebuilder:validation:Optional - GpuSharingStrategy *string `json:"gpuSharingStrategy,omitempty" tf:"gpu_sharing_strategy"` + GpuSharingStrategy *string `json:"gpuSharingStrategy" tf:"gpu_sharing_strategy,omitempty"` // The maximum number of containers that can share a GPU. // +kubebuilder:validation:Optional - MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu,omitempty" tf:"max_shared_clients_per_gpu"` + MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu" tf:"max_shared_clients_per_gpu,omitempty"` } type GuestAcceleratorGpuDriverInstallationConfigInitParameters struct { @@ -2409,19 +2564,19 @@ type GuestAcceleratorGpuSharingConfigParameters struct { type GuestAcceleratorInitParameters struct { // The number of the guest accelerator cards exposed to this instance. - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` // Configuration for auto installation of GPU driver. Structure is documented below. - GpuDriverInstallationConfig *GpuDriverInstallationConfigInitParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config"` + GpuDriverInstallationConfig *GpuDriverInstallationConfigInitParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config,omitempty"` // Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide. - GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size"` + GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size,omitempty"` // Configuration for GPU sharing. Structure is documented below. - GpuSharingConfig *GpuSharingConfigInitParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config"` + GpuSharingConfig *GpuSharingConfigInitParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config,omitempty"` // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type GuestAcceleratorObservation struct { @@ -2446,23 +2601,23 @@ type GuestAcceleratorParameters struct { // The number of the guest accelerator cards exposed to this instance. // +kubebuilder:validation:Optional - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count" tf:"count,omitempty"` // Configuration for auto installation of GPU driver. Structure is documented below. // +kubebuilder:validation:Optional - GpuDriverInstallationConfig *GpuDriverInstallationConfigParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config"` + GpuDriverInstallationConfig *GpuDriverInstallationConfigParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config,omitempty"` // Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide. // +kubebuilder:validation:Optional - GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size"` + GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size,omitempty"` // Configuration for GPU sharing. Structure is documented below. // +kubebuilder:validation:Optional - GpuSharingConfig *GpuSharingConfigParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config"` + GpuSharingConfig *GpuSharingConfigParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config,omitempty"` // The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. // +kubebuilder:validation:Optional - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type" tf:"type,omitempty"` } type GvnicInitParameters struct { @@ -2542,6 +2697,35 @@ type HostMaintenancePolicyParameters struct { MaintenanceInterval *string `json:"maintenanceInterval" tf:"maintenance_interval,omitempty"` } +type HugepagesConfigInitParameters struct { + + // Amount of 1G hugepages. + HugepageSize1G *float64 `json:"hugepageSize1G,omitempty" tf:"hugepage_size_1g,omitempty"` + + // Amount of 2M hugepages. + HugepageSize2M *float64 `json:"hugepageSize2M,omitempty" tf:"hugepage_size_2m,omitempty"` +} + +type HugepagesConfigObservation struct { + + // Amount of 1G hugepages. + HugepageSize1G *float64 `json:"hugepageSize1G,omitempty" tf:"hugepage_size_1g,omitempty"` + + // Amount of 2M hugepages. + HugepageSize2M *float64 `json:"hugepageSize2M,omitempty" tf:"hugepage_size_2m,omitempty"` +} + +type HugepagesConfigParameters struct { + + // Amount of 1G hugepages. + // +kubebuilder:validation:Optional + HugepageSize1G *float64 `json:"hugepageSize1G,omitempty" tf:"hugepage_size_1g,omitempty"` + + // Amount of 2M hugepages. + // +kubebuilder:validation:Optional + HugepageSize2M *float64 `json:"hugepageSize2M,omitempty" tf:"hugepage_size_2m,omitempty"` +} + type IPAllocationPolicyInitParameters struct { // The configuration for additional pod secondary ranges at @@ -2702,10 +2886,12 @@ type KubeletConfigInitParameters struct { // The CPU management policy on the node. See // K8S CPU Management Policies. - // One of "none" or "static". Defaults to none when kubelet_config is unset. + // One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + // Prior to the 6.4.0 this field was marked as required. The workaround for the required field + // is setting the empty string "", which will function identically to not setting this field. CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` - // Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` // Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. @@ -2726,10 +2912,12 @@ type KubeletConfigObservation struct { // The CPU management policy on the node. See // K8S CPU Management Policies. - // One of "none" or "static". Defaults to none when kubelet_config is unset. + // One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + // Prior to the 6.4.0 this field was marked as required. The workaround for the required field + // is setting the empty string "", which will function identically to not setting this field. CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` - // Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` // Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. @@ -2752,11 +2940,13 @@ type KubeletConfigParameters struct { // The CPU management policy on the node. See // K8S CPU Management Policies. - // One of "none" or "static". Defaults to none when kubelet_config is unset. + // One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + // Prior to the 6.4.0 this field was marked as required. The workaround for the required field + // is setting the empty string "", which will function identically to not setting this field. // +kubebuilder:validation:Optional - CPUManagerPolicy *string `json:"cpuManagerPolicy" tf:"cpu_manager_policy,omitempty"` + CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` - // Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. // +kubebuilder:validation:Optional InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` @@ -2765,12 +2955,30 @@ type KubeletConfigParameters struct { PodPidsLimit *float64 `json:"podPidsLimit,omitempty" tf:"pod_pids_limit,omitempty"` } +type LinuxNodeConfigHugepagesConfigInitParameters struct { +} + +type LinuxNodeConfigHugepagesConfigObservation struct { + + // Amount of 1G hugepages. + HugepageSize1G *float64 `json:"hugepageSize1G,omitempty" tf:"hugepage_size_1g,omitempty"` + + // Amount of 2M hugepages. + HugepageSize2M *float64 `json:"hugepageSize2M,omitempty" tf:"hugepage_size_2m,omitempty"` +} + +type LinuxNodeConfigHugepagesConfigParameters struct { +} + type LinuxNodeConfigInitParameters struct { // Possible cgroup modes that can be used. // Accepted values are: CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // Amounts for 2M and 1G hugepages. Structure is documented below. + HugepagesConfig *HugepagesConfigInitParameters `json:"hugepagesConfig,omitempty" tf:"hugepages_config,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as // net.core.wmem_max, to a string value. Currently supported attributes can be found here. @@ -2785,6 +2993,9 @@ type LinuxNodeConfigObservation struct { // Accepted values are: CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // Amounts for 2M and 1G hugepages. Structure is documented below. + HugepagesConfig *HugepagesConfigObservation `json:"hugepagesConfig,omitempty" tf:"hugepages_config,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as // net.core.wmem_max, to a string value. Currently supported attributes can be found here. @@ -2800,6 +3011,10 @@ type LinuxNodeConfigParameters struct { // +kubebuilder:validation:Optional CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // Amounts for 2M and 1G hugepages. Structure is documented below. + // +kubebuilder:validation:Optional + HugepagesConfig *HugepagesConfigParameters `json:"hugepagesConfig,omitempty" tf:"hugepages_config,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as // net.core.wmem_max, to a string value. Currently supported attributes can be found here. @@ -3023,6 +3238,9 @@ type MasterAuthorizedNetworksConfigInitParameters struct { // Whether Kubernetes master is // accessible via Google Compute Engine Public IPs. GCPPublicCidrsAccessEnabled *bool `json:"gcpPublicCidrsAccessEnabled,omitempty" tf:"gcp_public_cidrs_access_enabled,omitempty"` + + // Whether authorized networks is enforced on the private endpoint or not. + PrivateEndpointEnforcementEnabled *bool `json:"privateEndpointEnforcementEnabled,omitempty" tf:"private_endpoint_enforcement_enabled,omitempty"` } type MasterAuthorizedNetworksConfigObservation struct { @@ -3034,6 +3252,9 @@ type MasterAuthorizedNetworksConfigObservation struct { // Whether Kubernetes master is // accessible via Google Compute Engine Public IPs. GCPPublicCidrsAccessEnabled *bool `json:"gcpPublicCidrsAccessEnabled,omitempty" tf:"gcp_public_cidrs_access_enabled,omitempty"` + + // Whether authorized networks is enforced on the private endpoint or not. + PrivateEndpointEnforcementEnabled *bool `json:"privateEndpointEnforcementEnabled,omitempty" tf:"private_endpoint_enforcement_enabled,omitempty"` } type MasterAuthorizedNetworksConfigParameters struct { @@ -3047,6 +3268,10 @@ type MasterAuthorizedNetworksConfigParameters struct { // accessible via Google Compute Engine Public IPs. // +kubebuilder:validation:Optional GCPPublicCidrsAccessEnabled *bool `json:"gcpPublicCidrsAccessEnabled,omitempty" tf:"gcp_public_cidrs_access_enabled,omitempty"` + + // Whether authorized networks is enforced on the private endpoint or not. + // +kubebuilder:validation:Optional + PrivateEndpointEnforcementEnabled *bool `json:"privateEndpointEnforcementEnabled,omitempty" tf:"private_endpoint_enforcement_enabled,omitempty"` } type MasterGlobalAccessConfigInitParameters struct { @@ -3386,11 +3611,33 @@ type NodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigParameters str Enabled *bool `json:"enabled" tf:"enabled,omitempty"` } +type NodeConfigDefaultsGcfsConfigInitParameters struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodeConfigDefaultsGcfsConfigObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodeConfigDefaultsGcfsConfigParameters struct { + + // Enables vertical pod autoscaling + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type NodeConfigDefaultsInitParameters struct { // Parameters to customize containerd runtime. Structure is documented below. ContainerdConfig *NodeConfigDefaultsContainerdConfigInitParameters `json:"containerdConfig,omitempty" tf:"containerd_config,omitempty"` + // The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. + GcfsConfig *NodeConfigDefaultsGcfsConfigInitParameters `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` @@ -3403,6 +3650,9 @@ type NodeConfigDefaultsObservation struct { // Parameters to customize containerd runtime. Structure is documented below. ContainerdConfig *NodeConfigDefaultsContainerdConfigObservation `json:"containerdConfig,omitempty" tf:"containerd_config,omitempty"` + // The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. + GcfsConfig *NodeConfigDefaultsGcfsConfigObservation `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` @@ -3416,6 +3666,10 @@ type NodeConfigDefaultsParameters struct { // +kubebuilder:validation:Optional ContainerdConfig *NodeConfigDefaultsContainerdConfigParameters `json:"containerdConfig,omitempty" tf:"containerd_config,omitempty"` + // The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. + // +kubebuilder:validation:Optional + GcfsConfig *NodeConfigDefaultsGcfsConfigParameters `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. // +kubebuilder:validation:Optional InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` @@ -3570,8 +3824,11 @@ type NodeConfigInitParameters struct { GcfsConfig *GcfsConfigInitParameters `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` // List of the type and count of accelerator cards attached to the instance. - // Structure documented below.12 this field is an - // Attribute as Block + // Structure documented below. + // Note: As of 6.0.0, argument syntax + // is no longer supported for this field in favor of block syntax. + // To dynamically set a list of guest accelerators, use dynamic blocks. + // To set an empty list, use a single guest_accelerator block with count = 0. GuestAccelerator []GuestAcceleratorInitParameters `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` // Google Virtual NIC (gVNIC) is a virtual network interface. @@ -3608,6 +3865,10 @@ type NodeConfigInitParameters struct { // attached to each cluster node. Defaults to 0. LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` + // Possible Local SSD encryption modes: + // Accepted values are: + LocalSsdEncryptionMode *string `json:"localSsdEncryptionMode,omitempty" tf:"local_ssd_encryption_mode,omitempty"` + // wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information. LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` @@ -3683,6 +3944,9 @@ type NodeConfigInitParameters struct { // for more information. Defaults to false. Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` + // The list of Storage Pools where boot disks are provisioned. + StoragePools []*string `json:"storagePools,omitempty" tf:"storage_pools,omitempty"` + // The list of instance tags applied to all nodes. Tags are used to identify // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` @@ -3714,10 +3978,12 @@ type NodeConfigKubeletConfigObservation struct { // The CPU management policy on the node. See // K8S CPU Management Policies. - // One of "none" or "static". Defaults to none when kubelet_config is unset. + // One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + // Prior to the 6.4.0 this field was marked as required. The workaround for the required field + // is setting the empty string "", which will function identically to not setting this field. CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` - // Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` // Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304. @@ -3736,6 +4002,9 @@ type NodeConfigLinuxNodeConfigObservation struct { // Accepted values are: CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // Amounts for 2M and 1G hugepages. Structure is documented below. + HugepagesConfig *LinuxNodeConfigHugepagesConfigObservation `json:"hugepagesConfig,omitempty" tf:"hugepages_config,omitempty"` + // The Linux kernel parameters to be applied to the nodes // and all pods running on the nodes. Specified as a map from the key, such as // net.core.wmem_max, to a string value. Currently supported attributes can be found here. @@ -3807,8 +4076,11 @@ type NodeConfigObservation struct { GcfsConfig *GcfsConfigObservation `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` // List of the type and count of accelerator cards attached to the instance. - // Structure documented below.12 this field is an - // Attribute as Block + // Structure documented below. + // Note: As of 6.0.0, argument syntax + // is no longer supported for this field in favor of block syntax. + // To dynamically set a list of guest accelerators, use dynamic blocks. + // To set an empty list, use a single guest_accelerator block with count = 0. GuestAccelerator []GuestAcceleratorObservation `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` // Google Virtual NIC (gVNIC) is a virtual network interface. @@ -3845,6 +4117,10 @@ type NodeConfigObservation struct { // attached to each cluster node. Defaults to 0. LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` + // Possible Local SSD encryption modes: + // Accepted values are: + LocalSsdEncryptionMode *string `json:"localSsdEncryptionMode,omitempty" tf:"local_ssd_encryption_mode,omitempty"` + // wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information. LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` @@ -3910,6 +4186,9 @@ type NodeConfigObservation struct { // for more information. Defaults to false. Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` + // The list of Storage Pools where boot disks are provisioned. + StoragePools []*string `json:"storagePools,omitempty" tf:"storage_pools,omitempty"` + // The list of instance tags applied to all nodes. Tags are used to identify // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` @@ -3978,8 +4257,11 @@ type NodeConfigParameters struct { GcfsConfig *GcfsConfigParameters `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` // List of the type and count of accelerator cards attached to the instance. - // Structure documented below.12 this field is an - // Attribute as Block + // Structure documented below. + // Note: As of 6.0.0, argument syntax + // is no longer supported for this field in favor of block syntax. + // To dynamically set a list of guest accelerators, use dynamic blocks. + // To set an empty list, use a single guest_accelerator block with count = 0. // +kubebuilder:validation:Optional GuestAccelerator []GuestAcceleratorParameters `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` @@ -4025,6 +4307,11 @@ type NodeConfigParameters struct { // +kubebuilder:validation:Optional LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` + // Possible Local SSD encryption modes: + // Accepted values are: + // +kubebuilder:validation:Optional + LocalSsdEncryptionMode *string `json:"localSsdEncryptionMode,omitempty" tf:"local_ssd_encryption_mode,omitempty"` + // wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information. // +kubebuilder:validation:Optional LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` @@ -4115,6 +4402,10 @@ type NodeConfigParameters struct { // +kubebuilder:validation:Optional Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` + // The list of Storage Pools where boot disks are provisioned. + // +kubebuilder:validation:Optional + StoragePools []*string `json:"storagePools,omitempty" tf:"storage_pools,omitempty"` + // The list of instance tags applied to all nodes. Tags are used to identify // valid sources or targets for network firewalls. // +kubebuilder:validation:Optional @@ -4240,25 +4531,28 @@ type NodeConfigWorkloadMetadataConfigParameters struct { type NodeKubeletConfigInitParameters struct { - // Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` } type NodeKubeletConfigObservation struct { - // Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` } type NodeKubeletConfigParameters struct { - // Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. + // only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE. // +kubebuilder:validation:Optional InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` } type NodePoolAutoConfigInitParameters struct { + // Linux system configuration for the cluster's automatically provisioned node pools. Only cgroup_mode field is supported in node_pool_auto_config. Structure is documented below. + LinuxNodeConfig *NodePoolAutoConfigLinuxNodeConfigInitParameters `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` + // The network tag config for the cluster's automatically provisioned node pools. Structure is documented below. NetworkTags *NetworkTagsInitParameters `json:"networkTags,omitempty" tf:"network_tags,omitempty"` @@ -4271,8 +4565,33 @@ type NodePoolAutoConfigInitParameters struct { ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` } +type NodePoolAutoConfigLinuxNodeConfigInitParameters struct { + + // Possible cgroup modes that can be used. + // Accepted values are: + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` +} + +type NodePoolAutoConfigLinuxNodeConfigObservation struct { + + // Possible cgroup modes that can be used. + // Accepted values are: + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` +} + +type NodePoolAutoConfigLinuxNodeConfigParameters struct { + + // Possible cgroup modes that can be used. + // Accepted values are: + // +kubebuilder:validation:Optional + CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` +} + type NodePoolAutoConfigObservation struct { + // Linux system configuration for the cluster's automatically provisioned node pools. Only cgroup_mode field is supported in node_pool_auto_config. Structure is documented below. + LinuxNodeConfig *NodePoolAutoConfigLinuxNodeConfigObservation `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` + // The network tag config for the cluster's automatically provisioned node pools. Structure is documented below. NetworkTags *NetworkTagsObservation `json:"networkTags,omitempty" tf:"network_tags,omitempty"` @@ -4287,6 +4606,10 @@ type NodePoolAutoConfigObservation struct { type NodePoolAutoConfigParameters struct { + // Linux system configuration for the cluster's automatically provisioned node pools. Only cgroup_mode field is supported in node_pool_auto_config. Structure is documented below. + // +kubebuilder:validation:Optional + LinuxNodeConfig *NodePoolAutoConfigLinuxNodeConfigParameters `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` + // The network tag config for the cluster's automatically provisioned node pools. Structure is documented below. // +kubebuilder:validation:Optional NetworkTags *NetworkTagsParameters `json:"networkTags,omitempty" tf:"network_tags,omitempty"` @@ -4396,8 +4719,11 @@ type NodePoolNodeConfigObservation struct { GcfsConfig *NodeConfigGcfsConfigObservation `json:"gcfsConfig,omitempty" tf:"gcfs_config,omitempty"` // List of the type and count of accelerator cards attached to the instance. - // Structure documented below.12 this field is an - // Attribute as Block + // Structure documented below. + // Note: As of 6.0.0, argument syntax + // is no longer supported for this field in favor of block syntax. + // To dynamically set a list of guest accelerators, use dynamic blocks. + // To set an empty list, use a single guest_accelerator block with count = 0. GuestAccelerator []NodeConfigGuestAcceleratorObservation `json:"guestAccelerator,omitempty" tf:"guest_accelerator,omitempty"` // Google Virtual NIC (gVNIC) is a virtual network interface. @@ -4424,7 +4750,7 @@ type NodePoolNodeConfigObservation struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` - // Parameters that can be configured on Linux nodes. Structure is documented below. + // Linux system configuration for the cluster's automatically provisioned node pools. Only cgroup_mode field is supported in node_pool_auto_config. Structure is documented below. LinuxNodeConfig *NodeConfigLinuxNodeConfigObservation `json:"linuxNodeConfig,omitempty" tf:"linux_node_config,omitempty"` // Parameters for the local NVMe SSDs. Structure is documented below. @@ -4434,6 +4760,10 @@ type NodePoolNodeConfigObservation struct { // attached to each cluster node. Defaults to 0. LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` + // Possible Local SSD encryption modes: + // Accepted values are: + LocalSsdEncryptionMode *string `json:"localSsdEncryptionMode,omitempty" tf:"local_ssd_encryption_mode,omitempty"` + // The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information. LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` @@ -4498,6 +4828,9 @@ type NodePoolNodeConfigObservation struct { // for more information. Defaults to false. Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` + // The list of Storage Pools where boot disks are provisioned. + StoragePools []*string `json:"storagePools,omitempty" tf:"storage_pools,omitempty"` + // The list of instance tags applied to all nodes. Tags are used to identify // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` @@ -4623,6 +4956,25 @@ type NotificationConfigParameters struct { Pubsub *PubsubParameters `json:"pubsub" tf:"pubsub,omitempty"` } +type ParallelstoreCsiDriverConfigInitParameters struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type ParallelstoreCsiDriverConfigObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type ParallelstoreCsiDriverConfigParameters struct { + + // Enables vertical pod autoscaling + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type PlacementPolicyInitParameters struct { } @@ -5205,6 +5557,25 @@ type SecondaryBootDisksParameters struct { Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` } +type SecretManagerConfigInitParameters struct { + + // Enable the Secret Manager add-on for this cluster. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type SecretManagerConfigObservation struct { + + // Enable the Secret Manager add-on for this cluster. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type SecretManagerConfigParameters struct { + + // Enable the Secret Manager add-on for this cluster. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type SecurityPostureConfigInitParameters struct { // Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE. @@ -5488,6 +5859,75 @@ type UpgradeSettingsParameters struct { Strategy *string `json:"strategy,omitempty" tf:"strategy,omitempty"` } +type UserManagedKeysConfigInitParameters struct { + AggregationCA *string `json:"aggregationCa,omitempty" tf:"aggregation_ca,omitempty"` + + ClusterCA *string `json:"clusterCa,omitempty" tf:"cluster_ca,omitempty"` + + ControlPlaneDiskEncryptionKey *string `json:"controlPlaneDiskEncryptionKey,omitempty" tf:"control_plane_disk_encryption_key,omitempty"` + + EtcdAPICA *string `json:"etcdApiCa,omitempty" tf:"etcd_api_ca,omitempty"` + + EtcdPeerCA *string `json:"etcdPeerCa,omitempty" tf:"etcd_peer_ca,omitempty"` + + GkeopsEtcdBackupEncryptionKey *string `json:"gkeopsEtcdBackupEncryptionKey,omitempty" tf:"gkeops_etcd_backup_encryption_key,omitempty"` + + // +listType=set + ServiceAccountSigningKeys []*string `json:"serviceAccountSigningKeys,omitempty" tf:"service_account_signing_keys,omitempty"` + + // +listType=set + ServiceAccountVerificationKeys []*string `json:"serviceAccountVerificationKeys,omitempty" tf:"service_account_verification_keys,omitempty"` +} + +type UserManagedKeysConfigObservation struct { + AggregationCA *string `json:"aggregationCa,omitempty" tf:"aggregation_ca,omitempty"` + + ClusterCA *string `json:"clusterCa,omitempty" tf:"cluster_ca,omitempty"` + + ControlPlaneDiskEncryptionKey *string `json:"controlPlaneDiskEncryptionKey,omitempty" tf:"control_plane_disk_encryption_key,omitempty"` + + EtcdAPICA *string `json:"etcdApiCa,omitempty" tf:"etcd_api_ca,omitempty"` + + EtcdPeerCA *string `json:"etcdPeerCa,omitempty" tf:"etcd_peer_ca,omitempty"` + + GkeopsEtcdBackupEncryptionKey *string `json:"gkeopsEtcdBackupEncryptionKey,omitempty" tf:"gkeops_etcd_backup_encryption_key,omitempty"` + + // +listType=set + ServiceAccountSigningKeys []*string `json:"serviceAccountSigningKeys,omitempty" tf:"service_account_signing_keys,omitempty"` + + // +listType=set + ServiceAccountVerificationKeys []*string `json:"serviceAccountVerificationKeys,omitempty" tf:"service_account_verification_keys,omitempty"` +} + +type UserManagedKeysConfigParameters struct { + + // +kubebuilder:validation:Optional + AggregationCA *string `json:"aggregationCa,omitempty" tf:"aggregation_ca,omitempty"` + + // +kubebuilder:validation:Optional + ClusterCA *string `json:"clusterCa,omitempty" tf:"cluster_ca,omitempty"` + + // +kubebuilder:validation:Optional + ControlPlaneDiskEncryptionKey *string `json:"controlPlaneDiskEncryptionKey,omitempty" tf:"control_plane_disk_encryption_key,omitempty"` + + // +kubebuilder:validation:Optional + EtcdAPICA *string `json:"etcdApiCa,omitempty" tf:"etcd_api_ca,omitempty"` + + // +kubebuilder:validation:Optional + EtcdPeerCA *string `json:"etcdPeerCa,omitempty" tf:"etcd_peer_ca,omitempty"` + + // +kubebuilder:validation:Optional + GkeopsEtcdBackupEncryptionKey *string `json:"gkeopsEtcdBackupEncryptionKey,omitempty" tf:"gkeops_etcd_backup_encryption_key,omitempty"` + + // +kubebuilder:validation:Optional + // +listType=set + ServiceAccountSigningKeys []*string `json:"serviceAccountSigningKeys,omitempty" tf:"service_account_signing_keys,omitempty"` + + // +kubebuilder:validation:Optional + // +listType=set + ServiceAccountVerificationKeys []*string `json:"serviceAccountVerificationKeys,omitempty" tf:"service_account_verification_keys,omitempty"` +} + type VerticalPodAutoscalingInitParameters struct { // Enables vertical pod autoscaling diff --git a/apis/container/v1beta2/zz_generated.deepcopy.go b/apis/container/v1beta2/zz_generated.deepcopy.go index 561334236..958ae39f5 100644 --- a/apis/container/v1beta2/zz_generated.deepcopy.go +++ b/apis/container/v1beta2/zz_generated.deepcopy.go @@ -259,6 +259,11 @@ func (in *AddonsConfigInitParameters) DeepCopyInto(out *AddonsConfigInitParamete *out = new(NetworkPolicyConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.ParallelstoreCsiDriverConfig != nil { + in, out := &in.ParallelstoreCsiDriverConfig, &out.ParallelstoreCsiDriverConfig + *out = new(ParallelstoreCsiDriverConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.RayOperatorConfig != nil { in, out := &in.RayOperatorConfig, &out.RayOperatorConfig *out = make([]RayOperatorConfigInitParameters, len(*in)) @@ -336,6 +341,11 @@ func (in *AddonsConfigObservation) DeepCopyInto(out *AddonsConfigObservation) { *out = new(NetworkPolicyConfigObservation) (*in).DeepCopyInto(*out) } + if in.ParallelstoreCsiDriverConfig != nil { + in, out := &in.ParallelstoreCsiDriverConfig, &out.ParallelstoreCsiDriverConfig + *out = new(ParallelstoreCsiDriverConfigObservation) + (*in).DeepCopyInto(*out) + } if in.RayOperatorConfig != nil { in, out := &in.RayOperatorConfig, &out.RayOperatorConfig *out = make([]RayOperatorConfigObservation, len(*in)) @@ -413,6 +423,11 @@ func (in *AddonsConfigParameters) DeepCopyInto(out *AddonsConfigParameters) { *out = new(NetworkPolicyConfigParameters) (*in).DeepCopyInto(*out) } + if in.ParallelstoreCsiDriverConfig != nil { + in, out := &in.ParallelstoreCsiDriverConfig, &out.ParallelstoreCsiDriverConfig + *out = new(ParallelstoreCsiDriverConfigParameters) + (*in).DeepCopyInto(*out) + } if in.RayOperatorConfig != nil { in, out := &in.RayOperatorConfig, &out.RayOperatorConfig *out = make([]RayOperatorConfigParameters, len(*in)) @@ -450,11 +465,6 @@ func (in *AdvancedDatapathObservabilityConfigInitParameters) DeepCopyInto(out *A *out = new(bool) **out = **in } - if in.RelayMode != nil { - in, out := &in.RelayMode, &out.RelayMode - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedDatapathObservabilityConfigInitParameters. @@ -480,11 +490,6 @@ func (in *AdvancedDatapathObservabilityConfigObservation) DeepCopyInto(out *Adva *out = new(bool) **out = **in } - if in.RelayMode != nil { - in, out := &in.RelayMode, &out.RelayMode - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedDatapathObservabilityConfigObservation. @@ -510,11 +515,6 @@ func (in *AdvancedDatapathObservabilityConfigParameters) DeepCopyInto(out *Advan *out = new(bool) **out = **in } - if in.RelayMode != nil { - in, out := &in.RelayMode, &out.RelayMode - *out = new(string) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdvancedDatapathObservabilityConfigParameters. @@ -1777,6 +1777,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(ConfidentialNodesInitParameters) (*in).DeepCopyInto(*out) } + if in.ControlPlaneEndpointsConfig != nil { + in, out := &in.ControlPlaneEndpointsConfig, &out.ControlPlaneEndpointsConfig + *out = new(ControlPlaneEndpointsConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.CostManagementConfig != nil { in, out := &in.CostManagementConfig, &out.CostManagementConfig *out = new(CostManagementConfigInitParameters) @@ -1827,6 +1832,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(bool) **out = **in } + if in.EnableFqdnNetworkPolicy != nil { + in, out := &in.EnableFqdnNetworkPolicy, &out.EnableFqdnNetworkPolicy + *out = new(bool) + **out = **in + } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -1867,6 +1877,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(bool) **out = **in } + if in.EnterpriseConfig != nil { + in, out := &in.EnterpriseConfig, &out.EnterpriseConfig + *out = new(EnterpriseConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.Fleet != nil { in, out := &in.Fleet, &out.Fleet *out = new(FleetInitParameters) @@ -2044,6 +2059,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(ResourceUsageExportConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.SecretManagerConfig != nil { + in, out := &in.SecretManagerConfig, &out.SecretManagerConfig + *out = new(SecretManagerConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.SecurityPostureConfig != nil { in, out := &in.SecurityPostureConfig, &out.SecurityPostureConfig *out = new(SecurityPostureConfigInitParameters) @@ -2069,6 +2089,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.UserManagedKeysConfig != nil { + in, out := &in.UserManagedKeysConfig, &out.UserManagedKeysConfig + *out = new(UserManagedKeysConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.VerticalPodAutoscaling != nil { in, out := &in.VerticalPodAutoscaling, &out.VerticalPodAutoscaling *out = new(VerticalPodAutoscalingInitParameters) @@ -2161,6 +2186,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(ConfidentialNodesObservation) (*in).DeepCopyInto(*out) } + if in.ControlPlaneEndpointsConfig != nil { + in, out := &in.ControlPlaneEndpointsConfig, &out.ControlPlaneEndpointsConfig + *out = new(ControlPlaneEndpointsConfigObservation) + (*in).DeepCopyInto(*out) + } if in.CostManagementConfig != nil { in, out := &in.CostManagementConfig, &out.CostManagementConfig *out = new(CostManagementConfigObservation) @@ -2201,6 +2231,22 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.EffectiveLabels != nil { + in, out := &in.EffectiveLabels, &out.EffectiveLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.EnableAutopilot != nil { in, out := &in.EnableAutopilot, &out.EnableAutopilot *out = new(bool) @@ -2211,6 +2257,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(bool) **out = **in } + if in.EnableFqdnNetworkPolicy != nil { + in, out := &in.EnableFqdnNetworkPolicy, &out.EnableFqdnNetworkPolicy + *out = new(bool) + **out = **in + } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -2256,6 +2307,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.EnterpriseConfig != nil { + in, out := &in.EnterpriseConfig, &out.EnterpriseConfig + *out = new(EnterpriseConfigObservation) + (*in).DeepCopyInto(*out) + } if in.Fleet != nil { in, out := &in.Fleet, &out.Fleet *out = new(FleetObservation) @@ -2455,6 +2511,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(ResourceUsageExportConfigObservation) (*in).DeepCopyInto(*out) } + if in.SecretManagerConfig != nil { + in, out := &in.SecretManagerConfig, &out.SecretManagerConfig + *out = new(SecretManagerConfigObservation) + (*in).DeepCopyInto(*out) + } if in.SecurityPostureConfig != nil { in, out := &in.SecurityPostureConfig, &out.SecurityPostureConfig *out = new(SecurityPostureConfigObservation) @@ -2480,11 +2541,32 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.TerraformLabels != nil { + in, out := &in.TerraformLabels, &out.TerraformLabels + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.TpuIPv4CidrBlock != nil { in, out := &in.TpuIPv4CidrBlock, &out.TpuIPv4CidrBlock *out = new(string) **out = **in } + if in.UserManagedKeysConfig != nil { + in, out := &in.UserManagedKeysConfig, &out.UserManagedKeysConfig + *out = new(UserManagedKeysConfigObservation) + (*in).DeepCopyInto(*out) + } if in.VerticalPodAutoscaling != nil { in, out := &in.VerticalPodAutoscaling, &out.VerticalPodAutoscaling *out = new(VerticalPodAutoscalingObservation) @@ -2545,6 +2627,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(ConfidentialNodesParameters) (*in).DeepCopyInto(*out) } + if in.ControlPlaneEndpointsConfig != nil { + in, out := &in.ControlPlaneEndpointsConfig, &out.ControlPlaneEndpointsConfig + *out = new(ControlPlaneEndpointsConfigParameters) + (*in).DeepCopyInto(*out) + } if in.CostManagementConfig != nil { in, out := &in.CostManagementConfig, &out.CostManagementConfig *out = new(CostManagementConfigParameters) @@ -2595,6 +2682,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(bool) **out = **in } + if in.EnableFqdnNetworkPolicy != nil { + in, out := &in.EnableFqdnNetworkPolicy, &out.EnableFqdnNetworkPolicy + *out = new(bool) + **out = **in + } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -2635,6 +2727,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(bool) **out = **in } + if in.EnterpriseConfig != nil { + in, out := &in.EnterpriseConfig, &out.EnterpriseConfig + *out = new(EnterpriseConfigParameters) + (*in).DeepCopyInto(*out) + } if in.Fleet != nil { in, out := &in.Fleet, &out.Fleet *out = new(FleetParameters) @@ -2817,6 +2914,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(ResourceUsageExportConfigParameters) (*in).DeepCopyInto(*out) } + if in.SecretManagerConfig != nil { + in, out := &in.SecretManagerConfig, &out.SecretManagerConfig + *out = new(SecretManagerConfigParameters) + (*in).DeepCopyInto(*out) + } if in.SecurityPostureConfig != nil { in, out := &in.SecurityPostureConfig, &out.SecurityPostureConfig *out = new(SecurityPostureConfigParameters) @@ -2842,6 +2944,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.UserManagedKeysConfig != nil { + in, out := &in.UserManagedKeysConfig, &out.UserManagedKeysConfig + *out = new(UserManagedKeysConfigParameters) + (*in).DeepCopyInto(*out) + } if in.VerticalPodAutoscaling != nil { in, out := &in.VerticalPodAutoscaling, &out.VerticalPodAutoscaling *out = new(VerticalPodAutoscalingParameters) @@ -3289,6 +3396,66 @@ func (in *ContainerdConfigPrivateRegistryAccessConfigParameters) DeepCopy() *Con return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControlPlaneEndpointsConfigInitParameters) DeepCopyInto(out *ControlPlaneEndpointsConfigInitParameters) { + *out = *in + if in.DNSEndpointConfig != nil { + in, out := &in.DNSEndpointConfig, &out.DNSEndpointConfig + *out = new(DNSEndpointConfigInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneEndpointsConfigInitParameters. +func (in *ControlPlaneEndpointsConfigInitParameters) DeepCopy() *ControlPlaneEndpointsConfigInitParameters { + if in == nil { + return nil + } + out := new(ControlPlaneEndpointsConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControlPlaneEndpointsConfigObservation) DeepCopyInto(out *ControlPlaneEndpointsConfigObservation) { + *out = *in + if in.DNSEndpointConfig != nil { + in, out := &in.DNSEndpointConfig, &out.DNSEndpointConfig + *out = new(DNSEndpointConfigObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneEndpointsConfigObservation. +func (in *ControlPlaneEndpointsConfigObservation) DeepCopy() *ControlPlaneEndpointsConfigObservation { + if in == nil { + return nil + } + out := new(ControlPlaneEndpointsConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ControlPlaneEndpointsConfigParameters) DeepCopyInto(out *ControlPlaneEndpointsConfigParameters) { + *out = *in + if in.DNSEndpointConfig != nil { + in, out := &in.DNSEndpointConfig, &out.DNSEndpointConfig + *out = new(DNSEndpointConfigParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneEndpointsConfigParameters. +func (in *ControlPlaneEndpointsConfigParameters) DeepCopy() *ControlPlaneEndpointsConfigParameters { + if in == nil { + return nil + } + out := new(ControlPlaneEndpointsConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CostManagementConfigInitParameters) DeepCopyInto(out *CostManagementConfigInitParameters) { *out = *in @@ -3412,6 +3579,11 @@ func (in *DNSCacheConfigParameters) DeepCopy() *DNSCacheConfigParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSConfigInitParameters) DeepCopyInto(out *DNSConfigInitParameters) { *out = *in + if in.AdditiveVPCScopeDNSDomain != nil { + in, out := &in.AdditiveVPCScopeDNSDomain, &out.AdditiveVPCScopeDNSDomain + *out = new(string) + **out = **in + } if in.ClusterDNS != nil { in, out := &in.ClusterDNS, &out.ClusterDNS *out = new(string) @@ -3442,6 +3614,11 @@ func (in *DNSConfigInitParameters) DeepCopy() *DNSConfigInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSConfigObservation) DeepCopyInto(out *DNSConfigObservation) { *out = *in + if in.AdditiveVPCScopeDNSDomain != nil { + in, out := &in.AdditiveVPCScopeDNSDomain, &out.AdditiveVPCScopeDNSDomain + *out = new(string) + **out = **in + } if in.ClusterDNS != nil { in, out := &in.ClusterDNS, &out.ClusterDNS *out = new(string) @@ -3472,6 +3649,11 @@ func (in *DNSConfigObservation) DeepCopy() *DNSConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSConfigParameters) DeepCopyInto(out *DNSConfigParameters) { *out = *in + if in.AdditiveVPCScopeDNSDomain != nil { + in, out := &in.AdditiveVPCScopeDNSDomain, &out.AdditiveVPCScopeDNSDomain + *out = new(string) + **out = **in + } if in.ClusterDNS != nil { in, out := &in.ClusterDNS, &out.ClusterDNS *out = new(string) @@ -3499,6 +3681,81 @@ func (in *DNSConfigParameters) DeepCopy() *DNSConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSEndpointConfigInitParameters) DeepCopyInto(out *DNSEndpointConfigInitParameters) { + *out = *in + if in.AllowExternalTraffic != nil { + in, out := &in.AllowExternalTraffic, &out.AllowExternalTraffic + *out = new(bool) + **out = **in + } + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSEndpointConfigInitParameters. +func (in *DNSEndpointConfigInitParameters) DeepCopy() *DNSEndpointConfigInitParameters { + if in == nil { + return nil + } + out := new(DNSEndpointConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSEndpointConfigObservation) DeepCopyInto(out *DNSEndpointConfigObservation) { + *out = *in + if in.AllowExternalTraffic != nil { + in, out := &in.AllowExternalTraffic, &out.AllowExternalTraffic + *out = new(bool) + **out = **in + } + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSEndpointConfigObservation. +func (in *DNSEndpointConfigObservation) DeepCopy() *DNSEndpointConfigObservation { + if in == nil { + return nil + } + out := new(DNSEndpointConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSEndpointConfigParameters) DeepCopyInto(out *DNSEndpointConfigParameters) { + *out = *in + if in.AllowExternalTraffic != nil { + in, out := &in.AllowExternalTraffic, &out.AllowExternalTraffic + *out = new(bool) + **out = **in + } + if in.Endpoint != nil { + in, out := &in.Endpoint, &out.Endpoint + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSEndpointConfigParameters. +func (in *DNSEndpointConfigParameters) DeepCopy() *DNSEndpointConfigParameters { + if in == nil { + return nil + } + out := new(DNSEndpointConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DailyMaintenanceWindowInitParameters) DeepCopyInto(out *DailyMaintenanceWindowInitParameters) { *out = *in @@ -3837,6 +4094,71 @@ func (in *EnableK8SBetaApisParameters) DeepCopy() *EnableK8SBetaApisParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnterpriseConfigInitParameters) DeepCopyInto(out *EnterpriseConfigInitParameters) { + *out = *in + if in.DesiredTier != nil { + in, out := &in.DesiredTier, &out.DesiredTier + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnterpriseConfigInitParameters. +func (in *EnterpriseConfigInitParameters) DeepCopy() *EnterpriseConfigInitParameters { + if in == nil { + return nil + } + out := new(EnterpriseConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnterpriseConfigObservation) DeepCopyInto(out *EnterpriseConfigObservation) { + *out = *in + if in.ClusterTier != nil { + in, out := &in.ClusterTier, &out.ClusterTier + *out = new(string) + **out = **in + } + if in.DesiredTier != nil { + in, out := &in.DesiredTier, &out.DesiredTier + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnterpriseConfigObservation. +func (in *EnterpriseConfigObservation) DeepCopy() *EnterpriseConfigObservation { + if in == nil { + return nil + } + out := new(EnterpriseConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnterpriseConfigParameters) DeepCopyInto(out *EnterpriseConfigParameters) { + *out = *in + if in.DesiredTier != nil { + in, out := &in.DesiredTier, &out.DesiredTier + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnterpriseConfigParameters. +func (in *EnterpriseConfigParameters) DeepCopy() *EnterpriseConfigParameters { + if in == nil { + return nil + } + out := new(EnterpriseConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EphemeralStorageLocalSsdConfigInitParameters) DeepCopyInto(out *EphemeralStorageLocalSsdConfigInitParameters) { *out = *in @@ -5196,36 +5518,111 @@ func (in *HostMaintenancePolicyParameters) DeepCopy() *HostMaintenancePolicyPara } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IPAllocationPolicyInitParameters) DeepCopyInto(out *IPAllocationPolicyInitParameters) { +func (in *HugepagesConfigInitParameters) DeepCopyInto(out *HugepagesConfigInitParameters) { *out = *in - if in.AdditionalPodRangesConfig != nil { - in, out := &in.AdditionalPodRangesConfig, &out.AdditionalPodRangesConfig - *out = new(AdditionalPodRangesConfigInitParameters) - (*in).DeepCopyInto(*out) - } - if in.ClusterIPv4CidrBlock != nil { - in, out := &in.ClusterIPv4CidrBlock, &out.ClusterIPv4CidrBlock - *out = new(string) + if in.HugepageSize1G != nil { + in, out := &in.HugepageSize1G, &out.HugepageSize1G + *out = new(float64) **out = **in } - if in.ClusterSecondaryRangeName != nil { - in, out := &in.ClusterSecondaryRangeName, &out.ClusterSecondaryRangeName - *out = new(string) + if in.HugepageSize2M != nil { + in, out := &in.HugepageSize2M, &out.HugepageSize2M + *out = new(float64) **out = **in } - if in.PodCidrOverprovisionConfig != nil { - in, out := &in.PodCidrOverprovisionConfig, &out.PodCidrOverprovisionConfig - *out = new(PodCidrOverprovisionConfigInitParameters) - (*in).DeepCopyInto(*out) - } - if in.ServicesIPv4CidrBlock != nil { - in, out := &in.ServicesIPv4CidrBlock, &out.ServicesIPv4CidrBlock - *out = new(string) - **out = **in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HugepagesConfigInitParameters. +func (in *HugepagesConfigInitParameters) DeepCopy() *HugepagesConfigInitParameters { + if in == nil { + return nil } - if in.ServicesSecondaryRangeName != nil { - in, out := &in.ServicesSecondaryRangeName, &out.ServicesSecondaryRangeName - *out = new(string) + out := new(HugepagesConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HugepagesConfigObservation) DeepCopyInto(out *HugepagesConfigObservation) { + *out = *in + if in.HugepageSize1G != nil { + in, out := &in.HugepageSize1G, &out.HugepageSize1G + *out = new(float64) + **out = **in + } + if in.HugepageSize2M != nil { + in, out := &in.HugepageSize2M, &out.HugepageSize2M + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HugepagesConfigObservation. +func (in *HugepagesConfigObservation) DeepCopy() *HugepagesConfigObservation { + if in == nil { + return nil + } + out := new(HugepagesConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HugepagesConfigParameters) DeepCopyInto(out *HugepagesConfigParameters) { + *out = *in + if in.HugepageSize1G != nil { + in, out := &in.HugepageSize1G, &out.HugepageSize1G + *out = new(float64) + **out = **in + } + if in.HugepageSize2M != nil { + in, out := &in.HugepageSize2M, &out.HugepageSize2M + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HugepagesConfigParameters. +func (in *HugepagesConfigParameters) DeepCopy() *HugepagesConfigParameters { + if in == nil { + return nil + } + out := new(HugepagesConfigParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAllocationPolicyInitParameters) DeepCopyInto(out *IPAllocationPolicyInitParameters) { + *out = *in + if in.AdditionalPodRangesConfig != nil { + in, out := &in.AdditionalPodRangesConfig, &out.AdditionalPodRangesConfig + *out = new(AdditionalPodRangesConfigInitParameters) + (*in).DeepCopyInto(*out) + } + if in.ClusterIPv4CidrBlock != nil { + in, out := &in.ClusterIPv4CidrBlock, &out.ClusterIPv4CidrBlock + *out = new(string) + **out = **in + } + if in.ClusterSecondaryRangeName != nil { + in, out := &in.ClusterSecondaryRangeName, &out.ClusterSecondaryRangeName + *out = new(string) + **out = **in + } + if in.PodCidrOverprovisionConfig != nil { + in, out := &in.PodCidrOverprovisionConfig, &out.PodCidrOverprovisionConfig + *out = new(PodCidrOverprovisionConfigInitParameters) + (*in).DeepCopyInto(*out) + } + if in.ServicesIPv4CidrBlock != nil { + in, out := &in.ServicesIPv4CidrBlock, &out.ServicesIPv4CidrBlock + *out = new(string) + **out = **in + } + if in.ServicesSecondaryRangeName != nil { + in, out := &in.ServicesSecondaryRangeName, &out.ServicesSecondaryRangeName + *out = new(string) **out = **in } if in.StackType != nil { @@ -5525,6 +5922,61 @@ func (in *KubeletConfigParameters) DeepCopy() *KubeletConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinuxNodeConfigHugepagesConfigInitParameters) DeepCopyInto(out *LinuxNodeConfigHugepagesConfigInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinuxNodeConfigHugepagesConfigInitParameters. +func (in *LinuxNodeConfigHugepagesConfigInitParameters) DeepCopy() *LinuxNodeConfigHugepagesConfigInitParameters { + if in == nil { + return nil + } + out := new(LinuxNodeConfigHugepagesConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinuxNodeConfigHugepagesConfigObservation) DeepCopyInto(out *LinuxNodeConfigHugepagesConfigObservation) { + *out = *in + if in.HugepageSize1G != nil { + in, out := &in.HugepageSize1G, &out.HugepageSize1G + *out = new(float64) + **out = **in + } + if in.HugepageSize2M != nil { + in, out := &in.HugepageSize2M, &out.HugepageSize2M + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinuxNodeConfigHugepagesConfigObservation. +func (in *LinuxNodeConfigHugepagesConfigObservation) DeepCopy() *LinuxNodeConfigHugepagesConfigObservation { + if in == nil { + return nil + } + out := new(LinuxNodeConfigHugepagesConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LinuxNodeConfigHugepagesConfigParameters) DeepCopyInto(out *LinuxNodeConfigHugepagesConfigParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LinuxNodeConfigHugepagesConfigParameters. +func (in *LinuxNodeConfigHugepagesConfigParameters) DeepCopy() *LinuxNodeConfigHugepagesConfigParameters { + if in == nil { + return nil + } + out := new(LinuxNodeConfigHugepagesConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LinuxNodeConfigInitParameters) DeepCopyInto(out *LinuxNodeConfigInitParameters) { *out = *in @@ -5533,6 +5985,11 @@ func (in *LinuxNodeConfigInitParameters) DeepCopyInto(out *LinuxNodeConfigInitPa *out = new(string) **out = **in } + if in.HugepagesConfig != nil { + in, out := &in.HugepagesConfig, &out.HugepagesConfig + *out = new(HugepagesConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -5569,6 +6026,11 @@ func (in *LinuxNodeConfigObservation) DeepCopyInto(out *LinuxNodeConfigObservati *out = new(string) **out = **in } + if in.HugepagesConfig != nil { + in, out := &in.HugepagesConfig, &out.HugepagesConfig + *out = new(HugepagesConfigObservation) + (*in).DeepCopyInto(*out) + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -5605,6 +6067,11 @@ func (in *LinuxNodeConfigParameters) DeepCopyInto(out *LinuxNodeConfigParameters *out = new(string) **out = **in } + if in.HugepagesConfig != nil { + in, out := &in.HugepagesConfig, &out.HugepagesConfig + *out = new(HugepagesConfigParameters) + (*in).DeepCopyInto(*out) + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -6199,6 +6666,11 @@ func (in *MasterAuthorizedNetworksConfigInitParameters) DeepCopyInto(out *Master *out = new(bool) **out = **in } + if in.PrivateEndpointEnforcementEnabled != nil { + in, out := &in.PrivateEndpointEnforcementEnabled, &out.PrivateEndpointEnforcementEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MasterAuthorizedNetworksConfigInitParameters. @@ -6226,6 +6698,11 @@ func (in *MasterAuthorizedNetworksConfigObservation) DeepCopyInto(out *MasterAut *out = new(bool) **out = **in } + if in.PrivateEndpointEnforcementEnabled != nil { + in, out := &in.PrivateEndpointEnforcementEnabled, &out.PrivateEndpointEnforcementEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MasterAuthorizedNetworksConfigObservation. @@ -6253,6 +6730,11 @@ func (in *MasterAuthorizedNetworksConfigParameters) DeepCopyInto(out *MasterAuth *out = new(bool) **out = **in } + if in.PrivateEndpointEnforcementEnabled != nil { + in, out := &in.PrivateEndpointEnforcementEnabled, &out.PrivateEndpointEnforcementEnabled + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MasterAuthorizedNetworksConfigParameters. @@ -7708,6 +8190,66 @@ func (in *NodeConfigDefaultsContainerdConfigPrivateRegistryAccessConfigParameter return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigDefaultsGcfsConfigInitParameters) DeepCopyInto(out *NodeConfigDefaultsGcfsConfigInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigDefaultsGcfsConfigInitParameters. +func (in *NodeConfigDefaultsGcfsConfigInitParameters) DeepCopy() *NodeConfigDefaultsGcfsConfigInitParameters { + if in == nil { + return nil + } + out := new(NodeConfigDefaultsGcfsConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigDefaultsGcfsConfigObservation) DeepCopyInto(out *NodeConfigDefaultsGcfsConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigDefaultsGcfsConfigObservation. +func (in *NodeConfigDefaultsGcfsConfigObservation) DeepCopy() *NodeConfigDefaultsGcfsConfigObservation { + if in == nil { + return nil + } + out := new(NodeConfigDefaultsGcfsConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigDefaultsGcfsConfigParameters) DeepCopyInto(out *NodeConfigDefaultsGcfsConfigParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigDefaultsGcfsConfigParameters. +func (in *NodeConfigDefaultsGcfsConfigParameters) DeepCopy() *NodeConfigDefaultsGcfsConfigParameters { + if in == nil { + return nil + } + out := new(NodeConfigDefaultsGcfsConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigDefaultsInitParameters) DeepCopyInto(out *NodeConfigDefaultsInitParameters) { *out = *in @@ -7716,6 +8258,11 @@ func (in *NodeConfigDefaultsInitParameters) DeepCopyInto(out *NodeConfigDefaults *out = new(NodeConfigDefaultsContainerdConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.GcfsConfig != nil { + in, out := &in.GcfsConfig, &out.GcfsConfig + *out = new(NodeConfigDefaultsGcfsConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.InsecureKubeletReadonlyPortEnabled != nil { in, out := &in.InsecureKubeletReadonlyPortEnabled, &out.InsecureKubeletReadonlyPortEnabled *out = new(string) @@ -7746,6 +8293,11 @@ func (in *NodeConfigDefaultsObservation) DeepCopyInto(out *NodeConfigDefaultsObs *out = new(NodeConfigDefaultsContainerdConfigObservation) (*in).DeepCopyInto(*out) } + if in.GcfsConfig != nil { + in, out := &in.GcfsConfig, &out.GcfsConfig + *out = new(NodeConfigDefaultsGcfsConfigObservation) + (*in).DeepCopyInto(*out) + } if in.InsecureKubeletReadonlyPortEnabled != nil { in, out := &in.InsecureKubeletReadonlyPortEnabled, &out.InsecureKubeletReadonlyPortEnabled *out = new(string) @@ -7776,6 +8328,11 @@ func (in *NodeConfigDefaultsParameters) DeepCopyInto(out *NodeConfigDefaultsPara *out = new(NodeConfigDefaultsContainerdConfigParameters) (*in).DeepCopyInto(*out) } + if in.GcfsConfig != nil { + in, out := &in.GcfsConfig, &out.GcfsConfig + *out = new(NodeConfigDefaultsGcfsConfigParameters) + (*in).DeepCopyInto(*out) + } if in.InsecureKubeletReadonlyPortEnabled != nil { in, out := &in.InsecureKubeletReadonlyPortEnabled, &out.InsecureKubeletReadonlyPortEnabled *out = new(string) @@ -8424,6 +8981,11 @@ func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) *out = new(float64) **out = **in } + if in.LocalSsdEncryptionMode != nil { + in, out := &in.LocalSsdEncryptionMode, &out.LocalSsdEncryptionMode + *out = new(string) + **out = **in + } if in.LoggingVariant != nil { in, out := &in.LoggingVariant, &out.LoggingVariant *out = new(string) @@ -8550,6 +9112,17 @@ func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) *out = new(bool) **out = **in } + if in.StoragePools != nil { + in, out := &in.StoragePools, &out.StoragePools + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make([]*string, len(*in)) @@ -8655,6 +9228,81 @@ func (in *NodeConfigKubeletConfigParameters) DeepCopy() *NodeConfigKubeletConfig return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigLinuxNodeConfigHugepagesConfigInitParameters) DeepCopyInto(out *NodeConfigLinuxNodeConfigHugepagesConfigInitParameters) { + *out = *in + if in.HugepageSize1G != nil { + in, out := &in.HugepageSize1G, &out.HugepageSize1G + *out = new(float64) + **out = **in + } + if in.HugepageSize2M != nil { + in, out := &in.HugepageSize2M, &out.HugepageSize2M + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigLinuxNodeConfigHugepagesConfigInitParameters. +func (in *NodeConfigLinuxNodeConfigHugepagesConfigInitParameters) DeepCopy() *NodeConfigLinuxNodeConfigHugepagesConfigInitParameters { + if in == nil { + return nil + } + out := new(NodeConfigLinuxNodeConfigHugepagesConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigLinuxNodeConfigHugepagesConfigObservation) DeepCopyInto(out *NodeConfigLinuxNodeConfigHugepagesConfigObservation) { + *out = *in + if in.HugepageSize1G != nil { + in, out := &in.HugepageSize1G, &out.HugepageSize1G + *out = new(float64) + **out = **in + } + if in.HugepageSize2M != nil { + in, out := &in.HugepageSize2M, &out.HugepageSize2M + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigLinuxNodeConfigHugepagesConfigObservation. +func (in *NodeConfigLinuxNodeConfigHugepagesConfigObservation) DeepCopy() *NodeConfigLinuxNodeConfigHugepagesConfigObservation { + if in == nil { + return nil + } + out := new(NodeConfigLinuxNodeConfigHugepagesConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigLinuxNodeConfigHugepagesConfigParameters) DeepCopyInto(out *NodeConfigLinuxNodeConfigHugepagesConfigParameters) { + *out = *in + if in.HugepageSize1G != nil { + in, out := &in.HugepageSize1G, &out.HugepageSize1G + *out = new(float64) + **out = **in + } + if in.HugepageSize2M != nil { + in, out := &in.HugepageSize2M, &out.HugepageSize2M + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigLinuxNodeConfigHugepagesConfigParameters. +func (in *NodeConfigLinuxNodeConfigHugepagesConfigParameters) DeepCopy() *NodeConfigLinuxNodeConfigHugepagesConfigParameters { + if in == nil { + return nil + } + out := new(NodeConfigLinuxNodeConfigHugepagesConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigLinuxNodeConfigInitParameters) DeepCopyInto(out *NodeConfigLinuxNodeConfigInitParameters) { *out = *in @@ -8678,6 +9326,11 @@ func (in *NodeConfigLinuxNodeConfigObservation) DeepCopyInto(out *NodeConfigLinu *out = new(string) **out = **in } + if in.HugepagesConfig != nil { + in, out := &in.HugepagesConfig, &out.HugepagesConfig + *out = new(LinuxNodeConfigHugepagesConfigObservation) + (*in).DeepCopyInto(*out) + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -8889,6 +9542,11 @@ func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { *out = new(float64) **out = **in } + if in.LocalSsdEncryptionMode != nil { + in, out := &in.LocalSsdEncryptionMode, &out.LocalSsdEncryptionMode + *out = new(string) + **out = **in + } if in.LoggingVariant != nil { in, out := &in.LoggingVariant, &out.LoggingVariant *out = new(string) @@ -9005,6 +9663,17 @@ func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { *out = new(bool) **out = **in } + if in.StoragePools != nil { + in, out := &in.StoragePools, &out.StoragePools + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make([]*string, len(*in)) @@ -9151,6 +9820,11 @@ func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { *out = new(float64) **out = **in } + if in.LocalSsdEncryptionMode != nil { + in, out := &in.LocalSsdEncryptionMode, &out.LocalSsdEncryptionMode + *out = new(string) + **out = **in + } if in.LoggingVariant != nil { in, out := &in.LoggingVariant, &out.LoggingVariant *out = new(string) @@ -9277,6 +9951,17 @@ func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { *out = new(bool) **out = **in } + if in.StoragePools != nil { + in, out := &in.StoragePools, &out.StoragePools + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make([]*string, len(*in)) @@ -9868,6 +10553,11 @@ func (in *NodePool) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolAutoConfigInitParameters) DeepCopyInto(out *NodePoolAutoConfigInitParameters) { *out = *in + if in.LinuxNodeConfig != nil { + in, out := &in.LinuxNodeConfig, &out.LinuxNodeConfig + *out = new(NodePoolAutoConfigLinuxNodeConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.NetworkTags != nil { in, out := &in.NetworkTags, &out.NetworkTags *out = new(NetworkTagsInitParameters) @@ -9906,9 +10596,74 @@ func (in *NodePoolAutoConfigInitParameters) DeepCopy() *NodePoolAutoConfigInitPa return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolAutoConfigLinuxNodeConfigInitParameters) DeepCopyInto(out *NodePoolAutoConfigLinuxNodeConfigInitParameters) { + *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigLinuxNodeConfigInitParameters. +func (in *NodePoolAutoConfigLinuxNodeConfigInitParameters) DeepCopy() *NodePoolAutoConfigLinuxNodeConfigInitParameters { + if in == nil { + return nil + } + out := new(NodePoolAutoConfigLinuxNodeConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolAutoConfigLinuxNodeConfigObservation) DeepCopyInto(out *NodePoolAutoConfigLinuxNodeConfigObservation) { + *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigLinuxNodeConfigObservation. +func (in *NodePoolAutoConfigLinuxNodeConfigObservation) DeepCopy() *NodePoolAutoConfigLinuxNodeConfigObservation { + if in == nil { + return nil + } + out := new(NodePoolAutoConfigLinuxNodeConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolAutoConfigLinuxNodeConfigParameters) DeepCopyInto(out *NodePoolAutoConfigLinuxNodeConfigParameters) { + *out = *in + if in.CgroupMode != nil { + in, out := &in.CgroupMode, &out.CgroupMode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigLinuxNodeConfigParameters. +func (in *NodePoolAutoConfigLinuxNodeConfigParameters) DeepCopy() *NodePoolAutoConfigLinuxNodeConfigParameters { + if in == nil { + return nil + } + out := new(NodePoolAutoConfigLinuxNodeConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolAutoConfigObservation) DeepCopyInto(out *NodePoolAutoConfigObservation) { *out = *in + if in.LinuxNodeConfig != nil { + in, out := &in.LinuxNodeConfig, &out.LinuxNodeConfig + *out = new(NodePoolAutoConfigLinuxNodeConfigObservation) + (*in).DeepCopyInto(*out) + } if in.NetworkTags != nil { in, out := &in.NetworkTags, &out.NetworkTags *out = new(NetworkTagsObservation) @@ -9950,6 +10705,11 @@ func (in *NodePoolAutoConfigObservation) DeepCopy() *NodePoolAutoConfigObservati // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolAutoConfigParameters) DeepCopyInto(out *NodePoolAutoConfigParameters) { *out = *in + if in.LinuxNodeConfig != nil { + in, out := &in.LinuxNodeConfig, &out.LinuxNodeConfig + *out = new(NodePoolAutoConfigLinuxNodeConfigParameters) + (*in).DeepCopyInto(*out) + } if in.NetworkTags != nil { in, out := &in.NetworkTags, &out.NetworkTags *out = new(NetworkTagsParameters) @@ -11519,6 +12279,11 @@ func (in *NodePoolNodeConfigInitParameters_2) DeepCopyInto(out *NodePoolNodeConf *out = new(float64) **out = **in } + if in.LocalSsdEncryptionMode != nil { + in, out := &in.LocalSsdEncryptionMode, &out.LocalSsdEncryptionMode + *out = new(string) + **out = **in + } if in.LoggingVariant != nil { in, out := &in.LoggingVariant, &out.LoggingVariant *out = new(string) @@ -11645,6 +12410,17 @@ func (in *NodePoolNodeConfigInitParameters_2) DeepCopyInto(out *NodePoolNodeConf *out = new(bool) **out = **in } + if in.StoragePools != nil { + in, out := &in.StoragePools, &out.StoragePools + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make([]*string, len(*in)) @@ -11808,6 +12584,11 @@ func (in *NodePoolNodeConfigLinuxNodeConfigInitParameters) DeepCopyInto(out *Nod *out = new(string) **out = **in } + if in.HugepagesConfig != nil { + in, out := &in.HugepagesConfig, &out.HugepagesConfig + *out = new(NodeConfigLinuxNodeConfigHugepagesConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -11844,6 +12625,11 @@ func (in *NodePoolNodeConfigLinuxNodeConfigObservation) DeepCopyInto(out *NodePo *out = new(string) **out = **in } + if in.HugepagesConfig != nil { + in, out := &in.HugepagesConfig, &out.HugepagesConfig + *out = new(NodeConfigLinuxNodeConfigHugepagesConfigObservation) + (*in).DeepCopyInto(*out) + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -11880,6 +12666,11 @@ func (in *NodePoolNodeConfigLinuxNodeConfigParameters) DeepCopyInto(out *NodePoo *out = new(string) **out = **in } + if in.HugepagesConfig != nil { + in, out := &in.HugepagesConfig, &out.HugepagesConfig + *out = new(NodeConfigLinuxNodeConfigHugepagesConfigParameters) + (*in).DeepCopyInto(*out) + } if in.Sysctls != nil { in, out := &in.Sysctls, &out.Sysctls *out = make(map[string]*string, len(*in)) @@ -12086,6 +12877,11 @@ func (in *NodePoolNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigObs *out = new(float64) **out = **in } + if in.LocalSsdEncryptionMode != nil { + in, out := &in.LocalSsdEncryptionMode, &out.LocalSsdEncryptionMode + *out = new(string) + **out = **in + } if in.LoggingVariant != nil { in, out := &in.LoggingVariant, &out.LoggingVariant *out = new(string) @@ -12202,6 +12998,17 @@ func (in *NodePoolNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigObs *out = new(bool) **out = **in } + if in.StoragePools != nil { + in, out := &in.StoragePools, &out.StoragePools + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make([]*string, len(*in)) @@ -12355,6 +13162,11 @@ func (in *NodePoolNodeConfigObservation_2) DeepCopyInto(out *NodePoolNodeConfigO *out = new(float64) **out = **in } + if in.LocalSsdEncryptionMode != nil { + in, out := &in.LocalSsdEncryptionMode, &out.LocalSsdEncryptionMode + *out = new(string) + **out = **in + } if in.LoggingVariant != nil { in, out := &in.LoggingVariant, &out.LoggingVariant *out = new(string) @@ -12471,6 +13283,17 @@ func (in *NodePoolNodeConfigObservation_2) DeepCopyInto(out *NodePoolNodeConfigO *out = new(bool) **out = **in } + if in.StoragePools != nil { + in, out := &in.StoragePools, &out.StoragePools + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make([]*string, len(*in)) @@ -12632,6 +13455,11 @@ func (in *NodePoolNodeConfigParameters_2) DeepCopyInto(out *NodePoolNodeConfigPa *out = new(float64) **out = **in } + if in.LocalSsdEncryptionMode != nil { + in, out := &in.LocalSsdEncryptionMode, &out.LocalSsdEncryptionMode + *out = new(string) + **out = **in + } if in.LoggingVariant != nil { in, out := &in.LoggingVariant, &out.LoggingVariant *out = new(string) @@ -12758,6 +13586,17 @@ func (in *NodePoolNodeConfigParameters_2) DeepCopyInto(out *NodePoolNodeConfigPa *out = new(bool) **out = **in } + if in.StoragePools != nil { + in, out := &in.StoragePools, &out.StoragePools + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.Tags != nil { in, out := &in.Tags, &out.Tags *out = make([]*string, len(*in)) @@ -14174,6 +15013,66 @@ func (in *NotificationConfigParameters) DeepCopy() *NotificationConfigParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParallelstoreCsiDriverConfigInitParameters) DeepCopyInto(out *ParallelstoreCsiDriverConfigInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParallelstoreCsiDriverConfigInitParameters. +func (in *ParallelstoreCsiDriverConfigInitParameters) DeepCopy() *ParallelstoreCsiDriverConfigInitParameters { + if in == nil { + return nil + } + out := new(ParallelstoreCsiDriverConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParallelstoreCsiDriverConfigObservation) DeepCopyInto(out *ParallelstoreCsiDriverConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParallelstoreCsiDriverConfigObservation. +func (in *ParallelstoreCsiDriverConfigObservation) DeepCopy() *ParallelstoreCsiDriverConfigObservation { + if in == nil { + return nil + } + out := new(ParallelstoreCsiDriverConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ParallelstoreCsiDriverConfigParameters) DeepCopyInto(out *ParallelstoreCsiDriverConfigParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParallelstoreCsiDriverConfigParameters. +func (in *ParallelstoreCsiDriverConfigParameters) DeepCopy() *ParallelstoreCsiDriverConfigParameters { + if in == nil { + return nil + } + out := new(ParallelstoreCsiDriverConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PlacementPolicyInitParameters) DeepCopyInto(out *PlacementPolicyInitParameters) { *out = *in @@ -15514,6 +16413,66 @@ func (in *SecondaryBootDisksParameters) DeepCopy() *SecondaryBootDisksParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretManagerConfigInitParameters) DeepCopyInto(out *SecretManagerConfigInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretManagerConfigInitParameters. +func (in *SecretManagerConfigInitParameters) DeepCopy() *SecretManagerConfigInitParameters { + if in == nil { + return nil + } + out := new(SecretManagerConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretManagerConfigObservation) DeepCopyInto(out *SecretManagerConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretManagerConfigObservation. +func (in *SecretManagerConfigObservation) DeepCopy() *SecretManagerConfigObservation { + if in == nil { + return nil + } + out := new(SecretManagerConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretManagerConfigParameters) DeepCopyInto(out *SecretManagerConfigParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretManagerConfigParameters. +func (in *SecretManagerConfigParameters) DeepCopy() *SecretManagerConfigParameters { + if in == nil { + return nil + } + out := new(SecretManagerConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecurityPostureConfigInitParameters) DeepCopyInto(out *SecurityPostureConfigInitParameters) { *out = *in @@ -16401,6 +17360,207 @@ func (in *UpgradeSettingsParameters) DeepCopy() *UpgradeSettingsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserManagedKeysConfigInitParameters) DeepCopyInto(out *UserManagedKeysConfigInitParameters) { + *out = *in + if in.AggregationCA != nil { + in, out := &in.AggregationCA, &out.AggregationCA + *out = new(string) + **out = **in + } + if in.ClusterCA != nil { + in, out := &in.ClusterCA, &out.ClusterCA + *out = new(string) + **out = **in + } + if in.ControlPlaneDiskEncryptionKey != nil { + in, out := &in.ControlPlaneDiskEncryptionKey, &out.ControlPlaneDiskEncryptionKey + *out = new(string) + **out = **in + } + if in.EtcdAPICA != nil { + in, out := &in.EtcdAPICA, &out.EtcdAPICA + *out = new(string) + **out = **in + } + if in.EtcdPeerCA != nil { + in, out := &in.EtcdPeerCA, &out.EtcdPeerCA + *out = new(string) + **out = **in + } + if in.GkeopsEtcdBackupEncryptionKey != nil { + in, out := &in.GkeopsEtcdBackupEncryptionKey, &out.GkeopsEtcdBackupEncryptionKey + *out = new(string) + **out = **in + } + if in.ServiceAccountSigningKeys != nil { + in, out := &in.ServiceAccountSigningKeys, &out.ServiceAccountSigningKeys + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ServiceAccountVerificationKeys != nil { + in, out := &in.ServiceAccountVerificationKeys, &out.ServiceAccountVerificationKeys + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserManagedKeysConfigInitParameters. +func (in *UserManagedKeysConfigInitParameters) DeepCopy() *UserManagedKeysConfigInitParameters { + if in == nil { + return nil + } + out := new(UserManagedKeysConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserManagedKeysConfigObservation) DeepCopyInto(out *UserManagedKeysConfigObservation) { + *out = *in + if in.AggregationCA != nil { + in, out := &in.AggregationCA, &out.AggregationCA + *out = new(string) + **out = **in + } + if in.ClusterCA != nil { + in, out := &in.ClusterCA, &out.ClusterCA + *out = new(string) + **out = **in + } + if in.ControlPlaneDiskEncryptionKey != nil { + in, out := &in.ControlPlaneDiskEncryptionKey, &out.ControlPlaneDiskEncryptionKey + *out = new(string) + **out = **in + } + if in.EtcdAPICA != nil { + in, out := &in.EtcdAPICA, &out.EtcdAPICA + *out = new(string) + **out = **in + } + if in.EtcdPeerCA != nil { + in, out := &in.EtcdPeerCA, &out.EtcdPeerCA + *out = new(string) + **out = **in + } + if in.GkeopsEtcdBackupEncryptionKey != nil { + in, out := &in.GkeopsEtcdBackupEncryptionKey, &out.GkeopsEtcdBackupEncryptionKey + *out = new(string) + **out = **in + } + if in.ServiceAccountSigningKeys != nil { + in, out := &in.ServiceAccountSigningKeys, &out.ServiceAccountSigningKeys + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ServiceAccountVerificationKeys != nil { + in, out := &in.ServiceAccountVerificationKeys, &out.ServiceAccountVerificationKeys + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserManagedKeysConfigObservation. +func (in *UserManagedKeysConfigObservation) DeepCopy() *UserManagedKeysConfigObservation { + if in == nil { + return nil + } + out := new(UserManagedKeysConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserManagedKeysConfigParameters) DeepCopyInto(out *UserManagedKeysConfigParameters) { + *out = *in + if in.AggregationCA != nil { + in, out := &in.AggregationCA, &out.AggregationCA + *out = new(string) + **out = **in + } + if in.ClusterCA != nil { + in, out := &in.ClusterCA, &out.ClusterCA + *out = new(string) + **out = **in + } + if in.ControlPlaneDiskEncryptionKey != nil { + in, out := &in.ControlPlaneDiskEncryptionKey, &out.ControlPlaneDiskEncryptionKey + *out = new(string) + **out = **in + } + if in.EtcdAPICA != nil { + in, out := &in.EtcdAPICA, &out.EtcdAPICA + *out = new(string) + **out = **in + } + if in.EtcdPeerCA != nil { + in, out := &in.EtcdPeerCA, &out.EtcdPeerCA + *out = new(string) + **out = **in + } + if in.GkeopsEtcdBackupEncryptionKey != nil { + in, out := &in.GkeopsEtcdBackupEncryptionKey, &out.GkeopsEtcdBackupEncryptionKey + *out = new(string) + **out = **in + } + if in.ServiceAccountSigningKeys != nil { + in, out := &in.ServiceAccountSigningKeys, &out.ServiceAccountSigningKeys + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.ServiceAccountVerificationKeys != nil { + in, out := &in.ServiceAccountVerificationKeys, &out.ServiceAccountVerificationKeys + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserManagedKeysConfigParameters. +func (in *UserManagedKeysConfigParameters) DeepCopy() *UserManagedKeysConfigParameters { + if in == nil { + return nil + } + out := new(UserManagedKeysConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VerticalPodAutoscalingInitParameters) DeepCopyInto(out *VerticalPodAutoscalingInitParameters) { *out = *in diff --git a/apis/container/v1beta2/zz_nodepool_types.go b/apis/container/v1beta2/zz_nodepool_types.go index f31a6e890..1195f35a7 100755 --- a/apis/container/v1beta2/zz_nodepool_types.go +++ b/apis/container/v1beta2/zz_nodepool_types.go @@ -176,7 +176,7 @@ type NodeConfigGuestAcceleratorGpuDriverInstallationConfigInitParameters struct // The Kubernetes version for the nodes in this pool. Note that if this field // and auto_upgrade are both specified, they will fight each other for what the node version should // be, so setting both is highly discouraged. - GpuDriverVersion *string `json:"gpuDriverVersion,omitempty" tf:"gpu_driver_version"` + GpuDriverVersion *string `json:"gpuDriverVersion,omitempty" tf:"gpu_driver_version,omitempty"` } type NodeConfigGuestAcceleratorGpuDriverInstallationConfigObservation struct { @@ -193,13 +193,13 @@ type NodeConfigGuestAcceleratorGpuDriverInstallationConfigParameters struct { // and auto_upgrade are both specified, they will fight each other for what the node version should // be, so setting both is highly discouraged. // +kubebuilder:validation:Optional - GpuDriverVersion *string `json:"gpuDriverVersion,omitempty" tf:"gpu_driver_version"` + GpuDriverVersion *string `json:"gpuDriverVersion" tf:"gpu_driver_version,omitempty"` } type NodeConfigGuestAcceleratorGpuSharingConfigInitParameters struct { - GpuSharingStrategy *string `json:"gpuSharingStrategy,omitempty" tf:"gpu_sharing_strategy"` + GpuSharingStrategy *string `json:"gpuSharingStrategy,omitempty" tf:"gpu_sharing_strategy,omitempty"` - MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu,omitempty" tf:"max_shared_clients_per_gpu"` + MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu,omitempty" tf:"max_shared_clients_per_gpu,omitempty"` } type NodeConfigGuestAcceleratorGpuSharingConfigObservation struct { @@ -211,10 +211,31 @@ type NodeConfigGuestAcceleratorGpuSharingConfigObservation struct { type NodeConfigGuestAcceleratorGpuSharingConfigParameters struct { // +kubebuilder:validation:Optional - GpuSharingStrategy *string `json:"gpuSharingStrategy,omitempty" tf:"gpu_sharing_strategy"` + GpuSharingStrategy *string `json:"gpuSharingStrategy" tf:"gpu_sharing_strategy,omitempty"` + + // +kubebuilder:validation:Optional + MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu" tf:"max_shared_clients_per_gpu,omitempty"` +} + +type NodeConfigLinuxNodeConfigHugepagesConfigInitParameters struct { + HugepageSize1G *float64 `json:"hugepageSize1G,omitempty" tf:"hugepage_size_1g,omitempty"` + + HugepageSize2M *float64 `json:"hugepageSize2M,omitempty" tf:"hugepage_size_2m,omitempty"` +} + +type NodeConfigLinuxNodeConfigHugepagesConfigObservation struct { + HugepageSize1G *float64 `json:"hugepageSize1G,omitempty" tf:"hugepage_size_1g,omitempty"` + + HugepageSize2M *float64 `json:"hugepageSize2M,omitempty" tf:"hugepage_size_2m,omitempty"` +} + +type NodeConfigLinuxNodeConfigHugepagesConfigParameters struct { + + // +kubebuilder:validation:Optional + HugepageSize1G *float64 `json:"hugepageSize1G,omitempty" tf:"hugepage_size_1g,omitempty"` // +kubebuilder:validation:Optional - MaxSharedClientsPerGpu *float64 `json:"maxSharedClientsPerGpu,omitempty" tf:"max_shared_clients_per_gpu"` + HugepageSize2M *float64 `json:"hugepageSize2M,omitempty" tf:"hugepage_size_2m,omitempty"` } type NodeConfigSoleTenantConfigNodeAffinityInitParameters struct { @@ -664,18 +685,18 @@ type NodePoolNodeConfigGcfsConfigParameters struct { } type NodePoolNodeConfigGuestAcceleratorInitParameters struct { - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count,omitempty" tf:"count,omitempty"` - GpuDriverInstallationConfig *NodeConfigGuestAcceleratorGpuDriverInstallationConfigInitParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config"` + GpuDriverInstallationConfig *NodeConfigGuestAcceleratorGpuDriverInstallationConfigInitParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config,omitempty"` - GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size"` + GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size,omitempty"` - GpuSharingConfig *NodeConfigGuestAcceleratorGpuSharingConfigInitParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config"` + GpuSharingConfig *NodeConfigGuestAcceleratorGpuSharingConfigInitParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config,omitempty"` // The type of the policy. Supports a single value: COMPACT. // Specifying COMPACT placement policy type places node pool's nodes in a closer // physical proximity in order to reduce network latency between nodes. - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type NodePoolNodeConfigGuestAcceleratorObservation struct { @@ -696,22 +717,22 @@ type NodePoolNodeConfigGuestAcceleratorObservation struct { type NodePoolNodeConfigGuestAcceleratorParameters struct { // +kubebuilder:validation:Optional - Count *float64 `json:"count,omitempty" tf:"count"` + Count *float64 `json:"count" tf:"count,omitempty"` // +kubebuilder:validation:Optional - GpuDriverInstallationConfig *NodeConfigGuestAcceleratorGpuDriverInstallationConfigParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config"` + GpuDriverInstallationConfig *NodeConfigGuestAcceleratorGpuDriverInstallationConfigParameters `json:"gpuDriverInstallationConfig,omitempty" tf:"gpu_driver_installation_config,omitempty"` // +kubebuilder:validation:Optional - GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size"` + GpuPartitionSize *string `json:"gpuPartitionSize,omitempty" tf:"gpu_partition_size,omitempty"` // +kubebuilder:validation:Optional - GpuSharingConfig *NodeConfigGuestAcceleratorGpuSharingConfigParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config"` + GpuSharingConfig *NodeConfigGuestAcceleratorGpuSharingConfigParameters `json:"gpuSharingConfig,omitempty" tf:"gpu_sharing_config,omitempty"` // The type of the policy. Supports a single value: COMPACT. // Specifying COMPACT placement policy type places node pool's nodes in a closer // physical proximity in order to reduce network latency between nodes. // +kubebuilder:validation:Optional - Type *string `json:"type,omitempty" tf:"type"` + Type *string `json:"type" tf:"type,omitempty"` } type NodePoolNodeConfigGvnicInitParameters struct { @@ -789,6 +810,10 @@ type NodePoolNodeConfigInitParameters_2 struct { LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` + // Possible Local SSD encryption modes: + // Accepted values are: + LocalSsdEncryptionMode *string `json:"localSsdEncryptionMode,omitempty" tf:"local_ssd_encryption_mode,omitempty"` + LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` @@ -835,6 +860,8 @@ type NodePoolNodeConfigInitParameters_2 struct { Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` + StoragePools []*string `json:"storagePools,omitempty" tf:"storage_pools,omitempty"` + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` Taint []NodePoolNodeConfigTaintInitParameters `json:"taint,omitempty" tf:"taint,omitempty"` @@ -875,7 +902,7 @@ type NodePoolNodeConfigKubeletConfigParameters struct { CPUCfsQuotaPeriod *string `json:"cpuCfsQuotaPeriod,omitempty" tf:"cpu_cfs_quota_period,omitempty"` // +kubebuilder:validation:Optional - CPUManagerPolicy *string `json:"cpuManagerPolicy" tf:"cpu_manager_policy,omitempty"` + CPUManagerPolicy *string `json:"cpuManagerPolicy,omitempty" tf:"cpu_manager_policy,omitempty"` // +kubebuilder:validation:Optional InsecureKubeletReadonlyPortEnabled *string `json:"insecureKubeletReadonlyPortEnabled,omitempty" tf:"insecure_kubelet_readonly_port_enabled,omitempty"` @@ -887,6 +914,8 @@ type NodePoolNodeConfigKubeletConfigParameters struct { type NodePoolNodeConfigLinuxNodeConfigInitParameters struct { CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + HugepagesConfig *NodeConfigLinuxNodeConfigHugepagesConfigInitParameters `json:"hugepagesConfig,omitempty" tf:"hugepages_config,omitempty"` + // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } @@ -894,6 +923,8 @@ type NodePoolNodeConfigLinuxNodeConfigInitParameters struct { type NodePoolNodeConfigLinuxNodeConfigObservation struct { CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + HugepagesConfig *NodeConfigLinuxNodeConfigHugepagesConfigObservation `json:"hugepagesConfig,omitempty" tf:"hugepages_config,omitempty"` + // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` } @@ -903,6 +934,9 @@ type NodePoolNodeConfigLinuxNodeConfigParameters struct { // +kubebuilder:validation:Optional CgroupMode *string `json:"cgroupMode,omitempty" tf:"cgroup_mode,omitempty"` + // +kubebuilder:validation:Optional + HugepagesConfig *NodeConfigLinuxNodeConfigHugepagesConfigParameters `json:"hugepagesConfig,omitempty" tf:"hugepages_config,omitempty"` + // +kubebuilder:validation:Optional // +mapType=granular Sysctls map[string]*string `json:"sysctls,omitempty" tf:"sysctls,omitempty"` @@ -966,6 +1000,10 @@ type NodePoolNodeConfigObservation_2 struct { LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` + // Possible Local SSD encryption modes: + // Accepted values are: + LocalSsdEncryptionMode *string `json:"localSsdEncryptionMode,omitempty" tf:"local_ssd_encryption_mode,omitempty"` + LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` @@ -1002,6 +1040,8 @@ type NodePoolNodeConfigObservation_2 struct { Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` + StoragePools []*string `json:"storagePools,omitempty" tf:"storage_pools,omitempty"` + Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` Taint []NodePoolNodeConfigTaintObservation `json:"taint,omitempty" tf:"taint,omitempty"` @@ -1071,6 +1111,11 @@ type NodePoolNodeConfigParameters_2 struct { // +kubebuilder:validation:Optional LocalSsdCount *float64 `json:"localSsdCount,omitempty" tf:"local_ssd_count,omitempty"` + // Possible Local SSD encryption modes: + // Accepted values are: + // +kubebuilder:validation:Optional + LocalSsdEncryptionMode *string `json:"localSsdEncryptionMode,omitempty" tf:"local_ssd_encryption_mode,omitempty"` + // +kubebuilder:validation:Optional LoggingVariant *string `json:"loggingVariant,omitempty" tf:"logging_variant,omitempty"` @@ -1132,6 +1177,9 @@ type NodePoolNodeConfigParameters_2 struct { // +kubebuilder:validation:Optional Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` + // +kubebuilder:validation:Optional + StoragePools []*string `json:"storagePools,omitempty" tf:"storage_pools,omitempty"` + // +kubebuilder:validation:Optional Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` diff --git a/package/crds/container.gcp.upbound.io_clusters.yaml b/package/crds/container.gcp.upbound.io_clusters.yaml index e42788496..ee0da427d 100644 --- a/package/crds/container.gcp.upbound.io_clusters.yaml +++ b/package/crds/container.gcp.upbound.io_clusters.yaml @@ -7391,6 +7391,18 @@ spec: cluster. It is disabled by default. Set disabled = false to enable. type: boolean type: object + parallelstoreCsiDriverConfig: + description: |- + The status of the Parallelstore CSI driver addon, + which allows the usage of a Parallelstore instances as volumes. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. + See Enable the Parallelstore CSI driver for more information. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object rayOperatorConfig: description: |- . The status of the Ray Operator @@ -7674,6 +7686,24 @@ spec: enforce encryption of data in-use. type: boolean type: object + controlPlaneEndpointsConfig: + description: |- + Configuration for all of the cluster's control plane endpoints. + Structure is documented below. + properties: + dnsEndpointConfig: + description: DNS endpoint configuration. + properties: + allowExternalTraffic: + description: Controls whether user traffic is allowed + over this endpoint. Note that GCP-managed services may + still use the endpoint even if this is false. + type: boolean + endpoint: + description: (Output) The cluster's DNS endpoint. + type: string + type: object + type: object costManagementConfig: description: |- Configuration for the @@ -7730,6 +7760,12 @@ spec: description: Configuration for Using Cloud DNS for GKE. Structure is documented below. properties: + additiveVpcScopeDnsDomain: + description: This will enable Cloud DNS additive VPC scope. + Must provide a domain name that is unique within the VPC. + For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope + = "CLUSTER_SCOPE" must both be set as well. + type: string clusterDns: description: Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS. @@ -7753,6 +7789,13 @@ spec: description: Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. type: boolean + enableFqdnNetworkPolicy: + description: Whether FQDN Network Policy is enabled on this cluster. + Users who enable this feature for existing Standard clusters + must restart the GKE Dataplane V2 anetd DaemonSet after enabling + it. See the Enable FQDN Network Policy in an existing cluster + for more information. + type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -7803,6 +7846,15 @@ spec: Whether to enable Cloud TPU resources in this cluster. See the official documentation. type: boolean + enterpriseConfig: + description: Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). + Structure is documented below. + properties: + desiredTier: + description: Sets the tier of the cluster. Available options + include STANDARD and ENTERPRISE. + type: string + type: object fleet: description: Fleet configuration for the cluster. Structure is documented below. @@ -8023,6 +8075,10 @@ spec: Whether Kubernetes master is accessible via Google Compute Engine Public IPs. type: boolean + privateEndpointEnforcementEnabled: + description: Whether authorized networks is enforced on the + private endpoint or not. + type: boolean type: object meshCertificates: description: Structure is documented below. @@ -8059,13 +8115,6 @@ spec: enableRelay: description: Whether or not Relay is enabled. type: boolean - relayMode: - description: Mode used to make Relay available. Deprecated - in favor of enable_relay field. Remove this attribute's - configuration as this field will be removed in the next - major release and enable_relay will become a required - field. - type: string type: object enableComponents: description: 'The GKE components exposing metrics. Supported @@ -8314,8 +8363,11 @@ spec: guestAccelerator: description: |- List of the type and count of accelerator cards attached to the instance. - Structure documented below.12 this field is an - Attribute as Block + Structure documented below. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. items: properties: count: @@ -8403,12 +8455,14 @@ spec: description: |- The CPU management policy on the node. See K8S CPU Management Policies. - One of "none" or "static". Defaults to none when kubelet_config is unset. + One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + Prior to the 6.4.0 this field was marked as required. The workaround for the required field + is setting the empty string "", which will function identically to not setting this field. type: string insecureKubeletReadonlyPortEnabled: - description: 'Controls whether the kubelet read-only port - is enabled. It is strongly recommended to set this to - FALSE. Possible values: TRUE, FALSE.' + description: 'only port is enabled for newly created node + pools in the cluster. It is strongly recommended to + set this to FALSE. Possible values: TRUE, FALSE.' type: string podPidsLimit: description: Controls the maximum number of processes @@ -8433,6 +8487,17 @@ spec: Possible cgroup modes that can be used. Accepted values are: type: string + hugepagesConfig: + description: Amounts for 2M and 1G hugepages. Structure + is documented below. + properties: + hugepageSize1G: + description: Amount of 1G hugepages. + type: number + hugepageSize2M: + description: Amount of 2M hugepages. + type: number + type: object sysctls: additionalProperties: type: string @@ -8459,6 +8524,11 @@ spec: The amount of local SSD disks that will be attached to each cluster node. Defaults to 0. type: number + localSsdEncryptionMode: + description: |- + Possible Local SSD encryption modes: + Accepted values are: + type: string loggingVariant: description: wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput @@ -8690,6 +8760,12 @@ spec: See the official documentation for more information. Defaults to false. type: boolean + storagePools: + description: The list of Storage Pools where boot disks are + provisioned. + items: + type: string + type: array tags: description: |- The list of instance tags applied to all nodes. Tags are used to identify @@ -8744,6 +8820,18 @@ spec: autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below. properties: + linuxNodeConfig: + description: Linux system configuration for the cluster's + automatically provisioned node pools. Only cgroup_mode field + is supported in node_pool_auto_config. Structure is documented + below. + properties: + cgroupMode: + description: |- + Possible cgroup modes that can be used. + Accepted values are: + type: string + type: object networkTags: description: The network tag config for the cluster's automatically provisioned node pools. Structure is documented below. @@ -8762,9 +8850,9 @@ spec: Structure is documented below. properties: insecureKubeletReadonlyPortEnabled: - description: 'Controls whether the kubelet read-only port - is enabled. It is strongly recommended to set this to - FALSE. Possible values: TRUE, FALSE.' + description: 'only port is enabled for newly created node + pools in the cluster. It is strongly recommended to + set this to FALSE. Possible values: TRUE, FALSE.' type: string type: object resourceManagerTags: @@ -8821,6 +8909,16 @@ spec: type: boolean type: object type: object + gcfsConfig: + description: The default Google Container Filesystem (GCFS) + configuration at the cluster level. e.g. enable image + streaming across all the node pools within the cluster. + Structure is documented below. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object insecureKubeletReadonlyPortEnabled: description: 'only port is enabled for newly created node pools in the cluster. It is strongly recommended to @@ -9063,6 +9161,16 @@ spec: billing export. Defaults to true. type: boolean type: object + secretManagerConfig: + description: |- + Configuration for the + SecretManagerConfig feature. + Structure is documented below. + properties: + enabled: + description: Enable the Secret Manager add-on for this cluster. + type: boolean + type: object securityPostureConfig: description: Enable/Disable Security Posture API features for the cluster. Structure is documented below. @@ -9168,6 +9276,31 @@ spec: type: string type: object type: object + userManagedKeysConfig: + properties: + aggregationCa: + type: string + clusterCa: + type: string + controlPlaneDiskEncryptionKey: + type: string + etcdApiCa: + type: string + etcdPeerCa: + type: string + gkeopsEtcdBackupEncryptionKey: + type: string + serviceAccountSigningKeys: + items: + type: string + type: array + x-kubernetes-list-type: set + serviceAccountVerificationKeys: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object verticalPodAutoscaling: description: |- Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. @@ -9323,6 +9456,18 @@ spec: cluster. It is disabled by default. Set disabled = false to enable. type: boolean type: object + parallelstoreCsiDriverConfig: + description: |- + The status of the Parallelstore CSI driver addon, + which allows the usage of a Parallelstore instances as volumes. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. + See Enable the Parallelstore CSI driver for more information. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object rayOperatorConfig: description: |- . The status of the Ray Operator @@ -9606,6 +9751,24 @@ spec: enforce encryption of data in-use. type: boolean type: object + controlPlaneEndpointsConfig: + description: |- + Configuration for all of the cluster's control plane endpoints. + Structure is documented below. + properties: + dnsEndpointConfig: + description: DNS endpoint configuration. + properties: + allowExternalTraffic: + description: Controls whether user traffic is allowed + over this endpoint. Note that GCP-managed services may + still use the endpoint even if this is false. + type: boolean + endpoint: + description: (Output) The cluster's DNS endpoint. + type: string + type: object + type: object costManagementConfig: description: |- Configuration for the @@ -9662,6 +9825,12 @@ spec: description: Configuration for Using Cloud DNS for GKE. Structure is documented below. properties: + additiveVpcScopeDnsDomain: + description: This will enable Cloud DNS additive VPC scope. + Must provide a domain name that is unique within the VPC. + For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope + = "CLUSTER_SCOPE" must both be set as well. + type: string clusterDns: description: Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS. @@ -9685,6 +9854,13 @@ spec: description: Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. type: boolean + enableFqdnNetworkPolicy: + description: Whether FQDN Network Policy is enabled on this cluster. + Users who enable this feature for existing Standard clusters + must restart the GKE Dataplane V2 anetd DaemonSet after enabling + it. See the Enable FQDN Network Policy in an existing cluster + for more information. + type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -9735,6 +9911,15 @@ spec: Whether to enable Cloud TPU resources in this cluster. See the official documentation. type: boolean + enterpriseConfig: + description: Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). + Structure is documented below. + properties: + desiredTier: + description: Sets the tier of the cluster. Available options + include STANDARD and ENTERPRISE. + type: string + type: object fleet: description: Fleet configuration for the cluster. Structure is documented below. @@ -9946,6 +10131,10 @@ spec: Whether Kubernetes master is accessible via Google Compute Engine Public IPs. type: boolean + privateEndpointEnforcementEnabled: + description: Whether authorized networks is enforced on the + private endpoint or not. + type: boolean type: object meshCertificates: description: Structure is documented below. @@ -9982,13 +10171,6 @@ spec: enableRelay: description: Whether or not Relay is enabled. type: boolean - relayMode: - description: Mode used to make Relay available. Deprecated - in favor of enable_relay field. Remove this attribute's - configuration as this field will be removed in the next - major release and enable_relay will become a required - field. - type: string type: object enableComponents: description: 'The GKE components exposing metrics. Supported @@ -10237,8 +10419,11 @@ spec: guestAccelerator: description: |- List of the type and count of accelerator cards attached to the instance. - Structure documented below.12 this field is an - Attribute as Block + Structure documented below. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. items: properties: count: @@ -10326,12 +10511,14 @@ spec: description: |- The CPU management policy on the node. See K8S CPU Management Policies. - One of "none" or "static". Defaults to none when kubelet_config is unset. + One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + Prior to the 6.4.0 this field was marked as required. The workaround for the required field + is setting the empty string "", which will function identically to not setting this field. type: string insecureKubeletReadonlyPortEnabled: - description: 'Controls whether the kubelet read-only port - is enabled. It is strongly recommended to set this to - FALSE. Possible values: TRUE, FALSE.' + description: 'only port is enabled for newly created node + pools in the cluster. It is strongly recommended to + set this to FALSE. Possible values: TRUE, FALSE.' type: string podPidsLimit: description: Controls the maximum number of processes @@ -10356,6 +10543,17 @@ spec: Possible cgroup modes that can be used. Accepted values are: type: string + hugepagesConfig: + description: Amounts for 2M and 1G hugepages. Structure + is documented below. + properties: + hugepageSize1G: + description: Amount of 1G hugepages. + type: number + hugepageSize2M: + description: Amount of 2M hugepages. + type: number + type: object sysctls: additionalProperties: type: string @@ -10382,6 +10580,11 @@ spec: The amount of local SSD disks that will be attached to each cluster node. Defaults to 0. type: number + localSsdEncryptionMode: + description: |- + Possible Local SSD encryption modes: + Accepted values are: + type: string loggingVariant: description: wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput @@ -10613,6 +10816,12 @@ spec: See the official documentation for more information. Defaults to false. type: boolean + storagePools: + description: The list of Storage Pools where boot disks are + provisioned. + items: + type: string + type: array tags: description: |- The list of instance tags applied to all nodes. Tags are used to identify @@ -10667,6 +10876,18 @@ spec: autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below. properties: + linuxNodeConfig: + description: Linux system configuration for the cluster's + automatically provisioned node pools. Only cgroup_mode field + is supported in node_pool_auto_config. Structure is documented + below. + properties: + cgroupMode: + description: |- + Possible cgroup modes that can be used. + Accepted values are: + type: string + type: object networkTags: description: The network tag config for the cluster's automatically provisioned node pools. Structure is documented below. @@ -10685,9 +10906,9 @@ spec: Structure is documented below. properties: insecureKubeletReadonlyPortEnabled: - description: 'Controls whether the kubelet read-only port - is enabled. It is strongly recommended to set this to - FALSE. Possible values: TRUE, FALSE.' + description: 'only port is enabled for newly created node + pools in the cluster. It is strongly recommended to + set this to FALSE. Possible values: TRUE, FALSE.' type: string type: object resourceManagerTags: @@ -10744,6 +10965,16 @@ spec: type: boolean type: object type: object + gcfsConfig: + description: The default Google Container Filesystem (GCFS) + configuration at the cluster level. e.g. enable image + streaming across all the node pools within the cluster. + Structure is documented below. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object insecureKubeletReadonlyPortEnabled: description: 'only port is enabled for newly created node pools in the cluster. It is strongly recommended to @@ -10986,6 +11217,16 @@ spec: billing export. Defaults to true. type: boolean type: object + secretManagerConfig: + description: |- + Configuration for the + SecretManagerConfig feature. + Structure is documented below. + properties: + enabled: + description: Enable the Secret Manager add-on for this cluster. + type: boolean + type: object securityPostureConfig: description: Enable/Disable Security Posture API features for the cluster. Structure is documented below. @@ -11091,6 +11332,31 @@ spec: type: string type: object type: object + userManagedKeysConfig: + properties: + aggregationCa: + type: string + clusterCa: + type: string + controlPlaneDiskEncryptionKey: + type: string + etcdApiCa: + type: string + etcdPeerCa: + type: string + gkeopsEtcdBackupEncryptionKey: + type: string + serviceAccountSigningKeys: + items: + type: string + type: array + x-kubernetes-list-type: set + serviceAccountVerificationKeys: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object verticalPodAutoscaling: description: |- Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. @@ -11403,6 +11669,18 @@ spec: cluster. It is disabled by default. Set disabled = false to enable. type: boolean type: object + parallelstoreCsiDriverConfig: + description: |- + The status of the Parallelstore CSI driver addon, + which allows the usage of a Parallelstore instances as volumes. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. + See Enable the Parallelstore CSI driver for more information. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object rayOperatorConfig: description: |- . The status of the Ray Operator @@ -11698,6 +11976,24 @@ spec: enforce encryption of data in-use. type: boolean type: object + controlPlaneEndpointsConfig: + description: |- + Configuration for all of the cluster's control plane endpoints. + Structure is documented below. + properties: + dnsEndpointConfig: + description: DNS endpoint configuration. + properties: + allowExternalTraffic: + description: Controls whether user traffic is allowed + over this endpoint. Note that GCP-managed services may + still use the endpoint even if this is false. + type: boolean + endpoint: + description: (Output) The cluster's DNS endpoint. + type: string + type: object + type: object costManagementConfig: description: |- Configuration for the @@ -11754,6 +12050,12 @@ spec: description: Configuration for Using Cloud DNS for GKE. Structure is documented below. properties: + additiveVpcScopeDnsDomain: + description: This will enable Cloud DNS additive VPC scope. + Must provide a domain name that is unique within the VPC. + For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope + = "CLUSTER_SCOPE" must both be set as well. + type: string clusterDns: description: Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS. @@ -11766,6 +12068,11 @@ spec: (default) or CLUSTER_SCOPE or VPC_SCOPE. type: string type: object + effectiveLabels: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular enableAutopilot: description: |- Enable Autopilot for this cluster. Defaults to false. @@ -11777,6 +12084,13 @@ spec: description: Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. type: boolean + enableFqdnNetworkPolicy: + description: Whether FQDN Network Policy is enabled on this cluster. + Users who enable this feature for existing Standard clusters + must restart the GKE Dataplane V2 anetd DaemonSet after enabling + it. See the Enable FQDN Network Policy in an existing cluster + for more information. + type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -11830,6 +12144,18 @@ spec: endpoint: description: The IP address of this cluster's Kubernetes master. type: string + enterpriseConfig: + description: Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). + Structure is documented below. + properties: + clusterTier: + description: The effective tier of the cluster. + type: string + desiredTier: + description: Sets the tier of the cluster. Available options + include STANDARD and ENTERPRISE. + type: string + type: object fleet: description: Fleet configuration for the cluster. Structure is documented below. @@ -12089,6 +12415,10 @@ spec: Whether Kubernetes master is accessible via Google Compute Engine Public IPs. type: boolean + privateEndpointEnforcementEnabled: + description: Whether authorized networks is enforced on the + private endpoint or not. + type: boolean type: object masterVersion: description: |- @@ -12131,13 +12461,6 @@ spec: enableRelay: description: Whether or not Relay is enabled. type: boolean - relayMode: - description: Mode used to make Relay available. Deprecated - in favor of enable_relay field. Remove this attribute's - configuration as this field will be removed in the next - major release and enable_relay will become a required - field. - type: string type: object enableComponents: description: 'The GKE components exposing metrics. Supported @@ -12329,8 +12652,11 @@ spec: guestAccelerator: description: |- List of the type and count of accelerator cards attached to the instance. - Structure documented below.12 this field is an - Attribute as Block + Structure documented below. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. items: properties: count: @@ -12418,12 +12744,14 @@ spec: description: |- The CPU management policy on the node. See K8S CPU Management Policies. - One of "none" or "static". Defaults to none when kubelet_config is unset. + One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + Prior to the 6.4.0 this field was marked as required. The workaround for the required field + is setting the empty string "", which will function identically to not setting this field. type: string insecureKubeletReadonlyPortEnabled: - description: 'Controls whether the kubelet read-only port - is enabled. It is strongly recommended to set this to - FALSE. Possible values: TRUE, FALSE.' + description: 'only port is enabled for newly created node + pools in the cluster. It is strongly recommended to + set this to FALSE. Possible values: TRUE, FALSE.' type: string podPidsLimit: description: Controls the maximum number of processes @@ -12448,6 +12776,17 @@ spec: Possible cgroup modes that can be used. Accepted values are: type: string + hugepagesConfig: + description: Amounts for 2M and 1G hugepages. Structure + is documented below. + properties: + hugepageSize1G: + description: Amount of 1G hugepages. + type: number + hugepageSize2M: + description: Amount of 2M hugepages. + type: number + type: object sysctls: additionalProperties: type: string @@ -12474,6 +12813,11 @@ spec: The amount of local SSD disks that will be attached to each cluster node. Defaults to 0. type: number + localSsdEncryptionMode: + description: |- + Possible Local SSD encryption modes: + Accepted values are: + type: string loggingVariant: description: wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput @@ -12629,6 +12973,12 @@ spec: See the official documentation for more information. Defaults to false. type: boolean + storagePools: + description: The list of Storage Pools where boot disks are + provisioned. + items: + type: string + type: array tags: description: |- The list of instance tags applied to all nodes. Tags are used to identify @@ -12939,8 +13289,11 @@ spec: guestAccelerator: description: |- List of the type and count of accelerator cards attached to the instance. - Structure documented below.12 this field is an - Attribute as Block + Structure documented below. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. items: properties: count: @@ -13028,12 +13381,14 @@ spec: description: |- The CPU management policy on the node. See K8S CPU Management Policies. - One of "none" or "static". Defaults to none when kubelet_config is unset. + One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + Prior to the 6.4.0 this field was marked as required. The workaround for the required field + is setting the empty string "", which will function identically to not setting this field. type: string insecureKubeletReadonlyPortEnabled: - description: 'Controls whether the kubelet read-only - port is enabled. It is strongly recommended to - set this to FALSE. Possible values: TRUE, FALSE.' + description: 'only port is enabled for newly created + node pools in the cluster. It is strongly recommended + to set this to FALSE. Possible values: TRUE, FALSE.' type: string podPidsLimit: description: Controls the maximum number of processes @@ -13050,14 +13405,27 @@ spec: type: object x-kubernetes-map-type: granular linuxNodeConfig: - description: Parameters that can be configured on Linux - nodes. Structure is documented below. + description: Linux system configuration for the cluster's + automatically provisioned node pools. Only cgroup_mode + field is supported in node_pool_auto_config. Structure + is documented below. properties: cgroupMode: description: |- Possible cgroup modes that can be used. Accepted values are: type: string + hugepagesConfig: + description: Amounts for 2M and 1G hugepages. Structure + is documented below. + properties: + hugepageSize1G: + description: Amount of 1G hugepages. + type: number + hugepageSize2M: + description: Amount of 2M hugepages. + type: number + type: object sysctls: additionalProperties: type: string @@ -13084,6 +13452,11 @@ spec: The amount of local SSD disks that will be attached to each cluster node. Defaults to 0. type: number + localSsdEncryptionMode: + description: |- + Possible Local SSD encryption modes: + Accepted values are: + type: string loggingVariant: description: The type of logging agent that is deployed by default for newly created node pools in the cluster. @@ -13242,6 +13615,12 @@ spec: See the official documentation for more information. Defaults to false. type: boolean + storagePools: + description: The list of Storage Pools where boot disks + are provisioned. + items: + type: string + type: array tags: description: |- The list of instance tags applied to all nodes. Tags are used to identify @@ -13381,6 +13760,18 @@ spec: autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below. properties: + linuxNodeConfig: + description: Linux system configuration for the cluster's + automatically provisioned node pools. Only cgroup_mode field + is supported in node_pool_auto_config. Structure is documented + below. + properties: + cgroupMode: + description: |- + Possible cgroup modes that can be used. + Accepted values are: + type: string + type: object networkTags: description: The network tag config for the cluster's automatically provisioned node pools. Structure is documented below. @@ -13399,9 +13790,9 @@ spec: Structure is documented below. properties: insecureKubeletReadonlyPortEnabled: - description: 'Controls whether the kubelet read-only port - is enabled. It is strongly recommended to set this to - FALSE. Possible values: TRUE, FALSE.' + description: 'only port is enabled for newly created node + pools in the cluster. It is strongly recommended to + set this to FALSE. Possible values: TRUE, FALSE.' type: string type: object resourceManagerTags: @@ -13458,6 +13849,16 @@ spec: type: boolean type: object type: object + gcfsConfig: + description: The default Google Container Filesystem (GCFS) + configuration at the cluster level. e.g. enable image + streaming across all the node pools within the cluster. + Structure is documented below. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object insecureKubeletReadonlyPortEnabled: description: 'only port is enabled for newly created node pools in the cluster. It is strongly recommended to @@ -13638,6 +14039,16 @@ spec: billing export. Defaults to true. type: boolean type: object + secretManagerConfig: + description: |- + Configuration for the + SecretManagerConfig feature. + Structure is documented below. + properties: + enabled: + description: Enable the Secret Manager add-on for this cluster. + type: boolean + type: object securityPostureConfig: description: Enable/Disable Security Posture API features for the cluster. Structure is documented below. @@ -13677,12 +14088,44 @@ spec: The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched. type: string + terraformLabels: + additionalProperties: + type: string + description: The combination of labels configured directly on + the resource and default labels configured on the provider. + type: object + x-kubernetes-map-type: granular tpuIpv4CidrBlock: description: |- The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29). type: string + userManagedKeysConfig: + properties: + aggregationCa: + type: string + clusterCa: + type: string + controlPlaneDiskEncryptionKey: + type: string + etcdApiCa: + type: string + etcdPeerCa: + type: string + gkeopsEtcdBackupEncryptionKey: + type: string + serviceAccountSigningKeys: + items: + type: string + type: array + x-kubernetes-list-type: set + serviceAccountVerificationKeys: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object verticalPodAutoscaling: description: |- Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. diff --git a/package/crds/container.gcp.upbound.io_nodepools.yaml b/package/crds/container.gcp.upbound.io_nodepools.yaml index 7f088cc02..9eefe556b 100644 --- a/package/crds/container.gcp.upbound.io_nodepools.yaml +++ b/package/crds/container.gcp.upbound.io_nodepools.yaml @@ -2738,6 +2738,13 @@ spec: properties: cgroupMode: type: string + hugepagesConfig: + properties: + hugepageSize1G: + type: number + hugepageSize2M: + type: number + type: object sysctls: additionalProperties: type: string @@ -2751,6 +2758,11 @@ spec: type: object localSsdCount: type: number + localSsdEncryptionMode: + description: |- + Possible Local SSD encryption modes: + Accepted values are: + type: string loggingVariant: type: string machineType: @@ -2917,6 +2929,10 @@ spec: type: object spot: type: boolean + storagePools: + items: + type: string + type: array tags: items: type: string @@ -3351,6 +3367,13 @@ spec: properties: cgroupMode: type: string + hugepagesConfig: + properties: + hugepageSize1G: + type: number + hugepageSize2M: + type: number + type: object sysctls: additionalProperties: type: string @@ -3364,6 +3387,11 @@ spec: type: object localSsdCount: type: number + localSsdEncryptionMode: + description: |- + Possible Local SSD encryption modes: + Accepted values are: + type: string loggingVariant: type: string machineType: @@ -3530,6 +3558,10 @@ spec: type: object spot: type: boolean + storagePools: + items: + type: string + type: array tags: items: type: string @@ -4160,6 +4192,13 @@ spec: properties: cgroupMode: type: string + hugepagesConfig: + properties: + hugepageSize1G: + type: number + hugepageSize2M: + type: number + type: object sysctls: additionalProperties: type: string @@ -4173,6 +4212,11 @@ spec: type: object localSsdCount: type: number + localSsdEncryptionMode: + description: |- + Possible Local SSD encryption modes: + Accepted values are: + type: string loggingVariant: type: string machineType: @@ -4263,6 +4307,10 @@ spec: type: object spot: type: boolean + storagePools: + items: + type: string + type: array tags: items: type: string From 3507581e95ed7c22379df9e433578e995e00dbbe Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 18:56:13 +0100 Subject: [PATCH 37/47] dataproc: multiple changes Signed-off-by: Rickard von Essen --- apis/dataproc/v1beta2/zz_cluster_types.go | 57 ++++++ .../dataproc/v1beta2/zz_generated.deepcopy.go | 180 ++++++++++++++++++ .../v1beta2/zz_metastoreservice_types.go | 10 + .../dataproc.gcp.upbound.io_clusters.yaml | 48 +++++ ...proc.gcp.upbound.io_metastoreservices.yaml | 12 ++ 5 files changed, 307 insertions(+) diff --git a/apis/dataproc/v1beta2/zz_cluster_types.go b/apis/dataproc/v1beta2/zz_cluster_types.go index a8e8fe5d5..7f33ebda5 100755 --- a/apis/dataproc/v1beta2/zz_cluster_types.go +++ b/apis/dataproc/v1beta2/zz_cluster_types.go @@ -656,6 +656,25 @@ type ClusterParameters struct { VirtualClusterConfig *VirtualClusterConfigParameters `json:"virtualClusterConfig,omitempty" tf:"virtual_cluster_config,omitempty"` } +type ConfidentialInstanceConfigInitParameters struct { + + // Defines whether the instance should have confidential compute enabled. + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` +} + +type ConfidentialInstanceConfigObservation struct { + + // Defines whether the instance should have confidential compute enabled. + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` +} + +type ConfidentialInstanceConfigParameters struct { + + // Defines whether the instance should have confidential compute enabled. + // +kubebuilder:validation:Optional + EnableConfidentialCompute *bool `json:"enableConfidentialCompute,omitempty" tf:"enable_confidential_compute,omitempty"` +} + type ConfigInitParameters struct { // The number of local SSD disks to attach to the node, @@ -876,6 +895,9 @@ type EndpointConfigParameters struct { type GceClusterConfigInitParameters struct { + // Confidential Instance Config for clusters using Confidential VMs + ConfidentialInstanceConfig *ConfidentialInstanceConfigInitParameters `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` + // By default, clusters are not restricted to internal IP addresses, // and will have ephemeral external IP addresses assigned to each instance. If set to true, all // instances in the cluster will only have internal IP addresses. Note: Private Google Access @@ -945,6 +967,9 @@ type GceClusterConfigInitParameters struct { type GceClusterConfigObservation struct { + // Confidential Instance Config for clusters using Confidential VMs + ConfidentialInstanceConfig *ConfidentialInstanceConfigObservation `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` + // By default, clusters are not restricted to internal IP addresses, // and will have ephemeral external IP addresses assigned to each instance. If set to true, all // instances in the cluster will only have internal IP addresses. Note: Private Google Access @@ -1004,6 +1029,10 @@ type GceClusterConfigObservation struct { type GceClusterConfigParameters struct { + // Confidential Instance Config for clusters using Confidential VMs + // +kubebuilder:validation:Optional + ConfidentialInstanceConfig *ConfidentialInstanceConfigParameters `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` + // By default, clusters are not restricted to internal IP addresses, // and will have ephemeral external IP addresses assigned to each instance. If set to true, all // instances in the cluster will only have internal IP addresses. Note: Private Google Access @@ -1162,6 +1191,8 @@ type InstanceFlexibilityPolicyInitParameters struct { // List of instance selection options that the group will use when creating new VMs. InstanceSelectionList []InstanceSelectionListInitParameters `json:"instanceSelectionList,omitempty" tf:"instance_selection_list,omitempty"` + + ProvisioningModelMix *ProvisioningModelMixInitParameters `json:"provisioningModelMix,omitempty" tf:"provisioning_model_mix,omitempty"` } type InstanceFlexibilityPolicyObservation struct { @@ -1170,6 +1201,8 @@ type InstanceFlexibilityPolicyObservation struct { InstanceSelectionList []InstanceSelectionListObservation `json:"instanceSelectionList,omitempty" tf:"instance_selection_list,omitempty"` InstanceSelectionResults []InstanceSelectionResultsObservation `json:"instanceSelectionResults,omitempty" tf:"instance_selection_results,omitempty"` + + ProvisioningModelMix *ProvisioningModelMixObservation `json:"provisioningModelMix,omitempty" tf:"provisioning_model_mix,omitempty"` } type InstanceFlexibilityPolicyParameters struct { @@ -1177,6 +1210,9 @@ type InstanceFlexibilityPolicyParameters struct { // List of instance selection options that the group will use when creating new VMs. // +kubebuilder:validation:Optional InstanceSelectionList []InstanceSelectionListParameters `json:"instanceSelectionList,omitempty" tf:"instance_selection_list,omitempty"` + + // +kubebuilder:validation:Optional + ProvisioningModelMix *ProvisioningModelMixParameters `json:"provisioningModelMix,omitempty" tf:"provisioning_model_mix,omitempty"` } type InstanceSelectionListInitParameters struct { @@ -2174,6 +2210,27 @@ type PreemptibleWorkerConfigParameters struct { Preemptibility *string `json:"preemptibility,omitempty" tf:"preemptibility,omitempty"` } +type ProvisioningModelMixInitParameters struct { + StandardCapacityBase *float64 `json:"standardCapacityBase,omitempty" tf:"standard_capacity_base,omitempty"` + + StandardCapacityPercentAboveBase *float64 `json:"standardCapacityPercentAboveBase,omitempty" tf:"standard_capacity_percent_above_base,omitempty"` +} + +type ProvisioningModelMixObservation struct { + StandardCapacityBase *float64 `json:"standardCapacityBase,omitempty" tf:"standard_capacity_base,omitempty"` + + StandardCapacityPercentAboveBase *float64 `json:"standardCapacityPercentAboveBase,omitempty" tf:"standard_capacity_percent_above_base,omitempty"` +} + +type ProvisioningModelMixParameters struct { + + // +kubebuilder:validation:Optional + StandardCapacityBase *float64 `json:"standardCapacityBase,omitempty" tf:"standard_capacity_base,omitempty"` + + // +kubebuilder:validation:Optional + StandardCapacityPercentAboveBase *float64 `json:"standardCapacityPercentAboveBase,omitempty" tf:"standard_capacity_percent_above_base,omitempty"` +} + type ReservationAffinityInitParameters struct { // Corresponds to the type of reservation consumption. diff --git a/apis/dataproc/v1beta2/zz_generated.deepcopy.go b/apis/dataproc/v1beta2/zz_generated.deepcopy.go index f8fc0cb7f..50a4ac7f5 100644 --- a/apis/dataproc/v1beta2/zz_generated.deepcopy.go +++ b/apis/dataproc/v1beta2/zz_generated.deepcopy.go @@ -1747,6 +1747,66 @@ func (in *ClusterStatus) DeepCopy() *ClusterStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfidentialInstanceConfigInitParameters) DeepCopyInto(out *ConfidentialInstanceConfigInitParameters) { + *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfidentialInstanceConfigInitParameters. +func (in *ConfidentialInstanceConfigInitParameters) DeepCopy() *ConfidentialInstanceConfigInitParameters { + if in == nil { + return nil + } + out := new(ConfidentialInstanceConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfidentialInstanceConfigObservation) DeepCopyInto(out *ConfidentialInstanceConfigObservation) { + *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfidentialInstanceConfigObservation. +func (in *ConfidentialInstanceConfigObservation) DeepCopy() *ConfidentialInstanceConfigObservation { + if in == nil { + return nil + } + out := new(ConfidentialInstanceConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfidentialInstanceConfigParameters) DeepCopyInto(out *ConfidentialInstanceConfigParameters) { + *out = *in + if in.EnableConfidentialCompute != nil { + in, out := &in.EnableConfidentialCompute, &out.EnableConfidentialCompute + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfidentialInstanceConfigParameters. +func (in *ConfidentialInstanceConfigParameters) DeepCopy() *ConfidentialInstanceConfigParameters { + if in == nil { + return nil + } + out := new(ConfidentialInstanceConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigAutoscalingConfigInitParameters) DeepCopyInto(out *ConfigAutoscalingConfigInitParameters) { *out = *in @@ -3975,6 +4035,11 @@ func (in *EndpointConfigParameters) DeepCopy() *EndpointConfigParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GceClusterConfigInitParameters) DeepCopyInto(out *GceClusterConfigInitParameters) { *out = *in + if in.ConfidentialInstanceConfig != nil { + in, out := &in.ConfidentialInstanceConfig, &out.ConfidentialInstanceConfig + *out = new(ConfidentialInstanceConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.InternalIPOnly != nil { in, out := &in.InternalIPOnly, &out.InternalIPOnly *out = new(bool) @@ -4138,6 +4203,11 @@ func (in *GceClusterConfigNodeGroupAffinityParameters) DeepCopy() *GceClusterCon // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GceClusterConfigObservation) DeepCopyInto(out *GceClusterConfigObservation) { *out = *in + if in.ConfidentialInstanceConfig != nil { + in, out := &in.ConfidentialInstanceConfig, &out.ConfidentialInstanceConfig + *out = new(ConfidentialInstanceConfigObservation) + (*in).DeepCopyInto(*out) + } if in.InternalIPOnly != nil { in, out := &in.InternalIPOnly, &out.InternalIPOnly *out = new(bool) @@ -4231,6 +4301,11 @@ func (in *GceClusterConfigObservation) DeepCopy() *GceClusterConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GceClusterConfigParameters) DeepCopyInto(out *GceClusterConfigParameters) { *out = *in + if in.ConfidentialInstanceConfig != nil { + in, out := &in.ConfidentialInstanceConfig, &out.ConfidentialInstanceConfig + *out = new(ConfidentialInstanceConfigParameters) + (*in).DeepCopyInto(*out) + } if in.InternalIPOnly != nil { in, out := &in.InternalIPOnly, &out.InternalIPOnly *out = new(bool) @@ -6108,6 +6183,11 @@ func (in *InstanceFlexibilityPolicyInitParameters) DeepCopyInto(out *InstanceFle (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ProvisioningModelMix != nil { + in, out := &in.ProvisioningModelMix, &out.ProvisioningModelMix + *out = new(ProvisioningModelMixInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyInitParameters. @@ -6137,6 +6217,11 @@ func (in *InstanceFlexibilityPolicyObservation) DeepCopyInto(out *InstanceFlexib (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ProvisioningModelMix != nil { + in, out := &in.ProvisioningModelMix, &out.ProvisioningModelMix + *out = new(ProvisioningModelMixObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyObservation. @@ -6159,6 +6244,11 @@ func (in *InstanceFlexibilityPolicyParameters) DeepCopyInto(out *InstanceFlexibi (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ProvisioningModelMix != nil { + in, out := &in.ProvisioningModelMix, &out.ProvisioningModelMix + *out = new(ProvisioningModelMixParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceFlexibilityPolicyParameters. @@ -8926,6 +9016,11 @@ func (in *MetastoreServiceInitParameters) DeepCopyInto(out *MetastoreServiceInit *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = new(MetastoreServiceEncryptionConfigInitParameters) @@ -9064,6 +9159,11 @@ func (in *MetastoreServiceObservation) DeepCopyInto(out *MetastoreServiceObserva *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.EffectiveLabels != nil { in, out := &in.EffectiveLabels, &out.EffectiveLabels *out = make(map[string]*string, len(*in)) @@ -9232,6 +9332,11 @@ func (in *MetastoreServiceParameters) DeepCopyInto(out *MetastoreServiceParamete *out = new(string) **out = **in } + if in.DeletionProtection != nil { + in, out := &in.DeletionProtection, &out.DeletionProtection + *out = new(bool) + **out = **in + } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = new(MetastoreServiceEncryptionConfigParameters) @@ -11898,6 +12003,81 @@ func (in *PrestoJobQueryListParameters) DeepCopy() *PrestoJobQueryListParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProvisioningModelMixInitParameters) DeepCopyInto(out *ProvisioningModelMixInitParameters) { + *out = *in + if in.StandardCapacityBase != nil { + in, out := &in.StandardCapacityBase, &out.StandardCapacityBase + *out = new(float64) + **out = **in + } + if in.StandardCapacityPercentAboveBase != nil { + in, out := &in.StandardCapacityPercentAboveBase, &out.StandardCapacityPercentAboveBase + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProvisioningModelMixInitParameters. +func (in *ProvisioningModelMixInitParameters) DeepCopy() *ProvisioningModelMixInitParameters { + if in == nil { + return nil + } + out := new(ProvisioningModelMixInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProvisioningModelMixObservation) DeepCopyInto(out *ProvisioningModelMixObservation) { + *out = *in + if in.StandardCapacityBase != nil { + in, out := &in.StandardCapacityBase, &out.StandardCapacityBase + *out = new(float64) + **out = **in + } + if in.StandardCapacityPercentAboveBase != nil { + in, out := &in.StandardCapacityPercentAboveBase, &out.StandardCapacityPercentAboveBase + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProvisioningModelMixObservation. +func (in *ProvisioningModelMixObservation) DeepCopy() *ProvisioningModelMixObservation { + if in == nil { + return nil + } + out := new(ProvisioningModelMixObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProvisioningModelMixParameters) DeepCopyInto(out *ProvisioningModelMixParameters) { + *out = *in + if in.StandardCapacityBase != nil { + in, out := &in.StandardCapacityBase, &out.StandardCapacityBase + *out = new(float64) + **out = **in + } + if in.StandardCapacityPercentAboveBase != nil { + in, out := &in.StandardCapacityPercentAboveBase, &out.StandardCapacityPercentAboveBase + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProvisioningModelMixParameters. +func (in *ProvisioningModelMixParameters) DeepCopy() *ProvisioningModelMixParameters { + if in == nil { + return nil + } + out := new(ProvisioningModelMixParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PysparkConfigInitParameters) DeepCopyInto(out *PysparkConfigInitParameters) { *out = *in diff --git a/apis/dataproc/v1beta2/zz_metastoreservice_types.go b/apis/dataproc/v1beta2/zz_metastoreservice_types.go index 2def9ec37..9d16ca753 100755 --- a/apis/dataproc/v1beta2/zz_metastoreservice_types.go +++ b/apis/dataproc/v1beta2/zz_metastoreservice_types.go @@ -384,6 +384,9 @@ type MetastoreServiceInitParameters struct { // Possible values are: MYSQL, SPANNER. DatabaseType *string `json:"databaseType,omitempty" tf:"database_type,omitempty"` + // Indicates if the dataproc metastore should be protected against accidental deletions. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Information used to configure the Dataproc Metastore service to encrypt // customer data at rest. // Structure is documented below. @@ -456,6 +459,9 @@ type MetastoreServiceObservation struct { // Possible values are: MYSQL, SPANNER. DatabaseType *string `json:"databaseType,omitempty" tf:"database_type,omitempty"` + // Indicates if the dataproc metastore should be protected against accidental deletions. + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // +mapType=granular EffectiveLabels map[string]*string `json:"effectiveLabels,omitempty" tf:"effective_labels,omitempty"` @@ -556,6 +562,10 @@ type MetastoreServiceParameters struct { // +kubebuilder:validation:Optional DatabaseType *string `json:"databaseType,omitempty" tf:"database_type,omitempty"` + // Indicates if the dataproc metastore should be protected against accidental deletions. + // +kubebuilder:validation:Optional + DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` + // Information used to configure the Dataproc Metastore service to encrypt // customer data at rest. // Structure is documented below. diff --git a/package/crds/dataproc.gcp.upbound.io_clusters.yaml b/package/crds/dataproc.gcp.upbound.io_clusters.yaml index a5cada2c4..9046e6fde 100644 --- a/package/crds/dataproc.gcp.upbound.io_clusters.yaml +++ b/package/crds/dataproc.gcp.upbound.io_clusters.yaml @@ -3632,6 +3632,15 @@ spec: Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster. Structure defined below. properties: + confidentialInstanceConfig: + description: Confidential Instance Config for clusters + using Confidential VMs + properties: + enableConfidentialCompute: + description: Defines whether the instance should have + confidential compute enabled. + type: boolean + type: object internalIpOnly: description: |- By default, clusters are not restricted to internal IP addresses, @@ -3994,6 +4003,13 @@ spec: type: number type: object type: array + provisioningModelMix: + properties: + standardCapacityBase: + type: number + standardCapacityPercentAboveBase: + type: number + type: object type: object numInstances: description: |- @@ -4597,6 +4613,15 @@ spec: Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster. Structure defined below. properties: + confidentialInstanceConfig: + description: Confidential Instance Config for clusters + using Confidential VMs + properties: + enableConfidentialCompute: + description: Defines whether the instance should have + confidential compute enabled. + type: boolean + type: object internalIpOnly: description: |- By default, clusters are not restricted to internal IP addresses, @@ -4959,6 +4984,13 @@ spec: type: number type: object type: array + provisioningModelMix: + properties: + standardCapacityBase: + type: number + standardCapacityPercentAboveBase: + type: number + type: object type: object numInstances: description: |- @@ -5752,6 +5784,15 @@ spec: Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster. Structure defined below. properties: + confidentialInstanceConfig: + description: Confidential Instance Config for clusters + using Confidential VMs + properties: + enableConfidentialCompute: + description: Defines whether the instance should have + confidential compute enabled. + type: boolean + type: object internalIpOnly: description: |- By default, clusters are not restricted to internal IP addresses, @@ -6061,6 +6102,13 @@ spec: type: number type: object type: array + provisioningModelMix: + properties: + standardCapacityBase: + type: number + standardCapacityPercentAboveBase: + type: number + type: object type: object instanceNames: description: |- diff --git a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml index 581ec82d0..d4f6405dc 100644 --- a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml +++ b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml @@ -1534,6 +1534,10 @@ spec: Default value is MYSQL. Possible values are: MYSQL, SPANNER. type: string + deletionProtection: + description: Indicates if the dataproc metastore should be protected + against accidental deletions. + type: boolean encryptionConfig: description: |- Information used to configure the Dataproc Metastore service to encrypt @@ -1943,6 +1947,10 @@ spec: Default value is MYSQL. Possible values are: MYSQL, SPANNER. type: string + deletionProtection: + description: Indicates if the dataproc metastore should be protected + against accidental deletions. + type: boolean encryptionConfig: description: |- Information used to configure the Dataproc Metastore service to encrypt @@ -2510,6 +2518,10 @@ spec: Default value is MYSQL. Possible values are: MYSQL, SPANNER. type: string + deletionProtection: + description: Indicates if the dataproc metastore should be protected + against accidental deletions. + type: boolean effectiveLabels: additionalProperties: type: string From dcf9540702696ca0c8cc422a6b38b0bc463bb31d Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 18:57:19 +0100 Subject: [PATCH 38/47] filestore: multiple changes Signed-off-by: Rickard von Essen --- apis/filestore/v1beta1/zz_backup_types.go | 22 ++ .../v1beta1/zz_generated.deepcopy.go | 48 ++++ .../v1beta2/zz_generated.deepcopy.go | 255 ++++++++++++++++++ apis/filestore/v1beta2/zz_instance_types.go | 158 +++++++++++ .../filestore.gcp.upbound.io_backups.yaml | 30 +++ .../filestore.gcp.upbound.io_instances.yaml | 153 +++++++++++ 6 files changed, 666 insertions(+) diff --git a/apis/filestore/v1beta1/zz_backup_types.go b/apis/filestore/v1beta1/zz_backup_types.go index 7aae114c9..d1620f7d5 100755 --- a/apis/filestore/v1beta1/zz_backup_types.go +++ b/apis/filestore/v1beta1/zz_backup_types.go @@ -41,6 +41,13 @@ type BackupInitParameters struct { // Selector for a Instance in filestore to populate sourceInstance. // +kubebuilder:validation:Optional SourceInstanceSelector *v1.Selector `json:"sourceInstanceSelector,omitempty" tf:"-"` + + // A map of resource manager tags. + // Resource manager tag keys and values have the same definition as resource manager tags. + // Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}. + // The field is ignored (both PUT & PATCH) when empty. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } type BackupObservation struct { @@ -93,6 +100,13 @@ type BackupObservation struct { // The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. StorageBytes *string `json:"storageBytes,omitempty" tf:"storage_bytes,omitempty"` + // A map of resource manager tags. + // Resource manager tag keys and values have the same definition as resource manager tags. + // Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}. + // The field is ignored (both PUT & PATCH) when empty. + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` + // The combination of labels configured directly on the resource // and default labels configured on the provider. // +mapType=granular @@ -136,6 +150,14 @@ type BackupParameters struct { // Selector for a Instance in filestore to populate sourceInstance. // +kubebuilder:validation:Optional SourceInstanceSelector *v1.Selector `json:"sourceInstanceSelector,omitempty" tf:"-"` + + // A map of resource manager tags. + // Resource manager tag keys and values have the same definition as resource manager tags. + // Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}. + // The field is ignored (both PUT & PATCH) when empty. + // +kubebuilder:validation:Optional + // +mapType=granular + Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"` } // BackupSpec defines the desired state of Backup diff --git a/apis/filestore/v1beta1/zz_generated.deepcopy.go b/apis/filestore/v1beta1/zz_generated.deepcopy.go index 1bdd80993..84d65f60a 100644 --- a/apis/filestore/v1beta1/zz_generated.deepcopy.go +++ b/apis/filestore/v1beta1/zz_generated.deepcopy.go @@ -89,6 +89,22 @@ func (in *BackupInitParameters) DeepCopyInto(out *BackupInitParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupInitParameters. @@ -233,6 +249,22 @@ func (in *BackupObservation) DeepCopyInto(out *BackupObservation) { *out = new(string) **out = **in } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } if in.TerraformLabels != nil { in, out := &in.TerraformLabels, &out.TerraformLabels *out = make(map[string]*string, len(*in)) @@ -315,6 +347,22 @@ func (in *BackupParameters) DeepCopyInto(out *BackupParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupParameters. diff --git a/apis/filestore/v1beta2/zz_generated.deepcopy.go b/apis/filestore/v1beta2/zz_generated.deepcopy.go index 5ca03e2e4..ed6225226 100644 --- a/apis/filestore/v1beta2/zz_generated.deepcopy.go +++ b/apis/filestore/v1beta2/zz_generated.deepcopy.go @@ -124,6 +124,66 @@ func (in *FileSharesParameters) DeepCopy() *FileSharesParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FixedIopsInitParameters) DeepCopyInto(out *FixedIopsInitParameters) { + *out = *in + if in.MaxIops != nil { + in, out := &in.MaxIops, &out.MaxIops + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixedIopsInitParameters. +func (in *FixedIopsInitParameters) DeepCopy() *FixedIopsInitParameters { + if in == nil { + return nil + } + out := new(FixedIopsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FixedIopsObservation) DeepCopyInto(out *FixedIopsObservation) { + *out = *in + if in.MaxIops != nil { + in, out := &in.MaxIops, &out.MaxIops + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixedIopsObservation. +func (in *FixedIopsObservation) DeepCopy() *FixedIopsObservation { + if in == nil { + return nil + } + out := new(FixedIopsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FixedIopsParameters) DeepCopyInto(out *FixedIopsParameters) { + *out = *in + if in.MaxIops != nil { + in, out := &in.MaxIops, &out.MaxIops + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixedIopsParameters. +func (in *FixedIopsParameters) DeepCopy() *FixedIopsParameters { + if in == nil { + return nil + } + out := new(FixedIopsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Instance) DeepCopyInto(out *Instance) { *out = *in @@ -154,6 +214,16 @@ func (in *Instance) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = *in + if in.DeletionProtectionEnabled != nil { + in, out := &in.DeletionProtectionEnabled, &out.DeletionProtectionEnabled + *out = new(bool) + **out = **in + } + if in.DeletionProtectionReason != nil { + in, out := &in.DeletionProtectionReason, &out.DeletionProtectionReason + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -202,11 +272,21 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PerformanceConfig != nil { + in, out := &in.PerformanceConfig, &out.PerformanceConfig + *out = new(PerformanceConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) **out = **in } + if in.Protocol != nil { + in, out := &in.Protocol, &out.Protocol + *out = new(string) + **out = **in + } if in.Tier != nil { in, out := &in.Tier, &out.Tier *out = new(string) @@ -269,6 +349,16 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.DeletionProtectionEnabled != nil { + in, out := &in.DeletionProtectionEnabled, &out.DeletionProtectionEnabled + *out = new(bool) + **out = **in + } + if in.DeletionProtectionReason != nil { + in, out := &in.DeletionProtectionReason, &out.DeletionProtectionReason + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -338,11 +428,21 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PerformanceConfig != nil { + in, out := &in.PerformanceConfig, &out.PerformanceConfig + *out = new(PerformanceConfigObservation) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) **out = **in } + if in.Protocol != nil { + in, out := &in.Protocol, &out.Protocol + *out = new(string) + **out = **in + } if in.TerraformLabels != nil { in, out := &in.TerraformLabels, &out.TerraformLabels *out = make(map[string]*string, len(*in)) @@ -384,6 +484,16 @@ func (in *InstanceObservation) DeepCopy() *InstanceObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = *in + if in.DeletionProtectionEnabled != nil { + in, out := &in.DeletionProtectionEnabled, &out.DeletionProtectionEnabled + *out = new(bool) + **out = **in + } + if in.DeletionProtectionReason != nil { + in, out := &in.DeletionProtectionReason, &out.DeletionProtectionReason + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -437,11 +547,21 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PerformanceConfig != nil { + in, out := &in.PerformanceConfig, &out.PerformanceConfig + *out = new(PerformanceConfigParameters) + (*in).DeepCopyInto(*out) + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) **out = **in } + if in.Protocol != nil { + in, out := &in.Protocol, &out.Protocol + *out = new(string) + **out = **in + } if in.Tier != nil { in, out := &in.Tier, &out.Tier *out = new(string) @@ -499,6 +619,66 @@ func (in *InstanceStatus) DeepCopy() *InstanceStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IopsPerTbInitParameters) DeepCopyInto(out *IopsPerTbInitParameters) { + *out = *in + if in.MaxIopsPerTb != nil { + in, out := &in.MaxIopsPerTb, &out.MaxIopsPerTb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IopsPerTbInitParameters. +func (in *IopsPerTbInitParameters) DeepCopy() *IopsPerTbInitParameters { + if in == nil { + return nil + } + out := new(IopsPerTbInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IopsPerTbObservation) DeepCopyInto(out *IopsPerTbObservation) { + *out = *in + if in.MaxIopsPerTb != nil { + in, out := &in.MaxIopsPerTb, &out.MaxIopsPerTb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IopsPerTbObservation. +func (in *IopsPerTbObservation) DeepCopy() *IopsPerTbObservation { + if in == nil { + return nil + } + out := new(IopsPerTbObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IopsPerTbParameters) DeepCopyInto(out *IopsPerTbParameters) { + *out = *in + if in.MaxIopsPerTb != nil { + in, out := &in.MaxIopsPerTb, &out.MaxIopsPerTb + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IopsPerTbParameters. +func (in *IopsPerTbParameters) DeepCopy() *IopsPerTbParameters { + if in == nil { + return nil + } + out := new(IopsPerTbParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NFSExportOptionsInitParameters) DeepCopyInto(out *NFSExportOptionsInitParameters) { *out = *in @@ -770,3 +950,78 @@ func (in *NetworksParameters) DeepCopy() *NetworksParameters { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PerformanceConfigInitParameters) DeepCopyInto(out *PerformanceConfigInitParameters) { + *out = *in + if in.FixedIops != nil { + in, out := &in.FixedIops, &out.FixedIops + *out = new(FixedIopsInitParameters) + (*in).DeepCopyInto(*out) + } + if in.IopsPerTb != nil { + in, out := &in.IopsPerTb, &out.IopsPerTb + *out = new(IopsPerTbInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerformanceConfigInitParameters. +func (in *PerformanceConfigInitParameters) DeepCopy() *PerformanceConfigInitParameters { + if in == nil { + return nil + } + out := new(PerformanceConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PerformanceConfigObservation) DeepCopyInto(out *PerformanceConfigObservation) { + *out = *in + if in.FixedIops != nil { + in, out := &in.FixedIops, &out.FixedIops + *out = new(FixedIopsObservation) + (*in).DeepCopyInto(*out) + } + if in.IopsPerTb != nil { + in, out := &in.IopsPerTb, &out.IopsPerTb + *out = new(IopsPerTbObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerformanceConfigObservation. +func (in *PerformanceConfigObservation) DeepCopy() *PerformanceConfigObservation { + if in == nil { + return nil + } + out := new(PerformanceConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PerformanceConfigParameters) DeepCopyInto(out *PerformanceConfigParameters) { + *out = *in + if in.FixedIops != nil { + in, out := &in.FixedIops, &out.FixedIops + *out = new(FixedIopsParameters) + (*in).DeepCopyInto(*out) + } + if in.IopsPerTb != nil { + in, out := &in.IopsPerTb, &out.IopsPerTb + *out = new(IopsPerTbParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerformanceConfigParameters. +func (in *PerformanceConfigParameters) DeepCopy() *PerformanceConfigParameters { + if in == nil { + return nil + } + out := new(PerformanceConfigParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/filestore/v1beta2/zz_instance_types.go b/apis/filestore/v1beta2/zz_instance_types.go index 17c2b2e6c..4cc3026e7 100755 --- a/apis/filestore/v1beta2/zz_instance_types.go +++ b/apis/filestore/v1beta2/zz_instance_types.go @@ -74,8 +74,36 @@ type FileSharesParameters struct { SourceBackup *string `json:"sourceBackup,omitempty" tf:"source_backup,omitempty"` } +type FixedIopsInitParameters struct { + + // The number of IOPS to provision for the instance. + // max_iops must be in multiple of 1000. + MaxIops *float64 `json:"maxIops,omitempty" tf:"max_iops,omitempty"` +} + +type FixedIopsObservation struct { + + // The number of IOPS to provision for the instance. + // max_iops must be in multiple of 1000. + MaxIops *float64 `json:"maxIops,omitempty" tf:"max_iops,omitempty"` +} + +type FixedIopsParameters struct { + + // The number of IOPS to provision for the instance. + // max_iops must be in multiple of 1000. + // +kubebuilder:validation:Optional + MaxIops *float64 `json:"maxIops,omitempty" tf:"max_iops,omitempty"` +} + type InstanceInitParameters struct { + // Indicates whether the instance is protected against deletion. + DeletionProtectionEnabled *bool `json:"deletionProtectionEnabled,omitempty" tf:"deletion_protection_enabled,omitempty"` + + // The reason for enabling deletion protection. + DeletionProtectionReason *string `json:"deletionProtectionReason,omitempty" tf:"deletion_protection_reason,omitempty"` + // A description of the instance. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -106,10 +134,23 @@ type InstanceInitParameters struct { // Structure is documented below. Networks []NetworksInitParameters `json:"networks,omitempty" tf:"networks,omitempty"` + // Performance configuration for the instance. If not provided, + // the default performance settings will be used. + // Structure is documented below. + PerformanceConfig *PerformanceConfigInitParameters `json:"performanceConfig,omitempty" tf:"performance_config,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Either NFSv3, for using NFS version 3 as file sharing protocol, + // or NFSv4.1, for using NFS version 4.1 as file sharing protocol. + // NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. + // The default is NFSv3. + // Default value is NFS_V3. + // Possible values are: NFS_V3, NFS_V4_1. + Protocol *string `json:"protocol,omitempty" tf:"protocol,omitempty"` + // The service tier of the instance. // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE Tier *string `json:"tier,omitempty" tf:"tier,omitempty"` @@ -123,6 +164,12 @@ type InstanceObservation struct { // Creation timestamp in RFC3339 text format. CreateTime *string `json:"createTime,omitempty" tf:"create_time,omitempty"` + // Indicates whether the instance is protected against deletion. + DeletionProtectionEnabled *bool `json:"deletionProtectionEnabled,omitempty" tf:"deletion_protection_enabled,omitempty"` + + // The reason for enabling deletion protection. + DeletionProtectionReason *string `json:"deletionProtectionReason,omitempty" tf:"deletion_protection_reason,omitempty"` + // A description of the instance. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -156,10 +203,23 @@ type InstanceObservation struct { // Structure is documented below. Networks []NetworksObservation `json:"networks,omitempty" tf:"networks,omitempty"` + // Performance configuration for the instance. If not provided, + // the default performance settings will be used. + // Structure is documented below. + PerformanceConfig *PerformanceConfigObservation `json:"performanceConfig,omitempty" tf:"performance_config,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Either NFSv3, for using NFS version 3 as file sharing protocol, + // or NFSv4.1, for using NFS version 4.1 as file sharing protocol. + // NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. + // The default is NFSv3. + // Default value is NFS_V3. + // Possible values are: NFS_V3, NFS_V4_1. + Protocol *string `json:"protocol,omitempty" tf:"protocol,omitempty"` + // The combination of labels configured directly on the resource // and default labels configured on the provider. // +mapType=granular @@ -175,6 +235,14 @@ type InstanceObservation struct { type InstanceParameters struct { + // Indicates whether the instance is protected against deletion. + // +kubebuilder:validation:Optional + DeletionProtectionEnabled *bool `json:"deletionProtectionEnabled,omitempty" tf:"deletion_protection_enabled,omitempty"` + + // The reason for enabling deletion protection. + // +kubebuilder:validation:Optional + DeletionProtectionReason *string `json:"deletionProtectionReason,omitempty" tf:"deletion_protection_reason,omitempty"` + // A description of the instance. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -214,11 +282,26 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional Networks []NetworksParameters `json:"networks,omitempty" tf:"networks,omitempty"` + // Performance configuration for the instance. If not provided, + // the default performance settings will be used. + // Structure is documented below. + // +kubebuilder:validation:Optional + PerformanceConfig *PerformanceConfigParameters `json:"performanceConfig,omitempty" tf:"performance_config,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Either NFSv3, for using NFS version 3 as file sharing protocol, + // or NFSv4.1, for using NFS version 4.1 as file sharing protocol. + // NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. + // The default is NFSv3. + // Default value is NFS_V3. + // Possible values are: NFS_V3, NFS_V4_1. + // +kubebuilder:validation:Optional + Protocol *string `json:"protocol,omitempty" tf:"protocol,omitempty"` + // The service tier of the instance. // Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE // +kubebuilder:validation:Optional @@ -229,6 +312,37 @@ type InstanceParameters struct { Zone *string `json:"zone,omitempty" tf:"zone,omitempty"` } +type IopsPerTbInitParameters struct { + + // The instance max IOPS will be calculated by multiplying + // the capacity of the instance (TB) by max_iops_per_tb, + // and rounding to the nearest 1000. The instance max IOPS + // will be changed dynamically based on the instance + // capacity. + MaxIopsPerTb *float64 `json:"maxIopsPerTb,omitempty" tf:"max_iops_per_tb,omitempty"` +} + +type IopsPerTbObservation struct { + + // The instance max IOPS will be calculated by multiplying + // the capacity of the instance (TB) by max_iops_per_tb, + // and rounding to the nearest 1000. The instance max IOPS + // will be changed dynamically based on the instance + // capacity. + MaxIopsPerTb *float64 `json:"maxIopsPerTb,omitempty" tf:"max_iops_per_tb,omitempty"` +} + +type IopsPerTbParameters struct { + + // The instance max IOPS will be calculated by multiplying + // the capacity of the instance (TB) by max_iops_per_tb, + // and rounding to the nearest 1000. The instance max IOPS + // will be changed dynamically based on the instance + // capacity. + // +kubebuilder:validation:Optional + MaxIopsPerTb *float64 `json:"maxIopsPerTb,omitempty" tf:"max_iops_per_tb,omitempty"` +} + type NFSExportOptionsInitParameters struct { // Either READ_ONLY, for allowing only read requests on the exported directory, @@ -401,6 +515,50 @@ type NetworksParameters struct { ReservedIPRange *string `json:"reservedIpRange,omitempty" tf:"reserved_ip_range,omitempty"` } +type PerformanceConfigInitParameters struct { + + // The instance will have a fixed provisioned IOPS value, + // which will remain constant regardless of instance + // capacity. + // Structure is documented below. + FixedIops *FixedIopsInitParameters `json:"fixedIops,omitempty" tf:"fixed_iops,omitempty"` + + // The instance provisioned IOPS will change dynamically + // based on the capacity of the instance. + // Structure is documented below. + IopsPerTb *IopsPerTbInitParameters `json:"iopsPerTb,omitempty" tf:"iops_per_tb,omitempty"` +} + +type PerformanceConfigObservation struct { + + // The instance will have a fixed provisioned IOPS value, + // which will remain constant regardless of instance + // capacity. + // Structure is documented below. + FixedIops *FixedIopsObservation `json:"fixedIops,omitempty" tf:"fixed_iops,omitempty"` + + // The instance provisioned IOPS will change dynamically + // based on the capacity of the instance. + // Structure is documented below. + IopsPerTb *IopsPerTbObservation `json:"iopsPerTb,omitempty" tf:"iops_per_tb,omitempty"` +} + +type PerformanceConfigParameters struct { + + // The instance will have a fixed provisioned IOPS value, + // which will remain constant regardless of instance + // capacity. + // Structure is documented below. + // +kubebuilder:validation:Optional + FixedIops *FixedIopsParameters `json:"fixedIops,omitempty" tf:"fixed_iops,omitempty"` + + // The instance provisioned IOPS will change dynamically + // based on the capacity of the instance. + // Structure is documented below. + // +kubebuilder:validation:Optional + IopsPerTb *IopsPerTbParameters `json:"iopsPerTb,omitempty" tf:"iops_per_tb,omitempty"` +} + // InstanceSpec defines the desired state of Instance type InstanceSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/package/crds/filestore.gcp.upbound.io_backups.yaml b/package/crds/filestore.gcp.upbound.io_backups.yaml index 2951eac31..6f8af00cd 100644 --- a/package/crds/filestore.gcp.upbound.io_backups.yaml +++ b/package/crds/filestore.gcp.upbound.io_backups.yaml @@ -177,6 +177,16 @@ spec: type: string type: object type: object + tags: + additionalProperties: + type: string + description: |- + A map of resource manager tags. + Resource manager tag keys and values have the same definition as resource manager tags. + Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}. + The field is ignored (both PUT & PATCH) when empty. + type: object + x-kubernetes-map-type: granular required: - location type: object @@ -293,6 +303,16 @@ spec: type: string type: object type: object + tags: + additionalProperties: + type: string + description: |- + A map of resource manager tags. + Resource manager tag keys and values have the same definition as resource manager tags. + Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}. + The field is ignored (both PUT & PATCH) when empty. + type: object + x-kubernetes-map-type: granular type: object managementPolicies: default: @@ -535,6 +555,16 @@ spec: share storage, this number is expected to change with backup creation/deletion. type: string + tags: + additionalProperties: + type: string + description: |- + A map of resource manager tags. + Resource manager tag keys and values have the same definition as resource manager tags. + Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}. + The field is ignored (both PUT & PATCH) when empty. + type: object + x-kubernetes-map-type: granular terraformLabels: additionalProperties: type: string diff --git a/package/crds/filestore.gcp.upbound.io_instances.yaml b/package/crds/filestore.gcp.upbound.io_instances.yaml index 236109894..75ee40ce9 100644 --- a/package/crds/filestore.gcp.upbound.io_instances.yaml +++ b/package/crds/filestore.gcp.upbound.io_instances.yaml @@ -955,6 +955,13 @@ spec: type: string forProvider: properties: + deletionProtectionEnabled: + description: Indicates whether the instance is protected against + deletion. + type: boolean + deletionProtectionReason: + description: The reason for enabling deletion protection. + type: string description: description: A description of the instance. type: string @@ -1143,11 +1150,55 @@ spec: type: string type: object type: array + performanceConfig: + description: |- + Performance configuration for the instance. If not provided, + the default performance settings will be used. + Structure is documented below. + properties: + fixedIops: + description: |- + The instance will have a fixed provisioned IOPS value, + which will remain constant regardless of instance + capacity. + Structure is documented below. + properties: + maxIops: + description: |- + The number of IOPS to provision for the instance. + max_iops must be in multiple of 1000. + type: number + type: object + iopsPerTb: + description: |- + The instance provisioned IOPS will change dynamically + based on the capacity of the instance. + Structure is documented below. + properties: + maxIopsPerTb: + description: |- + The instance max IOPS will be calculated by multiplying + the capacity of the instance (TB) by max_iops_per_tb, + and rounding to the nearest 1000. The instance max IOPS + will be changed dynamically based on the instance + capacity. + type: number + type: object + type: object project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + protocol: + description: |- + Either NFSv3, for using NFS version 3 as file sharing protocol, + or NFSv4.1, for using NFS version 4.1 as file sharing protocol. + NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. + The default is NFSv3. + Default value is NFS_V3. + Possible values are: NFS_V3, NFS_V4_1. + type: string tier: description: |- The service tier of the instance. @@ -1170,6 +1221,13 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + deletionProtectionEnabled: + description: Indicates whether the instance is protected against + deletion. + type: boolean + deletionProtectionReason: + description: The reason for enabling deletion protection. + type: string description: description: A description of the instance. type: string @@ -1354,11 +1412,55 @@ spec: type: string type: object type: array + performanceConfig: + description: |- + Performance configuration for the instance. If not provided, + the default performance settings will be used. + Structure is documented below. + properties: + fixedIops: + description: |- + The instance will have a fixed provisioned IOPS value, + which will remain constant regardless of instance + capacity. + Structure is documented below. + properties: + maxIops: + description: |- + The number of IOPS to provision for the instance. + max_iops must be in multiple of 1000. + type: number + type: object + iopsPerTb: + description: |- + The instance provisioned IOPS will change dynamically + based on the capacity of the instance. + Structure is documented below. + properties: + maxIopsPerTb: + description: |- + The instance max IOPS will be calculated by multiplying + the capacity of the instance (TB) by max_iops_per_tb, + and rounding to the nearest 1000. The instance max IOPS + will be changed dynamically based on the instance + capacity. + type: number + type: object + type: object project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + protocol: + description: |- + Either NFSv3, for using NFS version 3 as file sharing protocol, + or NFSv4.1, for using NFS version 4.1 as file sharing protocol. + NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. + The default is NFSv3. + Default value is NFS_V3. + Possible values are: NFS_V3, NFS_V4_1. + type: string tier: description: |- The service tier of the instance. @@ -1556,6 +1658,13 @@ spec: createTime: description: Creation timestamp in RFC3339 text format. type: string + deletionProtectionEnabled: + description: Indicates whether the instance is protected against + deletion. + type: boolean + deletionProtectionReason: + description: The reason for enabling deletion protection. + type: string description: description: A description of the instance. type: string @@ -1690,11 +1799,55 @@ spec: type: string type: object type: array + performanceConfig: + description: |- + Performance configuration for the instance. If not provided, + the default performance settings will be used. + Structure is documented below. + properties: + fixedIops: + description: |- + The instance will have a fixed provisioned IOPS value, + which will remain constant regardless of instance + capacity. + Structure is documented below. + properties: + maxIops: + description: |- + The number of IOPS to provision for the instance. + max_iops must be in multiple of 1000. + type: number + type: object + iopsPerTb: + description: |- + The instance provisioned IOPS will change dynamically + based on the capacity of the instance. + Structure is documented below. + properties: + maxIopsPerTb: + description: |- + The instance max IOPS will be calculated by multiplying + the capacity of the instance (TB) by max_iops_per_tb, + and rounding to the nearest 1000. The instance max IOPS + will be changed dynamically based on the instance + capacity. + type: number + type: object + type: object project: description: |- The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + protocol: + description: |- + Either NFSv3, for using NFS version 3 as file sharing protocol, + or NFSv4.1, for using NFS version 4.1 as file sharing protocol. + NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. + The default is NFSv3. + Default value is NFS_V3. + Possible values are: NFS_V3, NFS_V4_1. + type: string terraformLabels: additionalProperties: type: string From 75b444a19575dd156dfef3a0b840433f963e792c Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 18:58:55 +0100 Subject: [PATCH 39/47] iam: multiple changes Signed-off-by: Rickard von Essen --- apis/iam/v1beta2/zz_generated.deepcopy.go | 282 ++++++++++++++++++ .../zz_workloadidentitypoolprovider_types.go | 141 +++++++++ ...ound.io_workloadidentitypoolproviders.yaml | 141 +++++++++ 3 files changed, 564 insertions(+) diff --git a/apis/iam/v1beta2/zz_generated.deepcopy.go b/apis/iam/v1beta2/zz_generated.deepcopy.go index 9bc4f2957..b0de89a61 100644 --- a/apis/iam/v1beta2/zz_generated.deepcopy.go +++ b/apis/iam/v1beta2/zz_generated.deepcopy.go @@ -73,6 +73,66 @@ func (in *AwsParameters) DeepCopy() *AwsParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateCasInitParameters) DeepCopyInto(out *IntermediateCasInitParameters) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateCasInitParameters. +func (in *IntermediateCasInitParameters) DeepCopy() *IntermediateCasInitParameters { + if in == nil { + return nil + } + out := new(IntermediateCasInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateCasObservation) DeepCopyInto(out *IntermediateCasObservation) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateCasObservation. +func (in *IntermediateCasObservation) DeepCopy() *IntermediateCasObservation { + if in == nil { + return nil + } + out := new(IntermediateCasObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateCasParameters) DeepCopyInto(out *IntermediateCasParameters) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateCasParameters. +func (in *IntermediateCasParameters) DeepCopy() *IntermediateCasParameters { + if in == nil { + return nil + } + out := new(IntermediateCasParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OidcInitParameters) DeepCopyInto(out *OidcInitParameters) { *out = *in @@ -241,6 +301,153 @@ func (in *SAMLParameters) DeepCopy() *SAMLParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustAnchorsInitParameters) DeepCopyInto(out *TrustAnchorsInitParameters) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustAnchorsInitParameters. +func (in *TrustAnchorsInitParameters) DeepCopy() *TrustAnchorsInitParameters { + if in == nil { + return nil + } + out := new(TrustAnchorsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustAnchorsObservation) DeepCopyInto(out *TrustAnchorsObservation) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustAnchorsObservation. +func (in *TrustAnchorsObservation) DeepCopy() *TrustAnchorsObservation { + if in == nil { + return nil + } + out := new(TrustAnchorsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustAnchorsParameters) DeepCopyInto(out *TrustAnchorsParameters) { + *out = *in + if in.PemCertificate != nil { + in, out := &in.PemCertificate, &out.PemCertificate + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustAnchorsParameters. +func (in *TrustAnchorsParameters) DeepCopy() *TrustAnchorsParameters { + if in == nil { + return nil + } + out := new(TrustAnchorsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustStoreInitParameters) DeepCopyInto(out *TrustStoreInitParameters) { + *out = *in + if in.IntermediateCas != nil { + in, out := &in.IntermediateCas, &out.IntermediateCas + *out = make([]IntermediateCasInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TrustAnchors != nil { + in, out := &in.TrustAnchors, &out.TrustAnchors + *out = make([]TrustAnchorsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustStoreInitParameters. +func (in *TrustStoreInitParameters) DeepCopy() *TrustStoreInitParameters { + if in == nil { + return nil + } + out := new(TrustStoreInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustStoreObservation) DeepCopyInto(out *TrustStoreObservation) { + *out = *in + if in.IntermediateCas != nil { + in, out := &in.IntermediateCas, &out.IntermediateCas + *out = make([]IntermediateCasObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TrustAnchors != nil { + in, out := &in.TrustAnchors, &out.TrustAnchors + *out = make([]TrustAnchorsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustStoreObservation. +func (in *TrustStoreObservation) DeepCopy() *TrustStoreObservation { + if in == nil { + return nil + } + out := new(TrustStoreObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrustStoreParameters) DeepCopyInto(out *TrustStoreParameters) { + *out = *in + if in.IntermediateCas != nil { + in, out := &in.IntermediateCas, &out.IntermediateCas + *out = make([]IntermediateCasParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TrustAnchors != nil { + in, out := &in.TrustAnchors, &out.TrustAnchors + *out = make([]TrustAnchorsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustStoreParameters. +func (in *TrustStoreParameters) DeepCopy() *TrustStoreParameters { + if in == nil { + return nil + } + out := new(TrustStoreParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkloadIdentityPoolProvider) DeepCopyInto(out *WorkloadIdentityPoolProvider) { *out = *in @@ -327,6 +534,11 @@ func (in *WorkloadIdentityPoolProviderInitParameters) DeepCopyInto(out *Workload *out = new(SAMLInitParameters) (*in).DeepCopyInto(*out) } + if in.X509 != nil { + in, out := &in.X509, &out.X509 + *out = new(X509InitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderInitParameters. @@ -450,6 +662,11 @@ func (in *WorkloadIdentityPoolProviderObservation) DeepCopyInto(out *WorkloadIde *out = new(string) **out = **in } + if in.X509 != nil { + in, out := &in.X509, &out.X509 + *out = new(X509Observation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderObservation. @@ -536,6 +753,11 @@ func (in *WorkloadIdentityPoolProviderParameters) DeepCopyInto(out *WorkloadIden *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.X509 != nil { + in, out := &in.X509, &out.X509 + *out = new(X509Parameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderParameters. @@ -582,3 +804,63 @@ func (in *WorkloadIdentityPoolProviderStatus) DeepCopy() *WorkloadIdentityPoolPr in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *X509InitParameters) DeepCopyInto(out *X509InitParameters) { + *out = *in + if in.TrustStore != nil { + in, out := &in.TrustStore, &out.TrustStore + *out = new(TrustStoreInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509InitParameters. +func (in *X509InitParameters) DeepCopy() *X509InitParameters { + if in == nil { + return nil + } + out := new(X509InitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *X509Observation) DeepCopyInto(out *X509Observation) { + *out = *in + if in.TrustStore != nil { + in, out := &in.TrustStore, &out.TrustStore + *out = new(TrustStoreObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Observation. +func (in *X509Observation) DeepCopy() *X509Observation { + if in == nil { + return nil + } + out := new(X509Observation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *X509Parameters) DeepCopyInto(out *X509Parameters) { + *out = *in + if in.TrustStore != nil { + in, out := &in.TrustStore, &out.TrustStore + *out = new(TrustStoreParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new X509Parameters. +func (in *X509Parameters) DeepCopy() *X509Parameters { + if in == nil { + return nil + } + out := new(X509Parameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/iam/v1beta2/zz_workloadidentitypoolprovider_types.go b/apis/iam/v1beta2/zz_workloadidentitypoolprovider_types.go index fe48c4500..7b54358b4 100755 --- a/apis/iam/v1beta2/zz_workloadidentitypoolprovider_types.go +++ b/apis/iam/v1beta2/zz_workloadidentitypoolprovider_types.go @@ -32,6 +32,28 @@ type AwsParameters struct { AccountID *string `json:"accountId" tf:"account_id,omitempty"` } +type IntermediateCasInitParameters struct { + + // PEM certificate of the PKI used for validation. Must only contain one + // ca certificate(either root or intermediate cert). + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + +type IntermediateCasObservation struct { + + // PEM certificate of the PKI used for validation. Must only contain one + // ca certificate(either root or intermediate cert). + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + +type IntermediateCasParameters struct { + + // PEM certificate of the PKI used for validation. Must only contain one + // ca certificate(either root or intermediate cert). + // +kubebuilder:validation:Optional + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + type OidcInitParameters struct { // Acceptable values for the aud field (audience) in the OIDC token. Token exchange @@ -123,6 +145,75 @@ type SAMLParameters struct { IdPMetadataXML *string `json:"idpMetadataXml" tf:"idp_metadata_xml,omitempty"` } +type TrustAnchorsInitParameters struct { + + // PEM certificate of the PKI used for validation. Must only contain one + // ca certificate(either root or intermediate cert). + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + +type TrustAnchorsObservation struct { + + // PEM certificate of the PKI used for validation. Must only contain one + // ca certificate(either root or intermediate cert). + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + +type TrustAnchorsParameters struct { + + // PEM certificate of the PKI used for validation. Must only contain one + // ca certificate(either root or intermediate cert). + // +kubebuilder:validation:Optional + PemCertificate *string `json:"pemCertificate,omitempty" tf:"pem_certificate,omitempty"` +} + +type TrustStoreInitParameters struct { + + // Set of intermediate CA certificates used for building the trust chain to + // trust anchor. + // IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + // Structure is documented below. + IntermediateCas []IntermediateCasInitParameters `json:"intermediateCas,omitempty" tf:"intermediate_cas,omitempty"` + + // List of Trust Anchors to be used while performing validation + // against a given TrustStore. The incoming end entity's certificate + // must be chained up to one of the trust anchors here. + // Structure is documented below. + TrustAnchors []TrustAnchorsInitParameters `json:"trustAnchors,omitempty" tf:"trust_anchors,omitempty"` +} + +type TrustStoreObservation struct { + + // Set of intermediate CA certificates used for building the trust chain to + // trust anchor. + // IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + // Structure is documented below. + IntermediateCas []IntermediateCasObservation `json:"intermediateCas,omitempty" tf:"intermediate_cas,omitempty"` + + // List of Trust Anchors to be used while performing validation + // against a given TrustStore. The incoming end entity's certificate + // must be chained up to one of the trust anchors here. + // Structure is documented below. + TrustAnchors []TrustAnchorsObservation `json:"trustAnchors,omitempty" tf:"trust_anchors,omitempty"` +} + +type TrustStoreParameters struct { + + // Set of intermediate CA certificates used for building the trust chain to + // trust anchor. + // IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + // Structure is documented below. + // +kubebuilder:validation:Optional + IntermediateCas []IntermediateCasParameters `json:"intermediateCas,omitempty" tf:"intermediate_cas,omitempty"` + + // List of Trust Anchors to be used while performing validation + // against a given TrustStore. The incoming end entity's certificate + // must be chained up to one of the trust anchors here. + // Structure is documented below. + // +kubebuilder:validation:Optional + TrustAnchors []TrustAnchorsParameters `json:"trustAnchors" tf:"trust_anchors,omitempty"` +} + type WorkloadIdentityPoolProviderInitParameters struct { // A Common Expression Language expression, in @@ -164,6 +255,11 @@ type WorkloadIdentityPoolProviderInitParameters struct { // An SAML 2.0 identity provider. Not compatible with the property oidc or aws. // Structure is documented below. SAML *SAMLInitParameters `json:"saml,omitempty" tf:"saml,omitempty"` + + // An X.509-type identity provider represents a CA. It is trusted to assert a + // client identity if the client has a certificate that chains up to this CA. + // Structure is documented below. + X509 *X509InitParameters `json:"x509,omitempty" tf:"x509,omitempty"` } type WorkloadIdentityPoolProviderObservation struct { @@ -222,6 +318,11 @@ type WorkloadIdentityPoolProviderObservation struct { // value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix // gcp- is reserved for use by Google, and may not be specified. WorkloadIdentityPoolID *string `json:"workloadIdentityPoolId,omitempty" tf:"workload_identity_pool_id,omitempty"` + + // An X.509-type identity provider represents a CA. It is trusted to assert a + // client identity if the client has a certificate that chains up to this CA. + // Structure is documented below. + X509 *X509Observation `json:"x509,omitempty" tf:"x509,omitempty"` } type WorkloadIdentityPoolProviderParameters struct { @@ -289,6 +390,46 @@ type WorkloadIdentityPoolProviderParameters struct { // Selector for a WorkloadIdentityPool in iam to populate workloadIdentityPoolId. // +kubebuilder:validation:Optional WorkloadIdentityPoolIDSelector *v1.Selector `json:"workloadIdentityPoolIdSelector,omitempty" tf:"-"` + + // An X.509-type identity provider represents a CA. It is trusted to assert a + // client identity if the client has a certificate that chains up to this CA. + // Structure is documented below. + // +kubebuilder:validation:Optional + X509 *X509Parameters `json:"x509,omitempty" tf:"x509,omitempty"` +} + +type X509InitParameters struct { + + // A Trust store, use this trust store as a wrapper to config the trust + // anchor and optional intermediate cas to help build the trust chain for + // the incoming end entity certificate. Follow the x509 guidelines to + // define those PEM encoded certs. Only 1 trust store is currently + // supported. + // Structure is documented below. + TrustStore *TrustStoreInitParameters `json:"trustStore,omitempty" tf:"trust_store,omitempty"` +} + +type X509Observation struct { + + // A Trust store, use this trust store as a wrapper to config the trust + // anchor and optional intermediate cas to help build the trust chain for + // the incoming end entity certificate. Follow the x509 guidelines to + // define those PEM encoded certs. Only 1 trust store is currently + // supported. + // Structure is documented below. + TrustStore *TrustStoreObservation `json:"trustStore,omitempty" tf:"trust_store,omitempty"` +} + +type X509Parameters struct { + + // A Trust store, use this trust store as a wrapper to config the trust + // anchor and optional intermediate cas to help build the trust chain for + // the incoming end entity certificate. Follow the x509 guidelines to + // define those PEM encoded certs. Only 1 trust store is currently + // supported. + // Structure is documented below. + // +kubebuilder:validation:Optional + TrustStore *TrustStoreParameters `json:"trustStore" tf:"trust_store,omitempty"` } // WorkloadIdentityPoolProviderSpec defines the desired state of WorkloadIdentityPoolProvider diff --git a/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml b/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml index 7d1c7f0d5..0f051aab6 100644 --- a/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml +++ b/package/crds/iam.gcp.upbound.io_workloadidentitypoolproviders.yaml @@ -919,6 +919,53 @@ spec: type: string type: object type: object + x509: + description: |- + An X.509-type identity provider represents a CA. It is trusted to assert a + client identity if the client has a certificate that chains up to this CA. + Structure is documented below. + properties: + trustStore: + description: |- + A Trust store, use this trust store as a wrapper to config the trust + anchor and optional intermediate cas to help build the trust chain for + the incoming end entity certificate. Follow the x509 guidelines to + define those PEM encoded certs. Only 1 trust store is currently + supported. + Structure is documented below. + properties: + intermediateCas: + description: |- + Set of intermediate CA certificates used for building the trust chain to + trust anchor. + IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + Structure is documented below. + items: + properties: + pemCertificate: + description: |- + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). + type: string + type: object + type: array + trustAnchors: + description: |- + List of Trust Anchors to be used while performing validation + against a given TrustStore. The incoming end entity's certificate + must be chained up to one of the trust anchors here. + Structure is documented below. + items: + properties: + pemCertificate: + description: |- + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). + type: string + type: object + type: array + type: object + type: object type: object initProvider: description: |- @@ -1018,6 +1065,53 @@ spec: xml doc. type: string type: object + x509: + description: |- + An X.509-type identity provider represents a CA. It is trusted to assert a + client identity if the client has a certificate that chains up to this CA. + Structure is documented below. + properties: + trustStore: + description: |- + A Trust store, use this trust store as a wrapper to config the trust + anchor and optional intermediate cas to help build the trust chain for + the incoming end entity certificate. Follow the x509 guidelines to + define those PEM encoded certs. Only 1 trust store is currently + supported. + Structure is documented below. + properties: + intermediateCas: + description: |- + Set of intermediate CA certificates used for building the trust chain to + trust anchor. + IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + Structure is documented below. + items: + properties: + pemCertificate: + description: |- + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). + type: string + type: object + type: array + trustAnchors: + description: |- + List of Trust Anchors to be used while performing validation + against a given TrustStore. The incoming end entity's certificate + must be chained up to one of the trust anchors here. + Structure is documented below. + items: + properties: + pemCertificate: + description: |- + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). + type: string + type: object + type: array + type: object + type: object type: object managementPolicies: default: @@ -1294,6 +1388,53 @@ spec: value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified. type: string + x509: + description: |- + An X.509-type identity provider represents a CA. It is trusted to assert a + client identity if the client has a certificate that chains up to this CA. + Structure is documented below. + properties: + trustStore: + description: |- + A Trust store, use this trust store as a wrapper to config the trust + anchor and optional intermediate cas to help build the trust chain for + the incoming end entity certificate. Follow the x509 guidelines to + define those PEM encoded certs. Only 1 trust store is currently + supported. + Structure is documented below. + properties: + intermediateCas: + description: |- + Set of intermediate CA certificates used for building the trust chain to + trust anchor. + IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + Structure is documented below. + items: + properties: + pemCertificate: + description: |- + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). + type: string + type: object + type: array + trustAnchors: + description: |- + List of Trust Anchors to be used while performing validation + against a given TrustStore. The incoming end entity's certificate + must be chained up to one of the trust anchors here. + Structure is documented below. + items: + properties: + pemCertificate: + description: |- + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). + type: string + type: object + type: array + type: object + type: object type: object conditions: description: Conditions of the resource. From 6418b34aa5bc7890f0d57327da8e33e28600540a Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 18:59:53 +0100 Subject: [PATCH 40/47] identityplatform: internal only changes Signed-off-by: Rickard von Essen --- .../v1beta1/zz_generated.conversion_hubs.go | 3 + .../v1beta1/zz_generated.resolvers.go | 60 +- .../v1beta2/zz_generated.conversion_hubs.go | 3 - ...entityplatform.gcp.upbound.io_configs.yaml | 1297 +++++++++++++++++ 4 files changed, 1356 insertions(+), 7 deletions(-) create mode 100644 package/crds/identityplatform.gcp.upbound.io_configs.yaml diff --git a/apis/identityplatform/v1beta1/zz_generated.conversion_hubs.go b/apis/identityplatform/v1beta1/zz_generated.conversion_hubs.go index 0ab6572a9..663ed675e 100755 --- a/apis/identityplatform/v1beta1/zz_generated.conversion_hubs.go +++ b/apis/identityplatform/v1beta1/zz_generated.conversion_hubs.go @@ -6,6 +6,9 @@ package v1beta1 +// Hub marks this type as a conversion hub. +func (tr *Config) Hub() {} + // Hub marks this type as a conversion hub. func (tr *DefaultSupportedIdPConfig) Hub() {} diff --git a/apis/identityplatform/v1beta1/zz_generated.resolvers.go b/apis/identityplatform/v1beta1/zz_generated.resolvers.go index d3a485892..f2fb6850d 100644 --- a/apis/identityplatform/v1beta1/zz_generated.resolvers.go +++ b/apis/identityplatform/v1beta1/zz_generated.resolvers.go @@ -9,15 +9,67 @@ package v1beta1 import ( "context" reference "github.com/crossplane/crossplane-runtime/pkg/reference" - xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" resource "github.com/crossplane/upjet/pkg/resource" errors "github.com/pkg/errors" - apisresolver "github.com/upbound/provider-gcp/internal/apis" + + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" client "sigs.k8s.io/controller-runtime/pkg/client" + + // ResolveReferences of this Config. + apisresolver "github.com/upbound/provider-gcp/internal/apis" ) -func (mg *TenantDefaultSupportedIdPConfig) ResolveReferences( // ResolveReferences of this TenantDefaultSupportedIdPConfig. - ctx context.Context, c client.Reader) error { +func (mg *Config) ResolveReferences(ctx context.Context, c client.Reader) error { + var m xpresource.Managed + var l xpresource.ManagedList + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "Project", "ProjectList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.Project), + Extract: resource.ExtractParamPath("project_id", false), + Reference: mg.Spec.ForProvider.ProjectRef, + Selector: mg.Spec.ForProvider.ProjectSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.Project") + } + mg.Spec.ForProvider.Project = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ProjectRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "Project", "ProjectList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.Project), + Extract: resource.ExtractParamPath("project_id", false), + Reference: mg.Spec.InitProvider.ProjectRef, + Selector: mg.Spec.InitProvider.ProjectSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.Project") + } + mg.Spec.InitProvider.Project = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ProjectRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this TenantDefaultSupportedIdPConfig. +func (mg *TenantDefaultSupportedIdPConfig) ResolveReferences(ctx context.Context, c client.Reader) error { var m xpresource.Managed var l xpresource.ManagedList r := reference.NewAPIResolver(c, mg) diff --git a/apis/identityplatform/v1beta2/zz_generated.conversion_hubs.go b/apis/identityplatform/v1beta2/zz_generated.conversion_hubs.go index f39f927ab..e26309bb1 100755 --- a/apis/identityplatform/v1beta2/zz_generated.conversion_hubs.go +++ b/apis/identityplatform/v1beta2/zz_generated.conversion_hubs.go @@ -9,8 +9,5 @@ package v1beta2 // Hub marks this type as a conversion hub. func (tr *InboundSAMLConfig) Hub() {} -// Hub marks this type as a conversion hub. -func (tr *ProjectDefaultConfig) Hub() {} - // Hub marks this type as a conversion hub. func (tr *TenantInboundSAMLConfig) Hub() {} diff --git a/package/crds/identityplatform.gcp.upbound.io_configs.yaml b/package/crds/identityplatform.gcp.upbound.io_configs.yaml new file mode 100644 index 000000000..688109ada --- /dev/null +++ b/package/crds/identityplatform.gcp.upbound.io_configs.yaml @@ -0,0 +1,1297 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: configs.identityplatform.gcp.upbound.io +spec: + group: identityplatform.gcp.upbound.io + names: + categories: + - crossplane + - managed + - gcp + kind: Config + listKind: ConfigList + plural: configs + singular: config + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Config is the Schema for the Configs API. Identity Platform configuration + for a Cloud project. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects. + items: + type: string + type: array + autodeleteAnonymousUsers: + description: Whether anonymous users will be auto-deleted after + a period of 30 days + type: boolean + blockingFunctions: + description: |- + Configuration related to blocking functions. + Structure is documented below. + properties: + forwardInboundCredentials: + description: |- + The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + Structure is documented below. + properties: + accessToken: + description: Whether to pass the user's OAuth identity + provider's access token. + type: boolean + idToken: + description: Whether to pass the user's OIDC identity + provider's ID token. + type: boolean + refreshToken: + description: Whether to pass the user's OAuth identity + provider's refresh token. + type: boolean + type: object + triggers: + description: |- + Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + Structure is documented below. + items: + properties: + eventType: + description: The identifier for this object. Format + specified above. + type: string + functionUri: + description: HTTP URI trigger for the Cloud Function. + type: string + type: object + type: array + type: object + client: + description: |- + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + properties: + permissions: + description: |- + Configuration related to restricting a user's ability to affect their account. + Structure is documented below. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their + account on the associated project through any of our + API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a + new account on the associated project through any of + our API methods + type: boolean + type: object + type: object + mfa: + description: |- + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + properties: + enabledProviders: + description: |- + A list of usable second factors for this project. + Each value may be one of: PHONE_SMS. + items: + type: string + type: array + providerConfigs: + description: |- + A list of usable second factors for this project along with their configurations. + This field does not support phone based MFA, for that use the 'enabledProviders' field. + Structure is documented below. + items: + properties: + state: + description: |- + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + type: string + totpProviderConfig: + description: |- + TOTP MFA provider config for this project. + Structure is documented below. + properties: + adjacentIntervals: + description: The allowed number of adjacent intervals + that will be used for verification to avoid clock + skew. + type: number + type: object + type: object + type: array + state: + description: |- + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + type: string + type: object + monitoring: + description: |- + Configuration related to monitoring project activity. + Structure is documented below. + properties: + requestLogging: + description: |- + Configuration for logging requests made to this project to Stackdriver Logging + Structure is documented below. + properties: + enabled: + description: Whether logging is enabled for this project + or not. + type: boolean + type: object + type: object + multiTenant: + description: |- + Configuration related to multi-tenant functionality. + Structure is documented below. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocation: + description: |- + The default cloud parent org or folder that the tenant project should be created under. + The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". + If the value is not set, the tenant will be created under the same organization or folder as the agent project. + type: string + type: object + project: + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + projectRef: + description: Reference to a Project in cloudplatform to populate + project. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + projectSelector: + description: Selector for a Project in cloudplatform to populate + project. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + quota: + description: |- + Configuration related to quotas. + Structure is documented below. + properties: + signUpQuotaConfig: + description: |- + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. + Structure is documented below. + properties: + quota: + description: A sign up APIs quota that customers can override + temporarily. Value can be in between 1 and 1000. + type: number + quotaDuration: + description: 'How long this quota will be active for. + It is measurred in seconds, e.g., Example: "9.615s".' + type: string + startTime: + description: When this quota will take affect. + type: string + type: object + type: object + signIn: + description: |- + Configuration related to local sign in methods. + Structure is documented below. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have + the same email. + type: boolean + anonymous: + description: |- + Configuration options related to authenticating an anonymous user. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + type: object + email: + description: |- + Configuration options related to authenticating a user by their email address. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + passwordRequired: + description: |- + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + type: boolean + type: object + phoneNumber: + description: |- + Configuration options related to authenticated a user by their phone number. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that + can be used for phone auth testing. + type: object + x-kubernetes-map-type: granular + type: object + type: object + smsRegionConfig: + description: |- + Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number. + Structure is documented below. + properties: + allowByDefault: + description: |- + A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list. + Structure is documented below. + properties: + disallowedRegions: + description: 'Two letter unicode region codes to disallow + as defined by https://cldr.unicode.org/ The full list + of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json' + items: + type: string + type: array + type: object + allowlistOnly: + description: |- + A policy of only allowing regions by explicitly adding them to an allowlist. + Structure is documented below. + properties: + allowedRegions: + description: 'Two letter unicode region codes to allow + as defined by https://cldr.unicode.org/ The full list + of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json' + items: + type: string + type: array + type: object + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects. + items: + type: string + type: array + autodeleteAnonymousUsers: + description: Whether anonymous users will be auto-deleted after + a period of 30 days + type: boolean + blockingFunctions: + description: |- + Configuration related to blocking functions. + Structure is documented below. + properties: + forwardInboundCredentials: + description: |- + The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + Structure is documented below. + properties: + accessToken: + description: Whether to pass the user's OAuth identity + provider's access token. + type: boolean + idToken: + description: Whether to pass the user's OIDC identity + provider's ID token. + type: boolean + refreshToken: + description: Whether to pass the user's OAuth identity + provider's refresh token. + type: boolean + type: object + triggers: + description: |- + Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + Structure is documented below. + items: + properties: + eventType: + description: The identifier for this object. Format + specified above. + type: string + functionUri: + description: HTTP URI trigger for the Cloud Function. + type: string + type: object + type: array + type: object + client: + description: |- + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + properties: + permissions: + description: |- + Configuration related to restricting a user's ability to affect their account. + Structure is documented below. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their + account on the associated project through any of our + API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a + new account on the associated project through any of + our API methods + type: boolean + type: object + type: object + mfa: + description: |- + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + properties: + enabledProviders: + description: |- + A list of usable second factors for this project. + Each value may be one of: PHONE_SMS. + items: + type: string + type: array + providerConfigs: + description: |- + A list of usable second factors for this project along with their configurations. + This field does not support phone based MFA, for that use the 'enabledProviders' field. + Structure is documented below. + items: + properties: + state: + description: |- + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + type: string + totpProviderConfig: + description: |- + TOTP MFA provider config for this project. + Structure is documented below. + properties: + adjacentIntervals: + description: The allowed number of adjacent intervals + that will be used for verification to avoid clock + skew. + type: number + type: object + type: object + type: array + state: + description: |- + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + type: string + type: object + monitoring: + description: |- + Configuration related to monitoring project activity. + Structure is documented below. + properties: + requestLogging: + description: |- + Configuration for logging requests made to this project to Stackdriver Logging + Structure is documented below. + properties: + enabled: + description: Whether logging is enabled for this project + or not. + type: boolean + type: object + type: object + multiTenant: + description: |- + Configuration related to multi-tenant functionality. + Structure is documented below. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocation: + description: |- + The default cloud parent org or folder that the tenant project should be created under. + The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". + If the value is not set, the tenant will be created under the same organization or folder as the agent project. + type: string + type: object + project: + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + projectRef: + description: Reference to a Project in cloudplatform to populate + project. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + projectSelector: + description: Selector for a Project in cloudplatform to populate + project. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + quota: + description: |- + Configuration related to quotas. + Structure is documented below. + properties: + signUpQuotaConfig: + description: |- + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. + Structure is documented below. + properties: + quota: + description: A sign up APIs quota that customers can override + temporarily. Value can be in between 1 and 1000. + type: number + quotaDuration: + description: 'How long this quota will be active for. + It is measurred in seconds, e.g., Example: "9.615s".' + type: string + startTime: + description: When this quota will take affect. + type: string + type: object + type: object + signIn: + description: |- + Configuration related to local sign in methods. + Structure is documented below. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have + the same email. + type: boolean + anonymous: + description: |- + Configuration options related to authenticating an anonymous user. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + type: object + email: + description: |- + Configuration options related to authenticating a user by their email address. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + passwordRequired: + description: |- + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + type: boolean + type: object + phoneNumber: + description: |- + Configuration options related to authenticated a user by their phone number. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that + can be used for phone auth testing. + type: object + x-kubernetes-map-type: granular + type: object + type: object + smsRegionConfig: + description: |- + Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number. + Structure is documented below. + properties: + allowByDefault: + description: |- + A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list. + Structure is documented below. + properties: + disallowedRegions: + description: 'Two letter unicode region codes to disallow + as defined by https://cldr.unicode.org/ The full list + of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json' + items: + type: string + type: array + type: object + allowlistOnly: + description: |- + A policy of only allowing regions by explicitly adding them to an allowlist. + Structure is documented below. + properties: + allowedRegions: + description: 'Two letter unicode region codes to allow + as defined by https://cldr.unicode.org/ The full list + of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json' + items: + type: string + type: array + type: object + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: ConfigStatus defines the observed state of Config. + properties: + atProvider: + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects. + items: + type: string + type: array + autodeleteAnonymousUsers: + description: Whether anonymous users will be auto-deleted after + a period of 30 days + type: boolean + blockingFunctions: + description: |- + Configuration related to blocking functions. + Structure is documented below. + properties: + forwardInboundCredentials: + description: |- + The user credentials to include in the JWT payload that is sent to the registered Blocking Functions. + Structure is documented below. + properties: + accessToken: + description: Whether to pass the user's OAuth identity + provider's access token. + type: boolean + idToken: + description: Whether to pass the user's OIDC identity + provider's ID token. + type: boolean + refreshToken: + description: Whether to pass the user's OAuth identity + provider's refresh token. + type: boolean + type: object + triggers: + description: |- + Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn". + Structure is documented below. + items: + properties: + eventType: + description: The identifier for this object. Format + specified above. + type: string + functionUri: + description: HTTP URI trigger for the Cloud Function. + type: string + updateTime: + description: |- + (Output) + When the trigger was changed. + type: string + type: object + type: array + type: object + client: + description: |- + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + properties: + firebaseSubdomain: + description: |- + (Output) + Firebase subdomain. + type: string + permissions: + description: |- + Configuration related to restricting a user's ability to affect their account. + Structure is documented below. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their + account on the associated project through any of our + API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a + new account on the associated project through any of + our API methods + type: boolean + type: object + type: object + id: + description: an identifier for the resource with format projects/{{project}}/config + type: string + mfa: + description: |- + Options related to how clients making requests on behalf of a project should be configured. + Structure is documented below. + properties: + enabledProviders: + description: |- + A list of usable second factors for this project. + Each value may be one of: PHONE_SMS. + items: + type: string + type: array + providerConfigs: + description: |- + A list of usable second factors for this project along with their configurations. + This field does not support phone based MFA, for that use the 'enabledProviders' field. + Structure is documented below. + items: + properties: + state: + description: |- + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + type: string + totpProviderConfig: + description: |- + TOTP MFA provider config for this project. + Structure is documented below. + properties: + adjacentIntervals: + description: The allowed number of adjacent intervals + that will be used for verification to avoid clock + skew. + type: number + type: object + type: object + type: array + state: + description: |- + Whether MultiFactor Authentication has been enabled for this project. + Possible values are: DISABLED, ENABLED, MANDATORY. + type: string + type: object + monitoring: + description: |- + Configuration related to monitoring project activity. + Structure is documented below. + properties: + requestLogging: + description: |- + Configuration for logging requests made to this project to Stackdriver Logging + Structure is documented below. + properties: + enabled: + description: Whether logging is enabled for this project + or not. + type: boolean + type: object + type: object + multiTenant: + description: |- + Configuration related to multi-tenant functionality. + Structure is documented below. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocation: + description: |- + The default cloud parent org or folder that the tenant project should be created under. + The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". + If the value is not set, the tenant will be created under the same organization or folder as the agent project. + type: string + type: object + name: + description: The name of the Config resource + type: string + project: + description: |- + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + type: string + quota: + description: |- + Configuration related to quotas. + Structure is documented below. + properties: + signUpQuotaConfig: + description: |- + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. + Structure is documented below. + properties: + quota: + description: A sign up APIs quota that customers can override + temporarily. Value can be in between 1 and 1000. + type: number + quotaDuration: + description: 'How long this quota will be active for. + It is measurred in seconds, e.g., Example: "9.615s".' + type: string + startTime: + description: When this quota will take affect. + type: string + type: object + type: object + signIn: + description: |- + Configuration related to local sign in methods. + Structure is documented below. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have + the same email. + type: boolean + anonymous: + description: |- + Configuration options related to authenticating an anonymous user. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + type: object + email: + description: |- + Configuration options related to authenticating a user by their email address. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + passwordRequired: + description: |- + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + type: boolean + type: object + hashConfig: + description: |- + (Output) + Output only. Hash config information. + Structure is documented below. + items: + properties: + algorithm: + description: |- + (Output) + Different password hash algorithms used in Identity Toolkit. + type: string + memoryCost: + description: |- + (Output) + Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. + type: number + rounds: + description: |- + (Output) + How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. + type: number + saltSeparator: + description: |- + (Output) + Non-printable character to be inserted between the salt and plain text password in base64. + type: string + signerKey: + description: |- + (Output) + Signer key in base64. + type: string + type: object + type: array + phoneNumber: + description: |- + Configuration options related to authenticated a user by their phone number. + Structure is documented below. + properties: + enabled: + description: Whether phone number auth is enabled for + the project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that + can be used for phone auth testing. + type: object + x-kubernetes-map-type: granular + type: object + type: object + smsRegionConfig: + description: |- + Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number. + Structure is documented below. + properties: + allowByDefault: + description: |- + A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list. + Structure is documented below. + properties: + disallowedRegions: + description: 'Two letter unicode region codes to disallow + as defined by https://cldr.unicode.org/ The full list + of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json' + items: + type: string + type: array + type: object + allowlistOnly: + description: |- + A policy of only allowing regions by explicitly adding them to an allowlist. + Structure is documented below. + properties: + allowedRegions: + description: 'Two letter unicode region codes to allow + as defined by https://cldr.unicode.org/ The full list + of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json' + items: + type: string + type: array + type: object + type: object + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} From da2f239fde71338b8e470f461cd852fe483bd4fc Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 19:10:59 +0100 Subject: [PATCH 41/47] monitoring: multiple changes Signed-off-by: Rickard von Essen --- .../v1beta2/zz_alertpolicy_types.go | 29 +++++++++++ .../v1beta2/zz_generated.deepcopy.go | 48 +++++++++++++++++++ ...nitoring.gcp.upbound.io_alertpolicies.yaml | 39 +++++++++++++++ 3 files changed, 116 insertions(+) diff --git a/apis/monitoring/v1beta2/zz_alertpolicy_types.go b/apis/monitoring/v1beta2/zz_alertpolicy_types.go index e1062480e..c1dbbd5a4 100755 --- a/apis/monitoring/v1beta2/zz_alertpolicy_types.go +++ b/apis/monitoring/v1beta2/zz_alertpolicy_types.go @@ -497,6 +497,10 @@ type AlertStrategyInitParameters struct { // Structure is documented below. NotificationChannelStrategy []NotificationChannelStrategyInitParameters `json:"notificationChannelStrategy,omitempty" tf:"notification_channel_strategy,omitempty"` + // Control when notifications will be sent out. + // Each value may be one of: NOTIFICATION_PROMPT_UNSPECIFIED, OPENED, CLOSED. + NotificationPrompts []*string `json:"notificationPrompts,omitempty" tf:"notification_prompts,omitempty"` + // Required for alert policies with a LogMatch condition. // This limit is not implemented for alert policies that are not log-based. // Structure is documented below. @@ -513,6 +517,10 @@ type AlertStrategyObservation struct { // Structure is documented below. NotificationChannelStrategy []NotificationChannelStrategyObservation `json:"notificationChannelStrategy,omitempty" tf:"notification_channel_strategy,omitempty"` + // Control when notifications will be sent out. + // Each value may be one of: NOTIFICATION_PROMPT_UNSPECIFIED, OPENED, CLOSED. + NotificationPrompts []*string `json:"notificationPrompts,omitempty" tf:"notification_prompts,omitempty"` + // Required for alert policies with a LogMatch condition. // This limit is not implemented for alert policies that are not log-based. // Structure is documented below. @@ -531,6 +539,11 @@ type AlertStrategyParameters struct { // +kubebuilder:validation:Optional NotificationChannelStrategy []NotificationChannelStrategyParameters `json:"notificationChannelStrategy,omitempty" tf:"notification_channel_strategy,omitempty"` + // Control when notifications will be sent out. + // Each value may be one of: NOTIFICATION_PROMPT_UNSPECIFIED, OPENED, CLOSED. + // +kubebuilder:validation:Optional + NotificationPrompts []*string `json:"notificationPrompts,omitempty" tf:"notification_prompts,omitempty"` + // Required for alert policies with a LogMatch condition. // This limit is not implemented for alert policies that are not log-based. // Structure is documented below. @@ -992,6 +1005,11 @@ type ConditionPrometheusQueryLanguageInitParameters struct { // valid Prometheus label name. AlertRule *string `json:"alertRule,omitempty" tf:"alert_rule,omitempty"` + // Whether to disable metric existence validation for this condition. + // Users with the monitoring.alertPolicyViewer role are able to see the + // name of the non-existent metric in the alerting policy condition. + DisableMetricValidation *bool `json:"disableMetricValidation,omitempty" tf:"disable_metric_validation,omitempty"` + // The amount of time that a time series must // violate the threshold to be considered // failing. Currently, only values that are a @@ -1053,6 +1071,11 @@ type ConditionPrometheusQueryLanguageObservation struct { // valid Prometheus label name. AlertRule *string `json:"alertRule,omitempty" tf:"alert_rule,omitempty"` + // Whether to disable metric existence validation for this condition. + // Users with the monitoring.alertPolicyViewer role are able to see the + // name of the non-existent metric in the alerting policy condition. + DisableMetricValidation *bool `json:"disableMetricValidation,omitempty" tf:"disable_metric_validation,omitempty"` + // The amount of time that a time series must // violate the threshold to be considered // failing. Currently, only values that are a @@ -1115,6 +1138,12 @@ type ConditionPrometheusQueryLanguageParameters struct { // +kubebuilder:validation:Optional AlertRule *string `json:"alertRule,omitempty" tf:"alert_rule,omitempty"` + // Whether to disable metric existence validation for this condition. + // Users with the monitoring.alertPolicyViewer role are able to see the + // name of the non-existent metric in the alerting policy condition. + // +kubebuilder:validation:Optional + DisableMetricValidation *bool `json:"disableMetricValidation,omitempty" tf:"disable_metric_validation,omitempty"` + // The amount of time that a time series must // violate the threshold to be considered // failing. Currently, only values that are a diff --git a/apis/monitoring/v1beta2/zz_generated.deepcopy.go b/apis/monitoring/v1beta2/zz_generated.deepcopy.go index 985cbddef..2c9f9dd7c 100644 --- a/apis/monitoring/v1beta2/zz_generated.deepcopy.go +++ b/apis/monitoring/v1beta2/zz_generated.deepcopy.go @@ -589,6 +589,17 @@ func (in *AlertStrategyInitParameters) DeepCopyInto(out *AlertStrategyInitParame (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.NotificationPrompts != nil { + in, out := &in.NotificationPrompts, &out.NotificationPrompts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.NotificationRateLimit != nil { in, out := &in.NotificationRateLimit, &out.NotificationRateLimit *out = new(NotificationRateLimitInitParameters) @@ -621,6 +632,17 @@ func (in *AlertStrategyObservation) DeepCopyInto(out *AlertStrategyObservation) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.NotificationPrompts != nil { + in, out := &in.NotificationPrompts, &out.NotificationPrompts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.NotificationRateLimit != nil { in, out := &in.NotificationRateLimit, &out.NotificationRateLimit *out = new(NotificationRateLimitObservation) @@ -653,6 +675,17 @@ func (in *AlertStrategyParameters) DeepCopyInto(out *AlertStrategyParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.NotificationPrompts != nil { + in, out := &in.NotificationPrompts, &out.NotificationPrompts + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.NotificationRateLimit != nil { in, out := &in.NotificationRateLimit, &out.NotificationRateLimit *out = new(NotificationRateLimitParameters) @@ -1855,6 +1888,11 @@ func (in *ConditionPrometheusQueryLanguageInitParameters) DeepCopyInto(out *Cond *out = new(string) **out = **in } + if in.DisableMetricValidation != nil { + in, out := &in.DisableMetricValidation, &out.DisableMetricValidation + *out = new(bool) + **out = **in + } if in.Duration != nil { in, out := &in.Duration, &out.Duration *out = new(string) @@ -1911,6 +1949,11 @@ func (in *ConditionPrometheusQueryLanguageObservation) DeepCopyInto(out *Conditi *out = new(string) **out = **in } + if in.DisableMetricValidation != nil { + in, out := &in.DisableMetricValidation, &out.DisableMetricValidation + *out = new(bool) + **out = **in + } if in.Duration != nil { in, out := &in.Duration, &out.Duration *out = new(string) @@ -1967,6 +2010,11 @@ func (in *ConditionPrometheusQueryLanguageParameters) DeepCopyInto(out *Conditio *out = new(string) **out = **in } + if in.DisableMetricValidation != nil { + in, out := &in.DisableMetricValidation, &out.DisableMetricValidation + *out = new(bool) + **out = **in + } if in.Duration != nil { in, out := &in.Duration, &out.Duration *out = new(string) diff --git a/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml b/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml index 5cf78d877..67aeb7327 100644 --- a/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml +++ b/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml @@ -3101,6 +3101,13 @@ spec: type: string type: object type: array + notificationPrompts: + description: |- + Control when notifications will be sent out. + Each value may be one of: NOTIFICATION_PROMPT_UNSPECIFIED, OPENED, CLOSED. + items: + type: string + type: array notificationRateLimit: description: |- Required for alert policies with a LogMatch condition. @@ -3420,6 +3427,12 @@ spec: This field is optional. If this field is not empty, then it must be a valid Prometheus label name. type: string + disableMetricValidation: + description: |- + Whether to disable metric existence validation for this condition. + Users with the monitoring.alertPolicyViewer role are able to see the + name of the non-existent metric in the alerting policy condition. + type: boolean duration: description: |- The amount of time that a time series must @@ -3972,6 +3985,13 @@ spec: type: string type: object type: array + notificationPrompts: + description: |- + Control when notifications will be sent out. + Each value may be one of: NOTIFICATION_PROMPT_UNSPECIFIED, OPENED, CLOSED. + items: + type: string + type: array notificationRateLimit: description: |- Required for alert policies with a LogMatch condition. @@ -4291,6 +4311,12 @@ spec: This field is optional. If this field is not empty, then it must be a valid Prometheus label name. type: string + disableMetricValidation: + description: |- + Whether to disable metric existence validation for this condition. + Users with the monitoring.alertPolicyViewer role are able to see the + name of the non-existent metric in the alerting policy condition. + type: boolean duration: description: |- The amount of time that a time series must @@ -5015,6 +5041,13 @@ spec: type: string type: object type: array + notificationPrompts: + description: |- + Control when notifications will be sent out. + Each value may be one of: NOTIFICATION_PROMPT_UNSPECIFIED, OPENED, CLOSED. + items: + type: string + type: array notificationRateLimit: description: |- Required for alert policies with a LogMatch condition. @@ -5334,6 +5367,12 @@ spec: This field is optional. If this field is not empty, then it must be a valid Prometheus label name. type: string + disableMetricValidation: + description: |- + Whether to disable metric existence validation for this condition. + Users with the monitoring.alertPolicyViewer role are able to see the + name of the non-existent metric in the alerting policy condition. + type: boolean duration: description: |- The amount of time that a time series must From 602cdf0c54a4a111e6604e63f0678e4314b53923 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 19:12:55 +0100 Subject: [PATCH 42/47] pubsub: multiple changes Signed-off-by: Rickard von Essen --- apis/pubsub/v1beta2/zz_generated.deepcopy.go | 405 ++++++++++++++++++ apis/pubsub/v1beta2/zz_subscription_types.go | 29 +- apis/pubsub/v1beta2/zz_topic_types.go | 208 +++++++++ .../pubsub.gcp.upbound.io_subscriptions.yaml | 36 +- .../crds/pubsub.gcp.upbound.io_topics.yaml | 192 +++++++++ 5 files changed, 864 insertions(+), 6 deletions(-) diff --git a/apis/pubsub/v1beta2/zz_generated.deepcopy.go b/apis/pubsub/v1beta2/zz_generated.deepcopy.go index fc931901d..436794009 100644 --- a/apis/pubsub/v1beta2/zz_generated.deepcopy.go +++ b/apis/pubsub/v1beta2/zz_generated.deepcopy.go @@ -16,6 +16,11 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AvroConfigInitParameters) DeepCopyInto(out *AvroConfigInitParameters) { *out = *in + if in.UseTopicSchema != nil { + in, out := &in.UseTopicSchema, &out.UseTopicSchema + *out = new(bool) + **out = **in + } if in.WriteMetadata != nil { in, out := &in.WriteMetadata, &out.WriteMetadata *out = new(bool) @@ -36,6 +41,11 @@ func (in *AvroConfigInitParameters) DeepCopy() *AvroConfigInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AvroConfigObservation) DeepCopyInto(out *AvroConfigObservation) { *out = *in + if in.UseTopicSchema != nil { + in, out := &in.UseTopicSchema, &out.UseTopicSchema + *out = new(bool) + **out = **in + } if in.WriteMetadata != nil { in, out := &in.WriteMetadata, &out.WriteMetadata *out = new(bool) @@ -56,6 +66,11 @@ func (in *AvroConfigObservation) DeepCopy() *AvroConfigObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AvroConfigParameters) DeepCopyInto(out *AvroConfigParameters) { *out = *in + if in.UseTopicSchema != nil { + in, out := &in.UseTopicSchema, &out.UseTopicSchema + *out = new(bool) + **out = **in + } if in.WriteMetadata != nil { in, out := &in.WriteMetadata, &out.WriteMetadata *out = new(bool) @@ -73,6 +88,51 @@ func (in *AvroConfigParameters) DeepCopy() *AvroConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AvroFormatInitParameters) DeepCopyInto(out *AvroFormatInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvroFormatInitParameters. +func (in *AvroFormatInitParameters) DeepCopy() *AvroFormatInitParameters { + if in == nil { + return nil + } + out := new(AvroFormatInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AvroFormatObservation) DeepCopyInto(out *AvroFormatObservation) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvroFormatObservation. +func (in *AvroFormatObservation) DeepCopy() *AvroFormatObservation { + if in == nil { + return nil + } + out := new(AvroFormatObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AvroFormatParameters) DeepCopyInto(out *AvroFormatParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AvroFormatParameters. +func (in *AvroFormatParameters) DeepCopy() *AvroFormatParameters { + if in == nil { + return nil + } + out := new(AvroFormatParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AwsKinesisInitParameters) DeepCopyInto(out *AwsKinesisInitParameters) { *out = *in @@ -446,6 +506,11 @@ func (in *CloudStorageConfigInitParameters) DeepCopyInto(out *CloudStorageConfig *out = new(string) **out = **in } + if in.MaxMessages != nil { + in, out := &in.MaxMessages, &out.MaxMessages + *out = new(float64) + **out = **in + } if in.ServiceAccountEmail != nil { in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail *out = new(string) @@ -511,6 +576,11 @@ func (in *CloudStorageConfigObservation) DeepCopyInto(out *CloudStorageConfigObs *out = new(string) **out = **in } + if in.MaxMessages != nil { + in, out := &in.MaxMessages, &out.MaxMessages + *out = new(float64) + **out = **in + } if in.ServiceAccountEmail != nil { in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail *out = new(string) @@ -571,6 +641,11 @@ func (in *CloudStorageConfigParameters) DeepCopyInto(out *CloudStorageConfigPara *out = new(string) **out = **in } + if in.MaxMessages != nil { + in, out := &in.MaxMessages, &out.MaxMessages + *out = new(float64) + **out = **in + } if in.ServiceAccountEmail != nil { in, out := &in.ServiceAccountEmail, &out.ServiceAccountEmail *out = new(string) @@ -598,6 +673,141 @@ func (in *CloudStorageConfigParameters) DeepCopy() *CloudStorageConfigParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudStorageInitParameters) DeepCopyInto(out *CloudStorageInitParameters) { + *out = *in + if in.AvroFormat != nil { + in, out := &in.AvroFormat, &out.AvroFormat + *out = new(AvroFormatInitParameters) + **out = **in + } + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.MatchGlob != nil { + in, out := &in.MatchGlob, &out.MatchGlob + *out = new(string) + **out = **in + } + if in.MinimumObjectCreateTime != nil { + in, out := &in.MinimumObjectCreateTime, &out.MinimumObjectCreateTime + *out = new(string) + **out = **in + } + if in.PubsubAvroFormat != nil { + in, out := &in.PubsubAvroFormat, &out.PubsubAvroFormat + *out = new(PubsubAvroFormatInitParameters) + **out = **in + } + if in.TextFormat != nil { + in, out := &in.TextFormat, &out.TextFormat + *out = new(TextFormatInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudStorageInitParameters. +func (in *CloudStorageInitParameters) DeepCopy() *CloudStorageInitParameters { + if in == nil { + return nil + } + out := new(CloudStorageInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudStorageObservation) DeepCopyInto(out *CloudStorageObservation) { + *out = *in + if in.AvroFormat != nil { + in, out := &in.AvroFormat, &out.AvroFormat + *out = new(AvroFormatParameters) + **out = **in + } + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.MatchGlob != nil { + in, out := &in.MatchGlob, &out.MatchGlob + *out = new(string) + **out = **in + } + if in.MinimumObjectCreateTime != nil { + in, out := &in.MinimumObjectCreateTime, &out.MinimumObjectCreateTime + *out = new(string) + **out = **in + } + if in.PubsubAvroFormat != nil { + in, out := &in.PubsubAvroFormat, &out.PubsubAvroFormat + *out = new(PubsubAvroFormatParameters) + **out = **in + } + if in.TextFormat != nil { + in, out := &in.TextFormat, &out.TextFormat + *out = new(TextFormatObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudStorageObservation. +func (in *CloudStorageObservation) DeepCopy() *CloudStorageObservation { + if in == nil { + return nil + } + out := new(CloudStorageObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudStorageParameters) DeepCopyInto(out *CloudStorageParameters) { + *out = *in + if in.AvroFormat != nil { + in, out := &in.AvroFormat, &out.AvroFormat + *out = new(AvroFormatParameters) + **out = **in + } + if in.Bucket != nil { + in, out := &in.Bucket, &out.Bucket + *out = new(string) + **out = **in + } + if in.MatchGlob != nil { + in, out := &in.MatchGlob, &out.MatchGlob + *out = new(string) + **out = **in + } + if in.MinimumObjectCreateTime != nil { + in, out := &in.MinimumObjectCreateTime, &out.MinimumObjectCreateTime + *out = new(string) + **out = **in + } + if in.PubsubAvroFormat != nil { + in, out := &in.PubsubAvroFormat, &out.PubsubAvroFormat + *out = new(PubsubAvroFormatParameters) + **out = **in + } + if in.TextFormat != nil { + in, out := &in.TextFormat, &out.TextFormat + *out = new(TextFormatParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudStorageParameters. +func (in *CloudStorageParameters) DeepCopy() *CloudStorageParameters { + if in == nil { + return nil + } + out := new(CloudStorageParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { *out = *in @@ -911,6 +1121,16 @@ func (in *IngestionDataSourceSettingsInitParameters) DeepCopyInto(out *Ingestion *out = new(AwsKinesisInitParameters) (*in).DeepCopyInto(*out) } + if in.CloudStorage != nil { + in, out := &in.CloudStorage, &out.CloudStorage + *out = new(CloudStorageInitParameters) + (*in).DeepCopyInto(*out) + } + if in.PlatformLogsSettings != nil { + in, out := &in.PlatformLogsSettings, &out.PlatformLogsSettings + *out = new(PlatformLogsSettingsInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngestionDataSourceSettingsInitParameters. @@ -931,6 +1151,16 @@ func (in *IngestionDataSourceSettingsObservation) DeepCopyInto(out *IngestionDat *out = new(AwsKinesisObservation) (*in).DeepCopyInto(*out) } + if in.CloudStorage != nil { + in, out := &in.CloudStorage, &out.CloudStorage + *out = new(CloudStorageObservation) + (*in).DeepCopyInto(*out) + } + if in.PlatformLogsSettings != nil { + in, out := &in.PlatformLogsSettings, &out.PlatformLogsSettings + *out = new(PlatformLogsSettingsObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngestionDataSourceSettingsObservation. @@ -951,6 +1181,16 @@ func (in *IngestionDataSourceSettingsParameters) DeepCopyInto(out *IngestionData *out = new(AwsKinesisParameters) (*in).DeepCopyInto(*out) } + if in.CloudStorage != nil { + in, out := &in.CloudStorage, &out.CloudStorage + *out = new(CloudStorageParameters) + (*in).DeepCopyInto(*out) + } + if in.PlatformLogsSettings != nil { + in, out := &in.PlatformLogsSettings, &out.PlatformLogsSettings + *out = new(PlatformLogsSettingsParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngestionDataSourceSettingsParameters. @@ -1714,6 +1954,111 @@ func (in *PartitionConfigParameters) DeepCopy() *PartitionConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformLogsSettingsInitParameters) DeepCopyInto(out *PlatformLogsSettingsInitParameters) { + *out = *in + if in.Severity != nil { + in, out := &in.Severity, &out.Severity + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformLogsSettingsInitParameters. +func (in *PlatformLogsSettingsInitParameters) DeepCopy() *PlatformLogsSettingsInitParameters { + if in == nil { + return nil + } + out := new(PlatformLogsSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformLogsSettingsObservation) DeepCopyInto(out *PlatformLogsSettingsObservation) { + *out = *in + if in.Severity != nil { + in, out := &in.Severity, &out.Severity + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformLogsSettingsObservation. +func (in *PlatformLogsSettingsObservation) DeepCopy() *PlatformLogsSettingsObservation { + if in == nil { + return nil + } + out := new(PlatformLogsSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformLogsSettingsParameters) DeepCopyInto(out *PlatformLogsSettingsParameters) { + *out = *in + if in.Severity != nil { + in, out := &in.Severity, &out.Severity + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformLogsSettingsParameters. +func (in *PlatformLogsSettingsParameters) DeepCopy() *PlatformLogsSettingsParameters { + if in == nil { + return nil + } + out := new(PlatformLogsSettingsParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PubsubAvroFormatInitParameters) DeepCopyInto(out *PubsubAvroFormatInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PubsubAvroFormatInitParameters. +func (in *PubsubAvroFormatInitParameters) DeepCopy() *PubsubAvroFormatInitParameters { + if in == nil { + return nil + } + out := new(PubsubAvroFormatInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PubsubAvroFormatObservation) DeepCopyInto(out *PubsubAvroFormatObservation) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PubsubAvroFormatObservation. +func (in *PubsubAvroFormatObservation) DeepCopy() *PubsubAvroFormatObservation { + if in == nil { + return nil + } + out := new(PubsubAvroFormatObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PubsubAvroFormatParameters) DeepCopyInto(out *PubsubAvroFormatParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PubsubAvroFormatParameters. +func (in *PubsubAvroFormatParameters) DeepCopy() *PubsubAvroFormatParameters { + if in == nil { + return nil + } + out := new(PubsubAvroFormatParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PushConfigInitParameters) DeepCopyInto(out *PushConfigInitParameters) { *out = *in @@ -2855,6 +3200,66 @@ func (in *SubscriptionStatus) DeepCopy() *SubscriptionStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextFormatInitParameters) DeepCopyInto(out *TextFormatInitParameters) { + *out = *in + if in.Delimiter != nil { + in, out := &in.Delimiter, &out.Delimiter + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextFormatInitParameters. +func (in *TextFormatInitParameters) DeepCopy() *TextFormatInitParameters { + if in == nil { + return nil + } + out := new(TextFormatInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextFormatObservation) DeepCopyInto(out *TextFormatObservation) { + *out = *in + if in.Delimiter != nil { + in, out := &in.Delimiter, &out.Delimiter + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextFormatObservation. +func (in *TextFormatObservation) DeepCopy() *TextFormatObservation { + if in == nil { + return nil + } + out := new(TextFormatObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TextFormatParameters) DeepCopyInto(out *TextFormatParameters) { + *out = *in + if in.Delimiter != nil { + in, out := &in.Delimiter, &out.Delimiter + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextFormatParameters. +func (in *TextFormatParameters) DeepCopy() *TextFormatParameters { + if in == nil { + return nil + } + out := new(TextFormatParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Topic) DeepCopyInto(out *Topic) { *out = *in diff --git a/apis/pubsub/v1beta2/zz_subscription_types.go b/apis/pubsub/v1beta2/zz_subscription_types.go index c8d750903..e2f7226b2 100755 --- a/apis/pubsub/v1beta2/zz_subscription_types.go +++ b/apis/pubsub/v1beta2/zz_subscription_types.go @@ -15,6 +15,10 @@ import ( type AvroConfigInitParameters struct { + // When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + // Only one of use_topic_schema and use_table_schema can be set. + UseTopicSchema *bool `json:"useTopicSchema,omitempty" tf:"use_topic_schema,omitempty"` + // When true, writes the Pub/Sub message metadata to // x-goog-pubsub-: headers of the HTTP request. Writes the // Pub/Sub message attributes to : headers of the HTTP request. @@ -23,6 +27,10 @@ type AvroConfigInitParameters struct { type AvroConfigObservation struct { + // When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + // Only one of use_topic_schema and use_table_schema can be set. + UseTopicSchema *bool `json:"useTopicSchema,omitempty" tf:"use_topic_schema,omitempty"` + // When true, writes the Pub/Sub message metadata to // x-goog-pubsub-: headers of the HTTP request. Writes the // Pub/Sub message attributes to : headers of the HTTP request. @@ -31,6 +39,11 @@ type AvroConfigObservation struct { type AvroConfigParameters struct { + // When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + // Only one of use_topic_schema and use_table_schema can be set. + // +kubebuilder:validation:Optional + UseTopicSchema *bool `json:"useTopicSchema,omitempty" tf:"use_topic_schema,omitempty"` + // When true, writes the Pub/Sub message metadata to // x-goog-pubsub-: headers of the HTTP request. Writes the // Pub/Sub message attributes to : headers of the HTTP request. @@ -175,6 +188,9 @@ type CloudStorageConfigInitParameters struct { // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". MaxDuration *string `json:"maxDuration,omitempty" tf:"max_duration,omitempty"` + // The maximum messages that can be written to a Cloud Storage file before a new file is created. Min 1000 messages. + MaxMessages *float64 `json:"maxMessages,omitempty" tf:"max_messages,omitempty"` + // The service account to use to write to Cloud Storage. If not specified, the Pub/Sub // service agent, // service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com, is used. @@ -218,6 +234,9 @@ type CloudStorageConfigObservation struct { // A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". MaxDuration *string `json:"maxDuration,omitempty" tf:"max_duration,omitempty"` + // The maximum messages that can be written to a Cloud Storage file before a new file is created. Min 1000 messages. + MaxMessages *float64 `json:"maxMessages,omitempty" tf:"max_messages,omitempty"` + // The service account to use to write to Cloud Storage. If not specified, the Pub/Sub // service agent, // service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com, is used. @@ -262,6 +281,10 @@ type CloudStorageConfigParameters struct { // +kubebuilder:validation:Optional MaxDuration *string `json:"maxDuration,omitempty" tf:"max_duration,omitempty"` + // The maximum messages that can be written to a Cloud Storage file before a new file is created. Min 1000 messages. + // +kubebuilder:validation:Optional + MaxMessages *float64 `json:"maxMessages,omitempty" tf:"max_messages,omitempty"` + // The service account to use to write to Cloud Storage. If not specified, the Pub/Sub // service agent, // service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com, is used. @@ -707,7 +730,7 @@ type SubscriptionInitParameters struct { // retain_acked_messages is true, then this also configures the retention // of acknowledged messages, and thus configures how far back in time a // subscriptions.seek can be done. Defaults to 7 days. Cannot be more - // than 7 days ("604800s") or less than 10 minutes ("600s"). + // than 31 days ("2678400s") or less than 10 minutes ("600s"). // A duration in seconds with up to nine fractional digits, terminated // by 's'. Example: "600.5s". MessageRetentionDuration *string `json:"messageRetentionDuration,omitempty" tf:"message_retention_duration,omitempty"` @@ -831,7 +854,7 @@ type SubscriptionObservation struct { // retain_acked_messages is true, then this also configures the retention // of acknowledged messages, and thus configures how far back in time a // subscriptions.seek can be done. Defaults to 7 days. Cannot be more - // than 7 days ("604800s") or less than 10 minutes ("600s"). + // than 31 days ("2678400s") or less than 10 minutes ("600s"). // A duration in seconds with up to nine fractional digits, terminated // by 's'. Example: "600.5s". MessageRetentionDuration *string `json:"messageRetentionDuration,omitempty" tf:"message_retention_duration,omitempty"` @@ -953,7 +976,7 @@ type SubscriptionParameters struct { // retain_acked_messages is true, then this also configures the retention // of acknowledged messages, and thus configures how far back in time a // subscriptions.seek can be done. Defaults to 7 days. Cannot be more - // than 7 days ("604800s") or less than 10 minutes ("600s"). + // than 31 days ("2678400s") or less than 10 minutes ("600s"). // A duration in seconds with up to nine fractional digits, terminated // by 's'. Example: "600.5s". // +kubebuilder:validation:Optional diff --git a/apis/pubsub/v1beta2/zz_topic_types.go b/apis/pubsub/v1beta2/zz_topic_types.go index b51f5f472..b386e5cb2 100755 --- a/apis/pubsub/v1beta2/zz_topic_types.go +++ b/apis/pubsub/v1beta2/zz_topic_types.go @@ -13,6 +13,15 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AvroFormatInitParameters struct { +} + +type AvroFormatObservation struct { +} + +type AvroFormatParameters struct { +} + type AwsKinesisInitParameters struct { // AWS role ARN to be used for Federated Identity authentication with @@ -83,11 +92,128 @@ type AwsKinesisParameters struct { StreamArn *string `json:"streamArn" tf:"stream_arn,omitempty"` } +type CloudStorageInitParameters struct { + + // Configuration for reading Cloud Storage data in Avro binary format. The + // bytes of each object will be set to the data field of a Pub/Sub message. + AvroFormat *AvroFormatInitParameters `json:"avroFormat,omitempty" tf:"avro_format,omitempty"` + + // Cloud Storage bucket. The bucket name must be without any + // prefix like "gs://". See the bucket naming requirements: + // https://cloud.google.com/storage/docs/buckets#naming. + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // Glob pattern used to match objects that will be ingested. If unset, all + // objects will be ingested. See the supported patterns: + // https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob + MatchGlob *string `json:"matchGlob,omitempty" tf:"match_glob,omitempty"` + + // The timestamp set in RFC3339 text format. If set, only objects with a + // larger or equal timestamp will be ingested. Unset by default, meaning + // all objects will be ingested. + MinimumObjectCreateTime *string `json:"minimumObjectCreateTime,omitempty" tf:"minimum_object_create_time,omitempty"` + + // Configuration for reading Cloud Storage data written via Cloud Storage + // subscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The + // data and attributes fields of the originally exported Pub/Sub message + // will be restored when publishing. + PubsubAvroFormat *PubsubAvroFormatInitParameters `json:"pubsubAvroFormat,omitempty" tf:"pubsub_avro_format,omitempty"` + + // Configuration for reading Cloud Storage data in text format. Each line of + // text as specified by the delimiter will be set to the data field of a + // Pub/Sub message. + // Structure is documented below. + TextFormat *TextFormatInitParameters `json:"textFormat,omitempty" tf:"text_format,omitempty"` +} + +type CloudStorageObservation struct { + + // Configuration for reading Cloud Storage data in Avro binary format. The + // bytes of each object will be set to the data field of a Pub/Sub message. + AvroFormat *AvroFormatParameters `json:"avroFormat,omitempty" tf:"avro_format,omitempty"` + + // Cloud Storage bucket. The bucket name must be without any + // prefix like "gs://". See the bucket naming requirements: + // https://cloud.google.com/storage/docs/buckets#naming. + Bucket *string `json:"bucket,omitempty" tf:"bucket,omitempty"` + + // Glob pattern used to match objects that will be ingested. If unset, all + // objects will be ingested. See the supported patterns: + // https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob + MatchGlob *string `json:"matchGlob,omitempty" tf:"match_glob,omitempty"` + + // The timestamp set in RFC3339 text format. If set, only objects with a + // larger or equal timestamp will be ingested. Unset by default, meaning + // all objects will be ingested. + MinimumObjectCreateTime *string `json:"minimumObjectCreateTime,omitempty" tf:"minimum_object_create_time,omitempty"` + + // Configuration for reading Cloud Storage data written via Cloud Storage + // subscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The + // data and attributes fields of the originally exported Pub/Sub message + // will be restored when publishing. + PubsubAvroFormat *PubsubAvroFormatParameters `json:"pubsubAvroFormat,omitempty" tf:"pubsub_avro_format,omitempty"` + + // Configuration for reading Cloud Storage data in text format. Each line of + // text as specified by the delimiter will be set to the data field of a + // Pub/Sub message. + // Structure is documented below. + TextFormat *TextFormatObservation `json:"textFormat,omitempty" tf:"text_format,omitempty"` +} + +type CloudStorageParameters struct { + + // Configuration for reading Cloud Storage data in Avro binary format. The + // bytes of each object will be set to the data field of a Pub/Sub message. + // +kubebuilder:validation:Optional + AvroFormat *AvroFormatParameters `json:"avroFormat,omitempty" tf:"avro_format,omitempty"` + + // Cloud Storage bucket. The bucket name must be without any + // prefix like "gs://". See the bucket naming requirements: + // https://cloud.google.com/storage/docs/buckets#naming. + // +kubebuilder:validation:Optional + Bucket *string `json:"bucket" tf:"bucket,omitempty"` + + // Glob pattern used to match objects that will be ingested. If unset, all + // objects will be ingested. See the supported patterns: + // https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob + // +kubebuilder:validation:Optional + MatchGlob *string `json:"matchGlob,omitempty" tf:"match_glob,omitempty"` + + // The timestamp set in RFC3339 text format. If set, only objects with a + // larger or equal timestamp will be ingested. Unset by default, meaning + // all objects will be ingested. + // +kubebuilder:validation:Optional + MinimumObjectCreateTime *string `json:"minimumObjectCreateTime,omitempty" tf:"minimum_object_create_time,omitempty"` + + // Configuration for reading Cloud Storage data written via Cloud Storage + // subscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The + // data and attributes fields of the originally exported Pub/Sub message + // will be restored when publishing. + // +kubebuilder:validation:Optional + PubsubAvroFormat *PubsubAvroFormatParameters `json:"pubsubAvroFormat,omitempty" tf:"pubsub_avro_format,omitempty"` + + // Configuration for reading Cloud Storage data in text format. Each line of + // text as specified by the delimiter will be set to the data field of a + // Pub/Sub message. + // Structure is documented below. + // +kubebuilder:validation:Optional + TextFormat *TextFormatParameters `json:"textFormat,omitempty" tf:"text_format,omitempty"` +} + type IngestionDataSourceSettingsInitParameters struct { // Settings for ingestion from Amazon Kinesis Data Streams. // Structure is documented below. AwsKinesis *AwsKinesisInitParameters `json:"awsKinesis,omitempty" tf:"aws_kinesis,omitempty"` + + // Settings for ingestion from Cloud Storage. + // Structure is documented below. + CloudStorage *CloudStorageInitParameters `json:"cloudStorage,omitempty" tf:"cloud_storage,omitempty"` + + // Settings for Platform Logs regarding ingestion to Pub/Sub. If unset, + // no Platform Logs will be generated.' + // Structure is documented below. + PlatformLogsSettings *PlatformLogsSettingsInitParameters `json:"platformLogsSettings,omitempty" tf:"platform_logs_settings,omitempty"` } type IngestionDataSourceSettingsObservation struct { @@ -95,6 +221,15 @@ type IngestionDataSourceSettingsObservation struct { // Settings for ingestion from Amazon Kinesis Data Streams. // Structure is documented below. AwsKinesis *AwsKinesisObservation `json:"awsKinesis,omitempty" tf:"aws_kinesis,omitempty"` + + // Settings for ingestion from Cloud Storage. + // Structure is documented below. + CloudStorage *CloudStorageObservation `json:"cloudStorage,omitempty" tf:"cloud_storage,omitempty"` + + // Settings for Platform Logs regarding ingestion to Pub/Sub. If unset, + // no Platform Logs will be generated.' + // Structure is documented below. + PlatformLogsSettings *PlatformLogsSettingsObservation `json:"platformLogsSettings,omitempty" tf:"platform_logs_settings,omitempty"` } type IngestionDataSourceSettingsParameters struct { @@ -103,6 +238,17 @@ type IngestionDataSourceSettingsParameters struct { // Structure is documented below. // +kubebuilder:validation:Optional AwsKinesis *AwsKinesisParameters `json:"awsKinesis,omitempty" tf:"aws_kinesis,omitempty"` + + // Settings for ingestion from Cloud Storage. + // Structure is documented below. + // +kubebuilder:validation:Optional + CloudStorage *CloudStorageParameters `json:"cloudStorage,omitempty" tf:"cloud_storage,omitempty"` + + // Settings for Platform Logs regarding ingestion to Pub/Sub. If unset, + // no Platform Logs will be generated.' + // Structure is documented below. + // +kubebuilder:validation:Optional + PlatformLogsSettings *PlatformLogsSettingsParameters `json:"platformLogsSettings,omitempty" tf:"platform_logs_settings,omitempty"` } type MessageStoragePolicyInitParameters struct { @@ -139,6 +285,43 @@ type MessageStoragePolicyParameters struct { AllowedPersistenceRegions []*string `json:"allowedPersistenceRegions" tf:"allowed_persistence_regions,omitempty"` } +type PlatformLogsSettingsInitParameters struct { + + // The minimum severity level of Platform Logs that will be written. If unspecified, + // no Platform Logs will be written. + // Default value is SEVERITY_UNSPECIFIED. + // Possible values are: SEVERITY_UNSPECIFIED, DISABLED, DEBUG, INFO, WARNING, ERROR. + Severity *string `json:"severity,omitempty" tf:"severity,omitempty"` +} + +type PlatformLogsSettingsObservation struct { + + // The minimum severity level of Platform Logs that will be written. If unspecified, + // no Platform Logs will be written. + // Default value is SEVERITY_UNSPECIFIED. + // Possible values are: SEVERITY_UNSPECIFIED, DISABLED, DEBUG, INFO, WARNING, ERROR. + Severity *string `json:"severity,omitempty" tf:"severity,omitempty"` +} + +type PlatformLogsSettingsParameters struct { + + // The minimum severity level of Platform Logs that will be written. If unspecified, + // no Platform Logs will be written. + // Default value is SEVERITY_UNSPECIFIED. + // Possible values are: SEVERITY_UNSPECIFIED, DISABLED, DEBUG, INFO, WARNING, ERROR. + // +kubebuilder:validation:Optional + Severity *string `json:"severity,omitempty" tf:"severity,omitempty"` +} + +type PubsubAvroFormatInitParameters struct { +} + +type PubsubAvroFormatObservation struct { +} + +type PubsubAvroFormatParameters struct { +} + type SchemaSettingsInitParameters struct { // The encoding of messages validated against schema. @@ -183,6 +366,31 @@ type SchemaSettingsParameters struct { Schema *string `json:"schema" tf:"schema,omitempty"` } +type TextFormatInitParameters struct { + + // The delimiter to use when using the 'text' format. Each line of text as + // specified by the delimiter will be set to the 'data' field of a Pub/Sub + // message. When unset, '\n' is used. + Delimiter *string `json:"delimiter,omitempty" tf:"delimiter,omitempty"` +} + +type TextFormatObservation struct { + + // The delimiter to use when using the 'text' format. Each line of text as + // specified by the delimiter will be set to the 'data' field of a Pub/Sub + // message. When unset, '\n' is used. + Delimiter *string `json:"delimiter,omitempty" tf:"delimiter,omitempty"` +} + +type TextFormatParameters struct { + + // The delimiter to use when using the 'text' format. Each line of text as + // specified by the delimiter will be set to the 'data' field of a Pub/Sub + // message. When unset, '\n' is used. + // +kubebuilder:validation:Optional + Delimiter *string `json:"delimiter,omitempty" tf:"delimiter,omitempty"` +} + type TopicInitParameters struct { // Settings for ingestion from a data source into this topic. diff --git a/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml b/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml index fa3acff02..ce0896b59 100644 --- a/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml +++ b/package/crds/pubsub.gcp.upbound.io_subscriptions.yaml @@ -1791,6 +1791,11 @@ spec: If set, message data will be written to Cloud Storage in Avro format. Structure is documented below. properties: + useTopicSchema: + description: |- + When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + Only one of use_topic_schema and use_table_schema can be set. + type: boolean writeMetadata: description: |- When true, writes the Pub/Sub message metadata to @@ -1825,6 +1830,11 @@ spec: May not exceed the subscription's acknowledgement deadline. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". type: string + maxMessages: + description: The maximum messages that can be written to a + Cloud Storage file before a new file is created. Min 1000 + messages. + type: number serviceAccountEmail: description: |- The service account to use to write to Cloud Storage. If not specified, the Pub/Sub @@ -2069,7 +2079,7 @@ spec: retain_acked_messages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ("604800s") or less than 10 minutes ("600s"). + than 31 days ("2678400s") or less than 10 minutes ("600s"). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "600.5s". type: string @@ -2414,6 +2424,11 @@ spec: If set, message data will be written to Cloud Storage in Avro format. Structure is documented below. properties: + useTopicSchema: + description: |- + When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + Only one of use_topic_schema and use_table_schema can be set. + type: boolean writeMetadata: description: |- When true, writes the Pub/Sub message metadata to @@ -2448,6 +2463,11 @@ spec: May not exceed the subscription's acknowledgement deadline. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". type: string + maxMessages: + description: The maximum messages that can be written to a + Cloud Storage file before a new file is created. Min 1000 + messages. + type: number serviceAccountEmail: description: |- The service account to use to write to Cloud Storage. If not specified, the Pub/Sub @@ -2692,7 +2712,7 @@ spec: retain_acked_messages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ("604800s") or less than 10 minutes ("600s"). + than 31 days ("2678400s") or less than 10 minutes ("600s"). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "600.5s". type: string @@ -3120,6 +3140,11 @@ spec: If set, message data will be written to Cloud Storage in Avro format. Structure is documented below. properties: + useTopicSchema: + description: |- + When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + Only one of use_topic_schema and use_table_schema can be set. + type: boolean writeMetadata: description: |- When true, writes the Pub/Sub message metadata to @@ -3154,6 +3179,11 @@ spec: May not exceed the subscription's acknowledgement deadline. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". type: string + maxMessages: + description: The maximum messages that can be written to a + Cloud Storage file before a new file is created. Min 1000 + messages. + type: number serviceAccountEmail: description: |- The service account to use to write to Cloud Storage. If not specified, the Pub/Sub @@ -3262,7 +3292,7 @@ spec: retain_acked_messages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ("604800s") or less than 10 minutes ("600s"). + than 31 days ("2678400s") or less than 10 minutes ("600s"). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "600.5s". type: string diff --git a/package/crds/pubsub.gcp.upbound.io_topics.yaml b/package/crds/pubsub.gcp.upbound.io_topics.yaml index 68a25f884..7e80adf03 100644 --- a/package/crds/pubsub.gcp.upbound.io_topics.yaml +++ b/package/crds/pubsub.gcp.upbound.io_topics.yaml @@ -911,6 +911,70 @@ spec: description: The Kinesis stream ARN to ingest data from. type: string type: object + cloudStorage: + description: |- + Settings for ingestion from Cloud Storage. + Structure is documented below. + properties: + avroFormat: + description: |- + Configuration for reading Cloud Storage data in Avro binary format. The + bytes of each object will be set to the data field of a Pub/Sub message. + type: object + bucket: + description: |- + Cloud Storage bucket. The bucket name must be without any + prefix like "gs://". See the bucket naming requirements: + https://cloud.google.com/storage/docs/buckets#naming. + type: string + matchGlob: + description: |- + Glob pattern used to match objects that will be ingested. If unset, all + objects will be ingested. See the supported patterns: + https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob + type: string + minimumObjectCreateTime: + description: |- + The timestamp set in RFC3339 text format. If set, only objects with a + larger or equal timestamp will be ingested. Unset by default, meaning + all objects will be ingested. + type: string + pubsubAvroFormat: + description: |- + Configuration for reading Cloud Storage data written via Cloud Storage + subscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The + data and attributes fields of the originally exported Pub/Sub message + will be restored when publishing. + type: object + textFormat: + description: |- + Configuration for reading Cloud Storage data in text format. Each line of + text as specified by the delimiter will be set to the data field of a + Pub/Sub message. + Structure is documented below. + properties: + delimiter: + description: |- + The delimiter to use when using the 'text' format. Each line of text as + specified by the delimiter will be set to the 'data' field of a Pub/Sub + message. When unset, '\n' is used. + type: string + type: object + type: object + platformLogsSettings: + description: |- + Settings for Platform Logs regarding ingestion to Pub/Sub. If unset, + no Platform Logs will be generated.' + Structure is documented below. + properties: + severity: + description: |- + The minimum severity level of Platform Logs that will be written. If unspecified, + no Platform Logs will be written. + Default value is SEVERITY_UNSPECIFIED. + Possible values are: SEVERITY_UNSPECIFIED, DISABLED, DEBUG, INFO, WARNING, ERROR. + type: string + type: object type: object kmsKeyName: description: |- @@ -1102,6 +1166,70 @@ spec: description: The Kinesis stream ARN to ingest data from. type: string type: object + cloudStorage: + description: |- + Settings for ingestion from Cloud Storage. + Structure is documented below. + properties: + avroFormat: + description: |- + Configuration for reading Cloud Storage data in Avro binary format. The + bytes of each object will be set to the data field of a Pub/Sub message. + type: object + bucket: + description: |- + Cloud Storage bucket. The bucket name must be without any + prefix like "gs://". See the bucket naming requirements: + https://cloud.google.com/storage/docs/buckets#naming. + type: string + matchGlob: + description: |- + Glob pattern used to match objects that will be ingested. If unset, all + objects will be ingested. See the supported patterns: + https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob + type: string + minimumObjectCreateTime: + description: |- + The timestamp set in RFC3339 text format. If set, only objects with a + larger or equal timestamp will be ingested. Unset by default, meaning + all objects will be ingested. + type: string + pubsubAvroFormat: + description: |- + Configuration for reading Cloud Storage data written via Cloud Storage + subscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The + data and attributes fields of the originally exported Pub/Sub message + will be restored when publishing. + type: object + textFormat: + description: |- + Configuration for reading Cloud Storage data in text format. Each line of + text as specified by the delimiter will be set to the data field of a + Pub/Sub message. + Structure is documented below. + properties: + delimiter: + description: |- + The delimiter to use when using the 'text' format. Each line of text as + specified by the delimiter will be set to the 'data' field of a Pub/Sub + message. When unset, '\n' is used. + type: string + type: object + type: object + platformLogsSettings: + description: |- + Settings for Platform Logs regarding ingestion to Pub/Sub. If unset, + no Platform Logs will be generated.' + Structure is documented below. + properties: + severity: + description: |- + The minimum severity level of Platform Logs that will be written. If unspecified, + no Platform Logs will be written. + Default value is SEVERITY_UNSPECIFIED. + Possible values are: SEVERITY_UNSPECIFIED, DISABLED, DEBUG, INFO, WARNING, ERROR. + type: string + type: object type: object kmsKeyName: description: |- @@ -1461,6 +1589,70 @@ spec: description: The Kinesis stream ARN to ingest data from. type: string type: object + cloudStorage: + description: |- + Settings for ingestion from Cloud Storage. + Structure is documented below. + properties: + avroFormat: + description: |- + Configuration for reading Cloud Storage data in Avro binary format. The + bytes of each object will be set to the data field of a Pub/Sub message. + type: object + bucket: + description: |- + Cloud Storage bucket. The bucket name must be without any + prefix like "gs://". See the bucket naming requirements: + https://cloud.google.com/storage/docs/buckets#naming. + type: string + matchGlob: + description: |- + Glob pattern used to match objects that will be ingested. If unset, all + objects will be ingested. See the supported patterns: + https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob + type: string + minimumObjectCreateTime: + description: |- + The timestamp set in RFC3339 text format. If set, only objects with a + larger or equal timestamp will be ingested. Unset by default, meaning + all objects will be ingested. + type: string + pubsubAvroFormat: + description: |- + Configuration for reading Cloud Storage data written via Cloud Storage + subscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The + data and attributes fields of the originally exported Pub/Sub message + will be restored when publishing. + type: object + textFormat: + description: |- + Configuration for reading Cloud Storage data in text format. Each line of + text as specified by the delimiter will be set to the data field of a + Pub/Sub message. + Structure is documented below. + properties: + delimiter: + description: |- + The delimiter to use when using the 'text' format. Each line of text as + specified by the delimiter will be set to the 'data' field of a Pub/Sub + message. When unset, '\n' is used. + type: string + type: object + type: object + platformLogsSettings: + description: |- + Settings for Platform Logs regarding ingestion to Pub/Sub. If unset, + no Platform Logs will be generated.' + Structure is documented below. + properties: + severity: + description: |- + The minimum severity level of Platform Logs that will be written. If unspecified, + no Platform Logs will be written. + Default value is SEVERITY_UNSPECIFIED. + Possible values are: SEVERITY_UNSPECIFIED, DISABLED, DEBUG, INFO, WARNING, ERROR. + type: string + type: object type: object kmsKeyName: description: |- From 37f13ad84bfe8885c931a8c87cdccfc5bc35b088 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 19:14:42 +0100 Subject: [PATCH 43/47] sourcerepo: add createIgnoreAlreadyExists to repository Signed-off-by: Rickard von Essen --- apis/sourcerepo/v1beta1/zz_generated.deepcopy.go | 15 +++++++++++++++ apis/sourcerepo/v1beta1/zz_repository_types.go | 10 ++++++++++ .../sourcerepo.gcp.upbound.io_repositories.yaml | 12 ++++++++++++ 3 files changed, 37 insertions(+) diff --git a/apis/sourcerepo/v1beta1/zz_generated.deepcopy.go b/apis/sourcerepo/v1beta1/zz_generated.deepcopy.go index 14cbe8d80..4d41adc7f 100644 --- a/apis/sourcerepo/v1beta1/zz_generated.deepcopy.go +++ b/apis/sourcerepo/v1beta1/zz_generated.deepcopy.go @@ -513,6 +513,11 @@ func (in *RepositoryIAMMemberStatus) DeepCopy() *RepositoryIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepositoryInitParameters) DeepCopyInto(out *RepositoryInitParameters) { *out = *in + if in.CreateIgnoreAlreadyExists != nil { + in, out := &in.CreateIgnoreAlreadyExists, &out.CreateIgnoreAlreadyExists + *out = new(bool) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -572,6 +577,11 @@ func (in *RepositoryList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepositoryObservation) DeepCopyInto(out *RepositoryObservation) { *out = *in + if in.CreateIgnoreAlreadyExists != nil { + in, out := &in.CreateIgnoreAlreadyExists, &out.CreateIgnoreAlreadyExists + *out = new(bool) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -614,6 +624,11 @@ func (in *RepositoryObservation) DeepCopy() *RepositoryObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepositoryParameters) DeepCopyInto(out *RepositoryParameters) { *out = *in + if in.CreateIgnoreAlreadyExists != nil { + in, out := &in.CreateIgnoreAlreadyExists, &out.CreateIgnoreAlreadyExists + *out = new(bool) + **out = **in + } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) diff --git a/apis/sourcerepo/v1beta1/zz_repository_types.go b/apis/sourcerepo/v1beta1/zz_repository_types.go index f46b08cca..42b895ede 100755 --- a/apis/sourcerepo/v1beta1/zz_repository_types.go +++ b/apis/sourcerepo/v1beta1/zz_repository_types.go @@ -103,6 +103,9 @@ type PubsubConfigsParameters struct { type RepositoryInitParameters struct { + // If set to true, skip repository creation if a repository with the same name already exists. + CreateIgnoreAlreadyExists *bool `json:"createIgnoreAlreadyExists,omitempty" tf:"create_ignore_already_exists,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -115,6 +118,9 @@ type RepositoryInitParameters struct { type RepositoryObservation struct { + // If set to true, skip repository creation if a repository with the same name already exists. + CreateIgnoreAlreadyExists *bool `json:"createIgnoreAlreadyExists,omitempty" tf:"create_ignore_already_exists,omitempty"` + // an identifier for the resource with format projects/{{project}}/repos/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -136,6 +142,10 @@ type RepositoryObservation struct { type RepositoryParameters struct { + // If set to true, skip repository creation if a repository with the same name already exists. + // +kubebuilder:validation:Optional + CreateIgnoreAlreadyExists *bool `json:"createIgnoreAlreadyExists,omitempty" tf:"create_ignore_already_exists,omitempty"` + // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional diff --git a/package/crds/sourcerepo.gcp.upbound.io_repositories.yaml b/package/crds/sourcerepo.gcp.upbound.io_repositories.yaml index f51e6e50c..cdb85869e 100644 --- a/package/crds/sourcerepo.gcp.upbound.io_repositories.yaml +++ b/package/crds/sourcerepo.gcp.upbound.io_repositories.yaml @@ -73,6 +73,10 @@ spec: type: string forProvider: properties: + createIgnoreAlreadyExists: + description: If set to true, skip repository creation if a repository + with the same name already exists. + type: boolean project: description: |- The ID of the project in which the resource belongs. @@ -267,6 +271,10 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + createIgnoreAlreadyExists: + description: If set to true, skip repository creation if a repository + with the same name already exists. + type: boolean project: description: |- The ID of the project in which the resource belongs. @@ -620,6 +628,10 @@ spec: properties: atProvider: properties: + createIgnoreAlreadyExists: + description: If set to true, skip repository creation if a repository + with the same name already exists. + type: boolean id: description: an identifier for the resource with format projects/{{project}}/repos/{{name}} type: string From 1ff0ed18c8d62f90a8dfeac608935a77a9ad7ba4 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 19:19:02 +0100 Subject: [PATCH 44/47] storage: multiple changes Signed-off-by: Rickard von Essen --- apis/storage/v1beta2/zz_bucket_terraformed.go | 2 +- apis/storage/v1beta2/zz_bucket_types.go | 45 +++++++--- apis/storage/v1beta2/zz_generated.deepcopy.go | 90 +++++++++++++++---- .../crds/storage.gcp.upbound.io_buckets.yaml | 81 ++++++++--------- provider-gcp-storage.yaml | 34 +++++++ 5 files changed, 181 insertions(+), 71 deletions(-) create mode 100644 provider-gcp-storage.yaml diff --git a/apis/storage/v1beta2/zz_bucket_terraformed.go b/apis/storage/v1beta2/zz_bucket_terraformed.go index 9e8b5d9ae..4c7cdd648 100755 --- a/apis/storage/v1beta2/zz_bucket_terraformed.go +++ b/apis/storage/v1beta2/zz_bucket_terraformed.go @@ -125,5 +125,5 @@ func (tr *Bucket) LateInitialize(attrs []byte) (bool, error) { // GetTerraformSchemaVersion returns the associated Terraform schema version func (tr *Bucket) GetTerraformSchemaVersion() int { - return 2 + return 3 } diff --git a/apis/storage/v1beta2/zz_bucket_types.go b/apis/storage/v1beta2/zz_bucket_types.go index 42d6c009a..b906deeeb 100755 --- a/apis/storage/v1beta2/zz_bucket_types.go +++ b/apis/storage/v1beta2/zz_bucket_types.go @@ -95,6 +95,9 @@ type BucketInitParameters struct { // boolean option will delete all contained objects. ForceDestroy *bool `json:"forceDestroy,omitempty" tf:"force_destroy,omitempty"` + // The bucket's hierarchical namespace policy, which defines the bucket capability to handle folders in logical structure. Structure is documented below. To use this configuration, uniform_bucket_level_access must be enabled on bucket. + HierarchicalNamespace *HierarchicalNamespaceInitParameters `json:"hierarchicalNamespace,omitempty" tf:"hierarchical_namespace,omitempty"` + // A map of key/value label pairs to assign to the bucket. // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` @@ -168,6 +171,9 @@ type BucketObservation struct { // boolean option will delete all contained objects. ForceDestroy *bool `json:"forceDestroy,omitempty" tf:"force_destroy,omitempty"` + // The bucket's hierarchical namespace policy, which defines the bucket capability to handle folders in logical structure. Structure is documented below. To use this configuration, uniform_bucket_level_access must be enabled on bucket. + HierarchicalNamespace *HierarchicalNamespaceObservation `json:"hierarchicalNamespace,omitempty" tf:"hierarchical_namespace,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` // A map of key/value label pairs to assign to the bucket. @@ -258,6 +264,10 @@ type BucketParameters struct { // +kubebuilder:validation:Optional ForceDestroy *bool `json:"forceDestroy,omitempty" tf:"force_destroy,omitempty"` + // The bucket's hierarchical namespace policy, which defines the bucket capability to handle folders in logical structure. Structure is documented below. To use this configuration, uniform_bucket_level_access must be enabled on bucket. + // +kubebuilder:validation:Optional + HierarchicalNamespace *HierarchicalNamespaceParameters `json:"hierarchicalNamespace,omitempty" tf:"hierarchical_namespace,omitempty"` + // A map of key/value label pairs to assign to the bucket. // +kubebuilder:validation:Optional // +mapType=granular @@ -319,7 +329,7 @@ type BucketParameters struct { type ConditionInitParameters struct { - // Minimum age of an object in days to satisfy this condition. If not supplied alongside another condition and without setting no_age to true, a default age of 0 will be set. + // Minimum age of an object in days to satisfy this condition. Note To set 0 value of age, send_age_if_zero should be set true otherwise 0 value of age field will be ignored. Age *float64 `json:"age,omitempty" tf:"age,omitempty"` // A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when an object is created before midnight of the specified date in UTC. @@ -343,9 +353,6 @@ type ConditionInitParameters struct { // One or more matching name suffixes to satisfy this condition. MatchesSuffix []*string `json:"matchesSuffix,omitempty" tf:"matches_suffix,omitempty"` - // While set true, age value will be omitted from requests. This prevents a default age of 0 from being applied, and if you do not have an age value set, setting this to true is strongly recommended. When unset and other conditions are set to zero values, this can result in a rule that applies your action to all files in the bucket. no_age is deprecated and will be removed in a future major release. Use send_age_if_zero instead. - NoAge *bool `json:"noAge,omitempty" tf:"no_age,omitempty"` - // Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent. When set to 0 it will be ignored, and your state will treat it as though you supplied no noncurrent_time_before condition. NoncurrentTimeBefore *string `json:"noncurrentTimeBefore,omitempty" tf:"noncurrent_time_before,omitempty"` @@ -370,7 +377,7 @@ type ConditionInitParameters struct { type ConditionObservation struct { - // Minimum age of an object in days to satisfy this condition. If not supplied alongside another condition and without setting no_age to true, a default age of 0 will be set. + // Minimum age of an object in days to satisfy this condition. Note To set 0 value of age, send_age_if_zero should be set true otherwise 0 value of age field will be ignored. Age *float64 `json:"age,omitempty" tf:"age,omitempty"` // A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when an object is created before midnight of the specified date in UTC. @@ -394,9 +401,6 @@ type ConditionObservation struct { // One or more matching name suffixes to satisfy this condition. MatchesSuffix []*string `json:"matchesSuffix,omitempty" tf:"matches_suffix,omitempty"` - // While set true, age value will be omitted from requests. This prevents a default age of 0 from being applied, and if you do not have an age value set, setting this to true is strongly recommended. When unset and other conditions are set to zero values, this can result in a rule that applies your action to all files in the bucket. no_age is deprecated and will be removed in a future major release. Use send_age_if_zero instead. - NoAge *bool `json:"noAge,omitempty" tf:"no_age,omitempty"` - // Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent. When set to 0 it will be ignored, and your state will treat it as though you supplied no noncurrent_time_before condition. NoncurrentTimeBefore *string `json:"noncurrentTimeBefore,omitempty" tf:"noncurrent_time_before,omitempty"` @@ -421,7 +425,7 @@ type ConditionObservation struct { type ConditionParameters struct { - // Minimum age of an object in days to satisfy this condition. If not supplied alongside another condition and without setting no_age to true, a default age of 0 will be set. + // Minimum age of an object in days to satisfy this condition. Note To set 0 value of age, send_age_if_zero should be set true otherwise 0 value of age field will be ignored. // +kubebuilder:validation:Optional Age *float64 `json:"age,omitempty" tf:"age,omitempty"` @@ -453,10 +457,6 @@ type ConditionParameters struct { // +kubebuilder:validation:Optional MatchesSuffix []*string `json:"matchesSuffix,omitempty" tf:"matches_suffix,omitempty"` - // While set true, age value will be omitted from requests. This prevents a default age of 0 from being applied, and if you do not have an age value set, setting this to true is strongly recommended. When unset and other conditions are set to zero values, this can result in a rule that applies your action to all files in the bucket. no_age is deprecated and will be removed in a future major release. Use send_age_if_zero instead. - // +kubebuilder:validation:Optional - NoAge *bool `json:"noAge,omitempty" tf:"no_age,omitempty"` - // Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent. When set to 0 it will be ignored, and your state will treat it as though you supplied no noncurrent_time_before condition. // +kubebuilder:validation:Optional NoncurrentTimeBefore *string `json:"noncurrentTimeBefore,omitempty" tf:"noncurrent_time_before,omitempty"` @@ -582,6 +582,25 @@ type EncryptionParameters struct { DefaultKMSKeyName *string `json:"defaultKmsKeyName" tf:"default_kms_key_name,omitempty"` } +type HierarchicalNamespaceInitParameters struct { + + // Enables hierarchical namespace for the bucket. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type HierarchicalNamespaceObservation struct { + + // Enables hierarchical namespace for the bucket. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type HierarchicalNamespaceParameters struct { + + // Enables hierarchical namespace for the bucket. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type LifecycleRuleInitParameters struct { // The Lifecycle Rule's action configuration. A single block of this type is supported. Structure is documented below. diff --git a/apis/storage/v1beta2/zz_generated.deepcopy.go b/apis/storage/v1beta2/zz_generated.deepcopy.go index eeca91970..c669d7612 100644 --- a/apis/storage/v1beta2/zz_generated.deepcopy.go +++ b/apis/storage/v1beta2/zz_generated.deepcopy.go @@ -549,6 +549,11 @@ func (in *BucketInitParameters) DeepCopyInto(out *BucketInitParameters) { *out = new(bool) **out = **in } + if in.HierarchicalNamespace != nil { + in, out := &in.HierarchicalNamespace, &out.HierarchicalNamespace + *out = new(HierarchicalNamespaceInitParameters) + (*in).DeepCopyInto(*out) + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -1214,6 +1219,11 @@ func (in *BucketObservation) DeepCopyInto(out *BucketObservation) { *out = new(bool) **out = **in } + if in.HierarchicalNamespace != nil { + in, out := &in.HierarchicalNamespace, &out.HierarchicalNamespace + *out = new(HierarchicalNamespaceObservation) + (*in).DeepCopyInto(*out) + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -1385,6 +1395,11 @@ func (in *BucketParameters) DeepCopyInto(out *BucketParameters) { *out = new(bool) **out = **in } + if in.HierarchicalNamespace != nil { + in, out := &in.HierarchicalNamespace, &out.HierarchicalNamespace + *out = new(HierarchicalNamespaceParameters) + (*in).DeepCopyInto(*out) + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -1576,11 +1591,6 @@ func (in *ConditionInitParameters) DeepCopyInto(out *ConditionInitParameters) { } } } - if in.NoAge != nil { - in, out := &in.NoAge, &out.NoAge - *out = new(bool) - **out = **in - } if in.NoncurrentTimeBefore != nil { in, out := &in.NoncurrentTimeBefore, &out.NoncurrentTimeBefore *out = new(string) @@ -1689,11 +1699,6 @@ func (in *ConditionObservation) DeepCopyInto(out *ConditionObservation) { } } } - if in.NoAge != nil { - in, out := &in.NoAge, &out.NoAge - *out = new(bool) - **out = **in - } if in.NoncurrentTimeBefore != nil { in, out := &in.NoncurrentTimeBefore, &out.NoncurrentTimeBefore *out = new(string) @@ -1802,11 +1807,6 @@ func (in *ConditionParameters) DeepCopyInto(out *ConditionParameters) { } } } - if in.NoAge != nil { - in, out := &in.NoAge, &out.NoAge - *out = new(bool) - **out = **in - } if in.NoncurrentTimeBefore != nil { in, out := &in.NoncurrentTimeBefore, &out.NoncurrentTimeBefore *out = new(string) @@ -2213,6 +2213,66 @@ func (in *EncryptionParameters) DeepCopy() *EncryptionParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HierarchicalNamespaceInitParameters) DeepCopyInto(out *HierarchicalNamespaceInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HierarchicalNamespaceInitParameters. +func (in *HierarchicalNamespaceInitParameters) DeepCopy() *HierarchicalNamespaceInitParameters { + if in == nil { + return nil + } + out := new(HierarchicalNamespaceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HierarchicalNamespaceObservation) DeepCopyInto(out *HierarchicalNamespaceObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HierarchicalNamespaceObservation. +func (in *HierarchicalNamespaceObservation) DeepCopy() *HierarchicalNamespaceObservation { + if in == nil { + return nil + } + out := new(HierarchicalNamespaceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HierarchicalNamespaceParameters) DeepCopyInto(out *HierarchicalNamespaceParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HierarchicalNamespaceParameters. +func (in *HierarchicalNamespaceParameters) DeepCopy() *HierarchicalNamespaceParameters { + if in == nil { + return nil + } + out := new(HierarchicalNamespaceParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LifecycleRuleInitParameters) DeepCopyInto(out *LifecycleRuleInitParameters) { *out = *in diff --git a/package/crds/storage.gcp.upbound.io_buckets.yaml b/package/crds/storage.gcp.upbound.io_buckets.yaml index 819343ff9..48b77f088 100644 --- a/package/crds/storage.gcp.upbound.io_buckets.yaml +++ b/package/crds/storage.gcp.upbound.io_buckets.yaml @@ -1529,6 +1529,16 @@ spec: When deleting a bucket, this boolean option will delete all contained objects. type: boolean + hierarchicalNamespace: + description: The bucket's hierarchical namespace policy, which + defines the bucket capability to handle folders in logical structure. + Structure is documented below. To use this configuration, uniform_bucket_level_access + must be enabled on bucket. + properties: + enabled: + description: Enables hierarchical namespace for the bucket. + type: boolean + type: object labels: additionalProperties: type: string @@ -1563,9 +1573,9 @@ spec: properties: age: description: Minimum age of an object in days to satisfy - this condition. If not supplied alongside another - condition and without setting no_age to true, a default - age of 0 will be set. + this condition. Note To set 0 value of age, send_age_if_zero + should be set true otherwise 0 value of age field + will be ignored. type: number createdBefore: description: A date in the RFC 3339 format YYYY-MM-DD. @@ -1612,17 +1622,6 @@ spec: items: type: string type: array - noAge: - description: While set true, age value will be omitted - from requests. This prevents a default age of 0 from - being applied, and if you do not have an age value - set, setting this to true is strongly recommended. - When unset and other conditions are set to zero values, - this can result in a rule that applies your action - to all files in the bucket. no_age is deprecated and - will be removed in a future major release. Use send_age_if_zero - instead. - type: boolean noncurrentTimeBefore: description: Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object @@ -1880,6 +1879,16 @@ spec: When deleting a bucket, this boolean option will delete all contained objects. type: boolean + hierarchicalNamespace: + description: The bucket's hierarchical namespace policy, which + defines the bucket capability to handle folders in logical structure. + Structure is documented below. To use this configuration, uniform_bucket_level_access + must be enabled on bucket. + properties: + enabled: + description: Enables hierarchical namespace for the bucket. + type: boolean + type: object labels: additionalProperties: type: string @@ -1914,9 +1923,9 @@ spec: properties: age: description: Minimum age of an object in days to satisfy - this condition. If not supplied alongside another - condition and without setting no_age to true, a default - age of 0 will be set. + this condition. Note To set 0 value of age, send_age_if_zero + should be set true otherwise 0 value of age field + will be ignored. type: number createdBefore: description: A date in the RFC 3339 format YYYY-MM-DD. @@ -1963,17 +1972,6 @@ spec: items: type: string type: array - noAge: - description: While set true, age value will be omitted - from requests. This prevents a default age of 0 from - being applied, and if you do not have an age value - set, setting this to true is strongly recommended. - When unset and other conditions are set to zero values, - this can result in a rule that applies your action - to all files in the bucket. no_age is deprecated and - will be removed in a future major release. Use send_age_if_zero - instead. - type: boolean noncurrentTimeBefore: description: Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object @@ -2401,6 +2399,16 @@ spec: When deleting a bucket, this boolean option will delete all contained objects. type: boolean + hierarchicalNamespace: + description: The bucket's hierarchical namespace policy, which + defines the bucket capability to handle folders in logical structure. + Structure is documented below. To use this configuration, uniform_bucket_level_access + must be enabled on bucket. + properties: + enabled: + description: Enables hierarchical namespace for the bucket. + type: boolean + type: object id: type: string labels: @@ -2437,9 +2445,9 @@ spec: properties: age: description: Minimum age of an object in days to satisfy - this condition. If not supplied alongside another - condition and without setting no_age to true, a default - age of 0 will be set. + this condition. Note To set 0 value of age, send_age_if_zero + should be set true otherwise 0 value of age field + will be ignored. type: number createdBefore: description: A date in the RFC 3339 format YYYY-MM-DD. @@ -2486,17 +2494,6 @@ spec: items: type: string type: array - noAge: - description: While set true, age value will be omitted - from requests. This prevents a default age of 0 from - being applied, and if you do not have an age value - set, setting this to true is strongly recommended. - When unset and other conditions are set to zero values, - this can result in a rule that applies your action - to all files in the bucket. no_age is deprecated and - will be removed in a future major release. Use send_age_if_zero - instead. - type: boolean noncurrentTimeBefore: description: Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object diff --git a/provider-gcp-storage.yaml b/provider-gcp-storage.yaml new file mode 100644 index 000000000..df344c355 --- /dev/null +++ b/provider-gcp-storage.yaml @@ -0,0 +1,34 @@ +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"pkg.crossplane.io/v1","kind":"Provider","metadata":{"annotations":{},"name":"provider-gcp-storage"},"spec":{"package":"xpkg.upbound.io/upbound/provider-gcp-storage:v0.41.0"}} + creationTimestamp: "2024-09-12T09:04:05Z" + generation: 1 + name: provider-gcp-storage + resourceVersion: "7130" + uid: 401591d8-e4de-4be6-a9d8-578fe8b75dfe +spec: + ignoreCrossplaneConstraints: false + package: xpkg.upbound.io/upbound/provider-gcp-storage:v0.41.0 + packagePullPolicy: IfNotPresent + revisionActivationPolicy: Automatic + revisionHistoryLimit: 1 + runtimeConfigRef: + apiVersion: pkg.crossplane.io/v1beta1 + kind: DeploymentRuntimeConfig + name: default + skipDependencyResolution: false +status: + conditions: + - lastTransitionTime: "2024-09-12T09:04:22Z" + reason: HealthyPackageRevision + status: "True" + type: Healthy + - lastTransitionTime: "2024-09-12T09:04:05Z" + reason: ActivePackageRevision + status: "True" + type: Installed + currentIdentifier: xpkg.upbound.io/upbound/provider-gcp-storage:v0.41.0 + currentRevision: provider-gcp-storage-70a994bdf770 From 8f033014b3cc0c50497524a2fcd7c12326091d60 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 19:52:54 +0100 Subject: [PATCH 45/47] Commited generated schema and metadata Signed-off-by: Rickard von Essen --- config/provider-metadata.yaml | 26359 +++++++++++++++++++++++++++++--- config/schema.json | 2 +- 2 files changed, 23996 insertions(+), 2365 deletions(-) diff --git a/config/provider-metadata.yaml b/config/provider-metadata.yaml index ebd61c5dd..5cd65765b 100644 --- a/config/provider-metadata.yaml +++ b/config/provider-metadata.yaml @@ -306,7 +306,7 @@ resources: vpc_network_sources.vpc_subnetwork.vpc_ip_subnetworks: |- - (Optional) - CIDR block IP subnetwork specification. Must be IPv4. + A list of CIDR block IP subnetwork specification. Must be IPv4. importStatements: [] google_access_context_manager_access_level_condition: subCategory: Access Context Manager (VPC Service Controls) @@ -797,6 +797,7 @@ resources: dependencies: google_project.project: |- { + "deletion_policy": "DELETE", "name": "my-project-name", "org_id": "123456789", "project_id": "my-project-name" @@ -1282,9 +1283,11 @@ resources: egress_from.identities: |- - (Optional) - A list of identities that are allowed access through this EgressPolicy. - Should be in the format of email address. The email address should - represent individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. egress_from.identity_type: |- - (Optional) @@ -1337,9 +1340,11 @@ resources: ingress_from.identities: |- - (Optional) - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. ingress_from.identity_type: |- - (Optional) @@ -1650,7 +1655,7 @@ resources: "lifecycle": [ { "ignore_changes": [ - "${status[0].resources}" + "${spec[0].egress_policies}" ] } ], @@ -1676,9 +1681,11 @@ resources: egress_from.identities: |- - (Optional) - A list of identities that are allowed access through this EgressPolicy. - Should be in the format of email address. The email address should - represent individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. egress_from.identity_type: |- - (Optional) @@ -1811,7 +1818,7 @@ resources: "lifecycle": [ { "ignore_changes": [ - "${status[0].resources}" + "${spec[0].ingress_policies}" ] } ], @@ -1839,9 +1846,11 @@ resources: ingress_from.identities: |- - (Optional) - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. ingress_from.identity_type: |- - (Optional) @@ -2032,7 +2041,7 @@ resources: "lifecycle": [ { "ignore_changes": [ - "${status[0].resources}" + "${status[0].egress_policies}" ] } ], @@ -2058,9 +2067,11 @@ resources: egress_from.identities: |- - (Optional) - A list of identities that are allowed access through this EgressPolicy. - Should be in the format of email address. The email address should - represent individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. egress_from.identity_type: |- - (Optional) @@ -2193,7 +2204,7 @@ resources: "lifecycle": [ { "ignore_changes": [ - "${status[0].resources}" + "${status[0].ingress_policies}" ] } ], @@ -2221,9 +2232,11 @@ resources: ingress_from.identities: |- - (Optional) - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. ingress_from.identity_type: |- - (Optional) @@ -2783,6 +2796,7 @@ resources: - name: ad-domain manifest: |- { + "deletion_protection": false, "domain_name": "tfgen.org.com", "locations": [ "us-central1" @@ -2802,6 +2816,13 @@ resources: If CIDR subnets overlap between networks, domain creation will fail. create: '- Default is 60 minutes.' delete: '- Default is 60 minutes.' + deletion_protection: |- + - (Optional) Whether Terraform will be prevented from destroying the domain. Defaults to true. + When aterraform destroy or terraform apply would delete the domain, + the command will fail if this field is not set to false in Terraform state. + When the field is set to true or unset in Terraform state, a terraform apply + or terraform destroy that would delete the domain will fail. + When the field is set to false, deleting the domain is allowed. domain_name: |- - (Required) @@ -2852,6 +2873,7 @@ resources: - name: ad-domain-trust manifest: |- { + "deletion_protection": false, "domain": "test-managed-ad.com", "target_dns_ip_addresses": [ "10.1.0.100" @@ -2912,6 +2934,7 @@ resources: manifest: |- { "authorized_network": "${google_compute_network.peered-network.id}", + "deletion_protection": false, "domain_resource": "${google_active_directory_domain.ad-domain.name}", "labels": { "foo": "bar" @@ -2929,6 +2952,7 @@ resources: "authorized_networks": [ "${google_compute_network.source-network.id}" ], + "deletion_protection": false, "domain_name": "ad.test.hashicorptest.com", "locations": [ "us-central1" @@ -2950,6 +2974,7 @@ resources: google_project.peered-project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "my-peered-project", "org_id": "123456789", "project_id": "my-peered-project", @@ -3447,7 +3472,11 @@ resources: { "cluster_id": "alloydb-pitr-restored", "location": "us-central1", - "network": "${data.google_compute_network.default.id}", + "network_config": [ + { + "network": "${data.google_compute_network.default.id}" + } + ], "restore_continuous_backup_source": [ { "cluster": "${google_alloydb_cluster.source.name}", @@ -3456,7 +3485,7 @@ resources: ] } references: - network: data.google_compute_network.default.id + network_config.network: data.google_compute_network.default.id restore_continuous_backup_source.cluster: google_alloydb_cluster.source.name dependencies: google_alloydb_backup.source: |- @@ -3503,10 +3532,14 @@ resources: { "cluster_id": "alloydb-primary-cluster", "location": "us-central1", - "network": "${google_compute_network.default.id}" + "network_config": [ + { + "network": "${google_compute_network.default.id}" + } + ] } references: - network: google_compute_network.default.id + network_config.network: google_compute_network.default.id dependencies: google_alloydb_instance.primary: |- { @@ -3556,7 +3589,11 @@ resources: "${google_alloydb_instance.primary}" ], "location": "us-east1", - "network": "${google_compute_network.default.id}", + "network_config": [ + { + "network": "${google_compute_network.default.id}" + } + ], "secondary_config": [ { "primary_cluster_name": "${google_alloydb_cluster.primary.name}" @@ -3564,7 +3601,7 @@ resources: ] } references: - network: google_compute_network.default.id + network_config.network: google_compute_network.default.id secondary_config.primary_cluster_name: google_alloydb_cluster.primary.name dependencies: google_alloydb_instance.primary: |- @@ -3709,16 +3746,17 @@ resources: - (Output) Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request. - create: '- Default is 30 minutes.' + create: '- Default is 120 minutes.' database_version: |- - (Optional) The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. - delete: '- Default is 30 minutes.' + delete: '- Default is 120 minutes.' deletion_policy: |- - (Optional) Policy to determine if the cluster should be deleted forcefully. Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + Possible values: DEFAULT, FORCE display_name: |- - (Optional) @@ -3816,11 +3854,6 @@ resources: name: |- - The name of the cluster resource. - network: |- - - - (Optional, Deprecated) - The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - "projects/{projectNumber}/global/networks/{network_id}". network_config: |- - (Optional) @@ -3924,6 +3957,11 @@ resources: state: |- - Output only. The current serving state of the cluster. + subscription_type: |- + - + (Optional) + The subscrition type of cluster. + Possible values are: TRIAL, STANDARD. terraform_labels: |- - The combination of labels configured directly on the resource @@ -3933,10 +3971,30 @@ resources: (Optional) The retention period. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + trial_metadata: |- + - + Contains information and all metadata related to TRIAL clusters. + Structure is documented below. + trial_metadata.end_time: |- + - + (Optional) + End time of the trial cluster. + trial_metadata.grace_end_time: |- + - + (Optional) + Grace end time of the trial cluster. + trial_metadata.start_time: |- + - + (Optional) + Start time of the trial cluster. + trial_metadata.upgrade_time: |- + - + (Optional) + Upgrade time of the trial cluster to standard cluster. uid: |- - The system-generated UID of the resource. - update: '- Default is 30 minutes.' + update: '- Default is 120 minutes.' weekly_schedule.days_of_week: |- - (Optional) @@ -4029,7 +4087,11 @@ resources: { "cluster_id": "alloydb-primary-cluster", "location": "us-central1", - "network": "${google_compute_network.default.id}" + "network_config": [ + { + "network": "${google_compute_network.default.id}" + } + ] } google_alloydb_cluster.secondary: |- { @@ -4052,7 +4114,11 @@ resources: } ], "location": "us-east1", - "network": "${google_compute_network.default.id}", + "network_config": [ + { + "network": "${data.google_compute_network.default.id}" + } + ], "secondary_config": [ { "primary_cluster_name": "${google_alloydb_cluster.primary.name}" @@ -4102,7 +4168,11 @@ resources: { "cluster_id": "alloydb-primary-cluster", "location": "us-central1", - "network": "${google_compute_network.default.id}" + "network_config": [ + { + "network": "${google_compute_network.default.id}" + } + ] } google_alloydb_cluster.secondary: |- { @@ -4125,7 +4195,11 @@ resources: } ], "location": "us-east1", - "network": "${google_compute_network.default.id}", + "network_config": [ + { + "network": "${data.google_compute_network.default.id}" + } + ], "secondary_config": [ { "primary_cluster_name": "${google_alloydb_cluster.primary.name}" @@ -4264,6 +4338,10 @@ resources: field is only allowed to be set when enable_public_ip is set to true. Structure is documented below. + network_config.enable_outbound_public_ip: |- + - + (Optional) + Enabling outbound public ip for the instance. network_config.enable_public_ip: |- - (Optional) @@ -4307,6 +4385,11 @@ resources: - (Optional) Record wait events during query execution for an instance. + outbound_public_ip_addresses: |- + - + The outbound public IP addresses for the instance. This is available ONLY when + networkConfig.enableOutboundPublicIp is set to true. These IP addresses are used + for outbound connections. psc_instance_config: |- - (Optional) @@ -4418,7 +4501,11 @@ resources: } ], "location": "us-central1", - "network": "${google_compute_network.default.id}" + "network_config": [ + { + "network": "${data.google_compute_network.default.id}" + } + ] } google_alloydb_instance.default: |- { @@ -4474,7 +4561,11 @@ resources: } ], "location": "us-central1", - "network": "${google_compute_network.default.id}" + "network_config": [ + { + "network": "${google_compute_network.default.id}" + } + ] } google_alloydb_instance.default: |- { @@ -5171,23 +5262,147 @@ resources: Name of the Apigee organization. update: '- Default is 20 minutes.' importStatements: [] - google_apigee_endpoint_attachment: + google_apigee_api: subCategory: Apigee - description: Apigee Endpoint Attachment. - name: google_apigee_endpoint_attachment + description: An Apigee API proxy is essentially a layer that sits in front of your backend APIs. It acts as an intermediary between your API consumers (like mobile apps or websites) and your backend services. + name: google_apigee_api + title: google_apigee_api + argumentDocs: + config_bundle: |- + - + (Required) + Path to the config zip bundle. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + detect_md5hash: |- + - + (Optional) Detect changes to local config bundle file or changes made outside of Terraform. MD5 hash of the data, encoded using base64. Hash is automatically computed without need for user input. + id: '- an identifier for the resource with format organizations/{{org_id}}/apis/{{name}}' + latest_revision_id: |- + - + The id of the most recently created revision for this API proxy. + md5hash: |- + - + (Computed) Base 64 MD5 hash of the uploaded data. It is speculative as remote does not return hash of the bundle. Remote changes are detected using returned last_modified timestamp. + meta_data: |- + - + Metadata describing the API proxy. + Structure is documented below. + meta_data.created_at: |- + - + (Optional) + Time at which the API proxy was created, in milliseconds since epoch. + meta_data.last_modified_at: |- + - + (Optional) + Time at which the API proxy was most recently modified, in milliseconds since epoch. + meta_data.sub_type: |- + - + (Optional) + The type of entity described + name: |- + - + (Required) + The ID of the API proxy. + org_id: |- + - + (Required) + The Apigee Organization name associated with the Apigee instance. + revision: |- + - + A list of revisions of this API proxy. + importStatements: [] + google_apigee_app_group: + subCategory: Apigee + description: An + name: google_apigee_app_group title: "" examples: - - name: apigee_endpoint_attachment + - name: apigee_app_group manifest: |- { - "endpoint_attachment_id": "test1", - "location": "{google_compute_service_attachment location}", + "channel_id": "storefront", + "channel_uri": "https://my-dev-portal.org/groups/my-group", + "depends_on": [ + "${google_apigee_instance.apigee_instance}" + ], + "display_name": "Test app group", + "name": "my-app-group", "org_id": "${google_apigee_organization.apigee_org.id}", - "service_attachment": "{google_compute_service_attachment id}" + "status": "active" } references: org_id: google_apigee_organization.apigee_org.id dependencies: + google_apigee_instance.apigee_instance: |- + { + "location": "us-central1", + "name": "instance", + "org_id": "${google_apigee_organization.apigee_org.id}", + "peering_cidr_range": "SLASH_22" + } + google_apigee_organization.apigee_org: |- + { + "analytics_region": "us-central1", + "authorized_network": "${google_compute_network.apigee_network.id}", + "depends_on": [ + "${google_service_networking_connection.apigee_vpc_connection}" + ], + "project_id": "${data.google_client_config.current.project}" + } + google_compute_global_address.apigee_range: |- + { + "address_type": "INTERNAL", + "name": "apigee-range", + "network": "${google_compute_network.apigee_network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.apigee_network: |- + { + "name": "apigee-network" + } + google_service_networking_connection.apigee_vpc_connection: |- + { + "network": "${google_compute_network.apigee_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.apigee_range.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: apigee_app_group + manifest: |- + { + "attributes": [ + { + "name": "business_unit", + "value": "HR" + }, + { + "name": "department", + "value": "payroll" + } + ], + "channel_id": "storefront", + "channel_uri": "https://my-dev-portal.org/groups/my-group", + "depends_on": [ + "${google_apigee_instance.apigee_instance}" + ], + "display_name": "Test app group", + "name": "my-app-group", + "org_id": "${google_apigee_organization.apigee_org.id}", + "status": "active" + } + references: + org_id: google_apigee_organization.apigee_org.id + dependencies: + google_apigee_instance.apigee_instance: |- + { + "location": "us-central1", + "name": "instance", + "org_id": "${google_apigee_organization.apigee_org.id}", + "peering_cidr_range": "SLASH_22" + } google_apigee_organization.apigee_org: |- { "analytics_region": "us-central1", @@ -5218,51 +5433,324 @@ resources: "service": "servicenetworking.googleapis.com" } argumentDocs: - connection_state: |- + app_group_id: |- - - State of the endpoint attachment connection to the service attachment. - create: '- Default is 30 minutes.' - delete: '- Default is 30 minutes.' - endpoint_attachment_id: |- + Internal identifier that cannot be edited + attributes: |- - - (Required) - ID of the endpoint attachment. - host: |- + (Optional) + A list of attributes + Structure is documented below. + attributes.name: |- - - Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server. - id: '- an identifier for the resource with format {{org_id}}/endpointAttachments/{{endpoint_attachment_id}}' - location: |- + (Optional) + Key of the attribute + attributes.value: |- - - (Required) - Location of the endpoint attachment. + (Optional) + Value of the attribute + channel_id: |- + - + (Optional) + Channel identifier identifies the owner maintaining this grouping. + channel_uri: |- + - + (Optional) + A reference to the associated storefront/marketplace. + create: '- Default is 20 minutes.' + created_at: |- + - + Created time as milliseconds since epoch. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + App group name displayed in the UI + id: '- an identifier for the resource with format {{org_id}}/appgroups/{{name}}' + last_modified_at: |- + - + Modified time as milliseconds since epoch. name: |- - - Name of the Endpoint Attachment in the following format: - organizations/{organization}/endpointAttachments/{endpointAttachment}. + (Required) + Name of the AppGroup. Characters you can use in the name are restricted to: A-Z0-9._-$ %. org_id: |- - (Required) - The Apigee Organization associated with the Apigee instance, + The Apigee Organization associated with the Apigee app group, in the format organizations/{{org_name}}. - service_attachment: |- + organization: |- - - (Required) - Format: projects//regions//serviceAttachments/* + App group name displayed in the UI + status: |- + - + (Optional) + Valid values are active or inactive. Note that the status of the AppGroup should be updated via UpdateAppGroupRequest by setting the action as active or inactive. + Possible values are: active, inactive. + update: '- Default is 20 minutes.' importStatements: [] - google_apigee_envgroup: + google_apigee_developer: subCategory: Apigee - description: An - name: google_apigee_envgroup + description: A + name: google_apigee_developer title: "" examples: - - name: env_grp + - name: apigee_developer manifest: |- { - "hostnames": [ - "abc.foo.com" + "depends_on": [ + "${google_apigee_instance.apigee_instance}" ], - "name": "my-envgroup", - "org_id": "${google_apigee_organization.apigee_org.id}" + "email": "john.doe@acme.com", + "first_name": "John", + "last_name": "Doe", + "org_id": "${google_apigee_organization.apigee_org.id}", + "user_name": "john.doe" + } + references: + org_id: google_apigee_organization.apigee_org.id + dependencies: + google_apigee_instance.apigee_instance: |- + { + "location": "us-central1", + "name": "my-instance", + "org_id": "${google_apigee_organization.apigee_org.id}", + "peering_cidr_range": "SLASH_22" + } + google_apigee_organization.apigee_org: |- + { + "analytics_region": "us-central1", + "authorized_network": "${google_compute_network.apigee_network.id}", + "depends_on": [ + "${google_service_networking_connection.apigee_vpc_connection}" + ], + "project_id": "${data.google_client_config.current.project}" + } + google_compute_global_address.apigee_range: |- + { + "address_type": "INTERNAL", + "name": "apigee-range", + "network": "${google_compute_network.apigee_network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.apigee_network: |- + { + "name": "apigee-network" + } + google_service_networking_connection.apigee_vpc_connection: |- + { + "network": "${google_compute_network.apigee_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.apigee_range.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: apigee_developer + manifest: |- + { + "attributes": [ + { + "name": "business_unit", + "value": "HR" + }, + { + "name": "department", + "value": "payroll" + } + ], + "depends_on": [ + "${google_apigee_instance.apigee_instance}" + ], + "email": "john.doe@acme.com", + "first_name": "John", + "last_name": "Doe", + "org_id": "${google_apigee_organization.apigee_org.id}", + "user_name": "john.doe" + } + references: + org_id: google_apigee_organization.apigee_org.id + dependencies: + google_apigee_instance.apigee_instance: |- + { + "location": "us-central1", + "name": "my-instance", + "org_id": "${google_apigee_organization.apigee_org.id}", + "peering_cidr_range": "SLASH_22" + } + google_apigee_organization.apigee_org: |- + { + "analytics_region": "us-central1", + "authorized_network": "${google_compute_network.apigee_network.id}", + "depends_on": [ + "${google_service_networking_connection.apigee_vpc_connection}" + ], + "project_id": "${data.google_client_config.current.project}" + } + google_compute_global_address.apigee_range: |- + { + "address_type": "INTERNAL", + "name": "apigee-range", + "network": "${google_compute_network.apigee_network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.apigee_network: |- + { + "name": "apigee-network" + } + google_service_networking_connection.apigee_vpc_connection: |- + { + "network": "${google_compute_network.apigee_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.apigee_range.name}" + ], + "service": "servicenetworking.googleapis.com" + } + argumentDocs: + attributes: |- + - + (Optional) + Developer attributes (name/value pairs). The custom attribute limit is 18. + Structure is documented below. + attributes.name: |- + - + (Optional) + Key of the attribute + attributes.value: |- + - + (Optional) + Value of the attribute + create: '- Default is 20 minutes.' + created_at: |- + - + Time at which the developer was created in milliseconds since epoch. + delete: '- Default is 20 minutes.' + email: |- + - + (Required) + Email address of the developer. This value is used to uniquely identify the developer in Apigee hybrid. Note that the email address has to be in lowercase only.. + first_name: |- + - + (Required) + First name of the developer. + id: '- an identifier for the resource with format {{org_id}}/developers/{{email}}' + last_modified_at: |- + - + Time at which the developer was last modified in milliseconds since epoch. + last_name: |- + - + (Required) + Last name of the developer. + org_id: |- + - + (Required) + The Apigee Organization associated with the Apigee instance, + in the format organizations/{{org_name}}. + organizatio_name: |- + - + Name of the Apigee organization in which the developer resides. + status: |- + - + Status of the developer. Valid values are active and inactive. + update: '- Default is 20 minutes.' + user_name: |- + - + (Required) + User name of the developer. Not used by Apigee hybrid. + importStatements: [] + google_apigee_endpoint_attachment: + subCategory: Apigee + description: Apigee Endpoint Attachment. + name: google_apigee_endpoint_attachment + title: "" + examples: + - name: apigee_endpoint_attachment + manifest: |- + { + "endpoint_attachment_id": "test1", + "location": "{google_compute_service_attachment location}", + "org_id": "${google_apigee_organization.apigee_org.id}", + "service_attachment": "{google_compute_service_attachment id}" + } + references: + org_id: google_apigee_organization.apigee_org.id + dependencies: + google_apigee_organization.apigee_org: |- + { + "analytics_region": "us-central1", + "authorized_network": "${google_compute_network.apigee_network.id}", + "depends_on": [ + "${google_service_networking_connection.apigee_vpc_connection}" + ], + "project_id": "${data.google_client_config.current.project}" + } + google_compute_global_address.apigee_range: |- + { + "address_type": "INTERNAL", + "name": "apigee-range", + "network": "${google_compute_network.apigee_network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.apigee_network: |- + { + "name": "apigee-network" + } + google_service_networking_connection.apigee_vpc_connection: |- + { + "network": "${google_compute_network.apigee_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.apigee_range.name}" + ], + "service": "servicenetworking.googleapis.com" + } + argumentDocs: + connection_state: |- + - + State of the endpoint attachment connection to the service attachment. + create: '- Default is 30 minutes.' + delete: '- Default is 30 minutes.' + endpoint_attachment_id: |- + - + (Required) + ID of the endpoint attachment. + host: |- + - + Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server. + id: '- an identifier for the resource with format {{org_id}}/endpointAttachments/{{endpoint_attachment_id}}' + location: |- + - + (Required) + Location of the endpoint attachment. + name: |- + - + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + org_id: |- + - + (Required) + The Apigee Organization associated with the Apigee instance, + in the format organizations/{{org_name}}. + service_attachment: |- + - + (Required) + Format: projects//regions//serviceAttachments/* + importStatements: [] + google_apigee_envgroup: + subCategory: Apigee + description: An + name: google_apigee_envgroup + title: "" + examples: + - name: env_grp + manifest: |- + { + "hostnames": [ + "abc.foo.com" + ], + "name": "my-envgroup", + "org_id": "${google_apigee_organization.apigee_org.id}" } references: org_id: google_apigee_organization.apigee_org.id @@ -5376,6 +5864,7 @@ resources: google_project.project: |- { "billing_account": "", + "deletion_policy": "DELETE", "name": "my-project", "org_id": "", "project_id": "my-project" @@ -6020,6 +6509,7 @@ resources: Output only. Resource name of the service attachment created for the instance in the format: projects//regions//serviceAttachments/* Apigee customers can privately forward traffic to this service attachment using the PSC endpoints. + update: '- Default is 20 minutes.' importStatements: [] google_apigee_instance_attachment: subCategory: Apigee @@ -6080,6 +6570,7 @@ resources: google_project.project: |- { "billing_account": "", + "deletion_policy": "DELETE", "name": "my-project", "org_id": "", "project_id": "my-project" @@ -6200,6 +6691,7 @@ resources: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -6454,7 +6946,90 @@ resources: ], "service": "servicenetworking.googleapis.com" } + - name: apigee-nat + manifest: |- + { + "activate": "true", + "instance_id": "${google_apigee_instance.apigee_instance.id}", + "name": "my-nat-address" + } + references: + instance_id: google_apigee_instance.apigee_instance.id + dependencies: + google_apigee_instance.apigee_instance: |- + { + "description": "Terraform-managed Apigee Runtime Instance", + "disk_encryption_key_name": "${google_kms_crypto_key.apigee_key.id}", + "display_name": "apigee-instance", + "location": "us-central1", + "name": "apigee-instance", + "org_id": "${google_apigee_organization.apigee_org.id}" + } + google_apigee_organization.apigee_org: |- + { + "analytics_region": "us-central1", + "authorized_network": "${google_compute_network.apigee_network.id}", + "depends_on": [ + "${google_service_networking_connection.apigee_vpc_connection}", + "${google_kms_crypto_key_iam_member.apigee_sa_keyuser}" + ], + "description": "Terraform-provisioned Apigee Org.", + "display_name": "apigee-org", + "project_id": "${data.google_client_config.current.project}", + "runtime_database_encryption_key_name": "${google_kms_crypto_key.apigee_key.id}" + } + google_compute_global_address.apigee_range: |- + { + "address_type": "INTERNAL", + "name": "apigee-range", + "network": "${google_compute_network.apigee_network.id}", + "prefix_length": 21, + "purpose": "VPC_PEERING" + } + google_compute_network.apigee_network: |- + { + "name": "apigee-network" + } + google_kms_crypto_key.apigee_key: |- + { + "key_ring": "${google_kms_key_ring.apigee_keyring.id}", + "lifecycle": [ + { + "prevent_destroy": true + } + ], + "name": "apigee-key" + } + google_kms_crypto_key_iam_member.apigee_sa_keyuser: |- + { + "crypto_key_id": "${google_kms_crypto_key.apigee_key.id}", + "member": "${google_project_service_identity.apigee_sa.member}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_kms_key_ring.apigee_keyring: |- + { + "location": "us-central1", + "name": "apigee-keyring" + } + google_project_service_identity.apigee_sa: |- + { + "project": "${google_project.project.project_id}", + "provider": "${google-beta}", + "service": "${google_project_service.apigee.service}" + } + google_service_networking_connection.apigee_vpc_connection: |- + { + "network": "${google_compute_network.apigee_network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.apigee_range.name}" + ], + "service": "servicenetworking.googleapis.com" + } argumentDocs: + activate: |- + - + (Optional) + Flag that specifies whether the reserved NAT address should be activate. create: '- Default is 30 minutes.' delete: '- Default is 30 minutes.' id: '- an identifier for the resource with format {{instance_id}}/natAddresses/{{name}}' @@ -6473,6 +7048,7 @@ resources: state: |- - State of the NAT IP address. + update: '- Default is 30 minutes.' importStatements: [] google_apigee_organization: subCategory: Apigee @@ -6825,6 +7401,7 @@ resources: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -6922,6 +7499,7 @@ resources: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -7055,7 +7633,6 @@ resources: { "display_name": "sample-key", "name": "key", - "project": "${google_project.basic.name}", "restrictions": [ { "android_key_restrictions": [ @@ -7079,21 +7656,11 @@ resources: } ] } - references: - project: google_project.basic.name - dependencies: - google_project.basic: |- - { - "name": "app", - "org_id": "123456789", - "project_id": "app" - } - name: primary manifest: |- { "display_name": "sample-key", "name": "key", - "project": "${google_project.basic.name}", "restrictions": [ { "api_targets": [ @@ -7114,21 +7681,11 @@ resources: } ] } - references: - project: google_project.basic.name - dependencies: - google_project.basic: |- - { - "name": "app", - "org_id": "123456789", - "project_id": "app" - } - name: primary manifest: |- { "display_name": "sample-key", "name": "key", - "project": "${google_project.basic.name}", "restrictions": [ { "api_targets": [ @@ -7149,37 +7706,17 @@ resources: } ] } - references: - project: google_project.basic.name - dependencies: - google_project.basic: |- - { - "name": "app", - "org_id": "123456789", - "project_id": "app" - } - name: primary manifest: |- { "display_name": "sample-key", - "name": "key", - "project": "${google_project.basic.name}" + "name": "key" } - references: - project: google_project.basic.name - dependencies: - google_project.basic: |- - { - "name": "app", - "org_id": "123456789", - "project_id": "app" - } - name: primary manifest: |- { "display_name": "sample-key", "name": "key", - "project": "${google_project.basic.name}", "restrictions": [ { "api_targets": [ @@ -7200,15 +7737,6 @@ resources: } ] } - references: - project: google_project.basic.name - dependencies: - google_project.basic: |- - { - "name": "app", - "org_id": "123456789", - "project_id": "app" - } argumentDocs: allowed_applications.display_name: |- - @@ -7550,6 +8078,7 @@ resources: google_project.my_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "tf-test-project", "org_id": "123456789", "project_id": "ae-project" @@ -7669,6 +8198,7 @@ resources: google_project.my_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "appeng-flex", "org_id": "123456789", "project_id": "appeng-flex" @@ -8912,292 +9442,305 @@ resources: } ] } - - name: example2 + - name: example manifest: |- { "application_id": "example-application", - "attributes": [ - { - "business_owners": [ - { - "display_name": "Alice", - "email": "alice@google.com" - } - ], - "criticality": [ - { - "type": "MISSION_CRITICAL" - } - ], - "developer_owners": [ - { - "display_name": "Bob", - "email": "bob@google.com" - } - ], - "environment": [ - { - "type": "STAGING" - } - ], - "operator_owners": [ - { - "display_name": "Charlie", - "email": "charlie@google.com" - } - ] - } - ], - "description": "Application for testing", - "display_name": "Application Full", - "location": "us-east1", + "location": "global", "scope": [ { - "type": "REGIONAL" + "type": "GLOBAL" } ] } - argumentDocs: - application_id: |- - - - (Required) - Required. The Application identifier. - attributes.business_owners: |- - - - (Optional) - Optional. Business team that ensures user needs are met and value is delivered - Structure is documented below. - attributes.criticality: |- - - - (Optional) - Criticality of the Application, Service, or Workload - Structure is documented below. - attributes.developer_owners: |- - - - (Optional) - Optional. Developer team that owns development and coding. - Structure is documented below. - attributes.environment: |- - - - (Optional) - Environment of the Application, Service, or Workload - Structure is documented below. - attributes.operator_owners: |- - - - (Optional) - Optional. Operator team that ensures runtime and operations. - Structure is documented below. - business_owners.display_name: |- - - - (Optional) - Optional. Contact's name. - business_owners.email: |- - - - (Required) - Required. Email address of the contacts. - create: '- Default is 20 minutes.' - create_time: |- - - - Output only. Create time. - criticality.type: |- - - - (Required) - Criticality type. - Possible values are: MISSION_CRITICAL, HIGH, MEDIUM, LOW. - delete: '- Default is 20 minutes.' - developer_owners.display_name: |- - - - (Optional) - Optional. Contact's name. - developer_owners.email: |- - - - (Required) - Required. Email address of the contacts. - environment.type: |- - - - (Required) - Environment type. - Possible values are: PRODUCTION, STAGING, TEST, DEVELOPMENT. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/applications/{{application_id}}' - location: |- - - - (Required) - Part of parent. See documentation of projectsId. - name: |- - - - Identifier. The resource name of an Application. Format: - "projects/{host-project-id}/locations/{location}/applications/{application-id}" - operator_owners.display_name: |- - - - (Optional) - Optional. Contact's name. - operator_owners.email: |- - - - (Required) - Required. Email address of the contacts. - scope: |- - - - (Required) - Scope of an application. - Structure is documented below. - scope.attributes: |- - - - (Optional) - Consumer provided attributes. - Structure is documented below. - scope.description: |- - - - (Optional) - Optional. User-defined description of an Application. - scope.display_name: |- - - - (Optional) - Optional. User-defined name for the Application. - scope.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - scope.type: |- - - - (Required) - Required. Scope Type. - Possible values: - REGIONAL - Possible values are: REGIONAL. - state: |- - - - Output only. Application state. - Possible values: - STATE_UNSPECIFIED - CREATING - ACTIVE - DELETING - uid: |- - - - Output only. A universally unique identifier (in UUID4 format) for the Application. - update: '- Default is 20 minutes.' - update_time: |- - - - Output only. Update time. - importStatements: [] - google_apphub_service: - subCategory: App Hub - description: Service is a network/api interface that exposes some functionality to clients for consumption over the network. - name: google_apphub_service - title: "" - examples: - - name: example - manifest: |- - { - "application_id": "${google_apphub_application.application.application_id}", - "discovered_service": "${data.google_apphub_discovered_service.catalog-service.name}", - "location": "us-central1", - "service_id": "${google_compute_forwarding_rule.forwarding_rule.name}" - } - references: - application_id: google_apphub_application.application.application_id - discovered_service: data.google_apphub_discovered_service.catalog-service.name - service_id: google_compute_forwarding_rule.forwarding_rule.name - dependencies: - google_apphub_application.application: |- - { - "application_id": "example-application-1", - "location": "us-central1", - "scope": [ - { - "type": "REGIONAL" - } - ] - } - google_apphub_service_project_attachment.service_project_attachment: |- - { - "depends_on": [ - "${time_sleep.wait_120s}" - ], - "service_project_attachment_id": "${google_project.service_project.project_id}" - } - google_compute_forwarding_rule.forwarding_rule: |- - { - "all_ports": true, - "backend_service": "${google_compute_region_backend_service.backend.id}", - "ip_version": "IPV4", - "load_balancing_scheme": "INTERNAL", - "name": "l7-ilb-forwarding-rule", - "network": "${google_compute_network.ilb_network.id}", - "project": "${google_project.service_project.project_id}", - "region": "us-central1", - "subnetwork": "${google_compute_subnetwork.ilb_subnet.id}" - } - google_compute_health_check.default: |- - { - "check_interval_sec": 1, - "depends_on": [ - "${time_sleep.wait_120s}" - ], - "name": "l7-ilb-hc", - "project": "${google_project.service_project.project_id}", - "tcp_health_check": [ - { - "port": "80" - } - ], - "timeout_sec": 1 - } - google_compute_network.ilb_network: |- - { - "auto_create_subnetworks": false, - "depends_on": [ - "${time_sleep.wait_120s}" - ], - "name": "l7-ilb-network", - "project": "${google_project.service_project.project_id}" - } - google_compute_region_backend_service.backend: |- - { - "health_checks": [ - "${google_compute_health_check.default.id}" - ], - "name": "l7-ilb-backend-subnet", - "project": "${google_project.service_project.project_id}", - "region": "us-central1" - } - google_compute_subnetwork.ilb_subnet: |- - { - "ip_cidr_range": "10.0.1.0/24", - "name": "l7-ilb-subnet", - "network": "${google_compute_network.ilb_network.id}", - "project": "${google_project.service_project.project_id}", - "region": "us-central1" - } - google_project.service_project: |- - { - "billing_account": "000000-0000000-0000000-000000", - "name": "Service Project", - "org_id": "123456789", - "project_id": "project-1" - } - google_project_service.compute_service_project: |- - { - "project": "${google_project.service_project.project_id}", - "service": "compute.googleapis.com" - } - time_sleep.wait_120s: |- - { - "create_duration": "120s", - "depends_on": [ - "${google_project_service.compute_service_project}" - ] - } - time_sleep.wait_120s_for_resource_ingestion: |- - { - "create_duration": "120s", - "depends_on": [ - "${google_compute_forwarding_rule.forwarding_rule}" - ] - } - - name: example + - name: example2 manifest: |- { - "application_id": "${google_apphub_application.application.application_id}", + "application_id": "example-application", + "attributes": [ + { + "business_owners": [ + { + "display_name": "Alice", + "email": "alice@google.com" + } + ], + "criticality": [ + { + "type": "MISSION_CRITICAL" + } + ], + "developer_owners": [ + { + "display_name": "Bob", + "email": "bob@google.com" + } + ], + "environment": [ + { + "type": "STAGING" + } + ], + "operator_owners": [ + { + "display_name": "Charlie", + "email": "charlie@google.com" + } + ] + } + ], + "description": "Application for testing", + "display_name": "Application Full", + "location": "us-east1", + "scope": [ + { + "type": "REGIONAL" + } + ] + } + argumentDocs: + application_id: |- + - + (Required) + Required. The Application identifier. + attributes.business_owners: |- + - + (Optional) + Optional. Business team that ensures user needs are met and value is delivered + Structure is documented below. + attributes.criticality: |- + - + (Optional) + Criticality of the Application, Service, or Workload + Structure is documented below. + attributes.developer_owners: |- + - + (Optional) + Optional. Developer team that owns development and coding. + Structure is documented below. + attributes.environment: |- + - + (Optional) + Environment of the Application, Service, or Workload + Structure is documented below. + attributes.operator_owners: |- + - + (Optional) + Optional. Operator team that ensures runtime and operations. + Structure is documented below. + business_owners.display_name: |- + - + (Optional) + Optional. Contact's name. + business_owners.email: |- + - + (Required) + Required. Email address of the contacts. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Create time. + criticality.type: |- + - + (Required) + Criticality type. + Possible values are: MISSION_CRITICAL, HIGH, MEDIUM, LOW. + delete: '- Default is 20 minutes.' + developer_owners.display_name: |- + - + (Optional) + Optional. Contact's name. + developer_owners.email: |- + - + (Required) + Required. Email address of the contacts. + environment.type: |- + - + (Required) + Environment type. + Possible values are: PRODUCTION, STAGING, TEST, DEVELOPMENT. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/applications/{{application_id}}' + location: |- + - + (Required) + Part of parent. See documentation of projectsId. + name: |- + - + Identifier. The resource name of an Application. Format: + "projects/{host-project-id}/locations/{location}/applications/{application-id}" + operator_owners.display_name: |- + - + (Optional) + Optional. Contact's name. + operator_owners.email: |- + - + (Required) + Required. Email address of the contacts. + scope: |- + - + (Required) + Scope of an application. + Structure is documented below. + scope.attributes: |- + - + (Optional) + Consumer provided attributes. + Structure is documented below. + scope.description: |- + - + (Optional) + Optional. User-defined description of an Application. + scope.display_name: |- + - + (Optional) + Optional. User-defined name for the Application. + scope.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + scope.type: |- + - + (Required) + Required. Scope Type. + Possible values: + REGIONAL + GLOBAL + Possible values are: REGIONAL, GLOBAL. + state: |- + - + Output only. Application state. + Possible values: + STATE_UNSPECIFIED + CREATING + ACTIVE + DELETING + uid: |- + - + Output only. A universally unique identifier (in UUID4 format) for the Application. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. Update time. + importStatements: [] + google_apphub_service: + subCategory: App Hub + description: Service is a network/api interface that exposes some functionality to clients for consumption over the network. + name: google_apphub_service + title: "" + examples: + - name: example + manifest: |- + { + "application_id": "${google_apphub_application.application.application_id}", + "discovered_service": "${data.google_apphub_discovered_service.catalog-service.name}", + "location": "us-central1", + "service_id": "${google_compute_forwarding_rule.forwarding_rule.name}" + } + references: + application_id: google_apphub_application.application.application_id + discovered_service: data.google_apphub_discovered_service.catalog-service.name + service_id: google_compute_forwarding_rule.forwarding_rule.name + dependencies: + google_apphub_application.application: |- + { + "application_id": "example-application-1", + "location": "us-central1", + "scope": [ + { + "type": "REGIONAL" + } + ] + } + google_apphub_service_project_attachment.service_project_attachment: |- + { + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "service_project_attachment_id": "${google_project.service_project.project_id}" + } + google_compute_forwarding_rule.forwarding_rule: |- + { + "all_ports": true, + "backend_service": "${google_compute_region_backend_service.backend.id}", + "ip_version": "IPV4", + "load_balancing_scheme": "INTERNAL", + "name": "l7-ilb-forwarding-rule", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1", + "subnetwork": "${google_compute_subnetwork.ilb_subnet.id}" + } + google_compute_health_check.default: |- + { + "check_interval_sec": 1, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-hc", + "project": "${google_project.service_project.project_id}", + "tcp_health_check": [ + { + "port": "80" + } + ], + "timeout_sec": 1 + } + google_compute_network.ilb_network: |- + { + "auto_create_subnetworks": false, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-network", + "project": "${google_project.service_project.project_id}" + } + google_compute_region_backend_service.backend: |- + { + "health_checks": [ + "${google_compute_health_check.default.id}" + ], + "name": "l7-ilb-backend-subnet", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_compute_subnetwork.ilb_subnet: |- + { + "ip_cidr_range": "10.0.1.0/24", + "name": "l7-ilb-subnet", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_project.service_project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", + "name": "Service Project", + "org_id": "123456789", + "project_id": "project-1" + } + google_project_service.compute_service_project: |- + { + "project": "${google_project.service_project.project_id}", + "service": "compute.googleapis.com" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_project_service.compute_service_project}" + ] + } + time_sleep.wait_120s_for_resource_ingestion: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_compute_forwarding_rule.forwarding_rule}" + ] + } + - name: example + manifest: |- + { + "application_id": "${google_apphub_application.application.application_id}", "attributes": [ { "business_owners": [ @@ -9314,6 +9857,7 @@ resources: google_project.service_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "Service Project", "org_id": "123456789", "project_id": "project-1" @@ -9495,6 +10039,7 @@ resources: dependencies: google_project.service_project: |- { + "deletion_policy": "DELETE", "name": "Service Project", "org_id": "123456789", "project_id": "project-1" @@ -9521,6 +10066,7 @@ resources: dependencies: google_project.service_project_full: |- { + "deletion_policy": "DELETE", "name": "Service Project Full", "org_id": "123456789", "project_id": "project-1" @@ -9665,6 +10211,7 @@ resources: google_project.service_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "Service Project", "org_id": "123456789", "project_id": "project-1" @@ -9819,6 +10366,7 @@ resources: google_project.service_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "Service Project", "org_id": "123456789", "project_id": "project-1" @@ -9992,6 +10540,14 @@ resources: "location": "us-central1", "repository_id": "my-repository" } + - name: my-repo + manifest: |- + { + "description": "example docker repository", + "format": "DOCKER", + "location": "us", + "repository_id": "my-repository" + } - name: my-repo manifest: |- { @@ -10481,6 +11037,133 @@ resources: "secret": "${google_secret_manager_secret.example-remote-secret.id}", "secret_data": "remote-password" } + - name: upstream_repo + manifest: |- + { + "description": "example upstream repository", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "example-upstream-repo" + } + - name: my-repo + manifest: |- + { + "description": "example remote common repository with docker upstream", + "format": "DOCKER", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "common_repository": [ + { + "uri": "${google_artifact_registry_repository.upstream_repo.id}" + } + ], + "description": "pull-through cache of another Artifact Registry repository" + } + ], + "repository_id": "example-common-remote" + } + references: + remote_repository_config.common_repository.uri: google_artifact_registry_repository.upstream_repo.id + - name: upstream_repo + manifest: |- + { + "description": "example upstream repository", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "example-upstream-repo" + } + - name: my-repo + manifest: |- + { + "depends_on": [ + "${google_artifact_registry_repository.upstream_repo}" + ], + "description": "example remote common repository with docker upstream", + "format": "DOCKER", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "common_repository": [ + { + "uri": "https://us-central1-docker.pkg.dev/${data.google_project.project.project_id}/example-upstream-repo" + } + ], + "description": "pull-through cache of another Artifact Registry repository by URL" + } + ], + "repository_id": "example-common-remote" + } + - name: my-repo + manifest: |- + { + "description": "example remote custom docker repository with credentials", + "format": "DOCKER", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "common_repository": [ + { + "uri": "https://registry-1.docker.io" + } + ], + "description": "custom common docker remote with credentials", + "disable_upstream_validation": true, + "upstream_credentials": [ + { + "username_password_credentials": [ + { + "password_secret_version": "${google_secret_manager_secret_version.example-remote-secret_version.name}", + "username": "remote-username" + } + ] + } + ] + } + ], + "repository_id": "example-docker-custom-remote" + } + references: + remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-remote-secret_version.name + dependencies: + google_secret_manager_secret.example-remote-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "example-secret" + } + google_secret_manager_secret_iam_member.secret-access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.example-remote-secret.id}" + } + google_secret_manager_secret_version.example-remote-secret_version: |- + { + "secret": "${google_secret_manager_secret.example-remote-secret.id}", + "secret_data": "remote-password" + } + - name: my-repo + manifest: |- + { + "description": "example docker repository with vulnerability scanning config", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "my-repository", + "vulnerability_scanning_config": [ + { + "enablement_config": "INHERITED" + } + ] + } argumentDocs: apt_repository.public_repository: |- - @@ -10526,6 +11209,13 @@ resources: (Optional) If true, the cleanup pipeline is prevented from deleting versions in this repository. + common_repository.uri: |- + - + (Required) + One of: + a. Artifact Registry Repository resource, e.g. projects/UPSTREAM_PROJECT_ID/locations/REGION/repositories/UPSTREAM_REPOSITORY + b. URI to the registry, e.g. "https://registry-1.docker.io" + c. URI to Artifact Registry Repository, e.g. "https://REGION-docker.pkg.dev/UPSTREAM_PROJECT_ID/UPSTREAM_REPOSITORY" condition.newer_than: |- - (Optional) @@ -10577,7 +11267,7 @@ resources: docker_repository.custom_repository: |- - (Optional) - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. docker_repository.public_repository: |- - @@ -10612,7 +11302,12 @@ resources: location: |- - (Optional) - The name of the location this repository is located in. + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are asia, europe, and us. + See here, + or use the + google_artifact_registry_locations + data source for possible values. maven_config: |- - (Optional) @@ -10634,7 +11329,7 @@ resources: maven_repository.custom_repository: |- - (Optional) - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. maven_repository.public_repository: |- - @@ -10663,7 +11358,7 @@ resources: npm_repository.custom_repository: |- - (Optional) - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. npm_repository.public_repository: |- - @@ -10677,7 +11372,7 @@ resources: python_repository.custom_repository: |- - (Optional) - Settings for a remote repository with a custom uri. + [Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri. Structure is documented below. python_repository.public_repository: |- - @@ -10695,6 +11390,11 @@ resources: (Optional) Specific settings for an Apt remote repository. Structure is documented below. + remote_repository_config.common_repository: |- + - + (Optional) + Specific settings for an Artifact Registory remote repository. + Structure is documented below. remote_repository_config.description: |- - (Optional) @@ -10786,6 +11486,24 @@ resources: (Optional) A reference to the repository resource, for example: "projects/p1/locations/us-central1/repository/repo1". + vulnerability_scanning_config: |- + - + (Optional) + Configuration for vulnerability scanning of artifacts stored in this repository. + Structure is documented below. + vulnerability_scanning_config.enablement_config: |- + - + (Optional) + This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. + Possible values are: INHERITED, DISABLED. + vulnerability_scanning_config.enablement_state: |- + - + (Output) + This field returns whether scanning is active for this repository. + vulnerability_scanning_config.enablement_state_reason: |- + - + (Output) + This provides an explanation for the state of scanning on this repository. yum_repository.public_repository: |- - (Optional) @@ -10826,8 +11544,12 @@ resources: google_artifact_registry_repository_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.' google_artifact_registry_repository_iam_policy: ': Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.' location: |- - - (Optional) The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + - (Optional) The name of the repository's location. In addition to specific regions, + special values for multi-region locations are asia, europe, and us. + See here, + or use the + google_artifact_registry_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. member/members: |- @@ -10908,7 +11630,7 @@ resources: "provisioned_resources_parent": "folders/519620126891", "resource_settings": [ { - "display_name": "folder-display-name", + "display_name": "{{name}}", "resource_type": "CONSUMER_FOLDER" }, { @@ -10919,7 +11641,12 @@ resources: "resource_type": "KEYRING" } ], - "violation_notifications_enabled": true + "violation_notifications_enabled": true, + "workload_options": [ + { + "kaj_enrollment_type": "KEY_ACCESS_TRANSPARENCY_OFF" + } + ] } - name: primary manifest: |- @@ -10955,6 +11682,43 @@ resources: } references: provider: google-beta + - name: primary + manifest: |- + { + "billing_account": "billingAccounts/000000-0000000-0000000-000000", + "compliance_regime": "ASSURED_WORKLOADS_FOR_PARTNERS", + "display_name": "display", + "labels": { + "label-one": "value-one" + }, + "location": "europe-west8", + "organization": "123456789", + "partner": "SOVEREIGN_CONTROLS_BY_PSN", + "partner_permissions": [ + { + "assured_workloads_monitoring": true, + "data_logs_viewer": true, + "service_access_approver": true + } + ], + "partner_services_billing_account": "billingAccounts/01BF3F-2C6DE5-30C607", + "provider": "${google-beta}", + "resource_settings": [ + { + "resource_type": "CONSUMER_FOLDER" + }, + { + "resource_type": "ENCRYPTION_KEYS_PROJECT" + }, + { + "resource_id": "ring", + "resource_type": "KEYRING" + } + ], + "violation_notifications_enabled": true + } + references: + provider: google-beta argumentDocs: billing_account: |- - @@ -10963,7 +11727,7 @@ resources: compliance_regime: |- - (Required) - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT + Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075 compliance_status: |- - Output only. Count of active Violations in the Workload. @@ -11023,7 +11787,7 @@ resources: partner: |- - (Optional) - Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN + Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM partner_permissions: |- - (Optional) @@ -11040,6 +11804,10 @@ resources: - (Optional) Optional. Allow partner to view access approval logs. + partner_services_billing_account: |- + - + (Optional) + Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC. provisioned_resources_parent: |- - (Optional) @@ -11074,9 +11842,492 @@ resources: - (Optional) Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. + workload_options: |- + - + (Optional) + Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads. + workload_options.kaj_enrollment_type: |- + - + (Optional) + Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF + importStatements: [] + google_backup_dr_backup_plan: + subCategory: Backup and DR Service + description: A backup plan defines when and how to back up a resource, including the backup's schedule, retention, and location. + name: google_backup_dr_backup_plan + title: "" + examples: + - name: my-backup-plan-1 + manifest: |- + { + "backup_plan_id": "backup-plan-simple-test", + "backup_rules": [ + { + "backup_retention_days": 5, + "rule_id": "rule-1", + "standard_schedule": [ + { + "backup_window": [ + { + "end_hour_of_day": 24, + "start_hour_of_day": 0 + } + ], + "hourly_frequency": 6, + "recurrence_type": "HOURLY", + "time_zone": "UTC" + } + ] + } + ], + "backup_vault": "${google_backup_dr_backup_vault.my_backup_vault.id}", + "location": "us-central1", + "provider": "${google-beta}", + "resource_type": "compute.googleapis.com/Instance" + } + references: + backup_vault: google_backup_dr_backup_vault.my_backup_vault.id + provider: google-beta + dependencies: + google_backup_dr_backup_vault.my_backup_vault: |- + { + "backup_minimum_enforced_retention_duration": "100000s", + "backup_vault_id": "backup-vault-simple-test", + "location": "us-central1", + "provider": "${google-beta}" + } + argumentDocs: + backup_plan_id: |- + - + (Required) + The ID of the backup plan + backup_rules: |- + - + (Required) + The backup rules for this BackupPlan. There must be at least one BackupRule message. + Structure is documented below. + backup_rules.backup_retention_days: |- + - + (Required) + Configures the duration for which backup data will be kept. The value should be greater than or equal to minimum enforced retention of the backup vault. + backup_rules.rule_id: |- + - + (Required) + The unique ID of this BackupRule. The rule_id is unique per BackupPlan. + backup_rules.standard_schedule: |- + - + (Required) + StandardSchedule defines a schedule that runs within the confines of a defined window of days. + Structure is documented below. + backup_vault: |- + - + (Required) + Backup vault where the backups gets stored using this Backup plan. + backup_vault_service_account: |- + - + The Google Cloud Platform Service Account to be used by the BackupVault for taking backups. + backup_window.description: |- + - + (Optional) + The description allows for additional details about BackupPlan and its use cases to be provided. + backup_window.end_hour_of_day: |- + - + (Optional) + The hour of the day (1-24) when the window ends, for example, if the value of end hour of the day is 10, that means the backup window end time is 10:00. + The end hour of the day should be greater than the start + backup_window.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + backup_window.start_hour_of_day: |- + - + (Required) + The hour of the day (0-23) when the window starts, for example, if the value of the start hour of the day is 6, that means the backup window starts at 6:00. + create: '- Default is 60 minutes.' + create_time: |- + - + When the BackupPlan was created. + delete: '- Default is 60 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan_id}}' + location: |- + - + (Required) + The location for the backup plan + name: |- + - + The name of backup plan resource created + resource_type: |- + - + (Required) + The resource type to which the BackupPlan will be applied. Examples include, "compute.googleapis.com/Instance" and "storage.googleapis.com/Bucket". + standard_schedule.backup_window: |- + - + (Optional) + A BackupWindow defines the window of the day during which backup jobs will run. Jobs are queued at the beginning of the window and will be marked as + NOT_RUN if they do not start by the end of the window. + Structure is documented below. + standard_schedule.days_of_month: |- + - + (Optional) + Specifies days of months like 1, 5, or 14 on which jobs will run. + standard_schedule.days_of_week: |- + - + (Optional) + Specifies days of week like MONDAY or TUESDAY, on which jobs will run. This is required for recurrence_type, WEEKLY and is not applicable otherwise. + Each value may be one of: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY. + standard_schedule.hourly_frequency: |- + - + (Optional) + Specifies frequency for hourly backups. An hourly frequency of 2 means jobs will run every 2 hours from start time till end time defined. + This is required for recurrence_type, HOURLY and is not applicable otherwise. + standard_schedule.months: |- + - + (Optional) + Specifies values of months + Each value may be one of: MONTH_UNSPECIFIED, JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER. + standard_schedule.recurrence_type: |- + - + (Required) + RecurrenceType enumerates the applicable periodicity for the schedule. + Possible values are: HOURLY, DAILY, WEEKLY, MONTHLY, YEARLY. + standard_schedule.time_zone: |- + - + (Required) + The time zone to be used when interpreting the schedule. + standard_schedule.week_day_of_month: |- + - + (Optional) + Specifies a week day of the month like FIRST SUNDAY or LAST MONDAY, on which jobs will run. + Structure is documented below. + update_time: |- + - + When the BackupPlan was last updated. + week_day_of_month.day_of_week: |- + - + (Required) + Specifies the day of the week. + Possible values are: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + week_day_of_month.week_of_month: |- + - + (Required) + WeekOfMonth enumerates possible weeks in the month, e.g. the first, third, or last week of the month. + Possible values are: WEEK_OF_MONTH_UNSPECIFIED, FIRST, SECOND, THIRD, FOURTH, LAST. + importStatements: [] + google_backup_dr_backup_plan_association: + subCategory: Backup and DR Service + description: A Backup and DR BackupPlanAssociation. + name: google_backup_dr_backup_plan_association + title: "" + examples: + - name: my-backup-plan-association + manifest: |- + { + "backup_plan": "${google_backup_dr_backup_plan.bp1.name}", + "backup_plan_association_id": "my-bpa", + "location": "us-central1", + "provider": "${google-beta}", + "resource": "${google_compute_instance.myinstance.id}", + "resource_type": "compute.googleapis.com/Instance" + } + references: + backup_plan: google_backup_dr_backup_plan.bp1.name + provider: google-beta + resource: google_compute_instance.myinstance.id + dependencies: + google_backup_dr_backup_plan.bp1: |- + { + "backup_plan_id": "bp-bpa-test", + "backup_rules": [ + { + "backup_retention_days": 2, + "rule_id": "rule-1", + "standard_schedule": [ + { + "backup_window": [ + { + "end_hour_of_day": 18, + "start_hour_of_day": 12 + } + ], + "hourly_frequency": 6, + "recurrence_type": "HOURLY", + "time_zone": "UTC" + } + ] + } + ], + "backup_vault": "${google_backup_dr_backup_vault.bv1.id}", + "location": "us-central1", + "provider": "${google-beta}", + "resource_type": "compute.googleapis.com/Instance" + } + google_backup_dr_backup_vault.bv1: |- + { + "backup_minimum_enforced_retention_duration": "100000s", + "backup_vault_id": "bv-bpa", + "force_delete": "true", + "location": "us-central1", + "provider": "${google-beta}" + } + google_compute_instance.myinstance: |- + { + "boot_disk": [ + { + "initialize_params": [ + { + "image": "debian-cloud/debian-11", + "labels": { + "my_label": "value" + } + } + ] + } + ], + "machine_type": "n2-standard-2", + "name": "test-instance", + "network_interface": [ + { + "access_config": [ + {} + ], + "network": "default" + } + ], + "provider": "${google-beta}", + "scratch_disk": [ + { + "interface": "NVME" + } + ], + "service_account": [ + { + "email": "${google_service_account.mySA.email}", + "scopes": [ + "cloud-platform" + ] + } + ], + "zone": "us-central1-a" + } + google_service_account.mySA: |- + { + "account_id": "my-custom", + "display_name": "Custom SA for VM Instance", + "provider": "${google-beta}" + } + argumentDocs: + backup_plan: |- + - + (Required) + The BP with which resource needs to be created + backup_plan_association_id: |- + - + (Required) + The id of backupplan association + create: '- Default is 60 minutes.' + create_time: |- + - + The time when the instance was created + data_source: |- + - + Resource name of data source which will be used as storage location for backups taken + delete: '- Default is 60 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPlanAssociations/{{backup_plan_association_id}}' + last_backup_error.code: |- + - + (Output) + The status code, which should be an enum value of [google.rpc.Code] + last_backup_error.message: |- + - + (Output) + A developer-facing error message, which should be in English. + last_successful_backup_consistency_time: |- + - + The point in time when the last successful backup was captured from the source + location: |- + - + (Required) + The location for the backupplan association + name: |- + - + The name of backup plan association resource created + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + resource: |- + - + (Required) + The resource for which BPA needs to be created + resource_type: |- + - + (Required) + The resource type of workload on which backupplan is applied + rules_config_info: |- + - + Message for rules config info + Structure is documented below. + rules_config_info.last_backup_error: |- + - + (Output) + google.rpc.Status object to store the last backup error + Structure is documented below. + rules_config_info.last_backup_state: |- + - + (Output) + State of last backup taken. + rules_config_info.rule_id: |- + - + (Output) + Backup Rule id fetched from backup plan. + update_time: |- + - + The time when the instance was updated. + importStatements: [] + google_backup_dr_backup_vault: + subCategory: Backup and DR Service + description: Container to store and organize immutable and indelible backups. + name: google_backup_dr_backup_vault + title: "" + examples: + - name: backup-vault-test + manifest: |- + { + "access_restriction": "WITHIN_ORGANIZATION", + "allow_missing": "true", + "annotations": { + "annotations1": "bar1", + "annotations2": "baz1" + }, + "backup_minimum_enforced_retention_duration": "100000s", + "backup_vault_id": "backup-vault-test", + "description": "This is a second backup vault built by Terraform.", + "force_update": "true", + "ignore_backup_plan_references": "true", + "ignore_inactive_datasources": "true", + "labels": { + "bar": "baz1", + "foo": "bar1" + }, + "location": "us-central1" + } + argumentDocs: + access_restriction: |- + - + (Optional) + Access restriction for the backup vault. Default value is WITHIN_ORGANIZATION if not provided during creation. + Default value is WITHIN_ORGANIZATION. + Possible values are: ACCESS_RESTRICTION_UNSPECIFIED, WITHIN_PROJECT, WITHIN_ORGANIZATION, UNRESTRICTED, WITHIN_ORG_BUT_UNRESTRICTED_FOR_BA. + allow_missing: |- + - + (Optional) + Allow idempotent deletion of backup vault. The request will still succeed in case the backup vault does not exist. + annotations: |- + - + (Optional) + Optional. User annotations. See https://google.aip.dev/128#annotations + Stores small amounts of arbitrary data. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + backup_count: |- + - + Output only. The number of backups in this backup vault. + backup_minimum_enforced_retention_duration: |- + - + (Required) + Required. The default and minimum enforced retention for each backup within the backup vault. The enforced retention for each backup can be extended. + backup_vault_id: |- + - + (Required) + Required. ID of the requesting object. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time when the instance was created. + deletable: |- + - + Output only. Set to true when there are no backups nested under this resource. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Optional. The description of the BackupVault instance (2048 characters or less). + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + effective_time: |- + - + (Optional) + Optional. Time after which the BackupVault resource is locked. + etag: |- + - + Optional. Server specified ETag for the backup vault resource to prevent simultaneous updates from overwiting each other. + force_delete: |- + - + (Optional, Deprecated) + If set, the following restrictions against deletion of the backup vault instance can be overridden: + force_update: |- + - + (Optional) + If set, allow update to extend the minimum enforced retention for backup vault. This overrides + the restriction against conflicting retention periods. This conflict may occur when the + expiration schedule defined by the associated backup plan is shorter than the minimum + retention set by the backup vault. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupVaults/{{backup_vault_id}}' + ignore_backup_plan_references: |- + - + (Optional) + If set, the following restrictions against deletion of the backup vault instance can be overridden: + ignore_inactive_datasources: |- + - + (Optional) + If set, the following restrictions against deletion of the backup vault instance can be overridden: + labels: |- + - + (Optional) + Optional. Resource labels to represent user provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The GCP location for the backup vault. + name: |- + - + Output only. Identifier. The resource name. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + service_account: |- + - + Output only. Service account used by the BackupVault Service for this BackupVault. The user should grant this account permissions in their workload project to enable the service to run backups and restores there. + state: |- + - + Output only. The BackupVault resource instance state. + Possible values: + STATE_UNSPECIFIED + CREATING + ACTIVE + DELETING + ERROR + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + total_stored_bytes: |- + - + Output only. Total size of the storage used by all backup resources. + uid: |- + - + Output only. Output only Immutable after resource creation until resource deletion. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time when the instance was updated. importStatements: [] google_backup_dr_management_server: - subCategory: Backup and DR + subCategory: Backup and DR Service description: A Backup and DR Management Server (Also referred as Management Console) name: google_backup_dr_management_server title: "" @@ -11089,17 +12340,10 @@ resources: ], "location": "us-central1", "name": "ms-console", - "networks": [ - { - "network": "${google_compute_network.default.id}", - "peering_mode": "PRIVATE_SERVICE_ACCESS" - } - ], "provider": "${google-beta}", "type": "BACKUP_RESTORE" } references: - networks.network: google_compute_network.default.id provider: google-beta dependencies: google_compute_global_address.private_ip_address: |- @@ -11151,7 +12395,7 @@ resources: The name of management server (management console) networks: |- - - (Required) + (Optional) Network details to create management server (management console). Structure is documented below. networks.network: |- @@ -11164,18 +12408,18 @@ resources: Type of Network peeringMode Default value is PRIVATE_SERVICE_ACCESS. Possible values are: PRIVATE_SERVICE_ACCESS. - networks.project: |- + oauth2_client_id: |- + - + The oauth2ClientId of management console. + project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - networks.type: |- + type: |- - (Optional) The type of management server (management console). Default value is BACKUP_RESTORE. Possible values are: BACKUP_RESTORE. - oauth2_client_id: |- - - - The oauth2ClientId of management console. importStatements: [] google_beyondcorp_app_connection: subCategory: BeyondCorp @@ -11544,6 +12788,87 @@ resources: - Server-defined URI for this resource. importStatements: [] + google_beyondcorp_security_gateway: + subCategory: BeyondCorp + description: Deployment of Security Gateway. + name: google_beyondcorp_security_gateway + title: "" + examples: + - name: example + manifest: |- + { + "display_name": "My Security Gateway resource", + "hubs": [ + { + "region": "us-central1" + } + ], + "location": "global", + "security_gateway_id": "default" + } + argumentDocs: + /a-z-/: . + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Timestamp when the resource was created. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + Optional. An arbitrary user-provided name for the SecurityGateway. + Cannot exceed 64 characters. + external_ips: |- + - + Output only. IP addresses that will be used for establishing + connection to the endpoints. + hubs: |- + - + (Optional) + Optional. Map of Hubs that represents regional data path deployment with GCP region + as a key. + Structure is documented below. + hubs.internet_gateway: |- + - + (Optional) + Internet Gateway configuration. + Structure is documented below. + hubs.region: '- (Required) The identifier for this object. Format specified above.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/securityGateways/{{security_gateway_id}}' + internet_gateway.assigned_ips: |- + - + (Output) + Output only. List of IP addresses assigned to the Cloud NAT. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. + name: |- + - + Identifier. Name of the resource. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + security_gateway_id: |- + - + (Required) + Optional. User-settable SecurityGateway resource ID. + state: |- + - + Output only. The operational state of the SecurityGateway. + Possible values: + STATE_UNSPECIFIED + CREATING + UPDATING + DELETING + RUNNING + DOWN + ERROR + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. Timestamp when the resource was last modified. + importStatements: [] google_biglake_catalog: subCategory: Biglake description: Catalogs are top-level containers for Databases and Tables. @@ -11865,6 +13190,21 @@ resources: "display_name": "my_data_exchange", "location": "US" } + - name: data_exchange + manifest: |- + { + "data_exchange_id": "dcr_data_exchange", + "description": "example dcr data exchange", + "display_name": "dcr_data_exchange", + "location": "US", + "sharing_environment_config": [ + { + "dcr_exchange_config": [ + {} + ] + } + ] + } argumentDocs: create: '- Default is 20 minutes.' data_exchange_id: |- @@ -11907,6 +13247,20 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + sharing_environment_config: |- + - + (Optional) + Configurable data sharing environment option for a data exchange. + This field is required for data clean room exchanges. + Structure is documented below. + sharing_environment_config.dcr_exchange_config: |- + - + (Optional) + Data Clean Room (DCR), used for privacy-safe and secured data sharing. + sharing_environment_config.default_exchange_config: |- + - + (Optional) + Default Analytics Hub data exchange, used for secured data sharing. update: '- Default is 20 minutes.' importStatements: [] google_bigquery_analytics_hub_data_exchange_iam_policy: @@ -12029,57 +13383,77 @@ resources: "friendly_name": "my_listing", "location": "US" } + - name: listing + manifest: |- + { + "bigquery_dataset": [ + { + "dataset": "${google_bigquery_dataset.listing.id}", + "selected_resources": [ + { + "table": "${google_bigquery_table.listing.id}" + } + ] + } + ], + "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id}", + "description": "example dcr data exchange", + "display_name": "dcr_listing", + "listing_id": "dcr_listing", + "location": "US", + "restricted_export_config": [ + { + "enabled": true + } + ] + } + references: + bigquery_dataset.dataset: google_bigquery_dataset.listing.id + bigquery_dataset.selected_resources.table: google_bigquery_table.listing.id + data_exchange_id: google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id + dependencies: + google_bigquery_analytics_hub_data_exchange.listing: |- + { + "data_exchange_id": "dcr_data_exchange", + "description": "example dcr data exchange", + "display_name": "dcr_data_exchange", + "location": "US", + "sharing_environment_config": [ + { + "dcr_exchange_config": [ + {} + ] + } + ] + } + google_bigquery_dataset.listing: |- + { + "dataset_id": "dcr_listing", + "description": "example dcr data exchange", + "friendly_name": "dcr_listing", + "location": "US" + } + google_bigquery_table.listing: |- + { + "dataset_id": "${google_bigquery_dataset.listing.dataset_id}", + "deletion_protection": false, + "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", + "table_id": "dcr_listing" + } argumentDocs: bigquery_dataset: |- - (Required) Shared dataset i.e. BigQuery dataset source. Structure is documented below. - bigquery_dataset.categories: |- - - - (Optional) - Categories of the listing. Up to two categories are allowed. - bigquery_dataset.data_provider: |- - - - (Optional) - Details of the data provider who owns the source data. - Structure is documented below. bigquery_dataset.dataset: |- - (Required) Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123 - bigquery_dataset.description: |- - - - (Optional) - Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF). - bigquery_dataset.documentation: |- - - - (Optional) - Documentation describing the listing. - bigquery_dataset.icon: |- - - - (Optional) - Base64 encoded image representing the listing. - bigquery_dataset.primary_contact: |- + bigquery_dataset.selected_resources: |- - (Optional) - Email or URL of the primary point of contact of the listing. - bigquery_dataset.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - bigquery_dataset.publisher: |- - - - (Optional) - Details of the publisher who owns the listing and who can share the source data. - Structure is documented below. - bigquery_dataset.request_access: |- - - - (Optional) - Email or URL of the request access of the listing. Subscribers can use this reference to request access. - bigquery_dataset.restricted_export_config: |- - - - (Optional) - If set, restricted export configuration will be propagated and enforced on the linked dataset. + Resource in this dataset that is selectively shared. This field is required for data clean room exchanges. Structure is documented below. create: '- Default is 20 minutes.' data_exchange_id: |- @@ -12123,10 +13497,60 @@ resources: - (Optional) If true, enable restricted export. + restricted_export_config.restrict_direct_table_access: |- + - + (Output) + If true, restrict direct table access(read api/tabledata.list) on linked table. restricted_export_config.restrict_query_result: |- - (Optional) If true, restrict export of query result derived from restricted linked dataset table. + selected_resources.categories: |- + - + (Optional) + Categories of the listing. Up to two categories are allowed. + selected_resources.data_provider: |- + - + (Optional) + Details of the data provider who owns the source data. + Structure is documented below. + selected_resources.description: |- + - + (Optional) + Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF). + selected_resources.documentation: |- + - + (Optional) + Documentation describing the listing. + selected_resources.icon: |- + - + (Optional) + Base64 encoded image representing the listing. + selected_resources.primary_contact: |- + - + (Optional) + Email or URL of the primary point of contact of the listing. + selected_resources.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + selected_resources.publisher: |- + - + (Optional) + Details of the publisher who owns the listing and who can share the source data. + Structure is documented below. + selected_resources.request_access: |- + - + (Optional) + Email or URL of the request access of the listing. Subscribers can use this reference to request access. + selected_resources.restricted_export_config: |- + - + (Optional) + If set, restricted export configuration will be propagated and enforced on the linked dataset. + Structure is documented below. + selected_resources.table: |- + - + (Optional) + Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} Example:"projects/test_project/datasets/test_dataset/tables/test_table" update: '- Default is 20 minutes.' importStatements: [] google_bigquery_analytics_hub_listing_iam_policy: @@ -12321,7 +13745,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "POSTGRES_11", - "deletion_protection": "true", + "deletion_protection": true, "name": "my-database-instance", "region": "us-central1", "settings": [ @@ -12357,7 +13781,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "POSTGRES_11", - "deletion_protection": "true", + "deletion_protection": true, "name": "my-database-instance", "region": "us-central1", "settings": [ @@ -12418,17 +13842,17 @@ resources: "region": "us-central1" } - name: bq-connection-cmek - manifest: "{\n \"cloud_sql\": [\n {\n \"credential\": [\n {\n \"password\": \"${google_sql_user.user.password}\",\n \"username\": \"${google_sql_user.user.name}\"\n }\n ],\n \"database\": \"${google_sql_database.db.name}\",\n \"instance_id\": \"${google_sql_database_instance.instance.connection_name}\",\n \"type\": \"POSTGRES\"\n }\n ],\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"kms_key_name\": \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n \"location\": \"US\"\n}" + manifest: "{\n \"cloud_sql\": [\n {\n \"credential\": [\n {\n \"password\": \"${google_sql_user.user.password}\",\n \"username\": \"${google_sql_user.user.name}\"\n }\n ],\n \"database\": \"${google_sql_database.db.name}\",\n \"instance_id\": \"${google_sql_database_instance.instance.connection_name}\",\n \"type\": \"POSTGRES\"\n }\n ],\n \"depends_on\": [\n \"${google_kms_crypto_key_iam_member.key_sa_user}\"\n ],\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"kms_key_name\": \"projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key\",\n \"location\": \"US\"\n}" references: cloud_sql.credential.password: google_sql_user.user.password cloud_sql.credential.username: google_sql_user.user.name cloud_sql.database: google_sql_database.db.name cloud_sql.instance_id: google_sql_database_instance.instance.connection_name dependencies: - google_project_iam_member.key_sa_user: |- + google_kms_crypto_key_iam_member.key_sa_user: |- { + "crypto_key_id": "projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key", "member": "serviceAccount:${data.google_bigquery_default_service_account.bq_sa.email}", - "project": "${data.google_project.project.project_id}", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } google_sql_database.db: |- @@ -12439,7 +13863,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "POSTGRES_11", - "deletion_protection": "true", + "deletion_protection": true, "name": "my-database-instance", "region": "us-central1", "settings": [ @@ -12743,6 +14167,58 @@ resources: "project": "${data.google_project.project.project_id}", "role": "roles/iam.serviceAccountTokenCreator" } + - name: query_config_cmek + manifest: |- + { + "data_source_id": "scheduled_query", + "depends_on": [ + "${google_project_iam_member.permissions}" + ], + "destination_dataset_id": "${google_bigquery_dataset.my_dataset.dataset_id}", + "display_name": "", + "encryption_configuration": [ + { + "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "location": "asia-northeast1", + "params": { + "destination_table_name_template": "my_table", + "query": "SELECT name FROM tabl WHERE x = 'y'", + "write_disposition": "WRITE_APPEND" + }, + "schedule": "first sunday of quarter 00:00" + } + references: + destination_dataset_id: google_bigquery_dataset.my_dataset.dataset_id + encryption_configuration.kms_key_name: google_kms_crypto_key.crypto_key.id + dependencies: + google_bigquery_dataset.my_dataset: |- + { + "dataset_id": "example_dataset", + "depends_on": [ + "${google_project_iam_member.permissions}" + ], + "description": "bar", + "friendly_name": "foo", + "location": "asia-northeast1" + } + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "example-key" + } + google_kms_key_ring.key_ring: |- + { + "location": "us", + "name": "example-keyring" + } + google_project_iam_member.permissions: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com", + "project": "${data.google_project.project.project_id}", + "role": "roles/iam.serviceAccountTokenCreator" + } - name: salesforce_config manifest: |- { @@ -12754,9 +14230,7 @@ resources: "assets": "[\"asset-a\",\"asset-b\"]", "connector.authentication.oauth.clientId": "client-id", "connector.authentication.oauth.clientSecret": "client-secret", - "connector.authentication.password": "password", - "connector.authentication.securityToken": "security-token", - "connector.authentication.username": "username" + "connector.authentication.oauth.myDomain": "MyDomainName" }, "schedule": "first sunday of quarter 00:00" } @@ -12806,6 +14280,15 @@ resources: - (Required) If true, email notifications will be sent on transfer run failures. + encryption_configuration: |- + - + (Optional) + Represents the encryption configuration for a transfer. + Structure is documented below. + encryption_configuration.kms_key_name: |- + - + (Required) + The name of the KMS key used for encrypting BigQuery data. id: '- an identifier for the resource with format {{name}}' location: |- - @@ -13284,12 +14767,37 @@ resources: "friendly_name": "test", "location": "aws-us-east-1" } + - name: dataset + manifest: |- + { + "dataset_id": "example_dataset", + "description": "This is a test description", + "external_catalog_dataset_options": [ + { + "default_storage_location_uri": "gs://test_dataset/tables", + "parameters": { + "dataset_owner": "test_dataset_owner" + } + } + ], + "friendly_name": "test", + "location": "US", + "provider": "${google-beta}" + } + references: + provider: google-beta argumentDocs: access: |- - (Optional) An array of objects that define dataset access for one or more entities. Structure is documented below. + access.condition: |- + - + (Optional) + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. access.dataset: |- - (Optional) @@ -13345,6 +14853,25 @@ resources: needs to be granted again via an update operation. Structure is documented below. allAuthenticatedUsers: ': All authenticated BigQuery users.' + condition.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + condition.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + condition.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + condition.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. create: '- Default is 20 minutes.' creation_time: |- - @@ -13440,6 +14967,22 @@ resources: etag: |- - A hash of the resource. + external_catalog_dataset_options: |- + - + (Optional, Beta) + Options defining open source compatible datasets living in the BigQuery catalog. Contains + metadata of open source database, schema or namespace represented by the current dataset. + Structure is documented below. + external_catalog_dataset_options.default_storage_location_uri: |- + - + (Optional, Beta) + The storage location URI for all tables in the dataset. Equivalent to hive metastore's + database locationUri. Maximum length of 1024 characters. + external_catalog_dataset_options.parameters: |- + - + (Optional, Beta) + A map of key value pairs defining the parameters and properties of the open source schema. + Maximum size of 2Mib. external_dataset_reference: |- - (Optional) @@ -13685,6 +15228,31 @@ resources: } argumentDocs: allAuthenticatedUsers: ': All authenticated BigQuery users.' + condition: |- + - + (Optional) + Condition for the binding. If CEL expression in this field is true, this + access binding will be considered. + Structure is documented below. + condition.description: |- + - + (Optional) + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + condition.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. + condition.location: |- + - + (Optional) + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + condition.title: |- + - + (Optional) + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. create: '- Default is 20 minutes.' dataset: |- - @@ -14118,7 +15686,7 @@ resources: { "destination_encryption_configuration": [ { - "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + "kms_key_name": "example-key" } ], "destination_table": [ @@ -14143,12 +15711,11 @@ resources: } ], "depends_on": [ - "google_project_iam_member.encrypt_role" + "google_kms_crypto_key_iam_member.encrypt_role" ], "job_id": "job_copy" } references: - copy.destination_encryption_configuration.kms_key_name: google_kms_crypto_key.crypto_key.id copy.destination_table.dataset_id: google_bigquery_table.dest.dataset_id copy.destination_table.project_id: google_bigquery_table.dest.project copy.destination_table.table_id: google_bigquery_table.dest.table_id @@ -14176,11 +15743,11 @@ resources: "dataset_id": "${google_bigquery_dataset.dest.dataset_id}", "deletion_protection": false, "depends_on": [ - "google_project_iam_member.encrypt_role" + "google_kms_crypto_key_iam_member.encrypt_role" ], "encryption_configuration": [ { - "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + "kms_key_name": "example-key" } ], "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", @@ -14194,20 +15761,10 @@ resources: "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", "table_id": "job_copy_${count.index}_table" } - google_kms_crypto_key.crypto_key: |- - { - "key_ring": "${google_kms_key_ring.key_ring.id}", - "name": "example-key" - } - google_kms_key_ring.key_ring: |- - { - "location": "global", - "name": "example-keyring" - } - google_project_iam_member.encrypt_role: |- + google_kms_crypto_key_iam_member.encrypt_role: |- { + "crypto_key_id": "example-key", "member": "serviceAccount:bq-${data.google_project.project.number}@bigquery-encryption.iam.gserviceaccount.com", - "project": "${data.google_project.project.project_id}", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } - name: job @@ -14857,11 +16414,6 @@ resources: (Optional) The geographic location where the transfer config should reside. Examples: US, EU, asia-northeast1. The default value is US. - multi_region_auxiliary: |- - - - (Optional, Deprecated) - Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. name: |- - (Required) @@ -15438,51 +16990,58 @@ resources: field type with RECORD field type, we currently cannot suppress the recurring diff this causes. As a workaround, we recommend using the schema as returned by the API. - allow_resource_tags_on_deletion: |- - - (Optional) If set to true, it allows table - deletion when there are still resource tags attached. The default value is - false. avro_options.use_avro_logical_types: |- - (Optional) - If is set to true, indicates whether + - (Optional) If is set to true, indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER). - bigtable_options.column_family: (Optional) - A list of column families to expose in the table schema along with their types. This list restricts the column families that can be referenced in queries and specifies their value types. You can use this list to do type conversions - see the 'type' field for more details. If you leave this list empty, all column families are present in the table schema and their values are read as BYTES. During a query only the column families referenced in that query are read from Bigtable. Structure is documented below. - bigtable_options.column_family.column: (Optional) - A List of columns that should be exposed as individual fields as opposed to a list of (column name, value) pairs. All columns whose qualifier matches a qualifier in this list can be accessed as Other columns can be accessed as a list through column field. Structure is documented below. - bigtable_options.column_family.column.encoding: '(Optional) - The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. ''encoding'' can also be set at the column family level. However, the setting at this level takes precedence if ''encoding'' is set at both levels.' - bigtable_options.column_family.column.field_name: (Optional) - If the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as the column field name and is used as field name in queries. - bigtable_options.column_family.column.only_read_latest: (Optional) - If this is set, only the latest version of value in this column are exposed. 'onlyReadLatest' can also be set at the column family level. However, the setting at this level takes precedence if 'onlyReadLatest' is set at both levels. - bigtable_options.column_family.column.qualifier_encoded: (Optional) - Qualifier of the column. Columns in the parent column family that has this exact qualifier are exposed as . field. If the qualifier is valid UTF-8 string, it can be specified in the qualifierString field. Otherwise, a base-64 encoded value must be set to qualifierEncoded. The column field name is the same as the column qualifier. However, if the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as fieldName. - bigtable_options.column_family.column.qualifier_string: (Optional) - Qualifier string. - bigtable_options.column_family.column.type: '(Optional) - The type to convert the value in cells of this column. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): "BYTES", "STRING", "INTEGER", "FLOAT", "BOOLEAN", "JSON", Default type is "BYTES". ''type'' can also be set at the column family level. However, the setting at this level takes precedence if ''type'' is set at both levels.' - bigtable_options.column_family.encoding: '(Optional) - The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. This can be overridden for a specific column by listing that column in ''columns'' and specifying an encoding for it.' - bigtable_options.column_family.family_id: (Optional) - Identifier of the column family. - bigtable_options.column_family.only_read_latest: (Optional) - If this is set only the latest version of value are exposed for all columns in this column family. This can be overridden for a specific column by listing that column in 'columns' and specifying a different setting for that column. - bigtable_options.column_family.type: '(Optional) - The type to convert the value in cells of this column family. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): "BYTES", "STRING", "INTEGER", "FLOAT", "BOOLEAN", "JSON". Default type is BYTES. This can be overridden for a specific column by listing that column in ''columns'' and specifying a type for it.' - bigtable_options.ignore_unspecified_column_families: (Optional) - If field is true, then the column families that are not specified in columnFamilies list are not exposed in the table schema. Otherwise, they are read with BYTES type values. The default value is false. - bigtable_options.output_column_families_as_json: (Optional) - If field is true, then each column family will be read as a single JSON column. Otherwise they are read as a repeated cell structure containing timestamp/value tuples. The default value is false. - bigtable_options.read_rowkey_as_string: (Optional) - If field is true, then the rowkey column families will be read and converted to string. Otherwise they are read with BYTES type values and users need to manually cast them with CAST if necessary. The default value is false. + biglake_configuration: '- (Optional) Specifies the configuration of a BigLake managed table. Structure is documented below' + biglake_configuration.connection_id: |- + - (Required) The connection specifying the credentials to be used to + read and write to external storage, such as Cloud Storage. The connection_id can + have the form ".." or + projects//locations//connections/". + biglake_configuration.file_format: '- (Required) The file format the table data is stored in.' + biglake_configuration.storage_uri: |- + - (Required) The fully qualified location prefix of the external folder where table data + is stored. The '*' wildcard character is not allowed. The URI should be in the format "gs://bucket/path_to_table/" + biglake_configuration.table_format: '- (Required) The table format the metadata only snapshots are stored in.' + bigtable_options.column_family: '- (Optional) A list of column families to expose in the table schema along with their types. This list restricts the column families that can be referenced in queries and specifies their value types. You can use this list to do type conversions - see the ''type'' field for more details. If you leave this list empty, all column families are present in the table schema and their values are read as BYTES. During a query only the column families referenced in that query are read from Bigtable. Structure is documented below.' + bigtable_options.column_family.column: '- (Optional) A List of columns that should be exposed as individual fields as opposed to a list of (column name, value) pairs. All columns whose qualifier matches a qualifier in this list can be accessed as Other columns can be accessed as a list through column field. Structure is documented below.' + bigtable_options.column_family.column.encoding: '- (Optional) The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. ''encoding'' can also be set at the column family level. However, the setting at this level takes precedence if ''encoding'' is set at both levels.' + bigtable_options.column_family.column.field_name: '- (Optional) If the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as the column field name and is used as field name in queries.' + bigtable_options.column_family.column.only_read_latest: '- (Optional) If this is set, only the latest version of value in this column are exposed. ''onlyReadLatest'' can also be set at the column family level. However, the setting at this level takes precedence if ''onlyReadLatest'' is set at both levels.' + bigtable_options.column_family.column.qualifier_encoded: '- (Optional) Qualifier of the column. Columns in the parent column family that has this exact qualifier are exposed as . field. If the qualifier is valid UTF-8 string, it can be specified in the qualifierString field. Otherwise, a base-64 encoded value must be set to qualifierEncoded. The column field name is the same as the column qualifier. However, if the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as fieldName.' + bigtable_options.column_family.column.qualifier_string: '- (Optional) Qualifier string.' + bigtable_options.column_family.column.type: '- (Optional) The type to convert the value in cells of this column. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): "BYTES", "STRING", "INTEGER", "FLOAT", "BOOLEAN", "JSON", Default type is "BYTES". ''type'' can also be set at the column family level. However, the setting at this level takes precedence if ''type'' is set at both levels.' + bigtable_options.column_family.encoding: '- (Optional) The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. This can be overridden for a specific column by listing that column in ''columns'' and specifying an encoding for it.' + bigtable_options.column_family.family_id: '- (Optional) Identifier of the column family.' + bigtable_options.column_family.only_read_latest: '- (Optional) If this is set only the latest version of value are exposed for all columns in this column family. This can be overridden for a specific column by listing that column in ''columns'' and specifying a different setting for that column.' + bigtable_options.column_family.type: '- (Optional) The type to convert the value in cells of this column family. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): "BYTES", "STRING", "INTEGER", "FLOAT", "BOOLEAN", "JSON". Default type is BYTES. This can be overridden for a specific column by listing that column in ''columns'' and specifying a type for it.' + bigtable_options.ignore_unspecified_column_families: '- (Optional) If field is true, then the column families that are not specified in columnFamilies list are not exposed in the table schema. Otherwise, they are read with BYTES type values. The default value is false.' + bigtable_options.output_column_families_as_json: '- (Optional) If field is true, then each column family will be read as a single JSON column. Otherwise they are read as a repeated cell structure containing timestamp/value tuples. The default value is false.' + bigtable_options.read_rowkey_as_string: '- (Optional) If field is true, then the rowkey column families will be read and converted to string. Otherwise they are read with BYTES type values and users need to manually cast them with CAST if necessary. The default value is false.' clustering: |- - (Optional) Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order. column_references.referenced_column: |- - : (Required) The column in the primary key that are + - (Required) The column in the primary key that are referenced by the referencingColumn - column_references.referencing_column: ': (Required) The column that composes the foreign key.' + column_references.referencing_column: '- (Required) The column that composes the foreign key.' creation_time: '- The time when this table was created, in milliseconds since the epoch.' csv_options.allow_jagged_rows: |- - (Optional) - Indicates if BigQuery should accept rows + - (Optional) Indicates if BigQuery should accept rows that are missing trailing optional columns. csv_options.allow_quoted_newlines: |- - (Optional) - Indicates if BigQuery should allow + - (Optional) Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false. csv_options.encoding: |- - (Optional) - The character encoding of the data. The supported + - (Optional) The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - csv_options.field_delimiter: (Optional) - The separator for fields in a CSV file. + csv_options.field_delimiter: '- (Optional) The separator for fields in a CSV file.' csv_options.quote: |- - (Required) - The value that is used to quote data sections in a + - (Required) The value that is used to quote data sections in a CSV file. If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allow_quoted_newlines property to true. @@ -15490,7 +17049,7 @@ resources: limitations with Terraform default values, this value is required to be explicitly set. csv_options.skip_leading_rows: |- - (Optional) - The number of rows at the top of a CSV + - (Optional) The number of rows at the top of a CSV file that BigQuery will skip when reading the data. dataset_id: |- - (Required) The dataset ID to create the table in. @@ -15520,30 +17079,74 @@ resources: milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed. + external_catalog_table_options: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Options defining open source compatible table. + Structure is documented below. + external_catalog_table_options.connection_id: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + The connection specifying the credentials to be used to read external storage, + such as Azure Blob, Cloud Storage, or S3. The connection is needed to read the + open source table from BigQuery Engine. The connection_id can have the form + .. or projects//locations//connections/. + external_catalog_table_options.parameters: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + A map of key value pairs defining the parameters and properties of the open + source table. Corresponds with hive meta store table parameters. Maximum size + of 4Mib. + external_catalog_table_options.storage_descriptor: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + A storage descriptor containing information about the physical storage of this + table. + Structure is documented below. + external_catalog_table_options.storage_descriptor.input_format: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Specifies the fully qualified class name of the InputFormat (e.g. "org.apache.hadoop.hive.ql.io.orc.OrcInputFormat"). + The maximum length is 128 characters. + external_catalog_table_options.storage_descriptor.location_uri: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + The physical location of the table (e.g. 'gs://spark-dataproc-data/pangea-data/case_sensitive/' or 'gs://spark-dataproc-data/pangea-data/*'). + The maximum length is 2056 bytes. + external_catalog_table_options.storage_descriptor.output_format: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Specifies the fully qualified class name of the OutputFormat (e.g. "org.apache.hadoop.hive.ql.io.orc.OrcOutputFormat"). + The maximum length is 128 characters. + external_catalog_table_options.storage_descriptor.serde_info: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Serializer and deserializer information. + Structure is documented below. external_data_configuration: |- - (Optional) Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table. Structure is documented below. external_data_configuration.autodetect: |- - - (Required) - Let BigQuery try to autodetect the schema + - (Required) Let BigQuery try to autodetect the schema and format of the table. external_data_configuration.avro_options: |- - (Optional) - Additional options if source_format is set to + - (Optional) Additional options if source_format is set to "AVRO". Structure is documented below. external_data_configuration.bigtable_options: |- - (Optional) - Additional properties to set if + - (Optional) Additional properties to set if source_format is set to "BIGTABLE". Structure is documented below. external_data_configuration.compression: |- - (Optional) - The compression type of the data source. + - (Optional) The compression type of the data source. Valid values are "NONE" or "GZIP". external_data_configuration.connection_id: |- - (Optional) - The connection specifying the credentials to be used to read + - (Optional) The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connection_id can have the form {{project}}.{{location}}.{{connection_id}} or projects/{{project}}/locations/{{location}}/connections/{{connection_id}}. external_data_configuration.csv_options: |- - (Optional) - Additional properties to set if + - (Optional) Additional properties to set if source_format is set to "CSV". Structure is documented below. external_data_configuration.external_data_configuration.connection_id: |- , the @@ -15554,32 +17157,32 @@ resources: By default source URIs are expanded against the underlying storage. Other options include specifying manifest files. Only applicable to object storage systems. Docs external_data_configuration.google_sheets_options: |- - (Optional) - Additional options if + - (Optional) Additional options if source_format is set to "GOOGLE_SHEETS". Structure is documented below. external_data_configuration.hive_partitioning_options: |- - (Optional) - When set, configures hive partitioning + - (Optional) When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification. Structure is documented below. external_data_configuration.ignore_unknown_values: |- - (Optional) - Indicates if BigQuery should + - (Optional) Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false. - external_data_configuration.json_extension: '(Optional) - Used to indicate that a JSON variant, rather than normal JSON, is being used as the sourceFormat. This should only be used in combination with the JSON source format. Valid values are: GEOJSON.' + external_data_configuration.json_extension: '- (Optional) Used to indicate that a JSON variant, rather than normal JSON, is being used as the sourceFormat. This should only be used in combination with the JSON source format. Valid values are: GEOJSON.' external_data_configuration.json_options: |- - (Optional) - Additional properties to set if + - (Optional) Additional properties to set if source_format is set to "JSON". Structure is documented below. external_data_configuration.max_bad_records: |- - (Optional) - The maximum number of bad records that + - (Optional) The maximum number of bad records that BigQuery can ignore when reading data. external_data_configuration.metadata_cache_mode: '- (Optional) Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source. Valid values are AUTOMATIC and MANUAL.' external_data_configuration.object_metadata: '- (Optional) Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If object_metadata is set, source_format should be omitted.' external_data_configuration.parquet_options: |- - (Optional) - Additional properties to set if + - (Optional) Additional properties to set if source_format is set to "PARQUET". Structure is documented below. external_data_configuration.reference_file_schema_uri: '- (Optional) When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.' external_data_configuration.schema: |- @@ -15595,7 +17198,7 @@ resources: datasource, after creation the computed schema will be stored in google_bigquery_table.schema external_data_configuration.source_format: |- - (Optional) - The data format. Please see sourceFormat under + - (Optional) The data format. Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation for supported formats. To use "GOOGLE_SHEETS" the scopes must include "https://www.googleapis.com/auth/drive.readonly". @@ -15603,32 +17206,32 @@ resources: - (Required) A list of the fully-qualified URIs that point to your data in Google Cloud. foreign_keys.column_references: |- - : (Required) The pair of the foreign key column and primary key column. + - (Required) The pair of the foreign key column and primary key column. Structure is documented below. - foreign_keys.name: ': (Optional) Set only if the foreign key constraint is named.' + foreign_keys.name: '- (Optional) Set only if the foreign key constraint is named.' foreign_keys.referenced_table: |- - : (Required) The table that holds the primary key + - (Required) The table that holds the primary key and is referenced by this foreign key. Structure is documented below. friendly_name: '- (Optional) A descriptive name for the table.' google_sheets_options.range: |- - (Optional) - Range of a sheet to query from. Only used when + - (Optional) Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" For example: "sheet1!A1:B20" google_sheets_options.skip_leading_rows: |- - (Optional) - The number of rows at the top of the sheet + - (Optional) The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set. hive_partitioning_options.mode: |- - (Optional) - When set, what mode of hive partitioning to use when + - (Optional) When set, what mode of hive partitioning to use when reading data. The following modes are supported. hive_partitioning_options.require_partition_filter: |- - (Optional) If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified. hive_partitioning_options.source_uri_prefix: |- - (Optional) - When hive partition detection is requested, + - (Optional) When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins. For example, consider files following this data layout. gs://bucket/path_to_table/dt=2019-06-01/country=USA/id=7/file.avro @@ -15636,8 +17239,8 @@ resources: partitioning is requested with either AUTO or STRINGS detection, the common prefix can be either of gs://bucket/path_to_table or gs://bucket/path_to_table/. Note that when mode is set to CUSTOM, you must encode the partition key schema within the source_uri_prefix by setting source_uri_prefix to gs://bucket/path_to_table/{key1:TYPE1}/{key2:TYPE2}/{key3:TYPE3}. - id: '- an identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}}' - json_options.encoding: (Optional) - The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8. + id: '- An identifier for the resource with format projects/{{project}}/datasets/{{dataset}}/tables/{{name}}' + json_options.encoding: '- (Optional) The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.' kms_key_version: '- The self link or full name of the kms key version used to encrypt this table.' labels: '- (Optional) A mapping of labels to assign to the resource.' last_modified_time: '- The time when this table was last modified, in milliseconds since the epoch.' @@ -15656,16 +17259,16 @@ resources: - (Optional) The maximum frequency at which this materialized view will be refreshed. The default value is 1800000 max_staleness: |- - : (Optional) The maximum staleness of data that could be + - (Optional) The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of SQL IntervalValue type. num_bytes: '- The size of this table in bytes, excluding any data in the streaming buffer.' num_long_term_bytes: '- The number of bytes in the table that are considered "long-term storage".' num_rows: '- The number of rows of data in this table, excluding any data in the streaming buffer.' - parquet_options.enable_list_inference: (Optional) - Indicates whether to use schema inference specifically for Parquet LIST logical type. - parquet_options.enum_as_string: (Optional) - Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default. - primary_key.columns: ': (Required) The columns that are composed of the primary key constraint.' + parquet_options.enable_list_inference: '- (Optional) Indicates whether to use schema inference specifically for Parquet LIST logical type.' + parquet_options.enum_as_string: '- (Optional) Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.' + primary_key.columns: '- (Required) The columns that are composed of the primary key constraint.' project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -15681,10 +17284,10 @@ resources: range_partitioning.range: |- - (Required) Information required to partition based on ranges. Structure is documented below. - referenced_table.dataset_id: ': (Required) The ID of the dataset containing this table.' - referenced_table.project_id: ': (Required) The ID of the project containing this table.' + referenced_table.dataset_id: '- (Required) The ID of the dataset containing this table.' + referenced_table.project_id: '- (Required) The ID of the project containing this table.' referenced_table.table_id: |- - : (Required) The ID of the table. The ID must contain only + - (Required) The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. Certain operations allow suffixing of the table ID with a partition decorator, such as @@ -15701,6 +17304,24 @@ resources: expected to be the short name, for example "Production". schema: '- (Optional) A JSON schema for the table.' self_link: '- The URI of the created resource.' + serde_info.name: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Name of the SerDe. + The maximum length is 256 characters. + serde_info.parameters: |- + - (Optional, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Key-value pairs that define the initialization parameters for the + serialization library. + Maximum size 10 Kib. + serde_info.serialization_library: |- + - (Required, [Beta] + (https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Specifies a fully-qualified class name of the serialization library that is + responsible for the translation of data between table representation and the + underlying low-level input and output format structures. + The maximum length is 256 characters. table_constraints: |- - (Optional) Defines the primary key and foreign keys. Structure is documented below. @@ -15722,11 +17343,11 @@ resources: CREATE MATERIALIZED VIEW mv1 AS REPLICA OF src_mv. Structure is documented below. table_replication_info.replication_interval_ms: |- - (Optional) - The interval at which the source + - (Optional) The interval at which the source materialized view is polled for updates. The default is 300000. - table_replication_info.source_dataset_id: (Required) - The ID of the source dataset. - table_replication_info.source_project_id: (Required) - The ID of the source project. - table_replication_info.source_table_id: (Required) - The ID of the source materialized view. + table_replication_info.source_dataset_id: '- (Required) The ID of the source dataset.' + table_replication_info.source_project_id: '- (Required) The ID of the source project.' + table_replication_info.source_table_id: '- (Required) The ID of the source materialized view.' terraform_labels: |- - The combination of labels configured directly on the resource and default labels configured on the provider. @@ -15734,7 +17355,7 @@ resources: - (Optional) If specified, configures time-based partitioning for this table. Structure is documented below. time_partitioning.expiration_ms: |- - - (Optional) Number of milliseconds for which to keep the + - (Optional) Number of milliseconds for which to keep the storage for a partition. time_partitioning.field: |- - (Optional) The field used to determine how to create a time-based @@ -15834,7 +17455,7 @@ resources: "zone": "us-central1-c" } ], - "deletion_protection": "true", + "deletion_protection": true, "name": "bt-instance" } - name: ap @@ -15863,7 +17484,7 @@ resources: "zone": "us-central1-b" } ], - "deletion_protection": "true", + "deletion_protection": true, "name": "bt-instance" } - name: ap @@ -15903,7 +17524,7 @@ resources: "zone": "us-central1-c" } ], - "deletion_protection": "true", + "deletion_protection": true, "name": "bt-instance" } - name: ap @@ -15937,7 +17558,7 @@ resources: "zone": "us-central1-b" } ], - "deletion_protection": "true", + "deletion_protection": true, "name": "bt-instance" } argumentDocs: @@ -16343,6 +17964,11 @@ resources: references: policy_data: data.google_iam_policy.admin.policy_data argumentDocs: + condition: '- (Optional) An IAM Condition for a given binding. Structure is documented below.' + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.policy_data: '- (Required) The policy data generated by a google_iam_policy data source.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' etag: '- (Computed) The etag of the instances''s IAM policy.' google_bigtable_instance_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.' google_bigtable_instance_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.' @@ -16351,7 +17977,6 @@ resources: member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: - policy_data: '- (Required) The policy data generated by a google_iam_policy data source.' project: |- - (Optional) The project in which the instance belongs. If it is not provided, Terraform will use the provider default. @@ -16381,7 +18006,12 @@ resources: "family": "family-first" }, { - "family": "family-second" + "family": "family-second", + "type": "intsum" + }, + { + "family": "family-third", + "type": " {\n\t\t\t\t\t\"aggregateType\": {\n\t\t\t\t\t\t\"max\": {},\n\t\t\t\t\t\t\"inputType\": {\n\t\t\t\t\t\t\t\"int64Type\": {\n\t\t\t\t\t\t\t\t\"encoding\": {\n\t\t\t\t\t\t\t\t\t\"bigEndianBytes\": {}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n" } ], "instance_name": "${google_bigtable_instance.instance.name}", @@ -16434,6 +18064,7 @@ resources: - (Optional) A list of predefined keys to split the table on. !> Warning: Modifying the split_keys of an existing table will cause Terraform to delete/recreate the entire google_bigtable_table resource. + type: '- (Optional) The type of the column family.' update: '- Default is 20 minutes.' importStatements: [] google_bigtable_table_iam_policy: @@ -16809,7 +18440,7 @@ resources: Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS, this is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values. If creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. - Note: If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config. + Note: If the field has a value in the config and needs to be removed, the field has to be an empty array in the config. budget_filter.credit_types_treatment: |- - (Optional) @@ -16862,7 +18493,7 @@ resources: the parent account, usage from the parent account will be included. If the field is omitted, the report will include usage from the parent account and all subaccounts, if they exist. - Note: If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config. + Note: If the field has a value in the config and needs to be removed, the field has to be an empty array in the config. create: '- Default is 20 minutes.' custom_period.end_date: |- - @@ -16986,6 +18617,7 @@ resources: dependencies: google_project.project: |- { + "deletion_policy": "DELETE", "lifecycle": [ { "ignore_changes": [ @@ -17006,7 +18638,7 @@ resources: For example, "012345-567890-ABCDEF" or "". create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/billingInfo' + id: '- an identifier for the resource with format projects/{{project}}' project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -18097,6 +19729,9 @@ resources: - (Output) Reason for provisioning failures. + san_dnsnames: |- + - + The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6) scope: |- - (Optional) @@ -18752,6 +20387,466 @@ resources: A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". importStatements: [] + google_chronicle_data_access_label: + subCategory: Chronicle + description: A DataAccessLabel is a label on events to define user access to data. + name: google_chronicle_data_access_label + title: "" + examples: + - name: example + manifest: |- + { + "data_access_label_id": "label-id", + "description": "label-description", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta", + "udm_query": "principal.hostname=\"google.com\"" + } + argumentDocs: + author: |- + - + Output only. The user who created the data access label. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time at which the data access label was created. + data_access_label_id: |- + - + (Required) + Required. The ID to use for the data access label, which will become the label's + display name and the final component of the label's resource name. It must + only contain ASCII lowercase letters, numbers, and dashes; it must begin + with a letter, and it must not exceed 1000 characters. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Optional. A description of the data access label for a human reader. + display_name: |- + - + Output only. The short name displayed for the label as it appears on event data. This is same as data access label id. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessLabels/{{data_access_label_id}}' + instance: |- + - + (Required) + The unique identifier for the Chronicle instance, which is the same as the customer ID. + last_editor: |- + - + Output only. The user who last updated the data access label. + location: |- + - + (Required) + The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2". + name: |- + - + The unique resource name of the data access label. This unique identifier is generated using values provided for the URL parameters. + Format: + projects/{project}/locations/{location}/instances/{instance}/dataAccessLabels/{data_access_label_id} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + udm_query: |- + - + (Required) + A UDM query over event data. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time at which the data access label was last updated. + importStatements: [] + google_chronicle_data_access_scope: + subCategory: Chronicle + description: A DataAccessScope is a boolean expression of data access labels used to restrict access to data for users. + name: google_chronicle_data_access_scope + title: "" + examples: + - name: example + manifest: |- + { + "allowed_data_access_labels": [ + { + "log_type": "GCP_CLOUDAUDIT" + }, + { + "log_type": "GITHUB" + } + ], + "data_access_scope_id": "scope-id", + "description": "scope-description", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta" + } + - name: example + manifest: |- + { + "allowed_data_access_labels": [ + { + "data_access_label": "${resource.google_chronicle_data_access_label.custom_data_access_label.data_access_label_id}" + } + ], + "data_access_scope_id": "scope-id", + "description": "scope-description", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta" + } + references: + allowed_data_access_labels.data_access_label: resource.google_chronicle_data_access_label.custom_data_access_label.data_access_label_id + dependencies: + google_chronicle_data_access_label.custom_data_access_label: |- + { + "data_access_label_id": "label-id", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta", + "udm_query": "principal.hostname=\"google.com\"" + } + - name: example + manifest: |- + { + "allowed_data_access_labels": [ + { + "asset_namespace": "my-namespace" + } + ], + "data_access_scope_id": "scope-id", + "description": "scope-description", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta" + } + - name: example + manifest: |- + { + "allowed_data_access_labels": [ + { + "ingestion_label": [ + { + "ingestion_label_key": "ingestion_key", + "ingestion_label_value": "ingestion_value" + } + ] + } + ], + "data_access_scope_id": "scope-id", + "description": "scope-description", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta" + } + - name: example + manifest: |- + { + "allow_all": true, + "data_access_scope_id": "scope-id", + "denied_data_access_labels": [ + { + "log_type": "GCP_CLOUDAUDIT" + }, + { + "data_access_label": "${resource.google_chronicle_data_access_label.custom_data_access_label.data_access_label_id}" + }, + { + "ingestion_label": [ + { + "ingestion_label_key": "ingestion_key", + "ingestion_label_value": "ingestion_value" + } + ] + }, + { + "asset_namespace": "my-namespace" + } + ], + "description": "scope-description", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta" + } + references: + denied_data_access_labels.data_access_label: resource.google_chronicle_data_access_label.custom_data_access_label.data_access_label_id + dependencies: + google_chronicle_data_access_label.custom_data_access_label: |- + { + "data_access_label_id": "label-id", + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "provider": "google-beta", + "udm_query": "principal.hostname=\"google.com\"" + } + argumentDocs: + allow_all: |- + - + (Optional) + Optional. Whether or not the scope allows all labels, allow_all and + allowed_data_access_labels are mutually exclusive and one of them must be + present. denied_data_access_labels can still be used along with allow_all. + When combined with denied_data_access_labels, access will be granted to all + data that doesn't have labels mentioned in denied_data_access_labels. E.g.: + A customer with scope with denied labels A and B and allow_all will be able + to see all data except data labeled with A and data labeled with B and data + with labels A and B. + allowed_data_access_labels: |- + - + (Optional) + The allowed labels for the scope. There has to be at + least one label allowed for the scope to be valid. + The logical operator for evaluation of the allowed labels is OR. + Either allow_all or allowed_data_access_labels needs to be provided. + E.g.: A customer with scope with allowed labels A and B will be able + to see data with labeled with A or B or (A and B). + Structure is documented below. + allowed_data_access_labels.asset_namespace: |- + - + (Optional) + The asset namespace configured in the forwarder + of the customer's events. + allowed_data_access_labels.data_access_label: |- + - + (Optional) + The name of the data access label. + allowed_data_access_labels.display_name: |- + - + (Output) + Output only. The display name of the label. + Data access label and log types's name + will match the display name of the resource. + The asset namespace will match the namespace itself. + The ingestion key value pair will match the key of the tuple. + allowed_data_access_labels.ingestion_label: |- + - + (Optional) + Representation of an ingestion label type. + Structure is documented below. + allowed_data_access_labels.log_type: |- + - + (Optional) + The name of the log type. + author: |- + - + Output only. The user who created the data access scope. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time at which the data access scope was created. + data_access_scope_id: |- + - + (Required) + Required. The user provided scope id which will become the last part of the name + of the scope resource. + Needs to be compliant with https://google.aip.dev/122 + delete: '- Default is 20 minutes.' + denied_data_access_labels: |- + - + (Optional) + Optional. The denied labels for the scope. + The logical operator for evaluation of the denied labels is AND. + E.g.: A customer with scope with denied labels A and B won't be able + to see data labeled with A and data labeled with B + and data with labels A and B. + Structure is documented below. + denied_data_access_labels.asset_namespace: |- + - + (Optional) + The asset namespace configured in the forwarder + of the customer's events. + denied_data_access_labels.data_access_label: |- + - + (Optional) + The name of the data access label. + denied_data_access_labels.display_name: |- + - + (Output) + Output only. The display name of the label. + Data access label and log types's name + will match the display name of the resource. + The asset namespace will match the namespace itself. + The ingestion key value pair will match the key of the tuple. + denied_data_access_labels.ingestion_label: |- + - + (Optional) + Representation of an ingestion label type. + Structure is documented below. + denied_data_access_labels.log_type: |- + - + (Optional) + The name of the log type. + description: |- + - + (Optional) + Optional. A description of the data access scope for a human reader. + display_name: |- + - + Output only. The name to be used for display to customers of the data access scope. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessScopes/{{data_access_scope_id}}' + ingestion_label.ingestion_label_key: |- + - + (Required) + Required. The key of the ingestion label. Always required. + ingestion_label.ingestion_label_value: |- + - + (Optional) + Optional. The value of the ingestion label. Optional. An object + with no provided value and some key provided would match + against the given key and ANY value. + instance: |- + - + (Required) + The unique identifier for the Chronicle instance, which is the same as the customer ID. + last_editor: |- + - + Output only. The user who last updated the data access scope. + location: |- + - + (Required) + The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2". + name: |- + - + The unique full name of the data access scope. This unique identifier is generated using values provided for the URL parameters. + Format: + projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{data_access_scope_id} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time at which the data access scope was last updated. + importStatements: [] + google_chronicle_watchlist: + subCategory: Chronicle + description: A watchlist is a list of entities that allows for bulk operations over the included entities. + name: google_chronicle_watchlist + title: "" + examples: + - name: example + manifest: |- + { + "description": "watchlist-description", + "display_name": "watchlist_name", + "entity_population_mechanism": [ + { + "manual": [ + {} + ] + } + ], + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "multiplying_factor": 1, + "provider": "google-beta", + "watchlist_id": "watchlist-id", + "watchlist_user_preferences": [ + { + "pinned": true + } + ] + } + - name: example + manifest: |- + { + "description": "watchlist-description", + "display_name": "watchlist-name", + "entity_population_mechanism": [ + { + "manual": [ + {} + ] + } + ], + "instance": "00000000-0000-0000-0000-000000000000", + "location": "us", + "multiplying_factor": 1, + "provider": "google-beta", + "watchlist_user_preferences": [ + { + "pinned": true + } + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Time the watchlist was created. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Required) + Required. Display name of the watchlist. + Note that it must be at least one character and less than 63 characters + (https://google.aip.dev/148). + entity_count: |- + - + Count of different types of entities in the watchlist. + Structure is documented below. + entity_count.asset: |- + - + (Output) + Output only. Count of asset type entities in the watchlist. + entity_count.user: |- + - + (Output) + Output only. Count of user type entities in the watchlist. + entity_population_mechanism: |- + - + (Required) + Mechanism to populate entities in the watchlist. + Structure is documented below. + entity_population_mechanism.description: |- + - + (Optional) + Optional. Description of the watchlist. + entity_population_mechanism.manual: |- + - + (Optional) + Entities are added manually. + entity_population_mechanism.multiplying_factor: |- + - + (Optional) + Optional. Weight applied to the risk score for entities + in this watchlist. + The default is 1.0 if it is not specified. + entity_population_mechanism.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + entity_population_mechanism.watchlist_id: |- + - + (Optional) + Optional. The ID to use for the watchlist, + which will become the final component of the watchlist's resource name. + This value should be 4-63 characters, and valid characters + are /a-z-/. + entity_population_mechanism.watchlist_user_preferences: |- + - + (Optional) + A collection of user preferences for watchlist UI configuration. + Structure is documented below. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}' + instance: |- + - + (Required) + The unique identifier for the Chronicle instance, which is the same as the customer ID. + location: |- + - + (Required) + The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2". + name: |- + - + Identifier. Resource name of the watchlist. This unique identifier is generated using values provided for the URL parameters. + Format: + projects/{project}/locations/{location}/instances/{instance}/watchlists/{watchlist} + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. Time the watchlist was last updated. + watchlist_user_preferences.pinned: |- + - + (Optional) + Optional. Whether the watchlist is pinned on the dashboard. + importStatements: [] google_cloud_asset_folder_feed: subCategory: Cloud Asset Inventory description: Describes a Cloud Asset Inventory feed used to to listen to asset updates. @@ -18792,6 +20887,7 @@ resources: dependencies: google_folder.my_folder: |- { + "deletion_protection": false, "display_name": "Networking", "parent": "organizations/123456789" } @@ -19520,6 +21616,44 @@ resources: - Last update timestamp in RFC 3339 text format. importStatements: [] + google_cloud_quotas_quota_adjuster_settings: + subCategory: Cloud Quotas + description: QuotaAdjusterSettings represents the preferred quota configuration specified for a project, folder or organization. + name: google_cloud_quotas_quota_adjuster_settings + title: "" + examples: + - name: adjuster_settings + manifest: |- + { + "enablement": "ENABLED", + "parent": "projects/104740170505", + "provider": "${google-beta}" + } + references: + provider: google-beta + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + effective_container: |- + - + Fields to capture the hierarchy enablement. + The container (org/folder/project) that determines if the quota adjuster is set for this project/folder/org. We use the nearest-ancestor to determine the effective container. + The nearest ancestor (including this container) with enabled set (either true or false) will be returned. + effective_enablement: |- + - + Based on the effective container`s setting above, determines Whether this container has the quota adjuster enabled. + enablement: |- + - + (Required) + Required. The configured value of the enablement at the given resource. + Possible values are: ENABLED, DISABLED. + id: '- an identifier for the resource with format {{parent}}/locations/global/quotaAdjusterSettings' + parent: |- + - + (Required) + The parent of the quota preference. Allowed parents are "projects/[project-id / number]" or "folders/[folder-id / number]" or "organizations/[org-id / number]". + update: '- Default is 20 minutes.' + importStatements: [] google_cloud_quotas_quota_preference: subCategory: Cloud Quotas description: QuotaPreference represents the preferred quota configuration specified for a project, folder or organization. @@ -19873,6 +22007,55 @@ resources: } ] } + - name: default + manifest: |- + { + "location": "us-central1", + "metadata": [ + { + "annotations": { + "run.googleapis.com/launch-stage": "BETA" + } + } + ], + "name": "cloudrun-srv", + "provider": "${google-beta}", + "template": [ + { + "metadata": [ + { + "annotations": { + "autoscaling.knative.dev/maxScale": "1", + "run.googleapis.com/cpu-throttling": "false" + } + } + ], + "spec": [ + { + "containers": [ + { + "image": "gcr.io/cloudrun/hello", + "resources": [ + { + "limits": { + "cpu": "4", + "memory": "16Gi", + "nvidia.com/gpu": "1" + } + } + ] + } + ], + "node_selector": { + "run.googleapis.com/accelerator": "nvidia-l4" + } + } + ] + } + ] + } + references: + provider: google-beta - name: default manifest: |- { @@ -19906,7 +22089,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "MYSQL_5_7", - "deletion_protection": "true", + "deletion_protection": true, "name": "cloudrun-sql", "region": "us-east1", "settings": [ @@ -20009,13 +22192,6 @@ resources: } ], "location": "us-central1", - "metadata": [ - { - "annotations": { - "run.googleapis.com/launch-stage": "BETA" - } - } - ], "name": "cloudrun-srv", "provider": "${google-beta}", "template": [ @@ -20471,6 +22647,7 @@ resources: explicitly specified, otherwise to an implementation-defined value. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + run.googleapis.com/accelerator: sets the type of GPU required by the Revision to run. run.googleapis.com/binary-authorization: sets the Binary Authorization. run.googleapis.com/binary-authorization-breakglass: sets the Binary Authorization breakglass. run.googleapis.com/client-name: sets the client name calling the Cloud Run API. @@ -20570,6 +22747,11 @@ resources: (Required) Containers defines the unit of execution for this Revision. Structure is documented below. + spec.node_selector: |- + - + (Optional, Beta) + Node Selector describes the hardware requirements of the resources. + Use the following node selector keys to configure features on a Revision: spec.service_account_name: |- - (Optional) @@ -20746,12 +22928,12 @@ resources: This must match the Name of a Volume. volumes.csi: |- - - (Optional, Beta) + (Optional) A filesystem specified by the Container Storage Interface (CSI). Structure is documented below. volumes.empty_dir: |- - - (Optional, Beta) + (Optional) Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). Structure is documented below. volumes.name: |- @@ -20760,10 +22942,9 @@ resources: Volume's name. volumes.nfs: |- - - (Optional, Beta) + (Optional) A filesystem backed by a Network File System share. This filesystem requires the - run.googleapis.com/execution-environment annotation to be set to "gen2" and - run.googleapis.com/launch-stage set to "BETA" or "ALPHA". + run.googleapis.com/execution-environment annotation to be unset or set to "gen2" Structure is documented below. volumes.secret: |- - @@ -20825,6 +23006,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-job", "template": [ @@ -20844,6 +23026,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "lifecycle": [ { "ignore_changes": [ @@ -20880,6 +23063,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-job", "template": [ @@ -20965,7 +23149,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "MYSQL_5_7", - "deletion_protection": "true", + "deletion_protection": true, "name": "cloudrun-sql", "region": "us-central1", "settings": [ @@ -20977,6 +23161,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-job", "template": [ @@ -21030,6 +23215,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "launch_stage": "GA", "location": "us-central1", "name": "cloudrun-job", @@ -21065,6 +23251,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "depends_on": [ "${google_secret_manager_secret_version.secret-version-data}", "${google_secret_manager_secret_iam_member.secret-access}" @@ -21140,10 +23327,9 @@ resources: - name: default manifest: |- { - "launch_stage": "BETA", + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-job", - "provider": "${google-beta}", "template": [ { "template": [ @@ -21175,11 +23361,10 @@ resources: } ] } - references: - provider: google-beta - name: default manifest: |- { + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-job", "provider": "${google-beta}", @@ -21343,11 +23528,16 @@ resources: Number of executions created for this job. expire_time: |- - - For a deleted resource, the time after which it will be permamently deleted. + For a deleted resource, the time after which it will be permanently deleted. gcs.bucket: |- - (Required) Name of the cloud storage bucket to back the volume. The resource service account must have permission to access the bucket. + gcs.mount_options: |- + - + (Optional, Beta) + A list of flags to pass to the gcsfuse command for configuring this volume. + Flags should be passed without leading dashes. gcs.read_only: |- - (Optional) @@ -21419,6 +23609,13 @@ resources: - (Optional) Arbitrary version identifier for the API client. + network_interfaces.deletion_protection: |- + - (Optional) Whether Terraform will be prevented from destroying the job. Defaults to true. + When aterraform destroy or terraform apply would delete the job, + the command will fail if this field is not set to false in Terraform state. + When the field is set to true or unset in Terraform state, a terraform apply + or terraform destroy that would delete the job will fail. + When the field is set to false, deleting the job is allowed. network_interfaces.labels: |- - (Optional) @@ -21656,13 +23853,13 @@ resources: Structure is documented below. volumes.empty_dir: |- - - (Optional, Beta) + (Optional) Ephemeral storage used as a shared volume. Structure is documented below. volumes.gcs: |- - - (Optional, Beta) - Cloud Storage bucket mounted as a volume using GCSFuse. This feature requires the launch stage to be set to ALPHA or BETA. + (Optional) + Cloud Storage bucket mounted as a volume using GCSFuse. Structure is documented below. volumes.name: |- - @@ -21670,8 +23867,8 @@ resources: Volume's name. volumes.nfs: |- - - (Optional, Beta) - NFS share mounted as a volume. This feature requires the launch stage to be set to ALPHA or BETA. + (Optional) + NFS share mounted as a volume. Structure is documented below. volumes.secret: |- - @@ -21745,6 +23942,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "ingress": "INGRESS_TRAFFIC_ALL", "location": "us-central1", "name": "cloudrun-service", @@ -21761,6 +23959,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "ingress": "INGRESS_TRAFFIC_ALL", "location": "us-central1", "name": "cloudrun-service", @@ -21785,6 +23984,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "depends_on": [ "${google_secret_manager_secret_version.secret-version-data}" ], @@ -21881,7 +24081,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "MYSQL_5_7", - "deletion_protection": "true", + "deletion_protection": true, "name": "cloudrun-sql", "region": "us-central1", "settings": [ @@ -21893,6 +24093,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-service", "template": [ @@ -21942,6 +24143,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "launch_stage": "GA", "location": "us-central1", "name": "cloudrun-service", @@ -21973,6 +24175,48 @@ resources: - name: default manifest: |- { + "deletion_protection": false, + "ingress": "INGRESS_TRAFFIC_ALL", + "launch_stage": "BETA", + "location": "us-central1", + "name": "cloudrun-service", + "provider": "${google-beta}", + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello", + "resources": [ + { + "limits": { + "cpu": "4", + "memory": "16Gi", + "nvidia.com/gpu": "1" + }, + "startup_cpu_boost": true + } + ] + } + ], + "node_selector": [ + { + "accelerator": "nvidia-l4" + } + ], + "scaling": [ + { + "max_instance_count": 1 + } + ] + } + ] + } + references: + provider: google-beta + - name: default + manifest: |- + { + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-service", "template": [ @@ -22010,6 +24254,7 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "depends_on": [ "${google_secret_manager_secret_version.secret-version-data}" ], @@ -22080,11 +24325,10 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "ingress": "INGRESS_TRAFFIC_ALL", - "launch_stage": "BETA", "location": "us-central1", "name": "cloudrun-service", - "provider": "${google-beta}", "template": [ { "containers": [ @@ -22140,12 +24384,10 @@ resources: } ] } - references: - provider: google-beta - name: default manifest: |- { - "launch_stage": "BETA", + "deletion_protection": false, "location": "us-central1", "name": "cloudrun-service", "template": [ @@ -22187,8 +24429,8 @@ resources: - name: default manifest: |- { + "deletion_protection": false, "ingress": "INGRESS_TRAFFIC_ALL", - "launch_stage": "BETA", "location": "us-central1", "name": "cloudrun-service", "template": [ @@ -22253,6 +24495,70 @@ resources: ], "tier": "BASIC_HDD" } + - name: default + manifest: |- + { + "deletion_protection": false, + "depends_on": [ + "${time_sleep.wait_for_mesh}" + ], + "launch_stage": "BETA", + "location": "us-central1", + "name": "cloudrun-service", + "provider": "${google-beta}", + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello" + } + ], + "service_mesh": [ + { + "mesh": "${google_network_services_mesh.mesh.id}" + } + ] + } + ] + } + references: + provider: google-beta + template.service_mesh.mesh: google_network_services_mesh.mesh.id + dependencies: + google_network_services_mesh.mesh: |- + { + "name": "network-services-mesh", + "provider": "${google-beta}" + } + time_sleep.wait_for_mesh: |- + { + "create_duration": "1m", + "depends_on": [ + "${google_network_services_mesh.mesh}" + ] + } + - name: default + manifest: |- + { + "deletion_protection": false, + "description": "The serving URL of this service will not perform any IAM check when invoked", + "ingress": "INGRESS_TRAFFIC_ALL", + "invoker_iam_disabled": true, + "location": "us-central1", + "name": "cloudrun-service", + "provider": "${google-beta}", + "template": [ + { + "containers": [ + { + "image": "us-docker.pkg.dev/cloudrun/container/hello" + } + ] + } + ] + } + references: + provider: google-beta argumentDocs: binary_authorization.breakglass_justification: |- - @@ -22407,11 +24713,16 @@ resources: A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. expire_time: |- - - For a deleted resource, the time after which it will be permamently deleted. + For a deleted resource, the time after which it will be permanently deleted. gcs.bucket: |- - (Required) GCS Bucket name + gcs.mount_options: |- + - + (Optional, Beta) + A list of flags to pass to the gcsfuse command for configuring this volume. + Flags should be passed without leading dashes. gcs.read_only: |- - (Optional) @@ -22529,7 +24840,23 @@ resources: - (Optional) Network tags applied to this Cloud Run service. - nfs.annotations: |- + nfs.path: |- + - + (Required) + Path that is exported by the NFS server. + nfs.read_only: |- + - + (Optional) + If true, mount the NFS volume as read only + nfs.server: |- + - + (Required) + Hostname or IP address of the NFS server + node_selector.accelerator: |- + - + (Required) + The GPU to attach to an instance. See https://cloud.google.com/run/docs/configuring/services/gpu for configuring GPU. + node_selector.annotations: |- - (Optional) Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. @@ -22538,38 +24865,49 @@ resources: This field follows Kubernetes annotations' namespacing, limits, and rules. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource. - nfs.binary_authorization: |- + node_selector.binary_authorization: |- - (Optional) Settings for the Binary Authorization feature. Structure is documented below. - nfs.client: |- + node_selector.client: |- - (Optional) Arbitrary identifier for the API client. - nfs.client_version: |- + node_selector.client_version: |- - (Optional) Arbitrary version identifier for the API client. - nfs.custom_audiences: |- + node_selector.custom_audiences: |- - (Optional) One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. - nfs.default_uri_disabled: |- + node_selector.default_uri_disabled: |- - (Optional, Beta) Disables public resolution of the default URI of this service. - nfs.description: |- + node_selector.deletion_protection: |- + - (Optional) Whether Terraform will be prevented from destroying the service. Defaults to true. + When aterraform destroy or terraform apply would delete the service, + the command will fail if this field is not set to false in Terraform state. + When the field is set to true or unset in Terraform state, a terraform apply + or terraform destroy that would delete the service will fail. + When the field is set to false, deleting the service is allowed. + node_selector.description: |- - (Optional) User-provided description of the Service. This field currently has a 512-character limit. - nfs.ingress: |- + node_selector.ingress: |- - (Optional) Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER. - nfs.labels: |- + node_selector.invoker_iam_disabled: |- + - + (Optional) + Disables IAM permission check for run.routes.invoke for callers of this service. This feature is available by invitation only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. + node_selector.labels: |- - (Optional) Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, @@ -22578,34 +24916,22 @@ resources: All system labels in v1 now have a corresponding field in v2 Service. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. - nfs.launch_stage: |- + node_selector.launch_stage: |- - (Optional) The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values are: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED. - nfs.path: |- - - - (Required) - Path that is exported by the NFS server. - nfs.project: |- + node_selector.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - nfs.read_only: |- + node_selector.scaling: |- - (Optional) - If true, mount the NFS volume as read only - nfs.scaling: |- - - - (Optional, Beta) Scaling settings that apply to the whole service Structure is documented below. - nfs.server: |- - - - (Required) - Hostname or IP address of the NFS server - nfs.traffic: |- + node_selector.traffic: |- - (Optional) Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. @@ -22635,7 +24961,7 @@ resources: resources.limits: |- - (Optional) - Only memory and CPU are supported. Use key cpu for CPU limit and memory for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + Only memory, CPU, and nvidia.com/gpu are supported. Use key cpu for CPU limit, memory for memory limit, nvidia.com/gpu for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go resources.startup_cpu_boost: |- - (Optional) @@ -22643,11 +24969,12 @@ resources: scaling.max_instance_count: |- - (Optional) - Maximum number of serving instances that this resource should have. + Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate + a default value based on the project's available container instances quota in the region and specified instance size. scaling.min_instance_count: |- - (Optional) - Minimum number of serving instances that this resource should have. + Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. secret.default_mode: |- - (Optional) @@ -22661,6 +24988,10 @@ resources: - (Required) The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + service_mesh.mesh: |- + - + (Optional) + The Mesh resource name. For more information see https://cloud.google.com/service-mesh/docs/reference/network-services/rest/v1/projects.locations.meshes#resource:-mesh. startup_probe.failure_threshold: |- - (Optional) @@ -22736,6 +25067,11 @@ resources: (Optional) Sets the maximum number of requests that each serving instance can receive. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. + template.node_selector: |- + - + (Optional, Beta) + Node Selector describes the hardware requirements of the resources. + Structure is documented below. template.revision: |- - (Optional) @@ -22749,6 +25085,11 @@ resources: - (Optional) Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + template.service_mesh: |- + - + (Optional, Beta) + Enables Cloud Service Mesh for this Revision. + Structure is documented below. template.session_affinity: |- - (Optional) @@ -22859,6 +25200,9 @@ resources: uri: |- - The main URI in which this Service is serving traffic. + urls: |- + - + All URLs serving traffic for this Service. value_source.secret_key_ref: |- - (Optional) @@ -22887,13 +25231,13 @@ resources: Structure is documented below. volumes.empty_dir: |- - - (Optional, Beta) + (Optional) Ephemeral storage used as a shared volume. Structure is documented below. volumes.gcs: |- - (Optional) - Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. Structure is documented below. volumes.name: |- - @@ -23378,6 +25722,128 @@ resources: } ] } + - name: http_target_oidc + manifest: |- + { + "http_target": [ + { + "header_overrides": [ + { + "header": [ + { + "key": "AddSomethingElse", + "value": "MyOtherValue" + } + ] + }, + { + "header": [ + { + "key": "AddMe", + "value": "MyValue" + } + ] + } + ], + "http_method": "POST", + "oidc_token": [ + { + "audience": "https://oidc.example.com", + "service_account_email": "${google_service_account.oidc_service_account.email}" + } + ], + "uri_override": [ + { + "host": "oidc.example.com", + "path_override": [ + { + "path": "/users/1234" + } + ], + "port": 8443, + "query_override": [ + { + "query_params": "qparam1=123\u0026qparam2=456" + } + ], + "scheme": "HTTPS", + "uri_override_enforce_mode": "IF_NOT_EXISTS" + } + ] + } + ], + "location": "us-central1", + "name": "cloud-tasks-queue-http-target-oidc" + } + references: + http_target.oidc_token.service_account_email: google_service_account.oidc_service_account.email + dependencies: + google_service_account.oidc_service_account: |- + { + "account_id": "example-oidc", + "display_name": "Tasks Queue OIDC Service Account" + } + - name: http_target_oauth + manifest: |- + { + "http_target": [ + { + "header_overrides": [ + { + "header": [ + { + "key": "AddSomethingElse", + "value": "MyOtherValue" + } + ] + }, + { + "header": [ + { + "key": "AddMe", + "value": "MyValue" + } + ] + } + ], + "http_method": "POST", + "oauth_token": [ + { + "scope": "openid https://www.googleapis.com/auth/userinfo.email", + "service_account_email": "${google_service_account.oauth_service_account.email}" + } + ], + "uri_override": [ + { + "host": "oauth.example.com", + "path_override": [ + { + "path": "/users/1234" + } + ], + "port": 8443, + "query_override": [ + { + "query_params": "qparam1=123\u0026qparam2=456" + } + ], + "scheme": "HTTPS", + "uri_override_enforce_mode": "IF_NOT_EXISTS" + } + ] + } + ], + "location": "us-central1", + "name": "cloud-tasks-queue-http-target-oauth" + } + references: + http_target.oauth_token.service_account_email: google_service_account.oauth_service_account.email + dependencies: + google_service_account.oauth_service_account: |- + { + "account_id": "example-oauth", + "display_name": "Tasks Queue OAuth Service Account" + } argumentDocs: app_engine_routing_override: |- - @@ -23406,6 +25872,62 @@ resources: By default, the task is sent to the version which is the default version when the task is attempted. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + header_overrides.header: |- + - + (Required) + Header embodying a key and a value. + Structure is documented below. + header_overrides.header.key: |- + - + (Required) + The Key of the header. + header_overrides.header.value: |- + - + (Required) + The Value of the header. + http_target: |- + - + (Optional) + Modifies HTTP target for HTTP tasks. + Structure is documented below. + http_target.header_overrides: |- + - + (Optional) + HTTP target headers. + This map contains the header field names and values. + Headers will be set when running the CreateTask and/or BufferTask. + These headers represent a subset of the headers that will be configured for the task's HTTP request. + Some HTTP request headers will be ignored or replaced. + Headers which can have multiple values (according to RFC2616) can be specified using comma-separated values. + The size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue. + Structure is documented below. + http_target.http_method: |- + - + (Optional) + The HTTP method to use for the request. + When specified, it overrides HttpRequest for the task. + Note that if the value is set to GET the body of the task will be ignored at execution time. + Possible values are: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS. + http_target.oauth_token: |- + - + (Optional) + If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request. + This type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com. + Note that both the service account email and the scope MUST be specified when using the queue-level authorization override. + Structure is documented below. + http_target.oidc_token: |- + - + (Optional) + If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request. + This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself. + Note that both the service account email and the audience MUST be specified when using the queue-level authorization override. + Structure is documented below. + http_target.uri_override: |- + - + (Optional) + URI override. + When specified, overrides the execution URI for all the tasks in the queue. + Structure is documented below. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/queues/{{name}}' location: |- - @@ -23415,9 +25937,38 @@ resources: - (Optional) The queue name. + oauth_token.scope: |- + - + (Optional) + OAuth scope to be used for generating OAuth access token. + If not specified, "https://www.googleapis.com/auth/cloud-platform" will be used. + oauth_token.service_account_email: |- + - + (Required) + Service account email to be used for generating OAuth token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + oidc_token.audience: |- + - + (Optional) + Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used. + oidc_token.service_account_email: |- + - + (Required) + Service account email to be used for generating OIDC token. + The service account must be within the same project as the queue. + The caller must have iam.serviceAccounts.actAs permission for the service account. + path_override.path: |- + - + (Optional) + The URI path (e.g., /users/1234). Default is an empty string. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + query_override.query_params: |- + - + (Optional) + The query parameters (e.g., qparam1=123&qparam2=456). Default is an empty string. rate_limits: |- - (Optional) @@ -23498,6 +26049,47 @@ resources: This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the default and means that no operations are logged. update: '- Default is 20 minutes.' + uri_override.host: |- + - + (Optional) + Host override. + When specified, replaces the host part of the task URL. + For example, if the task URL is "https://www.google.com", and host value + is set to "example.net", the overridden URI will be changed to "https://example.net". + Host value cannot be an empty string (INVALID_ARGUMENT). + uri_override.path_override: |- + - + (Optional) + URI path. + When specified, replaces the existing path of the task URL. + Setting the path value to an empty string clears the URI path segment. + Structure is documented below. + uri_override.port: |- + - + (Optional) + Port override. + When specified, replaces the port part of the task URI. + For instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo. + Note that the port value must be a positive integer. + Setting the port to 0 (Zero) clears the URI port. + uri_override.query_override: |- + - + (Optional) + URI query. + When specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment. + Structure is documented below. + uri_override.scheme: |- + - + (Optional) + Scheme override. + When specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). + Possible values are: HTTP, HTTPS. + uri_override.uri_override_enforce_mode: |- + - + (Optional) + URI Override Enforce Mode + When specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. + Possible values are: ALWAYS, IF_NOT_EXISTS. importStatements: [] google_cloud_tasks_queue_iam_policy: subCategory: Cloud Tasks @@ -25421,11 +28013,11 @@ resources: worker_config.disk_size_gb: |- - (Optional) - Size of the disk attached to the worker, in GB. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. + Size of the disk attached to the worker, in GB. See diskSizeGb. Specify a value of up to 1000. If 0 is specified, Cloud Build will use a standard disk size. worker_config.machine_type: |- - (Optional) - Machine type of a worker, such as n1-standard-1. See (https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use n1-standard-1. + Machine type of a worker, such as n1-standard-1. See machineType. If left blank, Cloud Build will use n1-standard-1. worker_config.no_external_ip: |- - (Optional) @@ -26839,6 +29431,10 @@ resources: - (Optional) Optional. The label to use when selecting Pods for the Deployment and Service resources. This label must already be present in both resources. + gateway_service_mesh.route_destinations: |- + - + (Optional) + Optional. Route destinations allow configuring the Gateway API HTTPRoute to be deployed to additional clusters. This option is available for multi-cluster service mesh set ups that require the route to exist in the clusters that call the service. If unspecified, the HTTPRoute will only be deployed to the Target cluster. gateway_service_mesh.route_update_wait_time: |- - (Optional) @@ -26924,6 +29520,14 @@ resources: - (Optional) Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job. + route_destinations.destination_ids: |- + - + (Required) + Required. The clusters where the Gateway API HTTPRoute resource will be deployed to. Valid entries include the associated entities IDs configured in the Target resource and "@self" to include the Target cluster. + route_destinations.propagate_service: |- + - + (Optional) + Optional. Whether to propagate the Kubernetes Service to the route destination clusters. The Service will always be deployed to the Target cluster even if the HTTPRoute is not. This option may be used to facilitiate successful DNS lookup in the route destination clusters. Can only be set to true if destinations are specified. runtime_config.cloud_run: |- - (Optional) @@ -27155,6 +29759,26 @@ resources: - (Optional) Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is projects/{project}/locations/{location}/memberships/{membership_name}. + anthos_clusters.membership: |- + - + (Optional) + Optional. Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is projects/{project}/locations/{location}/memberships/{membership_name}. + associated_entities: |- + - + (Optional) + Optional. Map of entity IDs to their associated entities. Associated entities allows specifying places other than the deployment target for specific features. For example, the Gateway API canary can be configured to deploy the HTTPRoute to a different cluster(s) than the deployment cluster using associated entities. An entity ID must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: ^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$. + associated_entities.anthos_clusters: |- + - + (Optional) + Optional. Information specifying Anthos clusters as associated entities. + associated_entities.entity_id: |- + - + (Required) + The name for the key in the map for which this object is mapped to in the API + associated_entities.gke_clusters: |- + - + (Optional) + Optional. Information specifying GKE clusters as associated entities. create: '- Default is 20 minutes.' create_time: |- - @@ -27229,6 +29853,18 @@ resources: - (Optional) Optional. If set, used to configure a proxy to the Kubernetes server. + gke_clusters.cluster: |- + - + (Optional) + Optional. Information specifying a GKE Cluster. Format is projects/{project_id}/locations/{location_id}/clusters/{cluster_id}. + gke_clusters.internal_ip: |- + - + (Optional) + Optional. If true, cluster is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when cluster is a private GKE cluster. + gke_clusters.proxy_url: |- + - + (Optional) + Optional. If set, used to configure a proxy to the Kubernetes server. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/targets/{{name}}' labels: |- - @@ -29131,7 +31767,7 @@ resources: secret_environment_variables.project_id: |- - (Required) - Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. secret_environment_variables.secret: |- - (Required) @@ -29147,7 +31783,7 @@ resources: secret_volumes.project_id: |- - (Required) - Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. secret_volumes.secret: |- - (Required) @@ -29605,7 +32241,7 @@ resources: { "config": [ { - "enable_private_ip_environment": true + "enable_private_environment": true } ], "name": "example-environment", @@ -29642,6 +32278,34 @@ resources: "name": "example-environment", "region": "us-central1" } + - name: example + manifest: |- + { + "config": [ + { + "node_config": [ + { + "composer_network_attachment": "${google_compute_network_attachment.example.id}" + } + ] + } + ], + "name": "example-environment", + "region": "us-central1" + } + references: + config.node_config.composer_network_attachment: google_compute_network_attachment.example.id + dependencies: + google_compute_network_attachment.example: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${producer_accept_lists}" + ] + } + ] + } - name: test manifest: |- { @@ -29667,11 +32331,6 @@ resources: - (Required) cidr_block must be specified in CIDR notation. - cidr_blocks.data_retention_config: |- - - - (Optional, Cloud Composer 2.0.23 or newer only) - Configuration setting for airflow data rentention mechanism. Structure is - documented below. cidr_blocks.display_name: |- - (Optional) @@ -29700,8 +32359,8 @@ resources: The Kubernetes Engine cluster used to run this environment. config.data_retention_config: |- - - (Optional, Cloud Composer 2.0.23 or later only) - Configuration setting for Airflow database retention mechanism. Structure is + (Optional, Cloud Composer 2.0.23 or newer only) + Configuration setting for airflow data rentention mechanism. Structure is documented below. config.database_config: |- - @@ -29710,12 +32369,12 @@ resources: by Apache Airflow software. config.enable_private_builds_only: |- - - (Optional, Beta, Cloud Composer 3 only) + (Optional, Cloud Composer 3 only) If true, builds performed during operations that install Python packages have only private connectivity to Google services. If false, the builds also have access to the internet. config.enable_private_environment: |- - - (Optional, Beta, Cloud Composer 3 only) + (Optional, Cloud Composer 3 only) If true, a private Composer environment will be created. config.encryption_config: |- - @@ -29781,7 +32440,7 @@ resources: (Optional) The Kubernetes workloads configuration for GKE cluster associated with the Cloud Composer environment. - create: '- Default is 60 minutes.' + create: '- Default is 120 minutes.' dag_processor.count: |- - (Required) @@ -29802,6 +32461,14 @@ resources: (Optional) The configuration setting for Task Logs. Structure is documented below. + data_retention_config.task_logs_retention_config.master_authorized_networks_config: |- + - + (Optional) + Configuration options for the master authorized networks feature. Enabled + master authorized networks will disallow all external traffic to access + Kubernetes master through HTTPS except traffic from the given CIDR blocks, + Google Compute Engine Public IPs and Google Prod IPs. Structure is + documented below. data_retention_config.task_logs_retention_config.storage_mode: |- - (Optional) @@ -29817,7 +32484,7 @@ resources: (Optional) Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. - delete: '- Default is 6 minutes.' + delete: '- Default is 30 minutes.' effective_labels: |- - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. @@ -29905,12 +32572,12 @@ resources: Name of the environment node_config.composer_internal_ipv4_cidr_block: |- - - (Optional, Beta, Cloud Composer 3 only) + (Optional, Cloud Composer 3 only) /20 IPv4 cidr range that will be used by Composer internal components. Cannot be updated. node_config.composer_network_attachment: |- - - (Optional, Beta, Cloud Composer 3 only) + (Optional, Cloud Composer 3 only) PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment and point Cloud Composer environment to use. It is possible to share network attachment among many environments, provided enough IP addresses are available. @@ -30095,8 +32762,7 @@ resources: separated by a hyphen, for example "core-dags_are_paused_at_creation". software_config.cloud_data_lineage_integration: |- - - (Optional, Beta, - Cloud Composer environments in versions composer-2.1.2-airflow-..* and newer) + (Optional, Cloud Composer environments in versions composer-2.1.2-airflow-..* and newer) The configuration for Cloud Data Lineage integration. Structure is documented below. ? software_config.composer-(([0-9]+)(\.[0-9]+\.[0-9]+(-preview\.[0-9]+)?)?|latest)-airflow-(([0-9]+)((\.[0-9]+)(\.[0-9]+)?)?(-build\.[0-9]+)?) @@ -30137,7 +32803,7 @@ resources: The number of schedulers for Airflow. software_config.web_server_plugins_mode: |- - - (Optional, Beta, Cloud Composer 3 only) + (Optional, Cloud Composer 3 only) Web server plugins configuration. Can be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. storage_config: |- - @@ -30162,7 +32828,7 @@ resources: - (Required) The amount of memory (GB) for a single Airflow triggerer. - update: '- Default is 60 minutes.' + update: '- Default is 120 minutes.' web_server.cpu: |- - (Optional) @@ -30206,7 +32872,7 @@ resources: The amount of storage (GB) for a single Airflow worker. workloads_config.dag_processor: |- - - (Optional, Beta, Cloud Composer 3 only) + (Optional, Cloud Composer 3 only) Configuration for resources used by DAG processor. workloads_config.scheduler: |- - @@ -30239,12 +32905,10 @@ resources: }, "environment": "${google_composer_environment.environment.name}", "name": "test-config-map", - "provider": "${google-beta}", "region": "us-central1" } references: environment: google_composer_environment.environment.name - provider: google-beta dependencies: google_composer_environment.environment: |- { @@ -30258,7 +32922,6 @@ resources: } ], "name": "test-environment", - "provider": "${google-beta}", "region": "us-central1" } argumentDocs: @@ -30609,6 +33272,10 @@ resources: If the self_link is provided then zone and project are extracted from the self link. If only the name is used then zone and project must be defined as properties on the resource or provider. + interface: |- + - + (Optional) + The disk interface used for attaching this disk. mode: |- - (Optional) @@ -30990,7 +33657,7 @@ resources: scale_down_control.max_scaled_down_replicas: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. scale_down_control.time_window_sec: |- - @@ -31000,7 +33667,7 @@ resources: scale_in_control.max_scaled_in_replicas: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. scale_in_control.time_window_sec: |- - @@ -31404,6 +34071,7 @@ resources: { "iap": [ { + "enabled": true, "oauth2_client_id": "abc", "oauth2_client_secret": "xyz" } @@ -31604,7 +34272,15 @@ resources: "name": "backend-service", "outlier_detection": [ { - "consecutive_errors": 2 + "consecutive_errors": 2, + "consecutive_gateway_failure": 5, + "enforcing_consecutive_errors": 100, + "enforcing_consecutive_gateway_failure": 0, + "enforcing_success_rate": 100, + "max_ejection_percent": 10, + "success_rate_minimum_hosts": 5, + "success_rate_request_volume": 100, + "success_rate_stdev_factor": 1900 } ], "provider": "${google-beta}", @@ -31624,6 +34300,43 @@ resources: "name": "health-check", "provider": "${google-beta}" } + - name: default + manifest: |- + { + "health_checks": [ + "${google_compute_health_check.health_check.id}" + ], + "load_balancing_scheme": "EXTERNAL_MANAGED", + "locality_lb_policy": "RING_HASH", + "name": "backend-service", + "provider": "${google-beta}", + "session_affinity": "STRONG_COOKIE_AFFINITY", + "strong_session_affinity_cookie": [ + { + "name": "mycookie", + "ttl": [ + { + "nanos": 1111, + "seconds": 11 + } + ] + } + ] + } + references: + health_checks: google_compute_health_check.health_check.id + provider: google-beta + dependencies: + google_compute_health_check.health_check: |- + { + "http_health_check": [ + { + "port": 80 + } + ], + "name": "health-check", + "provider": "${google-beta}" + } - name: default manifest: |- { @@ -31683,6 +34396,13 @@ resources: ], "name": "health-check" } + - name: default + manifest: |- + { + "ip_address_selection_policy": "IPV6_ONLY", + "load_balancing_scheme": "EXTERNAL_MANAGED", + "name": "backend-service" + } argumentDocs: LEAST_REQUEST: |- : An O(1) algorithm which selects two random healthy @@ -31709,7 +34429,8 @@ resources: is selected in round robin order. WEIGHTED_MAGLEV: |- : Per-instance weighted Load Balancing via health check - reported weights. If set, the Backend Service must + reported weights. Only applicable to loadBalancingScheme + EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field @@ -31720,7 +34441,7 @@ resources: instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. - This field is applicable to either: + locality_lb_policy is applicable to either: affinity_cookie_ttl_sec: |- - (Optional) @@ -31762,7 +34483,6 @@ resources: and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. backend.capacity_scaler: |- @@ -32137,13 +34857,17 @@ resources: (Optional) Settings for enabling Cloud Identity Aware Proxy Structure is documented below. - iap.oauth2_client_id: |- + iap.enabled: |- - (Required) + Whether the serving infrastructure will authenticate and authorize all incoming requests. + iap.oauth2_client_id: |- + - + (Optional) OAuth2 Client ID for IAP iap.oauth2_client_secret: |- - - (Required) + (Optional) OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan. iap.oauth2_client_secret_sha256: |- @@ -32163,6 +34887,11 @@ resources: (Required) Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + ip_address_selection_policy: |- + - + (Optional) + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. load_balancing_scheme: |- - (Optional) @@ -32241,8 +34970,6 @@ resources: Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - From version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value. - Default values are enforce by GCP without providing them. Structure is documented below. outlier_detection.base_ejection_time: |- - @@ -32386,7 +35113,25 @@ resources: (Optional) Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY. + strong_session_affinity_cookie: |- + - + (Optional) + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + strong_session_affinity_cookie.name: |- + - + (Optional) + Name of the cookie. + strong_session_affinity_cookie.path: |- + - + (Optional) + Path to set for the cookie. + strong_session_affinity_cookie.ttl: |- + - + (Optional) + Lifetime of the cookie. + Structure is documented below. timeout_sec: |- - (Optional) @@ -32634,7 +35379,7 @@ resources: async_primary_disk: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. async_primary_disk.disk: |- - @@ -32903,7 +35648,7 @@ resources: storage_pool: |- - (Optional) - The URL of the storage pool in which the new disk is created. + The URL or the name of the storage pool in which the new disk is created. For example: terraform_labels: |- - @@ -33174,6 +35919,15 @@ resources: Only IPv4 is supported. This IP address can be either from your on-premise gateway or another Cloud provider's VPN gateway, it cannot be an IP address from Google Compute Engine. + interface.ipv6_address: |- + - + (Optional) + IPv6 address of the interface in the external VPN gateway. This IPv6 + address can be either from your on-premise gateway or another Cloud + provider's VPN gateway, it cannot be an IP address from Google Compute + Engine. Must specify an IPv6 address (not IPV4-mapped) using any format + described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format + is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). label_fingerprint: |- - The fingerprint used for optimistic locking of this resource. Used @@ -33283,7 +36037,7 @@ resources: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. allow.protocol: |- - @@ -33310,7 +36064,7 @@ resources: is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. - Example inputs include: ["22"], ["80","443"], and + Example inputs include: [22], [80, 443], and ["12345-12349"]. deny.protocol: |- - @@ -33495,7 +36249,7 @@ resources: importStatements: [] google_compute_firewall_policy_association: subCategory: Compute Engine - description: Applies a hierarchical firewall policy to a target resource + description: Allows associating hierarchical firewall policies with the target where they are applied. name: google_compute_firewall_policy_association title: "" examples: @@ -33503,19 +36257,25 @@ resources: manifest: |- { "attachment_target": "${google_folder.folder.name}", - "firewall_policy": "${google_compute_firewall_policy.default.id}", + "firewall_policy": "${google_compute_firewall_policy.policy.id}", "name": "my-association" } references: attachment_target: google_folder.folder.name - firewall_policy: google_compute_firewall_policy.default.id + firewall_policy: google_compute_firewall_policy.policy.id dependencies: - google_compute_firewall_policy.default: |- + google_compute_firewall_policy.policy: |- { "description": "Example Resource", - "parent": "organizations/12345", + "parent": "organizations/123456789", "short_name": "my-policy" } + google_folder.folder: |- + { + "deletion_protection": false, + "display_name": "my-folder", + "parent": "organizations/123456789" + } argumentDocs: attachment_target: |- - @@ -33526,7 +36286,7 @@ resources: firewall_policy: |- - (Required) - The firewall policy ID of the association. + The firewall policy of the resource. id: '- an identifier for the resource with format locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}' name: |- - @@ -33538,11 +36298,11 @@ resources: importStatements: [] google_compute_firewall_policy_rule: subCategory: Compute Engine - description: The Compute FirewallPolicyRule resource + description: Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny). name: google_compute_firewall_policy_rule title: "" examples: - - name: primary + - name: policy_rule manifest: |- { "action": "allow", @@ -33600,7 +36360,8 @@ resources: } google_folder.folder: |- { - "display_name": "policy", + "deletion_protection": false, + "display_name": "folder", "parent": "organizations/123456789" } google_network_security_address_group.basic_global_networksecurity_address_group: |- @@ -33611,7 +36372,7 @@ resources: "208.80.154.224/32" ], "location": "global", - "name": "policy", + "name": "address", "parent": "organizations/123456789", "type": "IPV4" } @@ -33621,11 +36382,15 @@ resources: (Required) The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group". create: '- Default is 20 minutes.' + creation_timestamp: |- + - + Creation timestamp in RFC3339 text format. delete: '- Default is 20 minutes.' direction: |- - (Required) - The direction in which this rule applies. Possible values: INGRESS, EGRESS + The direction in which this rule applies. + Possible values are: INGRESS, EGRESS. firewall_policy: |- - (Required) @@ -33641,27 +36406,38 @@ resources: layer4_configs.disabled: |- - (Optional) - Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled. + Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + If this is unspecified, the firewall policy rule will be enabled. layer4_configs.enable_logging: |- - (Optional) - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules. + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + Logs may be exported to BigQuery or Pub/Sub. + Note: you cannot enable logging on "goto_next" rules. layer4_configs.ip_protocol: |- - (Required) - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. + The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. layer4_configs.ports: |- - (Optional) - An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``. + An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. layer4_configs.security_profile_group: |- - (Optional) - A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. + A fully-qualified URL of a SecurityProfile resource instance. + Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. layer4_configs.target_resources: |- - (Optional) - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule. + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get this rule. + If this field is left blank, all VMs within the organization will receive the rule. layer4_configs.target_service_accounts: |- - (Optional) @@ -33669,64 +36445,475 @@ resources: layer4_configs.tls_inspect: |- - (Optional) - Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + Boolean flag indicating if the traffic should be TLS decrypted. + Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. match: |- - (Required) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. match.dest_address_groups: |- - (Optional) - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules. + Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. match.dest_fqdns: |- - (Optional) - Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress. + Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100. match.dest_ip_ranges: |- - (Optional) - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256. + CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. match.dest_region_codes: |- - (Optional) - The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress. + Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000. match.dest_threat_intelligences: |- - (Optional) - Name of the Google Cloud Threat Intelligence list. + Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination. match.layer4_configs: |- - (Required) Pairs of IP protocols and ports that the rule should match. + Structure is documented below. match.src_address_groups: |- - (Optional) - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules. + Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. match.src_fqdns: |- - (Optional) - Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress. + Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100. match.src_ip_ranges: |- - (Optional) - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256. + CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. match.src_region_codes: |- - (Optional) - The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress. + Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000. match.src_threat_intelligences: |- - (Optional) - Name of the Google Cloud Threat Intelligence list. + Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source. priority: |- - (Required) - An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. rule_tuple_count: |- - Calculation of the complexity of a single firewall policy rule. update: '- Default is 20 minutes.' importStatements: [] + google_compute_firewall_policy_with_rules: + subCategory: Compute Engine + description: The Compute FirewallPolicy with rules resource. + name: google_compute_firewall_policy_with_rules + title: "" + examples: + - name: firewall-policy-with-rules + manifest: |- + { + "description": "Terraform test", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "rule": [ + { + "action": "allow", + "description": "tcp rule", + "direction": "EGRESS", + "enable_logging": true, + "match": [ + { + "dest_address_groups": [ + "${google_network_security_address_group.address_group_1.id}" + ], + "dest_fqdns": [ + "www.yyy.com", + "www.zzz.com" + ], + "dest_ip_ranges": [ + "11.100.0.1/32" + ], + "dest_region_codes": [ + "HK", + "IN" + ], + "dest_threat_intelligences": [ + "iplist-search-engines-crawlers", + "iplist-tor-exit-nodes" + ], + "layer4_config": [ + { + "ip_protocol": "tcp", + "ports": [ + 8080, + 7070 + ] + } + ] + } + ], + "priority": 1000, + "target_resources": [ + "https://www.googleapis.com/compute/beta/projects/${data.google_project.project.name}/global/networks/default" + ] + }, + { + "action": "deny", + "description": "udp rule", + "direction": "INGRESS", + "disabled": true, + "enable_logging": false, + "match": [ + { + "layer4_config": [ + { + "ip_protocol": "udp" + } + ], + "src_address_groups": [ + "${google_network_security_address_group.address_group_1.id}" + ], + "src_fqdns": [ + "www.abc.com", + "www.def.com" + ], + "src_ip_ranges": [ + "0.0.0.0/0" + ], + "src_region_codes": [ + "US", + "CA" + ], + "src_threat_intelligences": [ + "iplist-known-malicious-ips", + "iplist-public-clouds" + ] + } + ], + "priority": 2000 + }, + { + "action": "apply_security_profile_group", + "description": "security profile group rule", + "direction": "INGRESS", + "enable_logging": false, + "match": [ + { + "layer4_config": [ + { + "ip_protocol": "tcp" + } + ], + "src_ip_ranges": [ + "0.0.0.0/0" + ] + } + ], + "priority": 3000, + "rule_name": "tcp rule", + "security_profile_group": "//networksecurity.googleapis.com/${google_network_security_security_profile_group.security_profile_group_1.id}", + "target_service_accounts": [ + "test@google.com" + ], + "tls_inspect": true + } + ], + "short_name": "tf-fw-org-policy-with-rules" + } + references: + provider: google-beta + rule.match.dest_address_groups: google_network_security_address_group.address_group_1.id + rule.match.src_address_groups: google_network_security_address_group.address_group_1.id + dependencies: + google_network_security_address_group.address_group_1: |- + { + "capacity": 100, + "description": "Global address group", + "items": [ + "208.80.154.224/32" + ], + "location": "global", + "name": "tf-address-group", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "type": "IPV4" + } + google_network_security_security_profile.security_profile_1: |- + { + "location": "global", + "name": "tf-security-profile", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "type": "THREAT_PREVENTION" + } + google_network_security_security_profile_group.security_profile_group_1: |- + { + "description": "my description", + "name": "tf-security-profile-group", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "threat_prevention_profile": "${google_network_security_security_profile.security_profile_1.id}" + } + argumentDocs: + create: '- Default is 20 minutes.' + creation_timestamp: |- + - + Creation timestamp in RFC3339 text format. + delete: '- Default is 20 minutes.' + fingerprint: |- + - + Fingerprint of the resource. This field is used internally during updates of this resource. + id: '- an identifier for the resource with format locations/global/firewallPolicies/{{policy_id}}' + layer4_config.description: |- + - + (Optional) + An optional description of this resource. + layer4_config.ip_protocol: |- + - + (Required) + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + layer4_config.ports: |- + - + (Optional) + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + match.dest_address_groups: |- + - + (Optional) + Address groups which should be matched against the traffic destination. + Maximum number of destination address groups is 10. + match.dest_fqdns: |- + - + (Optional) + Fully Qualified Domain Name (FQDN) which should be matched against + traffic destination. Maximum number of destination fqdn allowed is 100. + match.dest_ip_ranges: |- + - + (Optional) + Destination IP address range in CIDR format. Required for + EGRESS rules. + match.dest_region_codes: |- + - + (Optional) + Region codes whose IP addresses will be used to match for destination + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of destination region codes allowed is 5000. + match.dest_threat_intelligences: |- + - + (Optional) + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic destination. + match.layer4_config: |- + - + (Required) + Pairs of IP protocols and ports that the rule should match. + Structure is documented below. + match.src_address_groups: |- + - + (Optional) + Address groups which should be matched against the traffic source. + Maximum number of source address groups is 10. + match.src_fqdns: |- + - + (Optional) + Fully Qualified Domain Name (FQDN) which should be matched against + traffic source. Maximum number of source fqdn allowed is 100. + match.src_ip_ranges: |- + - + (Optional) + Source IP address range in CIDR format. Required for + INGRESS rules. + match.src_region_codes: |- + - + (Optional) + Region codes whose IP addresses will be used to match for source + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of source region codes allowed is 5000. + match.src_threat_intelligences: |- + - + (Optional) + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic source. + parent: |- + - + (Required) + The parent of this FirewallPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id} + policy_id: |- + - + The unique identifier for the resource. This identifier is defined by the server. + predefined_rules: |- + - + A list of pre-define firewall policy rules. + Structure is documented below. + predefined_rules.action: |- + - + (Output) + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + predefined_rules.description: |- + - + (Output) + A description of the rule. + predefined_rules.direction: |- + - + (Output) + The direction in which this rule applies. If unspecified an INGRESS rule is created. + predefined_rules.disabled: |- + - + (Output) + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + predefined_rules.enable_logging: |- + - + (Output) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + predefined_rules.match: |- + - + (Output) + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + predefined_rules.priority: |- + - + (Output) + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + predefined_rules.rule_name: |- + - + (Output) + An optional name for the rule. This field is not a unique identifier + and can be updated. + predefined_rules.security_profile_group: |- + - + (Output) + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + predefined_rules.target_resources: |- + - + (Output) + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + predefined_rules.target_service_accounts: |- + - + (Output) + A list of service accounts indicating the sets of + instances that are applied with this rule. + predefined_rules.tls_inspect: |- + - + (Output) + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + rule: |- + - + (Required) + A list of firewall policy rules. + Structure is documented below. + rule.action: |- + - + (Required) + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + rule.description: |- + - + (Optional) + A description of the rule. + rule.direction: |- + - + (Optional) + The direction in which this rule applies. If unspecified an INGRESS rule is created. + Possible values are: INGRESS, EGRESS. + rule.disabled: |- + - + (Optional) + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + rule.enable_logging: |- + - + (Optional) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + rule.match: |- + - + (Required) + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + rule.priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + rule.rule_name: |- + - + (Optional) + An optional name for the rule. This field is not a unique identifier + and can be updated. + rule.security_profile_group: |- + - + (Optional) + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + rule.target_resources: |- + - + (Optional) + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + rule.target_service_accounts: |- + - + (Optional) + A list of service accounts indicating the sets of + instances that are applied with this rule. + rule.tls_inspect: |- + - + (Optional) + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + rule_tuple_count: |- + - + Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. + self_link: |- + - + Server-defined URL for the resource. + self_link_with_id: |- + - + Server-defined URL for this resource with the resource id. + short_name: |- + - + (Required) + A textual name of the security policy. + update: '- Default is 20 minutes.' + importStatements: [] google_compute_forwarding_rule: subCategory: Compute Engine description: A ForwardingRule resource. @@ -36268,6 +39455,7 @@ resources: { "load_balancing_scheme": "EXTERNAL_MANAGED", "name": "global-rule", + "network_tier": "PREMIUM", "port_range": "80", "target": "${google_compute_target_http_proxy.default.id}" } @@ -36794,6 +39982,9 @@ resources: (Required) The value that the label must match. The value has a maximum length of 1024 characters. + forwarding_rule_id: |- + - + The unique identifier number for the resource. This identifier is defined by the server. id: '- an identifier for the resource with format projects/{{project}}/global/forwardingRules/{{name}}' ip_address: |- - @@ -36896,6 +40087,19 @@ resources: be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided. + network_tier: |- + - + (Optional) + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + PREMIUM, STANDARD. + For regional ForwardingRule, the valid values are PREMIUM and + STANDARD. For GlobalForwardingRule, the valid value is + PREMIUM. + If this field is not specified, it is assumed to be PREMIUM. + If IPAddress is specified, this value must be equal to the + networkTier of the Address. + Possible values are: PREMIUM, STANDARD. no_automate_dns_zone: |- - (Optional) @@ -37449,6 +40653,57 @@ resources: } references: provider: google-beta + - name: http-health-check-with-source-regions + manifest: |- + { + "check_interval_sec": 30, + "http_health_check": [ + { + "port": 80, + "port_specification": "USE_FIXED_PORT" + } + ], + "name": "http-health-check", + "source_regions": [ + "us-west1", + "us-central1", + "us-east5" + ] + } + - name: https-health-check-with-source-regions + manifest: |- + { + "check_interval_sec": 30, + "https_health_check": [ + { + "port": 80, + "port_specification": "USE_FIXED_PORT" + } + ], + "name": "https-health-check", + "source_regions": [ + "us-west1", + "us-central1", + "us-east5" + ] + } + - name: tcp-health-check-with-source-regions + manifest: |- + { + "check_interval_sec": 30, + "name": "tcp-health-check", + "source_regions": [ + "us-west1", + "us-central1", + "us-east5" + ], + "tcp_health_check": [ + { + "port": 80, + "port_specification": "USE_FIXED_PORT" + } + ] + } argumentDocs: USE_FIXED_PORT: ': The port number in port is used for health checking.' USE_NAMED_PORT: ': The portName is used for health checking.' @@ -37478,7 +40733,7 @@ resources: grpc_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. grpc_health_check.grpc_service_name: |- - @@ -37509,7 +40764,7 @@ resources: http_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. http_health_check.host: |- - @@ -37553,7 +40808,7 @@ resources: http2_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. http2_health_check.host: |- - @@ -37597,7 +40852,7 @@ resources: https_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. https_health_check.host: |- - @@ -37675,7 +40930,7 @@ resources: ssl_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. ssl_health_check.port: |- - @@ -37715,7 +40970,7 @@ resources: tcp_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. tcp_health_check.port: |- - @@ -37936,43 +41191,73 @@ resources: manifest: |- { "name": "example-image", - "raw_disk": [ + "source_disk": "${google_compute_disk.persistent.id}" + } + references: + source_disk: google_compute_disk.persistent.id + dependencies: + google_compute_disk.persistent: |- { - "source": "https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz" + "image": "${data.google_compute_image.debian.self_link}", + "name": "example-disk", + "size": 10, + "type": "pd-ssd", + "zone": "us-central1-a" } - ] - } - name: example manifest: |- { "guest_os_features": [ { - "type": "SECURE_BOOT" + "type": "UEFI_COMPATIBLE" }, { - "type": "MULTI_IP_SUBNET" + "type": "VIRTIO_SCSI_MULTIQUEUE" + }, + { + "type": "GVNIC" + }, + { + "type": "SEV_CAPABLE" + }, + { + "type": "SEV_LIVE_MIGRATABLE_V2" } ], "name": "example-image", - "raw_disk": [ + "source_disk": "${google_compute_disk.persistent.id}" + } + references: + source_disk: google_compute_disk.persistent.id + dependencies: + google_compute_disk.persistent: |- { - "source": "https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz" + "image": "${data.google_compute_image.debian.self_link}", + "name": "example-disk", + "size": 10, + "type": "pd-ssd", + "zone": "us-central1-a" } - ] - } - name: example manifest: |- { "name": "example-sl-image", - "raw_disk": [ - { - "source": "https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz" - } - ], + "source_disk": "${google_compute_disk.persistent.id}", "storage_locations": [ "us-central1" ] } + references: + source_disk: google_compute_disk.persistent.id + dependencies: + google_compute_disk.persistent: |- + { + "image": "${data.google_compute_image.debian.self_link}", + "name": "example-disk", + "size": 10, + "type": "pd-ssd", + "zone": "us-central1-a" + } argumentDocs: archive_size_bytes: |- - @@ -38013,7 +41298,7 @@ resources: - (Required) The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, IDPF, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. id: '- an identifier for the resource with format projects/{{project}}/global/images/{{name}}' image_encryption_key: |- - @@ -38246,9 +41531,12 @@ resources: See the docs for how to become verified as a domain owner. advanced_machine_features: (Optional) - Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below - advanced_machine_features.enable_nested_virtualization: (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false. - advanced_machine_features.threads_per_core: (Optional) he number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. - advanced_machine_features.visible_core_count: (Optional) The number of physical cores to expose to an instance. visible cores info (VC). + advanced_machine_features.enable_nested_virtualization: '- (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false.' + advanced_machine_features.enable_uefi_networking: '- (Optional) Whether to enable UEFI networking for instance creation.' + advanced_machine_features.performance_monitoring_unit: '- (Optional) The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL.' + advanced_machine_features.threads_per_core: '- (Optional) The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1.' + advanced_machine_features.turbo_mode: '- (Optional) Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default).' + advanced_machine_features.visible_core_count: '- (Optional) The number of physical cores to expose to an instance. visible cores info (VC).' alias_ip_range.ip_cidr_range: |- - The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by @@ -38323,12 +41611,16 @@ resources: packets with non-matching source or destination IPs. This defaults to false. confidential_instance_config: (Optional) - Enable Confidential Mode on this VM. Structure is documented below - confidential_instance_config.confidential_instance_type: '(Optional) Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta.' + confidential_instance_config.confidential_instance_type: '(Optional) Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM.' confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled with AMD SEV. If enabled, on_host_maintenance can be set to MIGRATE if min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. cpu_platform: '- The CPU platform used by this instance.' create: '- Default is 20 minutes.' - current_status: '- The current status of the instance. This could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance life cycle.`,' - custom-NUMBER_OF_CPUS-AMOUNT_OF_MEMORY_MB: ', e.g. custom-6-20480 for 6 vCPU and 20GB of RAM.' + creation_timestamp: '- Creation timestamp in RFC3339 text format.' + current_status: '- The current status of the instance. This could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED. For more information about the status of the instance, see Instance life cycle.' + custom-NUMBER_OF_CPUS-AMOUNT_OF_MEMORY_MB: |- + , e.g. custom-6-20480 for 6 vCPU and 20GB of RAM. + Because of current API limitations some custom machine types may get converted to different machine types (such as an equivalent standard type) and cause non-empty plans in your configuration. Use + lifecycle.ignore_changes on machine_type in these cases. delete: '- Default is 20 minutes.' deletion_protection: |- - (Optional) Enable deletion protection on this instance. Defaults to false. @@ -38336,7 +41628,7 @@ resources: description: '- (Optional) A brief description of this resource.' desired_status: |- - (Optional) Desired status of the instance. Either - "RUNNING" or "TERMINATED". + "RUNNING", "SUSPENDED" or "TERMINATED". disk.0.disk_encryption_key_sha256: |- - The RFC 4648 base64 encoded SHA-256 hash of the [customer-supplied encryption key] @@ -38350,11 +41642,10 @@ resources: guest_accelerator: |- - (Optional) List of the type and count of accelerator cards attached to the instance. Structure documented below. Note: GPU accelerators can only be used with on_host_maintenance option set to TERMINATE. - Note: This field uses attr-as-block mode to avoid - breaking users during the 0.12 upgrade. To explicitly send a list - of zero objects you must use the following syntax: - example=[] - For more details about this behavior, see this section. + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. guest_accelerator.count: (Required) - The number of the guest accelerator cards exposed to this instance. guest_accelerator.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. hostname: |- @@ -38395,11 +41686,12 @@ resources: for an update of throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it. initialize_params.resource_manager_tags: '- (Optional) A tag is a key-value pair that can be attached to a Google Cloud resource. You can use tags to conditionally allow or deny policies based on whether a resource has a specific tag. This value is not returned by the API. In Terraform, this value cannot be updated and changing it will recreate the resource.' + initialize_params.resource_policies: '- (Optional) A list of self_links of resource policies to attach to the instance''s boot disk. Modifying this list will cause the instance to recreate, so any external values are not set until the user specifies this field. Currently a max of 1 resource policy is supported.' initialize_params.size: |- - (Optional) The size of the image in gigabytes. If not specified, it will inherit the size of its base image. initialize_params.storage_pool: |- - - (Optional) The URL of the storage pool in which the new disk is created. + - (Optional) The URL or the name of the storage pool in which the new disk is created. For example: initialize_params.type: '- (Optional) The GCE disk type. Such as pd-standard, pd-balanced or pd-ssd.' instance_id: '- The server-assigned unique identifier of this instance.' @@ -38421,6 +41713,7 @@ resources: ipv6_access_type: |- - One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork. + key_revocation_action_type: '- (optional) Action to be taken when a customer''s encryption key is revoked. Supports STOP and NONE, with NONE being the default.' label_fingerprint: '- The unique fingerprint of the labels.' labels: |- - (Optional) A map of key/value label pairs to assign to the instance. @@ -38472,7 +41765,7 @@ resources: is not accessible from the Internet. If omitted, ssh provisioners will not work unless Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). - This block can be repeated multiple times. Structure documented below. + This block can be specified once per network_interface. Structure documented below. network_interface.alias_ip_range: |- - (Optional) An array of alias IP ranges for this network interface. Can only be specified for network @@ -38489,7 +41782,7 @@ resources: network_interface.network_ip: |- - (Optional) The private IP address to assign to the instance. If empty, the address will be automatically assigned. - network_interface.nic_type: '- (Optional) The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET.' + network_interface.nic_type: '- (Optional) The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET, IDPF. In the beta provider the additional values of MRDMA and IRDMA are supported.' network_interface.queue_count: '- (Optional) The networking queue count that''s specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.' network_interface.security_policy: '- (Optional) Beta A full or partial URL to a security policy to add to this instance. If this field is set to an empty string it will remove the associated security policy.' network_interface.stack_type: '- (Optional) The stack type for this network interface to identify whether the IPv6 feature is enabled or not. Values are IPV4_IPV6 or IPV4_ONLY. If not specified, IPV4_ONLY will be used.' @@ -38503,7 +41796,7 @@ resources: in custom subnet mode, specifying the subnetwork is required. network_interface.subnetwork_project: |- - (Optional) The project in which the subnetwork belongs. - If the subnetwork is a self_link, this field is ignored in favor of the project + If the subnetwork is a self_link, this field is set to the project defined in the subnetwork self_link. If the subnetwork is a name and this field is not provided, the provider project is used. network_performance_config: |- @@ -38545,6 +41838,8 @@ resources: - (Optional) Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user). Defaults to true. + scheduling.availability_domain: '- (Optional) Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance.' + scheduling.host_error_timeout_seconds: '- (Optional) Beta Specifies the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.' scheduling.instance_termination_action: '- (Optional) Describe the type of termination action for VM. Can be STOP or DELETE. Read more on here' scheduling.local_ssd_recovery_timeout: |- - (Optional) (https://terraform.io/docs/providers/google/guides/provider_versions.html) Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour. Structure is documented below. @@ -38946,7 +42241,6 @@ resources: { "base_instance_name": "tf-sr-igm-instance", "name": "tf-sr-igm", - "provider": "${google-beta}", "standby_policy": [ { "initial_delay_sec": 30, @@ -38965,7 +42259,6 @@ resources: "zone": "us-central1-a" } references: - provider: google-beta version.instance_template: google_compute_instance_template.sr-igm.self_link argumentDocs: all_instances_config: |- @@ -39026,7 +42319,7 @@ resources: - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. self_link: '- The URL of the created resource.' - standby_policy: '- (Optional Beta) The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation and API' + standby_policy: '- (Optional) The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation.' standby_policy.initial_delay_sec: '- (Optional) - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.' standby_policy.mode: '- (Optional) - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes.' stateful.has_stateful_config: '- A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.' @@ -39059,8 +42352,8 @@ resources: - (Optional), The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version. - target_stopped_size: '- (Optional Beta) The target number of stopped instances for this managed instance group.' - target_suspended_size: '- (Optional Beta) The target number of suspended instances for this managed instance group.' + target_stopped_size: '- (Optional) The target number of stopped instances for this managed instance group.' + target_suspended_size: '- (Optional) The target number of suspended instances for this managed instance group.' update: '- Default is 15 minutes.' update_policy: '- (Optional) The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API.' update_policy.max_surge_fixed: '- (Optional), Specifies a fixed number of VM instances. This must be a positive integer. Conflicts with max_surge_percent. Both cannot be 0.' @@ -39077,7 +42370,7 @@ resources: version deals with a specific instance template, allowing canary release scenarios. Structure is documented below. version.instance_template: '- (Required) - The full URL to an instance template from which all new instances of this version will be created. It is recommended to reference instance templates through their unique id (self_link_unique attribute).' - version.name: '- (Required) - Version name.' + version.name: '- (Optional) - Version name.' version.target_size: '- (Optional) - The number of instances calculated as a fixed number or a percentage depending on the settings. Structure is documented below.' version_target.version_target: '- A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances'' target version are specified by version field on Instance Group Manager.' wait_for_instances: |- @@ -39187,7 +42480,7 @@ resources: } google_container_cluster.my_cluster: |- { - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "ip_allocation_policy": [ { @@ -39225,7 +42518,7 @@ resources: } google_container_cluster.my_cluster: |- { - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "ip_allocation_policy": [ { @@ -39550,9 +42843,12 @@ resources: this instance template. This field can take the following values: PREMIUM, STANDARD or FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM. advanced_machine_features: (Optional) - Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below - advanced_machine_features.enable_nested_virtualization: (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false. - advanced_machine_features.threads_per_core: (Optional) The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. - advanced_machine_features.visible_core_count: (Optional, Beta) The number of physical cores to expose to an instance. visible cores info (VC). + advanced_machine_features.enable_nested_virtualization: '- (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false.' + advanced_machine_features.enable_uefi_networking: '- (Optional) Whether to enable UEFI networking for instance creation.' + advanced_machine_features.performance_monitoring_unit: '- (Optional) The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL.' + advanced_machine_features.threads_per_core: '- (Optional) The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1.' + advanced_machine_features.turbo_mode: '- (Optional) Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default).' + advanced_machine_features.visible_core_count: '- (Optional) The number of physical cores to expose to an instance. visible cores info (VC).' alias_ip_range.ip_cidr_range: |- - The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by @@ -39567,9 +42863,10 @@ resources: - (Optional) Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false. confidential_instance_config: (Optional) - Enable Confidential Mode on this VM. Structure is documented below - confidential_instance_config.confidential_instance_type: '(Optional) Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta.' + confidential_instance_config.confidential_instance_type: '(Optional) Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM.' confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled with AMD SEV. If enabled, on_host_maintenance can be set to MIGRATE if min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. create: '- Default is 4 minutes.' + creation_timestamp: '- Creation timestamp in RFC3339 text format.' custom-VCPUS-MEM_IN_MB: like custom-6-20480 for 6 vCPU and 20GB of RAM. delete: '- Default is 4 minutes.' description: '- (Optional) A brief description of this resource.' @@ -39658,6 +42955,7 @@ resources: ipv6_access_config.network_tier: |- - (Optional) The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM and STANDARD tier is valid for IPv6. + key_revocation_action_type: '- (optional) Action to be taken when a customer''s encryption key is revoked. Supports STOP and NONE, with NONE being the default.' labels: |- - (Optional) A set of key/value label pairs to assign to instances created from this template. @@ -39688,7 +42986,9 @@ resources: this blank, Terraform will auto-generate a unique name. name_prefix: |- - (Optional) Creates a unique name beginning with the specified - prefix. Conflicts with name. + prefix. Conflicts with name. Max length is 54 characters. + Prefixes with lengths longer than 37 characters will use a shortened + UUID that will be more prone to collisions. network_interface: |- - (Required) Networks to attach to instances created from this template. This can be specified multiple times for multiple networks. @@ -39699,7 +42999,7 @@ resources: is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance - on that network). This block can be repeated multiple times. Structure documented below. + on that network). This block can be specified once per network_interface. Structure documented below. network_interface.alias_ip_range: |- - (Optional) An array of alias IP ranges for this network interface. Can only be specified for network @@ -39716,7 +43016,7 @@ resources: network_interface.network_ip: |- - (Optional) The private IP address to assign to the instance. If empty, the address will be automatically assigned. - network_interface.nic_type: '- (Optional) The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET.' + network_interface.nic_type: '- (Optional) The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. In the beta provider the additional values of MRDMA and IRDMA are supported.' network_interface.queue_count: '- (Optional) The networking queue count that''s specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.' network_interface.stack_type: '- (Optional) The stack type for this network interface to identify whether the IPv6 feature is enabled or not. Values are IPV4_IPV6 or IPV4_ONLY. If not specified, IPV4_ONLY will be used.' network_interface.subnetwork: |- @@ -39767,6 +43067,8 @@ resources: - (Optional) Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. + scheduling.availability_domain: '- (Optional) Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance.' + scheduling.host_error_timeout_seconds: '- (Optional) Beta Specifies the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.' scheduling.instance_termination_action: '- (Optional) Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here' scheduling.local_ssd_recovery_timeout: |- - (Optional) (https://terraform.io/docs/providers/google/guides/provider_versions.html) Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour. Structure is documented below. @@ -39899,9 +43201,10 @@ resources: Creation timestamp in RFC3339 text format. customer_name: |- - - (Required) + (Optional) Customer name, to put in the Letter of Authorization as the party authorized to request a - crossconnect. + crossconnect. This field is required for Dedicated and Partner Interconnect, should not be specified + for cross-cloud interconnect. delete: '- Default is 20 minutes.' description: |- - @@ -39985,23 +43288,16 @@ resources: bundle, not the speed of the entire bundle. Can take one of the following values: location: |- - - (Required) + (Optional) URL of the InterconnectLocation object that represents where this connection is to be provisioned. + Specifies the location inside Google's Networks, should not be passed in case of cross-cloud interconnect. macsec: |- - (Optional) Configuration that enables Media Access Control security (MACsec) on the Cloud Interconnect connection between Google and your on-premises router. Structure is documented below. - macsec.pre_shared_keys: |- - - - (Required) - A keychain placeholder describing a set of named key objects along with their - start times. A MACsec CKN/CAK is generated for each key in the key chain. - Google router automatically picks the key with the most recent startTime when establishing - or re-establishing a MACsec secure link. - Structure is documented below. - macsec.pre_shared_keys.fail_open: |- + macsec.fail_open: |- - (Optional) If set to true, the Interconnect connection is configured with a should-secure @@ -40009,22 +43305,14 @@ resources: traffic if the MKA session cannot be established. By default, the Interconnect connection is configured with a must-secure security policy that drops all traffic if the MKA session cannot be established with your router. - macsec.pre_shared_keys.name: |- + macsec.pre_shared_keys: |- - (Required) - A name for this pre-shared key. The name must be 1-63 characters long, and - comply with RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character - must be a lowercase letter, and all following characters must be a dash, lowercase - letter, or digit, except the last character, which cannot be a dash. - macsec.pre_shared_keys.start_time: |- - - - (Optional) - A RFC3339 timestamp on or after which the key is valid. startTime can be in the - future. If the keychain has a single key, startTime can be omitted. If the keychain - has multiple keys, startTime is mandatory for each key. The start times of keys must - be in increasing order. The start times of two consecutive keys must be at least 6 - hours apart. + A keychain placeholder describing a set of named key objects along with their + start times. A MACsec CKN/CAK is generated for each key in the key chain. + Google router automatically picks the key with the most recent startTime when establishing + or re-establishing a MACsec secure link. + Structure is documented below. macsec_enabled: |- - (Optional) @@ -40054,6 +43342,31 @@ resources: IP address configured on the customer side of the Interconnect link. The customer should configure this IP address during turnup when prompted by Google NOC. This can be used only for ping tests. + pre_shared_keys.fail_open: |- + - + (Optional, Deprecated) + If set to true, the Interconnect connection is configured with a should-secure + MACsec security policy, that allows the Google router to fallback to cleartext + traffic if the MKA session cannot be established. By default, the Interconnect + connection is configured with a must-secure security policy that drops all traffic + if the MKA session cannot be established with your router. + pre_shared_keys.failOpen: is deprecated and will be removed in a future major release. Use other failOpen instead. + pre_shared_keys.name: |- + - + (Required) + A name for this pre-shared key. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character + must be a lowercase letter, and all following characters must be a dash, lowercase + letter, or digit, except the last character, which cannot be a dash. + pre_shared_keys.start_time: |- + - + (Optional) + A RFC3339 timestamp on or after which the key is valid. startTime can be in the + future. If the keychain has a single key, startTime can be omitted. If the keychain + has multiple keys, startTime is mandatory for each key. The start times of keys must + be in increasing order. The start times of two consecutive keys must be at least 6 + hours apart. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -40068,11 +43381,12 @@ resources: requested_features: |- - (Optional) - interconnects.list of features requested for this Interconnect connection. Options: MACSEC ( + interconnects.list of features requested for this Interconnect connection. Options: IF_MACSEC ( If specified then the connection is created on MACsec capable hardware ports. If not specified, the default value is false, which allocates non-MACsec capable ports first if - available). - Each value may be one of: MACSEC. + available). Note that MACSEC is still technically allowed for compatibility reasons, but it + does not work with the API, and will be removed in an upcoming major version. + Each value may be one of: MACSEC, IF_MACSEC. requested_link_count: |- - (Required) @@ -40781,6 +44095,40 @@ resources: "network_firewall_policy_enforcement_order": "BEFORE_CLASSIC_FIREWALL", "project": "my-project-name" } + - name: vpc_network + manifest: |- + { + "name": "vpc-network", + "project": "my-project-name", + "provider": "${google-beta}", + "routing_mode": "GLOBAL" + } + references: + provider: google-beta + - name: vpc_network + manifest: |- + { + "bgp_best_path_selection_mode": "STANDARD", + "name": "vpc-network", + "project": "my-project-name", + "provider": "${google-beta}", + "routing_mode": "GLOBAL" + } + references: + provider: google-beta + - name: vpc_network + manifest: |- + { + "bgp_always_compare_med": true, + "bgp_best_path_selection_mode": "STANDARD", + "bgp_inter_region_cost": "ADD_COST_TO_MED", + "name": "vpc-network", + "project": "my-project-name", + "provider": "${google-beta}", + "routing_mode": "GLOBAL" + } + references: + provider: google-beta argumentDocs: auto_create_subnetworks: |- - @@ -40790,6 +44138,21 @@ resources: 10.128.0.0/9 address range. When set to false, the network is created in "custom subnet mode" so the user can explicitly connect subnetwork resources. + bgp_always_compare_med: |- + - + (Optional, Beta) + Enables/disables the comparison of MED across routes with different Neighbor ASNs. + This value can only be set if the --bgp-best-path-selection-mode is STANDARD + bgp_best_path_selection_mode: |- + - + (Optional, Beta) + The BGP best selection algorithm to be employed. MODE can be LEGACY or STANDARD. + Possible values are: LEGACY, STANDARD. + bgp_inter_region_cost: |- + - + (Optional, Beta) + Choice of the behavior of inter-regional cost and MED in the BPS algorithm. + Possible values are: DEFAULT, ADD_COST_TO_MED. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' delete_default_routes_on_create: |- @@ -40842,8 +44205,18 @@ resources: Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER_CLASSIC_FIREWALL. Possible values are: BEFORE_CLASSIC_FIREWALL, AFTER_CLASSIC_FIREWALL. + network_id: |- + - + The unique identifier for the resource. This identifier is defined by the server. + network_profile: |- + - + (Optional, Beta) + A full or partial URL of the network profile to apply to this network. + This field can be set only at resource creation time. For example, the + following are valid URLs: numeric_id: |- - + (Deprecated) The unique identifier for the resource. This identifier is defined by the server. project: |- - (Optional) The ID of the project in which the resource belongs. @@ -40903,6 +44276,7 @@ resources: google_project.accepted_producer_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "prj-accepted", "org_id": "123456789", "project_id": "prj-accepted" @@ -40910,6 +44284,7 @@ resources: google_project.rejected_producer_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "prj-rejected", "org_id": "123456789", "project_id": "prj-rejected" @@ -41409,7 +44784,7 @@ resources: argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format {{project}}/{{zone}}/{{network_endpoint_group}}/endpoints' + id: '- an identifier for the resource with format {{project}}/{{zone}}/{{network_endpoint_group}}' network_endpoint_group: |- - (Required) @@ -41501,26 +44876,27 @@ resources: name: google_compute_network_firewall_policy_association title: "" examples: - - name: primary + - name: default manifest: |- { "attachment_target": "${google_compute_network.network.id}", - "firewall_policy": "${google_compute_network_firewall_policy.network_firewall_policy.name}", - "name": "association", + "firewall_policy": "${google_compute_network_firewall_policy.policy.id}", + "name": "my-association", "project": "my-project-name" } references: attachment_target: google_compute_network.network.id - firewall_policy: google_compute_network_firewall_policy.network_firewall_policy.name + firewall_policy: google_compute_network_firewall_policy.policy.id dependencies: google_compute_network.network: |- { - "name": "network" + "auto_create_subnetworks": false, + "name": "my-network" } - google_compute_network_firewall_policy.network_firewall_policy: |- + google_compute_network_firewall_policy.policy: |- { "description": "Sample global network firewall policy", - "name": "policy", + "name": "my-policy", "project": "my-project-name" } argumentDocs: @@ -41533,23 +44909,22 @@ resources: firewall_policy: |- - (Required) - The firewall policy ID of the association. + The firewall policy of the resource. id: '- an identifier for the resource with format projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}' name: |- - (Required) The name for an association. project: |- - - - (Optional) - The project for the resource + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. short_name: |- - The short name of the firewall policy of the association. importStatements: [] google_compute_network_firewall_policy_rule: subCategory: Compute Engine - description: The Compute NetworkFirewallPolicyRule resource + description: Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny). name: google_compute_network_firewall_policy_rule title: "" examples: @@ -41583,7 +44958,7 @@ resources: ], "src_secure_tags": [ { - "name": "tagValues/${google_tags_tag_value.basic_value.name}" + "name": "${google_tags_tag_value.basic_value.id}" } ], "src_threat_intelligences": [ @@ -41600,6 +44975,7 @@ resources: references: firewall_policy: google_compute_network_firewall_policy.basic_network_firewall_policy.name match.src_address_groups: google_network_security_address_group.basic_global_networksecurity_address_group.id + match.src_secure_tags.name: google_tags_tag_value.basic_value.id dependencies: google_compute_network.basic_network: |- { @@ -41619,7 +44995,7 @@ resources: "208.80.154.224/32" ], "location": "global", - "name": "policy", + "name": "address", "parent": "projects/my-project-name", "type": "IPV4" } @@ -41636,7 +45012,7 @@ resources: google_tags_tag_value.basic_value: |- { "description": "For valuename resources.", - "parent": "tagKeys/${google_tags_tag_key.basic_key.name}", + "parent": "${google_tags_tag_key.basic_key.id}", "short_name": "tagvalue" } argumentDocs: @@ -41645,11 +45021,15 @@ resources: (Required) The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group". create: '- Default is 20 minutes.' + creation_timestamp: |- + - + Creation timestamp in RFC3339 text format. delete: '- Default is 20 minutes.' direction: |- - (Required) - The direction in which this rule applies. Possible values: INGRESS, EGRESS + The direction in which this rule applies. + Possible values are: INGRESS, EGRESS. firewall_policy: |- - (Required) @@ -41658,123 +45038,624 @@ resources: kind: |- - Type of the resource. Always compute#firewallPolicyRule for firewall policy rules - layer4_configs.description: |- + layer4_configs.ip_protocol: |- + - + (Required) + The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. + layer4_configs.ports: |- - (Optional) - An optional description for this resource. - layer4_configs.disabled: |- + An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. + match: |- + - + (Required) + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + match.dest_address_groups: |- - (Optional) - Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled. - layer4_configs.enable_logging: |- + Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. + match.dest_fqdns: |- - (Optional) - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules. - layer4_configs.ip_protocol: |- + Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100. + match.dest_ip_ranges: |- + - + (Optional) + CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. + match.dest_region_codes: |- + - + (Optional) + Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000. + match.dest_threat_intelligences: |- + - + (Optional) + Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination. + match.layer4_configs: |- - (Required) - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. - layer4_configs.ports: |- + Pairs of IP protocols and ports that the rule should match. + Structure is documented below. + match.src_address_groups: |- - (Optional) - An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``. - layer4_configs.project: |- + Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. + match.src_fqdns: |- - (Optional) - The project for the resource - layer4_configs.rule_name: |- + Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100. + match.src_ip_ranges: |- + - + (Optional) + CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. + match.src_region_codes: |- + - + (Optional) + Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000. + match.src_secure_tags: |- + - + (Optional) + List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256. + Structure is documented below. + match.src_threat_intelligences: |- + - + (Optional) + Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source. + priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. + rule_tuple_count: |- + - + Calculation of the complexity of a single firewall policy rule. + src_secure_tags.description: |- + - + (Optional) + An optional description for this resource. + src_secure_tags.disabled: |- + - + (Optional) + Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + If this is unspecified, the firewall policy rule will be enabled. + src_secure_tags.enable_logging: |- + - + (Optional) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + Logs may be exported to BigQuery or Pub/Sub. + Note: you cannot enable logging on "goto_next" rules. + src_secure_tags.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + src_secure_tags.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + src_secure_tags.rule_name: |- - (Optional) An optional name for the rule. This field is not a unique identifier and can be updated. - layer4_configs.security_profile_group: |- + src_secure_tags.security_profile_group: |- - (Optional) - A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. - layer4_configs.target_secure_tags: |- + A fully-qualified URL of a SecurityProfile resource instance. + Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. + src_secure_tags.state: |- + - + (Output) + State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. + src_secure_tags.target_secure_tags: |- - (Optional) - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256. - layer4_configs.target_service_accounts: |- + A list of secure tags that controls which instances the firewall rule applies to. + If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256. + Structure is documented below. + src_secure_tags.target_service_accounts: |- - (Optional) A list of service accounts indicating the sets of instances that are applied with this rule. - layer4_configs.tls_inspect: |- + src_secure_tags.tls_inspect: |- - (Optional) - Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. - match: |- + Boolean flag indicating if the traffic should be TLS decrypted. + Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + target_secure_tags.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + target_secure_tags.state: |- + - + (Output) + State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. + update: '- Default is 20 minutes.' + importStatements: [] + google_compute_network_firewall_policy_with_rules: + subCategory: Compute Engine + description: The Compute NetworkFirewallPolicy with rules resource + name: google_compute_network_firewall_policy_with_rules + title: "" + examples: + - name: network-firewall-policy-with-rules + manifest: |- + { + "description": "Terraform test", + "name": "tf-fw-policy-with-rules", + "provider": "${google-beta}", + "rule": [ + { + "action": "allow", + "description": "tcp rule", + "direction": "EGRESS", + "enable_logging": true, + "match": [ + { + "dest_address_groups": [ + "${google_network_security_address_group.address_group_1.id}" + ], + "dest_fqdns": [ + "www.yyy.com", + "www.zzz.com" + ], + "dest_ip_ranges": [ + "11.100.0.1/32" + ], + "dest_region_codes": [ + "HK", + "IN" + ], + "dest_threat_intelligences": [ + "iplist-search-engines-crawlers", + "iplist-tor-exit-nodes" + ], + "layer4_config": [ + { + "ip_protocol": "tcp", + "ports": [ + 8080, + 7070 + ] + } + ] + } + ], + "priority": 1000, + "target_secure_tag": [ + { + "name": "${google_tags_tag_value.secure_tag_value_1.id}" + } + ] + }, + { + "action": "deny", + "description": "udp rule", + "direction": "INGRESS", + "disabled": true, + "enable_logging": false, + "match": [ + { + "layer4_config": [ + { + "ip_protocol": "udp" + } + ], + "src_address_groups": [ + "${google_network_security_address_group.address_group_1.id}" + ], + "src_fqdns": [ + "www.abc.com", + "www.def.com" + ], + "src_ip_ranges": [ + "0.0.0.0/0" + ], + "src_region_codes": [ + "US", + "CA" + ], + "src_secure_tag": [ + { + "name": "${google_tags_tag_value.secure_tag_value_1.id}" + } + ], + "src_threat_intelligences": [ + "iplist-known-malicious-ips", + "iplist-public-clouds" + ] + } + ], + "priority": 2000 + }, + { + "action": "apply_security_profile_group", + "description": "security profile group rule", + "direction": "INGRESS", + "enable_logging": false, + "match": [ + { + "layer4_config": [ + { + "ip_protocol": "tcp" + } + ], + "src_ip_ranges": [ + "0.0.0.0/0" + ] + } + ], + "priority": 3000, + "rule_name": "tcp rule", + "security_profile_group": "//networksecurity.googleapis.com/${google_network_security_security_profile_group.security_profile_group_1.id}", + "target_service_accounts": [ + "test@google.com" + ], + "tls_inspect": true + } + ] + } + references: + provider: google-beta + rule.match.dest_address_groups: google_network_security_address_group.address_group_1.id + rule.match.src_address_groups: google_network_security_address_group.address_group_1.id + rule.match.src_secure_tag.name: google_tags_tag_value.secure_tag_value_1.id + rule.target_secure_tag.name: google_tags_tag_value.secure_tag_value_1.id + dependencies: + google_network_security_address_group.address_group_1: |- + { + "capacity": 100, + "description": "Global address group", + "items": [ + "208.80.154.224/32" + ], + "location": "global", + "name": "tf-address-group", + "parent": "${data.google_project.project.id}", + "provider": "${google-beta}", + "type": "IPV4" + } + google_network_security_security_profile.security_profile_1: |- + { + "location": "global", + "name": "tf-security-profile", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "type": "THREAT_PREVENTION" + } + google_network_security_security_profile_group.security_profile_group_1: |- + { + "description": "my description", + "name": "tf-security-profile-group", + "parent": "organizations/123456789", + "provider": "${google-beta}", + "threat_prevention_profile": "${google_network_security_security_profile.security_profile_1.id}" + } + google_tags_tag_key.secure_tag_key_1: |- + { + "description": "Tag key", + "parent": "${data.google_project.project.id}", + "provider": "${google-beta}", + "purpose": "GCE_FIREWALL", + "purpose_data": { + "network": "${data.google_project.project.name}/default" + }, + "short_name": "tf-tag-key" + } + google_tags_tag_value.secure_tag_value_1: |- + { + "description": "Tag value", + "parent": "${google_tags_tag_key.secure_tag_key_1.id}", + "provider": "${google-beta}", + "short_name": "tf-tag-value" + } + argumentDocs: + create: '- Default is 20 minutes.' + creation_timestamp: |- + - + Creation timestamp in RFC3339 text format. + delete: '- Default is 20 minutes.' + fingerprint: |- + - + Fingerprint of the resource. This field is used internally during updates of this resource. + id: '- an identifier for the resource with format projects/{{project}}/global/firewallPolicies/{{name}}' + layer4_config.ip_protocol: |- - (Required) - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + layer4_config.ports: |- + - + (Optional) + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. match.dest_address_groups: |- - (Optional) - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules. + Address groups which should be matched against the traffic destination. + Maximum number of destination address groups is 10. match.dest_fqdns: |- - (Optional) - Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress. + Fully Qualified Domain Name (FQDN) which should be matched against + traffic destination. Maximum number of destination fqdn allowed is 100. match.dest_ip_ranges: |- - (Optional) - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. + Destination IP address range in CIDR format. Required for + EGRESS rules. match.dest_region_codes: |- - (Optional) - The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress. + Region codes whose IP addresses will be used to match for destination + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of destination region codes allowed is 5000. match.dest_threat_intelligences: |- - (Optional) - Name of the Google Cloud Threat Intelligence list. - match.layer4_configs: |- + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic destination. + match.layer4_config: |- - (Required) Pairs of IP protocols and ports that the rule should match. + Structure is documented below. match.src_address_groups: |- - (Optional) - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules. + Address groups which should be matched against the traffic source. + Maximum number of source address groups is 10. match.src_fqdns: |- - (Optional) - Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress. + Fully Qualified Domain Name (FQDN) which should be matched against + traffic source. Maximum number of source fqdn allowed is 100. match.src_ip_ranges: |- - (Optional) - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. + Source IP address range in CIDR format. Required for + INGRESS rules. match.src_region_codes: |- - (Optional) - The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress. - match.src_secure_tags: |- + Region codes whose IP addresses will be used to match for source + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of source region codes allowed is 5000. + match.src_secure_tag: |- - (Optional) - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256. + List of secure tag values, which should be matched at the source + of the traffic. + For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, + and there is no srcIpRange, this rule will be ignored. + Maximum number of source tag values allowed is 256. + Structure is documented below. match.src_threat_intelligences: |- - (Optional) - Name of the Google Cloud Threat Intelligence list. - priority: |- + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic source. + name: |- - (Required) - An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. - rule_tuple_count: |- + User-provided name of the Network firewall policy. + The name should be unique in the project in which the firewall policy is created. + The name must be 1-63 characters long, and comply with RFC1035. Specifically, + the name must be 1-63 characters long and match the regular expression a-z? + which means the first character must be a lowercase letter, and all following characters must be a dash, + lowercase letter, or digit, except the last character, which cannot be a dash. + network_firewall_policy_id: |- - - Calculation of the complexity of a single firewall policy rule. - src_secure_tags.name: |- + The unique identifier for the resource. This identifier is defined by the server. + predefined_rules: |- + - + A list of firewall policy pre-defined rules. + Structure is documented below. + predefined_rules.action: |- + - + (Output) + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + predefined_rules.description: |- + - + (Output) + A description of the rule. + predefined_rules.direction: |- + - + (Output) + The direction in which this rule applies. If unspecified an INGRESS rule is created. + predefined_rules.disabled: |- + - + (Output) + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + predefined_rules.enable_logging: |- + - + (Output) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + predefined_rules.match: |- + - + (Output) + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + predefined_rules.priority: |- + - + (Output) + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + predefined_rules.rule_name: |- + - + (Output) + An optional name for the rule. This field is not a unique identifier + and can be updated. + predefined_rules.security_profile_group: |- + - + (Output) + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + predefined_rules.target_secure_tag: |- + - + (Output) + A list of secure tags that controls which instances the firewall rule + applies to. If targetSecureTag are specified, then the + firewall rule applies only to instances in the VPC network that have one + of those EFFECTIVE secure tags, if all the target_secure_tag are in + INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as + targetServiceAccounts. + If neither targetServiceAccounts nor + targetSecureTag are specified, the firewall rule applies + to all instances on the specified network. + Maximum number of target label tags allowed is 256. + Structure is documented below. + predefined_rules.target_service_accounts: |- + - + (Output) + A list of service accounts indicating the sets of + instances that are applied with this rule. + predefined_rules.tls_inspect: |- + - + (Output) + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + rule: |- - (Required) - Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+ - src_secure_tags.state: |- + A list of firewall policy rules. + Structure is documented below. + rule.action: |- - - [Output Only] State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. - target_secure_tags.name: |- + (Required) + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + rule.description: |- + - + (Optional) + A description of the rule. + rule.direction: |- + - + (Optional) + The direction in which this rule applies. If unspecified an INGRESS rule is created. + Possible values are: INGRESS, EGRESS. + rule.disabled: |- + - + (Optional) + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + rule.enable_logging: |- + - + (Optional) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + rule.match: |- - (Required) - Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+ - target_secure_tags.state: |- + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + rule.priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + rule.rule_name: |- + - + (Optional) + An optional name for the rule. This field is not a unique identifier + and can be updated. + rule.security_profile_group: |- - - [Output Only] State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. + (Optional) + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + rule.target_secure_tag: |- + - + (Optional) + A list of secure tags that controls which instances the firewall rule + applies to. If targetSecureTag are specified, then the + firewall rule applies only to instances in the VPC network that have one + of those EFFECTIVE secure tags, if all the target_secure_tag are in + INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as + targetServiceAccounts. + If neither targetServiceAccounts nor + targetSecureTag are specified, the firewall rule applies + to all instances on the specified network. + Maximum number of target label tags allowed is 256. + Structure is documented below. + rule.target_service_accounts: |- + - + (Optional) + A list of service accounts indicating the sets of + instances that are applied with this rule. + rule.tls_inspect: |- + - + (Optional) + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + rule_tuple_count: |- + - + Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. + self_link: |- + - + Server-defined URL for the resource. + self_link_with_id: |- + - + Server-defined URL for this resource with the resource id. + src_secure_tag.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + src_secure_tag.state: |- + - + (Output) + [Output Only] State of the secure tag, either EFFECTIVE or + INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted + or its network is deleted. + target_secure_tag.description: |- + - + (Optional) + An optional description of this resource. + target_secure_tag.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + target_secure_tag.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + target_secure_tag.state: |- + - + (Output) + [Output Only] State of the secure tag, either EFFECTIVE or + INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted + or its network is deleted. update: '- Default is 20 minutes.' importStatements: [] google_compute_network_peering: @@ -41933,7 +45814,7 @@ resources: } google_container_cluster.private_cluster: |- { - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "ip_allocation_policy": [ { @@ -42091,6 +45972,7 @@ resources: } google_project.guest_project: |- { + "deletion_policy": "DELETE", "name": "project-name", "org_id": "123456789", "project_id": "project-id" @@ -42219,7 +46101,50 @@ resources: } ] } + - name: template + manifest: |- + { + "accelerators": [ + { + "accelerator_count": 4, + "accelerator_type": "nvidia-tesla-t4" + } + ], + "name": "soletenant-with-accelerators", + "node_type": "n1-node-96-624", + "region": "us-central1" + } + - name: template + manifest: |- + { + "disks": [ + { + "disk_count": 16, + "disk_size_gb": 375, + "disk_type": "local-ssd" + } + ], + "name": "soletenant-with-disks", + "node_type": "n2-node-80-640", + "region": "us-central1" + } argumentDocs: + accelerators: |- + - + (Optional) + List of the type and count of accelerator cards attached to the + node template + Structure is documented below. + accelerators.accelerator_count: |- + - + (Optional) + The number of the guest accelerator cards exposed to this + node template. + accelerators.accelerator_type: |- + - + (Optional) + Full or partial URL of the accelerator type resource to expose + to this node template. cpu_overcommit_type: |- - (Optional) @@ -42235,6 +46160,24 @@ resources: - (Optional) An optional textual description of the resource. + disks: |- + - + (Optional) + List of the type, size and count of disks attached to the + node template + Structure is documented below. + disks.disk_count: |- + - + (Optional) + Specifies the number of such disks. + disks.disk_size_gb: |- + - + (Optional) + Specifies the size of the disk in base-2 GB. + disks.disk_type: |- + - + (Optional) + Specifies the desired disk type on the node. This disk type must be a local storage type (e.g.: local-ssd). Note that for nodeTemplates, this should be the name of the disk type and not its URL. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/nodeTemplates/{{name}}' name: |- - @@ -42409,6 +46352,7 @@ resources: } google_folder.security_policy_target: |- { + "deletion_protection": false, "display_name": "tf-test-secpol-", "parent": "organizations/123456789", "provider": "${google-beta}" @@ -43023,6 +46967,7 @@ resources: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "your_project_id", "org_id": "123456789", "project_id": "your_project_id" @@ -43037,7 +46982,7 @@ resources: - (Required) Managed protection tier to be set. - Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO. + Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO, CA_ENTERPRISE_ANNUAL. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' id: '- an identifier for the resource with format projects/{{project}}' @@ -43517,7 +47462,7 @@ resources: scale_down_control.max_scaled_down_replicas: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. scale_down_control.time_window_sec: |- - @@ -43527,7 +47472,7 @@ resources: scale_in_control.max_scaled_in_replicas: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. scale_in_control.time_window_sec: |- - @@ -43609,6 +47554,7 @@ resources: { "iap": [ { + "enabled": true, "oauth2_client_id": "abc", "oauth2_client_secret": "xyz" } @@ -43782,6 +47728,45 @@ resources: ], "name": "rbs-health-check" } + - name: default + manifest: |- + { + "health_checks": [ + "${google_compute_health_check.health_check.id}" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "locality_lb_policy": "RING_HASH", + "name": "region-service", + "protocol": "HTTP", + "provider": "${google-beta}", + "region": "us-central1", + "session_affinity": "STRONG_COOKIE_AFFINITY", + "strong_session_affinity_cookie": [ + { + "name": "mycookie", + "ttl": [ + { + "nanos": 1111, + "seconds": 11 + } + ] + } + ] + } + references: + health_checks: google_compute_health_check.health_check.id + provider: google-beta + dependencies: + google_compute_health_check.health_check: |- + { + "http_health_check": [ + { + "port": 80 + } + ], + "name": "rbs-health-check", + "provider": "${google-beta}" + } - name: default manifest: |- { @@ -43900,6 +47885,31 @@ resources: } ] } + - name: default + manifest: |- + { + "health_checks": [ + "${google_compute_region_health_check.health_check.id}" + ], + "ip_address_selection_policy": "IPV6_ONLY", + "load_balancing_scheme": "EXTERNAL_MANAGED", + "name": "region-service", + "protocol": "HTTP", + "region": "us-central1" + } + references: + health_checks: google_compute_region_health_check.health_check.id + dependencies: + google_compute_region_health_check.health_check: |- + { + "name": "rbs-health-check", + "region": "us-central1", + "tcp_health_check": [ + { + "port": 80 + } + ] + } argumentDocs: LEAST_REQUEST: |- : An O(1) algorithm which selects two random healthy @@ -43926,7 +47936,8 @@ resources: is selected in round robin order. WEIGHTED_MAGLEV: |- : Per-instance weighted Load Balancing via health check - reported weights. If set, the Backend Service must + reported weights. Only applicable to loadBalancingScheme + EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field @@ -43937,7 +47948,7 @@ resources: instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight. - This field is applicable to either: + locality_lb_policy is applicable to either: affinity_cookie_ttl_sec: |- - (Optional) @@ -43957,8 +47968,7 @@ resources: Specifies the balancing mode for this backend. See the Backend Services Overview for an explanation of load balancing modes. - From version 6.0.0 default value will be UTILIZATION to match default GCP value. - Default value is CONNECTION. + Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION. backend.capacity_scaler: |- - @@ -44219,7 +48229,6 @@ resources: (Optional) Time for which instance will be drained (not accept new connections, but still work to finish started). - From version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value. connection_tracking_policy: |- - (Optional, Beta) @@ -44378,13 +48387,17 @@ resources: (Optional) Settings for enabling Cloud Identity Aware Proxy Structure is documented below. - iap.oauth2_client_id: |- + iap.enabled: |- - (Required) + Whether the serving infrastructure will authenticate and authorize all incoming requests. + iap.oauth2_client_id: |- + - + (Optional) OAuth2 Client ID for IAP iap.oauth2_client_secret: |- - - (Required) + (Optional) OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan. iap.oauth2_client_secret_sha256: |- @@ -44404,6 +48417,11 @@ resources: (Required) Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + ip_address_selection_policy: |- + - + (Optional) + Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). + Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY. load_balancing_scheme: is set to INTERNAL_MANAGED locality_lb_policy: |- is set to MAGLEV or RING_HASH @@ -44456,8 +48474,6 @@ resources: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_MANAGED and the protocol is set to HTTP, HTTPS, or HTTP2. - From version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value. - Default values are enforce by GCP without providing them. Structure is documented below. outlier_detection.base_ejection_time: |- - @@ -44560,7 +48576,25 @@ resources: (Optional) Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. - Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION. + Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, CLIENT_IP_NO_DESTINATION, STRONG_COOKIE_AFFINITY. + strong_session_affinity_cookie: |- + - + (Optional) + Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. + Structure is documented below. + strong_session_affinity_cookie.name: |- + - + (Optional) + Name of the cookie. + strong_session_affinity_cookie.path: |- + - + (Optional) + Path to set for the cookie. + strong_session_affinity_cookie.ttl: |- + - + (Optional) + Lifetime of the cookie. + Structure is documented below. subsetting: |- - (Optional, Beta) @@ -44729,6 +48763,10 @@ resources: end_timestamp: |- - Commitment end time in RFC3339 text format. + existing_reservations: |- + - + (Optional) + Specifies the already existing reservations to attach to the Commitment. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/commitments/{{name}}' license_resource: |- - @@ -44907,7 +48945,7 @@ resources: async_primary_disk: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. async_primary_disk.disk: |- - @@ -45451,7 +49489,7 @@ resources: grpc_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. grpc_health_check.grpc_service_name: |- - @@ -45474,6 +49512,9 @@ resources: (Optional) Specifies how port is selected for health checking, can be one of the following values: + health_check_id: |- + - + The unique identifier number for the resource. This identifier is defined by the server. healthy_threshold: |- - (Optional) @@ -45482,7 +49523,7 @@ resources: http_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. http_health_check.host: |- - @@ -45526,7 +49567,7 @@ resources: http2_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. http2_health_check.host: |- - @@ -45570,7 +49611,7 @@ resources: https_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. https_health_check.host: |- - @@ -45644,7 +49685,7 @@ resources: ssl_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. ssl_health_check.port: |- - @@ -45684,7 +49725,7 @@ resources: tcp_health_check: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. tcp_health_check.port: |- - @@ -45832,7 +49873,6 @@ resources: { "base_instance_name": "tf-sr-igm-instance", "name": "tf-sr-igm", - "provider": "${google-beta}", "region": "us-central1", "standby_policy": [ { @@ -45851,7 +49891,6 @@ resources: ] } references: - provider: google-beta version.instance_template: google_compute_instance_template.sr-igm.self_link argumentDocs: all_instances_config: |- @@ -45889,6 +49928,11 @@ resources: group. You can specify one or more values. For more information, see the official documentation. fingerprint: '- The fingerprint of the instance group manager.' id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}}' + instance_flexibility_policy: '- (Optional) The flexibility policy for managed instance group. Instance flexibility allows managed instance group to create VMs from multiple types of machines. Instance flexibility configuration on managed instance group overrides instance template configuration. Structure is documented below.' + instance_flexibility_policy.instance_selections: '- (Optional), Named instance selections configuring properties that the group will use when creating new VMs. One can specify multiple instance selection to allow managed instance group to create VMs from multiple types of machines, based on preference and availability. Structure is documented below.' + instance_flexibility_policy.instance_selections.machine_types: '- (Required), A list of full machine-type names, e.g. "n1-standard-16".' + instance_flexibility_policy.instance_selections.name: '- (Required), Name of the instance selection, e.g. instance_selection_with_n1_machines_types. Instance selection names must be unique within the flexibility policy.' + instance_flexibility_policy.instance_selections.rank: '- (Optional), Preference of this instance selection. Lower number means higher preference. Managed instance group will first try to create a VM based on the machine-type with lowest rank and fallback to next rank based on availability. Machine types and instance selections with the same rank have the same preference.' instance_group: '- The full URL of the instance group created by the manager.' instance_lifecycle_policy.default_action_on_failure: '- (Optional), Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired.' instance_lifecycle_policy.force_update_on_repair: '- (Optional), Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group''s update policy type.' @@ -45917,7 +49961,7 @@ resources: is not provided, the provider project is used. region: '- (Optional) The region where the managed instance group resides. If not provided, the provider region is used.' self_link: '- The URL of the created resource.' - standby_policy: '- (Optional Beta) The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation and API' + standby_policy: '- (Optional) The standby policy for stopped and suspended instances. Structure is documented below. For more information, see the official documentation.' standby_policy.initial_delay_sec: '- (Optional) - Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.' standby_policy.mode: '- (Optional) - Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. Valid options are: MANUAL, SCALE_OUT_POOL. If MANUAL(default), you have full control over which VMs are stopped and suspended in the MIG. If SCALE_OUT_POOL, the MIG uses the VMs from the standby pools to accelerate the scale out by resuming or starting them and then automatically replenishes the standby pool with new VMs to maintain the target sizes.' stateful.has_stateful_config: '- A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.' @@ -45949,8 +49993,8 @@ resources: - (Optional), The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version. - target_stopped_size: '- (Optional Beta) The target number of stopped instances for this managed instance group.' - target_suspended_size: '- (Optional Beta) The target number of suspended instances for this managed instance group.' + target_stopped_size: '- (Optional) The target number of stopped instances for this managed instance group.' + target_suspended_size: '- (Optional) The target number of suspended instances for this managed instance group.' update: '- Default is 15 minutes.' update_policy: '- (Optional) The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API' update_policy.instance_redistribution_type: '- (Optional) - The instance redistribution policy for regional managed instance groups. Valid values are: "PROACTIVE", "NONE". If PROACTIVE (default), the group attempts to maintain an even distribution of VM instances across zones in the region. If NONE, proactive redistribution is disabled.' @@ -45968,7 +50012,7 @@ resources: version deals with a specific instance template, allowing canary release scenarios. Structure is documented below. version.instance_template: '- (Required) - The full URL to an instance template from which all new instances of this version will be created.' - version.name: '- (Required) - Version name.' + version.name: '- (Optional) - Version name.' version.target_size: '- (Optional) - The number of instances calculated as a fixed number or a percentage depending on the settings. Structure is documented below.' version_target.version_target: '- A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances'' target version are specified by version field on Instance Group Manager.' wait_for_instances: |- @@ -46180,9 +50224,12 @@ resources: this instance template. This field can take the following values: PREMIUM, STANDARD or FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM. advanced_machine_features: (Optional) - Configure Nested Virtualisation and Simultaneous Hyper Threading on this VM. Structure is documented below - advanced_machine_features.enable_nested_virtualization: (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false. - advanced_machine_features.threads_per_core: (Optional) The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. - advanced_machine_features.visible_core_count: (Optional, ) The number of physical cores to expose to an instance. visible cores info (VC). + advanced_machine_features.enable_nested_virtualization: '- (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false.' + advanced_machine_features.enable_uefi_networking: '- (Optional) Whether to enable UEFI networking for instance creation.' + advanced_machine_features.performance_monitoring_unit: '- (Optional) The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are STANDARD, ENHANCED, and ARCHITECTURAL.' + advanced_machine_features.threads_per_core: '- (Optional) The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1.' + advanced_machine_features.turbo_mode: '- (Optional) Turbo frequency mode to use for the instance. Supported modes are currently either ALL_CORE_MAX or unset (default).' + advanced_machine_features.visible_core_count: '- (Optional) The number of physical cores to expose to an instance. visible cores info (VC).' alias_ip_range.ip_cidr_range: |- - The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by @@ -46197,9 +50244,10 @@ resources: - (Optional) Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false. confidential_instance_config: (Optional) - Enable Confidential Mode on this VM. Structure is documented below - confidential_instance_config.confidential_instance_type: '(Optional) Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM. TDX is only available in beta.' + confidential_instance_config.confidential_instance_type: '(Optional) Defines the confidential computing technology the instance uses. SEV is an AMD feature. TDX is an Intel feature. One of the following values is required: SEV, SEV_SNP, TDX. on_host_maintenance can be set to MIGRATE if confidential_instance_type is set to SEV and min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. If SEV_SNP, currently min_cpu_platform has to be set to "AMD Milan" or this will fail to create the VM.' confidential_instance_config.enable_confidential_compute: (Optional) Defines whether the instance should have confidential compute enabled with AMD SEV. If enabled, on_host_maintenance can be set to MIGRATE if min_cpu_platform is set to "AMD Milan". Otherwise, on_host_maintenance has to be set to TERMINATE or this will fail to create the VM. create: '- Default is 4 minutes.' + creation_timestamp: '- Creation timestamp in RFC3339 text format.' custom-VCPUS-MEM_IN_MB: like custom-6-20480 for 6 vCPU and 20GB of RAM. delete: '- Default is 4 minutes.' description: '- (Optional) A brief description of this resource.' @@ -46288,6 +50336,7 @@ resources: ipv6_access_config.network_tier: |- - (Optional) The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM and STANDARD tier is valid for IPv6. + key_revocation_action_type: '- (optional) Action to be taken when a customer''s encryption key is revoked. Supports STOP and NONE, with NONE being the default.' labels: |- - (Optional) A set of key/value label pairs to assign to instances created from this template. @@ -46322,7 +50371,9 @@ resources: this blank, Terraform will auto-generate a unique name. name_prefix: |- - (Optional) Creates a unique name beginning with the specified - prefix. Conflicts with name. + prefix. Conflicts with name. Max length is 54 characters. + Prefixes with lengths longer than 37 characters will use a shortened + UUID that will be more prone to collisions. network_interface: |- - (Required) Networks to attach to instances created from this template. This can be specified multiple times for multiple networks. @@ -46333,7 +50384,7 @@ resources: is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance - on that network). This block can be repeated multiple times. Structure documented below. + on that network). This block can be specified once per network_interface. Structure documented below. network_interface.alias_ip_range: |- - (Optional) An array of alias IP ranges for this network interface. Can only be specified for network @@ -46349,7 +50400,7 @@ resources: network_interface.network_ip: |- - (Optional) The private IP address to assign to the instance. If empty, the address will be automatically assigned. - network_interface.nic_type: '- (Optional) The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET.' + network_interface.nic_type: '- (Optional) The type of vNIC to be used on this interface. Possible values: GVNIC, VIRTIO_NET. In the beta provider the additional values of MRDMA and IRDMA are supported.' network_interface.queue_count: '- (Optional) The networking queue count that''s specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.' network_interface.stack_type: '- (Optional) The stack type for this network interface to identify whether the IPv6 feature is enabled or not. Values are IPV4_IPV6 or IPV4_ONLY. If not specified, IPV4_ONLY will be used.' network_interface.subnetwork: |- @@ -46396,6 +50447,8 @@ resources: - (Optional) Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true. + scheduling.availability_domain: '- (Optional) Specifies the availability domain to place the instance in. The value must be a number between 1 and the number of availability domains specified in the spread placement policy attached to the instance.' + scheduling.host_error_timeout_seconds: '- (Optional) Beta Specifies the time in seconds for host error detection, the value must be within the range of [90, 330] with the increment of 30, if unset, the default behavior of host error recovery will be used.' scheduling.instance_termination_action: '- (Optional) Describe the type of termination action for SPOT VM. Can be STOP or DELETE. Read more on here' scheduling.max_run_duration: '- (Optional) The duration of the instance. Instance will run and be terminated after then, the termination action could be defined in instance_termination_action. Only support DELETE instance_termination_action at this point. Structure is documented below.' scheduling.node_affinities: |- @@ -46596,6 +50649,9 @@ resources: (Optional) IPv4 address external endpoint. This can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT. + network_endpoint_id: |- + - + The unique identifier number for the resource. This identifier is defined by the server. port: |- - (Required) @@ -46773,13 +50829,14 @@ resources: } ], "runtime": "nodejs", - "service": "appengine-network-endpoint-group", + "service": "appengine-neg", "version_id": "v1" } google_storage_bucket.appengine_neg: |- { "location": "US", - "name": "appengine-neg" + "name": "appengine-neg", + "uniform_bucket_level_access": true } google_storage_bucket_object.appengine_neg: |- { @@ -46811,6 +50868,11 @@ resources: "name": "psc-neg", "network": "${google_compute_network.default.self_link}", "network_endpoint_type": "PRIVATE_SERVICE_CONNECT", + "psc_data": [ + { + "producer_port": "88" + } + ], "psc_target_service": "${google_compute_service_attachment.default.self_link}", "region": "europe-west4", "subnetwork": "${google_compute_subnetwork.default.self_link}" @@ -46822,11 +50884,15 @@ resources: dependencies: google_compute_forwarding_rule.default: |- { - "all_ports": true, "backend_service": "${google_compute_region_backend_service.default.id}", "load_balancing_scheme": "INTERNAL", "name": "psc-forwarding-rule", "network": "${google_compute_network.default.name}", + "ports": [ + "80", + "88", + "443" + ], "region": "europe-west4", "subnetwork": "${google_compute_subnetwork.default.name}" } @@ -47050,6 +51116,18 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + psc_data: |- + - + (Optional) + This field is only used for PSC NEGs. + Structure is documented below. + psc_data.producer_port: |- + - + (Optional) + The PSC producer port to use when consumer PSC NEG connects to a producer. If + this flag isn't specified for a PSC NEG with endpoint type + private-service-connect, then PSC NEG will be connected to a first port in the + available PSC producer port range. psc_target_service: |- - (Optional) @@ -47153,27 +51231,28 @@ resources: name: google_compute_region_network_firewall_policy_association title: "" examples: - - name: primary + - name: default manifest: |- { - "attachment_target": "${google_compute_network.basic_network.id}", - "firewall_policy": "${google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy.name}", - "name": "association", + "attachment_target": "${google_compute_network.network.id}", + "firewall_policy": "${google_compute_region_network_firewall_policy.policy.id}", + "name": "my-association", "project": "my-project-name", "region": "us-west1" } references: - attachment_target: google_compute_network.basic_network.id - firewall_policy: google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy.name + attachment_target: google_compute_network.network.id + firewall_policy: google_compute_region_network_firewall_policy.policy.id dependencies: - google_compute_network.basic_network: |- + google_compute_network.network: |- { - "name": "network" + "auto_create_subnetworks": false, + "name": "my-network" } - google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy: |- + google_compute_region_network_firewall_policy.policy: |- { "description": "Sample global network firewall policy", - "name": "policy", + "name": "my-policy", "project": "my-project-name", "region": "us-west1" } @@ -47187,16 +51266,15 @@ resources: firewall_policy: |- - (Required) - The firewall policy ID of the association. + The firewall policy of the resource. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/associations/{{name}}' name: |- - (Required) The name for an association. project: |- - - - (Optional) - The project for the resource + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. region: |- - (Optional) @@ -47207,7 +51285,7 @@ resources: importStatements: [] google_compute_region_network_firewall_policy_rule: subCategory: Compute Engine - description: The Compute NetworkFirewallPolicyRule resource + description: Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny). name: google_compute_region_network_firewall_policy_rule title: "" examples: @@ -47241,7 +51319,7 @@ resources: ], "src_secure_tags": [ { - "name": "tagValues/${google_tags_tag_value.basic_value.name}" + "name": "${google_tags_tag_value.basic_value.id}" } ], "src_threat_intelligences": [ @@ -47259,6 +51337,7 @@ resources: references: firewall_policy: google_compute_region_network_firewall_policy.basic_regional_network_firewall_policy.name match.src_address_groups: google_network_security_address_group.basic_regional_networksecurity_address_group.id + match.src_secure_tags.name: google_tags_tag_value.basic_value.id dependencies: google_compute_network.basic_network: |- { @@ -47279,7 +51358,7 @@ resources: "208.80.154.224/32" ], "location": "us-west1", - "name": "policy", + "name": "address", "parent": "projects/my-project-name", "type": "IPV4" } @@ -47296,7 +51375,7 @@ resources: google_tags_tag_value.basic_value: |- { "description": "For valuename resources.", - "parent": "tagKeys/${google_tags_tag_key.basic_key.name}", + "parent": "${google_tags_tag_key.basic_key.id}", "short_name": "tagvalue" } argumentDocs: @@ -47305,11 +51384,15 @@ resources: (Required) The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group". create: '- Default is 20 minutes.' + creation_timestamp: |- + - + Creation timestamp in RFC3339 text format. delete: '- Default is 20 minutes.' direction: |- - (Required) - The direction in which this rule applies. Possible values: INGRESS, EGRESS + The direction in which this rule applies. + Possible values are: INGRESS, EGRESS. firewall_policy: |- - (Required) @@ -47318,127 +51401,594 @@ resources: kind: |- - Type of the resource. Always compute#firewallPolicyRule for firewall policy rules - layer4_configs.description: |- + layer4_configs.ip_protocol: |- + - + (Required) + The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. + This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. + layer4_configs.ports: |- - (Optional) - An optional description for this resource. - layer4_configs.disabled: |- + An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and ["12345-12349"]. + match: |- + - + (Required) + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + match.dest_address_groups: |- - (Optional) - Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled. - layer4_configs.enable_logging: |- + Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. + match.dest_fqdns: |- - (Optional) - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules. - layer4_configs.ip_protocol: |- + Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100. + match.dest_ip_ranges: |- + - + (Optional) + CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. + match.dest_region_codes: |- + - + (Optional) + Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000. + match.dest_threat_intelligences: |- + - + (Optional) + Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination. + match.layer4_configs: |- - (Required) - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number. - layer4_configs.ports: |- + Pairs of IP protocols and ports that the rule should match. + Structure is documented below. + match.src_address_groups: |- - (Optional) - An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``. - layer4_configs.project: |- + Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. + match.src_fqdns: |- - (Optional) - The project for the resource - layer4_configs.region: |- + Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100. + match.src_ip_ranges: |- + - + (Optional) + CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. + match.src_region_codes: |- + - + (Optional) + Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000. + match.src_secure_tags: |- + - + (Optional) + List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256. + Structure is documented below. + match.src_threat_intelligences: |- + - + (Optional) + Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source. + priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. + rule_tuple_count: |- + - + Calculation of the complexity of a single firewall policy rule. + src_secure_tags.description: |- + - + (Optional) + An optional description for this resource. + src_secure_tags.disabled: |- + - + (Optional) + Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. + If this is unspecified, the firewall policy rule will be enabled. + src_secure_tags.enable_logging: |- + - + (Optional) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export destination in Stackdriver. + Logs may be exported to BigQuery or Pub/Sub. + Note: you cannot enable logging on "goto_next" rules. + src_secure_tags.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + src_secure_tags.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + src_secure_tags.region: |- - (Optional) The location of this resource. - layer4_configs.rule_name: |- + src_secure_tags.rule_name: |- - (Optional) An optional name for the rule. This field is not a unique identifier and can be updated. - layer4_configs.security_profile_group: |- + src_secure_tags.security_profile_group: |- - (Optional) - A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. - layer4_configs.target_secure_tags: |- + A fully-qualified URL of a SecurityProfile resource instance. + Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. + Security Profile Group and Firewall Policy Rule must be in the same scope. + src_secure_tags.state: |- + - + (Output) + State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. + src_secure_tags.target_secure_tags: |- - (Optional) - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256. - layer4_configs.target_service_accounts: |- + A list of secure tags that controls which instances the firewall rule applies to. + If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256. + Structure is documented below. + src_secure_tags.target_service_accounts: |- - (Optional) A list of service accounts indicating the sets of instances that are applied with this rule. - layer4_configs.tls_inspect: |- + src_secure_tags.tls_inspect: |- - (Optional) - Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. - match: |- + Boolean flag indicating if the traffic should be TLS decrypted. + Can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + target_secure_tags.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + target_secure_tags.state: |- + - + (Output) + State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. + update: '- Default is 20 minutes.' + importStatements: [] + google_compute_region_network_firewall_policy_with_rules: + subCategory: Compute Engine + description: The Compute NetworkFirewallPolicy with rules resource + name: google_compute_region_network_firewall_policy_with_rules + title: "" + examples: + - name: region-network-firewall-policy-with-rules + manifest: |- + { + "description": "Terraform test", + "name": "tf-region-fw-policy-with-rules", + "provider": "${google-beta}", + "region": "us-west2", + "rule": [ + { + "action": "allow", + "description": "tcp rule", + "direction": "EGRESS", + "enable_logging": true, + "match": [ + { + "dest_address_groups": [ + "${google_network_security_address_group.address_group_1.id}" + ], + "dest_fqdns": [ + "www.yyy.com", + "www.zzz.com" + ], + "dest_ip_ranges": [ + "11.100.0.1/32" + ], + "dest_region_codes": [ + "HK", + "IN" + ], + "dest_threat_intelligences": [ + "iplist-search-engines-crawlers", + "iplist-tor-exit-nodes" + ], + "layer4_config": [ + { + "ip_protocol": "tcp", + "ports": [ + 8080, + 7070 + ] + } + ] + } + ], + "priority": 1000, + "target_secure_tag": [ + { + "name": "${google_tags_tag_value.secure_tag_value_1.id}" + } + ] + }, + { + "action": "deny", + "description": "udp rule", + "direction": "INGRESS", + "disabled": true, + "enable_logging": false, + "match": [ + { + "layer4_config": [ + { + "ip_protocol": "udp" + } + ], + "src_address_groups": [ + "${google_network_security_address_group.address_group_1.id}" + ], + "src_fqdns": [ + "www.abc.com", + "www.def.com" + ], + "src_ip_ranges": [ + "0.0.0.0/0" + ], + "src_region_codes": [ + "US", + "CA" + ], + "src_secure_tag": [ + { + "name": "${google_tags_tag_value.secure_tag_value_1.id}" + } + ], + "src_threat_intelligences": [ + "iplist-known-malicious-ips", + "iplist-public-clouds" + ] + } + ], + "priority": 2000, + "rule_name": "test-rule" + } + ] + } + references: + provider: google-beta + rule.match.dest_address_groups: google_network_security_address_group.address_group_1.id + rule.match.src_address_groups: google_network_security_address_group.address_group_1.id + rule.match.src_secure_tag.name: google_tags_tag_value.secure_tag_value_1.id + rule.target_secure_tag.name: google_tags_tag_value.secure_tag_value_1.id + dependencies: + google_network_security_address_group.address_group_1: |- + { + "capacity": 100, + "description": "Regional address group", + "items": [ + "208.80.154.224/32" + ], + "location": "us-west2", + "name": "tf-address-group", + "parent": "${data.google_project.project.id}", + "provider": "${google-beta}", + "type": "IPV4" + } + google_tags_tag_key.secure_tag_key_1: |- + { + "description": "Tag key", + "parent": "${data.google_project.project.id}", + "provider": "${google-beta}", + "purpose": "GCE_FIREWALL", + "purpose_data": { + "network": "${data.google_project.project.name}/default" + }, + "short_name": "tf-tag-key" + } + google_tags_tag_value.secure_tag_value_1: |- + { + "description": "Tag value", + "parent": "${google_tags_tag_key.secure_tag_key_1.id}", + "provider": "${google-beta}", + "short_name": "tf-tag-value" + } + argumentDocs: + create: '- Default is 20 minutes.' + creation_timestamp: |- + - + Creation timestamp in RFC3339 text format. + delete: '- Default is 20 minutes.' + fingerprint: |- + - + Fingerprint of the resource. This field is used internally during updates of this resource. + id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}' + layer4_config.ip_protocol: |- - (Required) - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + layer4_config.ports: |- + - + (Optional) + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. match.dest_address_groups: |- - (Optional) - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules. + Address groups which should be matched against the traffic destination. + Maximum number of destination address groups is 10. match.dest_fqdns: |- - (Optional) - Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress. + Fully Qualified Domain Name (FQDN) which should be matched against + traffic destination. Maximum number of destination fqdn allowed is 100. match.dest_ip_ranges: |- - (Optional) - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000. + Destination IP address range in CIDR format. Required for + EGRESS rules. match.dest_region_codes: |- - (Optional) - The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress. + Region codes whose IP addresses will be used to match for destination + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of destination region codes allowed is 5000. match.dest_threat_intelligences: |- - (Optional) - Name of the Google Cloud Threat Intelligence list. - match.layer4_configs: |- + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic destination. + match.layer4_config: |- - (Required) Pairs of IP protocols and ports that the rule should match. + Structure is documented below. match.src_address_groups: |- - (Optional) - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules. + Address groups which should be matched against the traffic source. + Maximum number of source address groups is 10. match.src_fqdns: |- - (Optional) - Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress. + Fully Qualified Domain Name (FQDN) which should be matched against + traffic source. Maximum number of source fqdn allowed is 100. match.src_ip_ranges: |- - (Optional) - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000. + Source IP address range in CIDR format. Required for + INGRESS rules. match.src_region_codes: |- - (Optional) - The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress. - match.src_secure_tags: |- + Region codes whose IP addresses will be used to match for source + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of source region codes allowed is 5000. + match.src_secure_tag: |- - (Optional) - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256. + List of secure tag values, which should be matched at the source + of the traffic. + For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, + and there is no srcIpRange, this rule will be ignored. + Maximum number of source tag values allowed is 256. + Structure is documented below. match.src_threat_intelligences: |- - (Optional) - Name of the Google Cloud Threat Intelligence list. - priority: |- + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic source. + name: |- - (Required) - An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority. - rule_tuple_count: |- + User-provided name of the Network firewall policy. + The name should be unique in the project in which the firewall policy is created. + The name must be 1-63 characters long, and comply with RFC1035. Specifically, + the name must be 1-63 characters long and match the regular expression a-z? + which means the first character must be a lowercase letter, and all following characters must be a dash, + lowercase letter, or digit, except the last character, which cannot be a dash. + network_firewall_policy_id: |- - - Calculation of the complexity of a single firewall policy rule. - src_secure_tags.name: |- + The unique identifier for the resource. This identifier is defined by the server. + predefined_rules: |- + - + A list of firewall policy pre-defined rules. + Structure is documented below. + predefined_rules.action: |- + - + (Output) + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + predefined_rules.description: |- + - + (Output) + A description of the rule. + predefined_rules.direction: |- + - + (Output) + The direction in which this rule applies. If unspecified an INGRESS rule is created. + predefined_rules.disabled: |- + - + (Output) + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + predefined_rules.enable_logging: |- + - + (Output) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + predefined_rules.match: |- + - + (Output) + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + predefined_rules.priority: |- + - + (Output) + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + predefined_rules.rule_name: |- + - + (Output) + An optional name for the rule. This field is not a unique identifier + and can be updated. + predefined_rules.security_profile_group: |- + - + (Output) + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + predefined_rules.target_secure_tag: |- + - + (Output) + A list of secure tags that controls which instances the firewall rule + applies to. If targetSecureTag are specified, then the + firewall rule applies only to instances in the VPC network that have one + of those EFFECTIVE secure tags, if all the target_secure_tag are in + INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as + targetServiceAccounts. + If neither targetServiceAccounts nor + targetSecureTag are specified, the firewall rule applies + to all instances on the specified network. + Maximum number of target label tags allowed is 256. + Structure is documented below. + predefined_rules.target_service_accounts: |- + - + (Output) + A list of service accounts indicating the sets of + instances that are applied with this rule. + predefined_rules.tls_inspect: |- + - + (Output) + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + rule: |- - (Required) - Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+ - src_secure_tags.state: |- + A list of firewall policy rules. + Structure is documented below. + rule.action: |- - - [Output Only] State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. - target_secure_tags.name: |- + (Required) + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + rule.description: |- + - + (Optional) + A description of the rule. + rule.direction: |- + - + (Optional) + The direction in which this rule applies. If unspecified an INGRESS rule is created. + Possible values are: INGRESS, EGRESS. + rule.disabled: |- + - + (Optional) + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + rule.enable_logging: |- + - + (Optional) + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + rule.match: |- - (Required) - Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+ - target_secure_tags.state: |- + A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + rule.priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + rule.rule_name: |- + - + (Optional) + An optional name for the rule. This field is not a unique identifier + and can be updated. + rule.security_profile_group: |- + - + (Optional) + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + rule.target_secure_tag: |- + - + (Optional) + A list of secure tags that controls which instances the firewall rule + applies to. If targetSecureTag are specified, then the + firewall rule applies only to instances in the VPC network that have one + of those EFFECTIVE secure tags, if all the target_secure_tag are in + INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as + targetServiceAccounts. + If neither targetServiceAccounts nor + targetSecureTag are specified, the firewall rule applies + to all instances on the specified network. + Maximum number of target label tags allowed is 256. + Structure is documented below. + rule.target_service_accounts: |- - - [Output Only] State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted. + (Optional) + A list of service accounts indicating the sets of + instances that are applied with this rule. + rule.tls_inspect: |- + - + (Optional) + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + rule_tuple_count: |- + - + Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. + self_link: |- + - + Server-defined URL for the resource. + self_link_with_id: |- + - + Server-defined URL for this resource with the resource id. + src_secure_tag.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + src_secure_tag.state: |- + - + (Output) + [Output Only] State of the secure tag, either EFFECTIVE or + INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted + or its network is deleted. + target_secure_tag.description: |- + - + (Optional) + An optional description of this resource. + target_secure_tag.name: |- + - + (Optional) + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + target_secure_tag.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + target_secure_tag.region: |- + - + (Optional) + The region of this resource. + target_secure_tag.state: |- + - + (Output) + [Output Only] State of the secure tag, either EFFECTIVE or + INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted + or its network is deleted. update: '- Default is 20 minutes.' importStatements: [] google_compute_region_per_instance_config: @@ -47645,6 +52195,301 @@ resources: State will be removed on the next instance recreation or update. update: '- Default is 20 minutes.' importStatements: [] + google_compute_region_resize_request: + subCategory: Compute Engine + description: Represents a Regional Managed Instance Group Resize Request Resize Requests are the Managed Instance Group implementation of Dynamic Workload Scheduler Flex Start. + name: google_compute_region_resize_request + title: "" + examples: + - name: a3_resize_request + manifest: |- + { + "description": "Test resize request resource", + "instance_group_manager": "${google_compute_region_instance_group_manager.a3_dws.name}", + "name": "a3-dws", + "provider": "${google-beta}", + "region": "us-central1", + "requested_run_duration": [ + { + "nanos": 0, + "seconds": 14400 + } + ], + "resize_by": 2 + } + references: + instance_group_manager: google_compute_region_instance_group_manager.a3_dws.name + provider: google-beta + dependencies: + google_compute_region_instance_group_manager.a3_dws: |- + { + "base_instance_name": "a3-dws", + "distribution_policy_target_shape": "ANY_SINGLE_ZONE", + "distribution_policy_zones": [ + "us-central1-a", + "us-central1-b", + "us-central1-c", + "us-central1-f" + ], + "instance_lifecycle_policy": [ + { + "default_action_on_failure": "DO_NOTHING" + } + ], + "name": "a3-dws", + "provider": "${google-beta}", + "region": "us-central1", + "update_policy": [ + { + "instance_redistribution_type": "NONE", + "max_surge_fixed": 0, + "max_unavailable_fixed": 6, + "minimal_action": "REPLACE", + "type": "OPPORTUNISTIC" + } + ], + "version": [ + { + "instance_template": "${google_compute_region_instance_template.a3_dws.self_link}" + } + ], + "wait_for_instances": false + } + google_compute_region_instance_template.a3_dws: |- + { + "can_ip_forward": false, + "description": "This template is used to create a mig instance that is compatible with DWS resize requests.", + "disk": [ + { + "auto_delete": true, + "boot": true, + "disk_size_gb": "960", + "disk_type": "pd-ssd", + "mode": "READ_WRITE", + "source_image": "cos-cloud/cos-105-lts" + } + ], + "guest_accelerator": [ + { + "count": 8, + "type": "nvidia-h100-80gb" + } + ], + "instance_description": "A3 GPU", + "machine_type": "a3-highgpu-8g", + "name": "a3-dws", + "network_interface": [ + { + "network": "default" + } + ], + "provider": "${google-beta}", + "region": "us-central1", + "reservation_affinity": [ + { + "type": "NO_RESERVATION" + } + ], + "scheduling": [ + { + "automatic_restart": false, + "on_host_maintenance": "TERMINATE" + } + ], + "shielded_instance_config": [ + { + "enable_integrity_monitoring": true, + "enable_vtpm": true + } + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + creation_timestamp: |- + - + The creation timestamp for this resize request in RFC3339 text format. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of this resize-request. + error.errors: |- + - + (Output) + The array of errors encountered while processing this operation. + Structure is documented below. + error.errors.code: |- + - + (Output) + The error type identifier for this error. + error.errors.error_details: |- + - + (Output) + An array of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + Structure is documented below. + error.errors.location: |- + - + (Output) + Indicates the field in the request that caused the error. This property is optional. + error.errors.message: |- + - + (Output) + An optional, human-readable error message. + error_details.error_info: |- + - + (Output) + A nested object resource. + Structure is documented below. + error_details.help: |- + - + (Output) + A nested object resource. + Structure is documented below. + error_details.localized_message: |- + - + (Output) + A nested object resource. + Structure is documented below. + error_details.quota_info: |- + - + (Output) + A nested object resource. + Structure is documented below. + error_info.domain: |- + - + (Output) + The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". + error_info.metadatas: |- + - + (Output) + Additional structured details about this error. + error_info.reason: |- + - + (Output) + The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. + help.links: |- + - + (Output) + A nested object resource. + Structure is documented below. + help.links.description: |- + - + (Output) + Describes what the link offers. + help.links.url: |- + - + (Output) + The URL of the link. + id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{instance_group_manager}}/resizeRequests/{{name}}' + instance_group_manager: |- + - + (Required) + The reference of the regional instance group manager this ResizeRequest is a part of. + last_attempt.error: |- + - + (Output) + Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + Structure is documented below. + last_attempt.error.errors: |- + - + (Output) + The array of errors encountered while processing this operation. + Structure is documented below. + last_attempt.error.errors.code: |- + - + (Output) + The error type identifier for this error. + last_attempt.error.errors.error_details: |- + - + (Output) + An array of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + Structure is documented below. + last_attempt.error.errors.location: |- + - + (Output) + Indicates the field in the request that caused the error. This property is optional. + last_attempt.error.errors.message: |- + - + (Output) + An optional, human-readable error message. + localized_message.locale: |- + - + (Output) + The locale used following the specification defined at https://www.rfc-editor.org/rfc/bcp/bcp47.txt. Examples are: "en-US", "fr-CH", "es-MX" + localized_message.message: |- + - + (Output) + The localized error message in the above locale. + name: |- + - + (Required) + The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + quota_info.dimensions: |- + - + (Output) + The map holding related quota dimensions + quota_info.future_limit: |- + - + (Output) + Future quota limit being rolled out. The limit's unit depends on the quota type or metric. + quota_info.limit: |- + - + (Output) + Current effective quota limit. The limit's unit depends on the quota type or metric. + quota_info.limit_name: |- + - + (Output) + The name of the quota limit. + quota_info.metric_name: |- + - + (Output) + The Compute Engine quota metric name. + quota_info.rollout_status: |- + - + (Output) + Rollout status of the future quota limit. + region: |- + - + (Required) + The reference of the compute region scoping this request. + requested_run_duration: |- + - + (Optional) + Requested run duration for instances that will be created by this request. At the end of the run duration instances will be deleted. + Structure is documented below. + requested_run_duration.nanos: |- + - + (Optional) + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + requested_run_duration.seconds: |- + - + (Required) + Span of time at a resolution of a second. Must be from 600 to 604800 inclusive. Note: minimum and maximum allowed range for requestedRunDuration is 10 minutes (600 seconds) and 7 days(604800 seconds) correspondingly. + resize_by: |- + - + (Required) + The number of instances to be created by this resize request. The group's target size will be increased by this number. + state: |- + - + Current state of the request. + status: |- + - + Status of the request. + Structure is documented below. + status.error: |- + - + (Output) + Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + Structure is documented below. + status.last_attempt: |- + - + (Output) + Information about the last attempt to fulfill the request. The value is temporary since the ResizeRequest can retry, as long as it's still active and the last attempt value can either be cleared or replaced with a different error. Since ResizeRequest retries infrequently, the value may be stale and no longer show an active problem. The value is cleared when ResizeRequest transitions to the final state (becomes inactive). If the final state is FAILED the error describing it will be storred in the "error" field only. + Structure is documented below. + importStatements: [] google_compute_region_security_policy: subCategory: Compute Engine description: Represents a Region Cloud Armor Security Policy resource. @@ -47702,10 +52547,65 @@ resources: } references: provider: google-beta + - name: region-sec-policy-with-rules + manifest: |- + { + "description": "basic region security policy with multiple rules", + "name": "my-sec-policy-with-rules", + "provider": "${google-beta}", + "rules": [ + { + "action": "deny", + "match": [ + { + "expr": [ + { + "expression": "request.path.matches(\"/login.html\") \u0026\u0026 token.recaptcha_session.score \u003c 0.2" + } + ] + } + ], + "priority": "1000" + }, + { + "action": "deny", + "description": "default rule", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "*" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "priority": "2147483647" + } + ], + "type": "CLOUD_ARMOR" + } + references: + provider: google-beta argumentDocs: ADVANCED: ', ADVANCED_PREVIEW, STANDARD.' + ALL: ', IP, HTTP_HEADER, XFF_IP, HTTP_COOKIE, HTTP_PATH, SNI, REGION_CODE, TLS_JA3_FINGERPRINT, USER_IP.' CLOUD_ARMOR: ', CLOUD_ARMOR_EDGE, CLOUD_ARMOR_NETWORK.' IPV4: ', IPV6, TCP, UDP.' + ban_threshold.count: |- + - + (Optional) + Number of HTTP(S) requests for calculating the threshold. + ban_threshold.interval_sec: |- + - + (Optional) + Interval over which the threshold is computed. + config.src_ip_ranges: |- + - + (Optional) + CIDR IP address range. Maximum number of srcIpRanges allowed is 10. create: '- Default is 20 minutes.' ddos_protection_config: |- - @@ -47721,27 +52621,294 @@ resources: - (Optional) An optional description of this resource. Provide this property when you create the resource. + enforce_on_key_configs.enforce_on_key_name: |- + - + (Optional) + Rate limit key name applicable only for the following key types: + HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. + HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + enforce_on_key_configs.enforce_on_key_type: |- + - + (Optional) + Determines the key to enforce the rateLimitThreshold on. Possible values are: + expr.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. fingerprint: |- - Fingerprint of this resource. This field is used internally during updates of this resource. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}' + match.config: |- + - + (Optional) + The configuration options available when specifying versionedExpr. + This field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified. + Structure is documented below. + match.expr: |- + - + (Optional) + User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. See Sample expressions for examples. + Structure is documented below. + match.versioned_expr: |- + - + (Optional) + Preconfigured versioned expression. If this field is specified, config must also be specified. + Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. + Possible values are: SRC_IPS_V1. name: |- - (Required) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + network_match.dest_ip_ranges: |- + - + (Optional) + Destination IPv4/IPv6 addresses or CIDR prefixes, in standard text format. + network_match.dest_ports: |- + - + (Optional) + Destination port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023"). + network_match.ip_protocols: |- + - + (Optional) + IPv4 protocol / IPv6 next header (after extension headers). Each element can be an 8-bit unsigned decimal number (e.g. "6"), range (e.g. "253-254"), or one of the following protocol names: "tcp", "udp", "icmp", "esp", "ah", "ipip", or "sctp". + network_match.src_asns: |- + - + (Optional) + BGP Autonomous System Number associated with the source IP address. + network_match.src_ip_ranges: |- + - + (Optional) + Source IPv4/IPv6 addresses or CIDR prefixes, in standard text format. + network_match.src_ports: |- + - + (Optional) + Source port numbers for TCP/UDP/SCTP. Each element can be a 16-bit unsigned decimal number (e.g. "80") or range (e.g. "0-1023"). + network_match.src_region_codes: |- + - + (Optional) + Two-letter ISO 3166-1 alpha-2 country code associated with the source IP address. + network_match.user_defined_fields: |- + - + (Optional) + User-defined fields. Each element names a defined field and lists the matching values for that field. + Structure is documented below. policy_id: |- - The unique identifier for the resource. This identifier is defined by the server. + preconfigured_waf_config.exclusion: |- + - + (Optional) + An exclusion to apply during preconfigured WAF evaluation. + Structure is documented below. + preconfigured_waf_config.exclusion.request_cookie: |- + - + (Optional) + Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. + Structure is documented below. + preconfigured_waf_config.exclusion.request_header: |- + - + (Optional) + Request header whose value will be excluded from inspection during preconfigured WAF evaluation. + Structure is documented below. + preconfigured_waf_config.exclusion.request_query_param: |- + - + (Optional) + Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. + Note that the parameter can be in the query string or in the POST body. + Structure is documented below. + preconfigured_waf_config.exclusion.request_uri: |- + - + (Optional) + Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. + When specifying this field, the query or fragment part should be excluded. + Structure is documented below. + preconfigured_waf_config.exclusion.target_rule_ids: |- + - + (Optional) + A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under the WAF rule set. + preconfigured_waf_config.exclusion.target_rule_set: |- + - + (Required) + Target WAF rule set to apply the preconfigured WAF exclusion. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + rate_limit_options.ban_duration_sec: |- + - + (Optional) + Can only be specified if the action for the rule is "rate_based_ban". + If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold. + rate_limit_options.ban_threshold: |- + - + (Optional) + Can only be specified if the action for the rule is "rate_based_ban". + If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'. + Structure is documented below. + rate_limit_options.conform_action: |- + - + (Optional) + Action to take for requests that are under the configured rate limit threshold. + Valid option is "allow" only. + rate_limit_options.enforce_on_key: |- + - + (Optional) + Determines the key to enforce the rateLimitThreshold on. Possible values are: + rate_limit_options.enforce_on_key_configs: |- + - + (Optional) + If specified, any combination of values of enforceOnKeyType/enforceOnKeyName is treated as the key on which ratelimit threshold/action is enforced. + You can specify up to 3 enforceOnKeyConfigs. + If enforceOnKeyConfigs is specified, enforceOnKey must not be specified. + Structure is documented below. + rate_limit_options.enforce_on_key_name: |- + - + (Optional) + Rate limit key name applicable only for the following key types: + HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. + HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value. + rate_limit_options.exceed_action: |- + - + (Optional) + Action to take for requests that are above the configured rate limit threshold, to deny with a specified HTTP response code. + Valid options are deny(STATUS), where valid values for STATUS are 403, 404, 429, and 502. + rate_limit_options.rate_limit_threshold: |- + - + (Optional) + Threshold at which to begin ratelimiting. + Structure is documented below. + rate_limit_threshold.count: |- + - + (Optional) + Number of HTTP(S) requests for calculating the threshold. + rate_limit_threshold.interval_sec: |- + - + (Optional) + Interval over which the threshold is computed. region: |- - (Optional) The Region in which the created Region Security Policy should reside. If it is not provided, the provider region is used. + request_cookie.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + Possible values are: CONTAINS, ENDS_WITH, EQUALS, EQUALS_ANY, STARTS_WITH. + request_cookie.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + request_header.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + Possible values are: CONTAINS, ENDS_WITH, EQUALS, EQUALS_ANY, STARTS_WITH. + request_header.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + request_query_param.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + Possible values are: CONTAINS, ENDS_WITH, EQUALS, EQUALS_ANY, STARTS_WITH. + request_query_param.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + request_uri.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + Possible values are: CONTAINS, ENDS_WITH, EQUALS, EQUALS_ANY, STARTS_WITH. + request_uri.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + rules: |- + - + (Optional) + The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added. + Structure is documented below. + rules.action: |- + - + (Required) + The Action to perform when the rule is matched. The following are the valid actions: + rules.description: |- + - + (Optional) + An optional description of this resource. Provide this property when you create the resource. + rules.match: |- + - + (Optional) + A match condition that incoming traffic is evaluated against. + If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + rules.network_match: |- + - + (Optional) + A match condition that incoming packets are evaluated against for CLOUD_ARMOR_NETWORK security policies. If it matches, the corresponding 'action' is enforced. + The match criteria for a rule consists of built-in match fields (like 'srcIpRanges') and potentially multiple user-defined match fields ('userDefinedFields'). + Field values may be extracted directly from the packet or derived from it (e.g. 'srcRegionCodes'). Some fields may not be present in every packet (e.g. 'srcPorts'). A user-defined field is only present if the base header is found in the packet and the entire field is in bounds. + Each match field may specify which values can match it, listing one or more ranges, prefixes, or exact values that are considered a match for the field. A field value must be present in order to match a specified match field. If no match values are specified for a match field, then any field value is considered to match it, and it's not required to be present. For strings specifying '*' is also equivalent to match all. + For a packet to match a rule, all specified match fields must match the corresponding field values derived from the packet. + Example: + networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff" + The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive + Structure is documented below. + rules.preconfigured_waf_config: |- + - + (Optional) + Preconfigured WAF configuration to be applied for the rule. + If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. + Structure is documented below. + rules.preview: |- + - + (Optional) + If set to true, the specified action is not enforced. + rules.priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority. + rules.rate_limit_options: |- + - + (Optional) + Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions. + Structure is documented below. self_link: |- - Server-defined URL for the resource. @@ -47782,6 +52949,10 @@ resources: - (Optional) Size of the field in bytes. Valid values: 1-4. + user_defined_fields.values: |- + - + (Optional) + Matching values of the field. Each element can be a 32-bit unsigned decimal or hexadecimal (starting with "0x") number (e.g. "64") or range (e.g. "0x400-0x7ff"). importStatements: [] google_compute_region_security_policy_rule: subCategory: Compute Engine @@ -47895,6 +53066,75 @@ resources: "region": "us-west2", "type": "CLOUD_ARMOR" } + - name: default_rule + manifest: |- + { + "action": "deny", + "description": "new rule", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "*" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "priority": "2147483647", + "provider": "${google-beta}", + "region": "us-west2", + "security_policy": "${google_compute_region_security_policy.default.name}" + } + references: + provider: google-beta + security_policy: google_compute_region_security_policy.default.name + dependencies: + google_compute_region_security_policy.default: |- + { + "description": "basic region security policy", + "name": "policywithdefaultrule", + "provider": "${google-beta}", + "region": "us-west2", + "type": "CLOUD_ARMOR" + } + - name: policy_rule + manifest: |- + { + "action": "allow", + "description": "new rule", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "10.10.0.0/16" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 100, + "provider": "${google-beta}", + "region": "us-west2", + "security_policy": "${google_compute_region_security_policy.default.name}" + } + references: + provider: google-beta + security_policy: google_compute_region_security_policy.default.name + dependencies: + google_compute_region_security_policy.default: |- + { + "description": "basic region security policy", + "name": "policywithdefaultrule", + "provider": "${google-beta}", + "region": "us-west2", + "type": "CLOUD_ARMOR" + } - name: policy_rule manifest: |- { @@ -48492,7 +53732,13 @@ resources: These are in the same namespace as the managed SSL certificates. name_prefix: |- - (Optional) Creates a unique name beginning with the - specified prefix. Conflicts with name. + specified prefix. Conflicts with name. Max length is 54 characters. + Prefixes with lengths longer than 37 characters will use a shortened + UUID that will be more prone to collisions. + Resulting name for a name_prefix <= 37 characters: + name_prefix + YYYYmmddHHSSssss + 8 digit incremental counter + Resulting name for a name_prefix 38 - 54 characters: + name_prefix + YYmmdd + 3 digit incremental counter private_key: |- - (Required) @@ -48573,6 +53819,67 @@ resources: ], "region": "us-central1" } + - name: default + manifest: |- + { + "http_keep_alive_timeout_sec": 600, + "name": "test-http-keep-alive-timeout-proxy", + "region": "us-central1", + "url_map": "${google_compute_region_url_map.default.id}" + } + references: + url_map: google_compute_region_url_map.default.id + dependencies: + google_compute_region_backend_service.default: |- + { + "health_checks": [ + "${google_compute_region_health_check.default.id}" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "backend-service", + "port_name": "http", + "protocol": "HTTP", + "region": "us-central1", + "timeout_sec": 10 + } + google_compute_region_health_check.default: |- + { + "http_health_check": [ + { + "port": 80 + } + ], + "name": "http-health-check", + "region": "us-central1" + } + google_compute_region_url_map.default: |- + { + "default_service": "${google_compute_region_backend_service.default.id}", + "host_rule": [ + { + "hosts": [ + "mysite.com" + ], + "path_matcher": "allpaths" + } + ], + "name": "url-map", + "path_matcher": [ + { + "default_service": "${google_compute_region_backend_service.default.id}", + "name": "allpaths", + "path_rule": [ + { + "paths": [ + "/*" + ], + "service": "${google_compute_region_backend_service.default.id}" + } + ] + } + ], + "region": "us-central1" + } - name: default manifest: |- { @@ -48604,6 +53911,14 @@ resources: - (Optional) An optional description of this resource. + http_keep_alive_timeout_sec: |- + - + (Optional) + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regional + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}' name: |- - @@ -48711,6 +54026,79 @@ resources: ], "region": "us-central1" } + - name: default + manifest: |- + { + "http_keep_alive_timeout_sec": 600, + "name": "test-http-keep-alive-timeout-proxy", + "region": "us-central1", + "ssl_certificates": [ + "${google_compute_region_ssl_certificate.default.id}" + ], + "url_map": "${google_compute_region_url_map.default.id}" + } + references: + ssl_certificates: google_compute_region_ssl_certificate.default.id + url_map: google_compute_region_url_map.default.id + dependencies: + google_compute_region_backend_service.default: |- + { + "health_checks": [ + "${google_compute_region_health_check.default.id}" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "backend-service", + "port_name": "http", + "protocol": "HTTP", + "region": "us-central1", + "timeout_sec": 10 + } + google_compute_region_health_check.default: |- + { + "http_health_check": [ + { + "port": 80 + } + ], + "name": "http-health-check", + "region": "us-central1" + } + google_compute_region_ssl_certificate.default: |- + { + "certificate": "${file(\"path/to/certificate.crt\")}", + "name": "my-certificate", + "private_key": "${file(\"path/to/private.key\")}", + "region": "us-central1" + } + google_compute_region_url_map.default: |- + { + "default_service": "${google_compute_region_backend_service.default.id}", + "description": "a description", + "host_rule": [ + { + "hosts": [ + "mysite.com" + ], + "path_matcher": "allpaths" + } + ], + "name": "url-map", + "path_matcher": [ + { + "default_service": "${google_compute_region_backend_service.default.id}", + "name": "allpaths", + "path_rule": [ + { + "paths": [ + "/*" + ], + "service": "${google_compute_region_backend_service.default.id}" + } + ] + } + ], + "region": "us-central1" + } - name: default manifest: |- { @@ -48884,6 +54272,14 @@ resources: - (Optional) An optional description of this resource. + http_keep_alive_timeout_sec: |- + - + (Optional) + Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (600 seconds) will be used. For Regioanl + HTTP(S) load balancer, the minimum allowed value is 5 seconds and the + maximum allowed value is 600 seconds. id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}' name: |- - @@ -51457,7 +56853,7 @@ resources: importStatements: [] google_compute_resize_request: subCategory: Compute Engine - description: Represents a Managed Instance Group Resize Request + description: Represents a Managed Instance Group Resize Request Resize Requests are the Managed Instance Group implementation of Dynamic Workload Scheduler Flex Start. name: google_compute_resize_request title: "" examples: @@ -51556,62 +56952,61 @@ resources: error.errors: |- - (Output) - [Output Only] The array of errors encountered while processing this operation. + The array of errors encountered while processing this operation. Structure is documented below. error.errors.code: |- - (Output) - [Output Only] The error type identifier for this error. + The error type identifier for this error. error.errors.error_details: |- - (Output) - [Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + An array of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. Structure is documented below. error.errors.location: |- - (Output) - Output Only] Indicates the field in the request that caused the error. This property is optional. + Indicates the field in the request that caused the error. This property is optional. error.errors.message: |- - (Output) - [Output Only] An optional, human-readable error message. + An optional, human-readable error message. error_details.error_info: |- - (Output) - [Output Only] + A nested object resource. Structure is documented below. error_details.help: |- - (Output) - [Output Only] + A nested object resource. Structure is documented below. error_details.localized_message: |- - (Output) - [Output Only] + A nested object resource. Structure is documented below. error_details.quota_info: |- - (Output) - [Output Only] + A nested object resource. Structure is documented below. error_info.domain: |- - (Output) - The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com". + The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". error_info.metadatas: |- - (Output) Additional structured details about this error. - Keys must match /[a-z][a-zA-Z0-9-_]+/ but should ideally be lowerCamelCase. Also they must be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request. error_info.reason: |- - (Output) - The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE. + The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. help.links: |- - (Output) - [Output Only] + A nested object resource. Structure is documented below. help.links.description: |- - @@ -51625,36 +57020,34 @@ resources: instance_group_manager: |- - (Required) - The name of the managed instance group. The name should conform to RFC1035 or be a resource ID. - Authorization requires the following IAM permission on the specified resource instanceGroupManager: - *compute.instanceGroupManagers.update + The reference of the instance group manager this ResizeRequest is a part of. last_attempt.error: |- - (Output) - [Output only] Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. Structure is documented below. last_attempt.error.errors: |- - (Output) - [Output Only] The array of errors encountered while processing this operation. + The array of errors encountered while processing this operation. Structure is documented below. last_attempt.error.errors.code: |- - (Output) - [Output Only] The error type identifier for this error. + The error type identifier for this error. last_attempt.error.errors.error_details: |- - (Output) - [Output Only] An optional list of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. + An array of messages that contain the error details. There is a set of defined message types to use for providing details.The syntax depends on the error code. For example, QuotaExceededInfo will have details when the error code is QUOTA_EXCEEDED. Structure is documented below. last_attempt.error.errors.location: |- - (Output) - Output Only] Indicates the field in the request that caused the error. This property is optional. + Indicates the field in the request that caused the error. This property is optional. last_attempt.error.errors.message: |- - (Output) - [Output Only] An optional, human-readable error message. + An optional, human-readable error message. localized_message.locale: |- - (Output) @@ -51706,32 +57099,32 @@ resources: requested_run_duration.seconds: |- - (Required) - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + Span of time at a resolution of a second. Must be from 600 to 604800 inclusive. Note: minimum and maximum allowed range for requestedRunDuration is 10 minutes (600 seconds) and 7 days(604800 seconds) correspondingly. resize_by: |- - (Required) The number of instances to be created by this resize request. The group's target size will be increased by this number. state: |- - - [Output only] Current state of the request. + Current state of the request. status: |- - - [Output only] Status of the request. + Status of the request. Structure is documented below. status.error: |- - (Output) - [Output only] Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. + Fatal errors encountered during the queueing or provisioning phases of the ResizeRequest that caused the transition to the FAILED state. Contrary to the lastAttempt errors, this field is final and errors are never removed from here, as the ResizeRequest is not going to retry. Structure is documented below. status.last_attempt: |- - (Output) - [Output only] Information about the last attempt to fulfill the request. The value is temporary since the ResizeRequest can retry, as long as it's still active and the last attempt value can either be cleared or replaced with a different error. Since ResizeRequest retries infrequently, the value may be stale and no longer show an active problem. The value is cleared when ResizeRequest transitions to the final state (becomes inactive). If the final state is FAILED the error describing it will be storred in the "error" field only. + Information about the last attempt to fulfill the request. The value is temporary since the ResizeRequest can retry, as long as it's still active and the last attempt value can either be cleared or replaced with a different error. Since ResizeRequest retries infrequently, the value may be stale and no longer show an active problem. The value is cleared when ResizeRequest transitions to the final state (becomes inactive). If the final state is FAILED the error describing it will be storred in the "error" field only. Structure is documented below. zone: |- - (Required) - Name of the compute zone scoping this request. Name should conform to RFC1035. + The reference of the compute zone scoping this request. importStatements: [] google_compute_resource_policy: subCategory: Compute Engine @@ -52320,13 +57713,25 @@ resources: URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example: next_hop_instance_zone: . + next_hop_inter_region_cost: |- + - + (Beta) + Internal fixed region-to-region cost that Google Cloud calculates based on factors such as network performance, distance, and available bandwidth between regions. next_hop_ip: |- - (Optional) Network IP address of an instance that should handle matching packets. + next_hop_med: |- + - + (Beta) + Multi-Exit Discriminator, a BGP route metric that indicates the desirability of a particular route in a network. next_hop_network: |- - URL to a Network that should handle matching packets. + next_hop_origin: |- + - + (Beta) + Indicates the origin of the route. Can be IGP (Interior Gateway Protocol), EGP (Exterior Gateway Protocol), or INCOMPLETE. next_hop_vpn_tunnel: |- - (Optional) @@ -52637,6 +58042,11 @@ resources: google_compute_address.address: |- { "count": 2, + "lifecycle": [ + { + "create_before_destroy": true + } + ], "name": "nat-manual-ip-${count.index}", "region": "${google_compute_subnetwork.subnet.region}" } @@ -52885,6 +58295,11 @@ resources: (Optional) Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. id: '- an identifier for the resource with format {{project}}/{{region}}/{{router}}/{{name}}' + initial_nat_ips: |- + - + (Optional) + Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. + Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. log_config: |- - (Optional) @@ -52925,6 +58340,9 @@ resources: (Optional) Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + If this field is used alongside with a count created list of address resources google_compute_address.foobar.*.self_link, + the access level resource for the address resource must have a lifecycle block with create_before_destroy = true so + the number of resources can be increased/decreased without triggering the resourceInUseByAnotherResource error. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -53033,6 +58451,103 @@ resources: Timeout (in seconds) for UDP connections. Defaults to 30s if not set. update: '- Default is 20 minutes.' importStatements: [] + google_compute_router_nat_address: + subCategory: Compute Engine + description: A resource used to set the list of IP addresses to be used in a NAT service and manage the draining of destroyed IPs. + name: google_compute_router_nat_address + title: "" + examples: + - name: nat_address + manifest: |- + { + "nat_ips": "${google_compute_address.address.*.self_link}", + "region": "${google_compute_router_nat.router_nat.region}", + "router": "${google_compute_router.router.name}", + "router_nat": "${google_compute_router_nat.router_nat.name}" + } + references: + region: google_compute_router_nat.router_nat.region + router: google_compute_router.router.name + router_nat: google_compute_router_nat.router_nat.name + dependencies: + google_compute_address.address: |- + { + "count": 3, + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "name": "nat-manual-ip-${count.index}", + "region": "${google_compute_subnetwork.subnet.region}" + } + google_compute_network.net: |- + { + "name": "my-network" + } + google_compute_router.router: |- + { + "name": "my-router", + "network": "${google_compute_network.net.id}", + "region": "${google_compute_subnetwork.subnet.region}" + } + google_compute_router_nat.router_nat: |- + { + "initial_nat_ips": [ + "${google_compute_address.address[0].self_link}" + ], + "name": "my-router-nat", + "nat_ip_allocate_option": "MANUAL_ONLY", + "region": "${google_compute_router.router.region}", + "router": "${google_compute_router.router.name}", + "source_subnetwork_ip_ranges_to_nat": "LIST_OF_SUBNETWORKS", + "subnetwork": [ + { + "name": "${google_compute_subnetwork.subnet.id}", + "source_ip_ranges_to_nat": [ + "ALL_IP_RANGES" + ] + } + ] + } + google_compute_subnetwork.subnet: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "my-subnetwork", + "network": "${google_compute_network.net.id}", + "region": "us-central1" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + drain_nat_ips: |- + - + (Optional) + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. + id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/routers/{{router}}/{{router_nat}}' + nat_ips: |- + - + (Required) + Self-links of NAT IPs to be used in a Nat service. Only valid if the referenced RouterNat + natIpAllocateOption is set to MANUAL_ONLY. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + Region where the NAT service reside. + router: |- + - + (Required) + The name of the Cloud Router in which the referenced NAT service is configured. + router_nat: |- + - + (Required) + The name of the Nat service in which this address will be configured. + update: '- Default is 20 minutes.' + importStatements: [] google_compute_router_peer: subCategory: Compute Engine description: BGP information that must be configured into the routing stack to establish BGP peering. @@ -53480,6 +58995,25 @@ resources: If set to DISABLED, BFD is disabled for this BGP peer. Possible values are: ACTIVE, DISABLED, PASSIVE. create: '- Default is 20 minutes.' + custom_learned_ip_ranges: |- + - + (Optional) + The custom learned route IP address range. Must be a valid CIDR-formatted prefix. + If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, + a /32 singular IP address range, and, for IPv6, /128. + Structure is documented below. + custom_learned_ip_ranges.range: |- + - + (Required) + The IP range to learn. The value must be a + CIDR-formatted string. + custom_learned_route_priority: |- + - + (Optional) + The user-defined custom learned route priority for a BGP session. + This value is applied to all custom learned route ranges for the session. + You can choose a value from 0 to 65335. If you don't provide a value, + Google Cloud assigns a priority of 100 to the ranges. delete: '- Default is 20 minutes.' enable: |- - @@ -54055,6 +59589,7 @@ resources: value, only the type/subtype needs to be specified, and the parameters should be excluded. layer_7_ddos_defense_config.enable: '- (Optional) If set to true, enables CAAP for L7 DDoS detection.' layer_7_ddos_defense_config.rule_visibility: '- (Optional) Rule visibility can be one of the following:' + layer_7_ddos_defense_config.threshold_configs: '- (Optional) Configuration options for layer7 adaptive protection for various customizable thresholds. Structure is documented below.' match.config: |- - (Optional) The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified. @@ -54119,7 +59654,7 @@ resources: rule.match: |- - (Required) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced. Structure is documented below. - rule.preconfigured_waf_config: '- (Optional, Beta) Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.' + rule.preconfigured_waf_config: '- (Optional) Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. Structure is documented below.' rule.preview: |- - (Optional) When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such. @@ -54133,7 +59668,19 @@ resources: - (Optional) Can be specified if the action is redirect. Cannot be specified for other actions. Structure is documented below. self_link: '- The URI of the created resource.' + threshold_configs.auto_deploy_confidence_threshold: '- (Optional) Confidence threshold above which Adaptive Protection''s auto-deploy takes actions.' + threshold_configs.auto_deploy_expiration_sec: '- (Optional) Duration over which Adaptive Protection''s auto-deployed actions last.' + threshold_configs.auto_deploy_impacted_baseline_threshold: '- (Optional) Impacted baseline threshold below which Adaptive Protection''s auto-deploy takes actions.' + threshold_configs.auto_deploy_load_threshold: '- (Optional) Load threshold above which Adaptive Protection automatically deploy threshold based on the backend load threshold and detect a new rule during an alerted attack.' + threshold_configs.detection_absolute_qps: '- (Optional) Detection threshold based on absolute QPS.' + threshold_configs.detection_load_threshold: '- (Optional) Detection threshold based on the backend service''s load.' + threshold_configs.detection_relative_to_baseline_qps: '- (Optional) Detection threshold based on QPS relative to the average of baseline traffic.' + threshold_configs.name: '- The name of config. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the security policy.' + threshold_configs.traffic_granularity_configs: '- (Optional) Configuration options for enabling Adaptive Protection to work on the specified service granularity. Structure is documented below.' throttle: ': limit client traffic to the configured threshold. Configure parameters for this action in rate_limit_options. Requires rate_limit_options to be set for this.' + traffic_granularity_configs.enable_each_unique_value: '- (Optional) If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.' + traffic_granularity_configs.type: '- The type of this configuration, a granular traffic unit can be one of the following:' + traffic_granularity_configs.value: '- (Optional) Requests that match this value constitute a granular traffic unit.' type: '- The type indicates the intended use of the security policy. This field can be set only at resource creation time.' importStatements: [] google_compute_security_policy_rule: @@ -54175,7 +59722,7 @@ resources: - name: default_rule manifest: |- { - "action": "allow", + "action": "deny", "description": "default rule", "match": [ { @@ -54351,6 +59898,24 @@ resources: - (Optional) A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created. + header_action: |- + - + (Optional) + Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR. + Structure is documented below. + header_action.request_headers_to_adds: |- + - + (Optional) + The list of request headers to add or overwrite if they're already present. + Structure is documented below. + header_action.request_headers_to_adds.header_name: |- + - + (Optional) + The name of the header to set. + header_action.request_headers_to_adds.header_value: |- + - + (Optional) + The value to set the named header to. id: '- an identifier for the resource with format projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}' match: |- - @@ -54496,6 +60061,19 @@ resources: - (Optional) Interval over which the threshold is computed. + redirect_options: |- + - + (Optional) + Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR. + Structure is documented below. + redirect_options.target: |- + - + (Optional) + Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA. + redirect_options.type: |- + - + (Optional) + Type of the redirect action. request_cookie.operator: |- - (Required) @@ -54936,10 +60514,22 @@ resources: An array of the consumer forwarding rules connected to this service attachment. Structure is documented below. + connected_endpoints.consumer_network: |- + - + (Output) + The url of the consumer network. connected_endpoints.endpoint: |- - (Output) The URL of the consumer forwarding rule. + connected_endpoints.propagated_connection_count: |- + - + (Output) + The number of consumer Network Connectivity Center spokes that the connected Private Service Connect endpoint has propagated to. + connected_endpoints.psc_connection_id: |- + - + (Output) + The PSC connection id of the connected endpoint. connected_endpoints.status: |- - (Output) @@ -55016,6 +60606,14 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + propagated_connection_limit: |- + - + (Optional) + The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center. + This limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer. + If the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list. + If the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint. + If unspecified, the default propagated connection limit is 250. reconcile_connections: |- - (Optional) @@ -55453,7 +61051,13 @@ resources: These are in the same namespace as the managed SSL certificates. name_prefix: |- - (Optional) Creates a unique name beginning with the - specified prefix. Conflicts with name. + specified prefix. Conflicts with name. Max length is 54 characters. + Prefixes with lengths longer than 37 characters will use a shortened + UUID that will be more prone to collisions. + Resulting name for a name_prefix <= 37 characters: + name_prefix + YYYYmmddHHSSssss + 8 digit incremental counter + Resulting name for a name_prefix 38 - 54 characters: + name_prefix + YYmmdd + 3 digit incremental counter private_key: |- - (Required) @@ -55708,6 +61312,86 @@ resources: "name": "net-cidr-overlap", "provider": "${google-beta}" } + - name: subnetwork-reserved-internal-range + manifest: |- + { + "name": "subnetwork-reserved-internal-range", + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "region": "us-central1", + "reserved_internal_range": "networkconnectivity.googleapis.com/${google_network_connectivity_internal_range.reserved.id}" + } + references: + network: google_compute_network.default.id + provider: google-beta + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "network-reserved-internal-range", + "provider": "${google-beta}" + } + google_network_connectivity_internal_range.reserved: |- + { + "name": "reserved", + "network": "${google_compute_network.default.id}", + "peering": "FOR_SELF", + "prefix_length": 24, + "provider": "${google-beta}", + "target_cidr_range": [ + "10.0.0.0/8" + ], + "usage": "FOR_VPC" + } + - name: subnetwork-reserved-secondary-range + manifest: |- + { + "name": "subnetwork-reserved-secondary-range", + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "region": "us-central1", + "reserved_internal_range": "networkconnectivity.googleapis.com/${google_network_connectivity_internal_range.reserved.id}", + "secondary_ip_range": [ + { + "range_name": "secondary", + "reserved_internal_range": "networkconnectivity.googleapis.com/${google_network_connectivity_internal_range.reserved_secondary.id}" + } + ] + } + references: + network: google_compute_network.default.id + provider: google-beta + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "network-reserved-secondary-range", + "provider": "${google-beta}" + } + google_network_connectivity_internal_range.reserved: |- + { + "name": "reserved-primary", + "network": "${google_compute_network.default.id}", + "peering": "FOR_SELF", + "prefix_length": 24, + "provider": "${google-beta}", + "target_cidr_range": [ + "10.0.0.0/8" + ], + "usage": "FOR_VPC" + } + google_network_connectivity_internal_range.reserved_secondary: |- + { + "name": "reserved-secondary", + "network": "${google_compute_network.default.id}", + "peering": "FOR_SELF", + "prefix_length": 16, + "provider": "${google-beta}", + "target_cidr_range": [ + "10.0.0.0/8" + ], + "usage": "FOR_VPC" + } argumentDocs: allow_subnet_cidr_routes_overlap: |- - @@ -55741,11 +61425,12 @@ resources: The internal IPv6 address range that is assigned to this subnetwork. ip_cidr_range: |- - - (Required) + (Optional) The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. ipv6_access_type: |- - (Optional) @@ -55830,17 +61515,22 @@ resources: purpose: |- - (Optional) - The purpose of the resource. This field can be either PRIVATE_RFC_1918, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). + The purpose of the resource. This field can be either PRIVATE, REGIONAL_MANAGED_PROXY, GLOBAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT or PRIVATE_NAT(Beta). A subnet with purpose set to REGIONAL_MANAGED_PROXY is a user-created subnetwork that is reserved for regional Envoy-based load balancers. A subnetwork in a given region with purpose set to GLOBAL_MANAGED_PROXY is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. A subnetwork with purpose set to PRIVATE_SERVICE_CONNECT reserves the subnet for hosting a Private Service Connect published service. A subnetwork with purpose set to PRIVATE_NAT is used as source range for Private NAT gateways. Note that REGIONAL_MANAGED_PROXY is the preferred setting for all regional Envoy load balancers. - If unspecified, the purpose defaults to PRIVATE_RFC_1918. + If unspecified, the purpose defaults to PRIVATE. region: |- - (Optional) The GCP region for this subnetwork. + reserved_internal_range: |- + - + (Optional) + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} role: |- - (Optional) @@ -55863,11 +61553,12 @@ resources: Structure is documented below. secondary_ip_range.ip_cidr_range: |- - - (Required) + (Optional) The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. + Field is optional when reserved_internal_range is defined, otherwise required. secondary_ip_range.range_name: |- - (Required) @@ -55875,6 +61566,11 @@ resources: when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork. + secondary_ip_range.reserved_internal_range: |- + - + (Optional) + The ID of the reserved internal range. Must be prefixed with networkconnectivity.googleapis.com + E.g. networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId} self_link: '- The URI of the created resource.' send_secondary_ip_range_if_empty: |- - (Optional) Controls the removal behavior of secondary_ip_range. @@ -55889,6 +61585,9 @@ resources: The stack type for this subnet to identify whether the IPv6 feature is enabled or not. If not specified IPV4_ONLY will be used. Possible values are: IPV4_ONLY, IPV4_IPV6. + subnetwork_id: |- + - + The unique identifier number for the resource. This identifier is defined by the server. update: '- Default is 20 minutes.' importStatements: [] google_compute_subnetwork_iam_policy: @@ -56295,10 +61994,13 @@ resources: (Optional) Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. id: '- an identifier for the resource with format projects/{{project}}/global/targetHttpProxies/{{name}}' name: |- - @@ -56664,10 +62366,13 @@ resources: (Optional) Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is - not specified, a default value (610 seconds) will be used. For Global - external HTTP(S) load balancer, the minimum allowed value is 5 seconds and - the maximum allowed value is 1200 seconds. For Global external HTTP(S) - load balancer (classic), this option is not available publicly. + not specified, a default value will be used. For Global + external HTTP(S) load balancer, the default value is 610 seconds, the + minimum allowed value is 5 seconds and the maximum allowed value is 1200 + seconds. For cross-region internal HTTP(S) load balancer, the default + value is 600 seconds, the minimum allowed value is 5 seconds, and the + maximum allowed value is 600 seconds. For Global external HTTP(S) load + balancer (classic), this option is not available publicly. id: '- an identifier for the resource with format projects/{{project}}/global/targetHttpsProxies/{{name}}' name: |- - @@ -56712,6 +62417,10 @@ resources: INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. ssl_certificates: |- - (Optional) @@ -58082,7 +63791,7 @@ resources: "5xx" ], "override_response_code": 502, - "path": "/*" + "path": "/internal_error.html" } ], "error_service": "${google_compute_backend_bucket.error.id}" @@ -58110,14 +63819,14 @@ resources: "5xx" ], "override_response_code": 404, - "path": "/login" + "path": "/login_error.html" }, { "match_response_codes": [ "503" ], "override_response_code": 502, - "path": "/example" + "path": "/bad_gateway.html" } ], "error_service": "${google_compute_backend_bucket.error.id}" @@ -58135,14 +63844,14 @@ resources: "4xx" ], "override_response_code": 401, - "path": "/register" + "path": "/login.html" } ], "error_service": "${google_compute_backend_bucket.error.id}" } ], "paths": [ - "/*" + "/private/*" ], "service": "${google_compute_backend_service.example.id}" } @@ -58268,7 +63977,7 @@ resources: default_custom_error_response_policy: |- - (Optional, Beta) - defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendService or BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors @@ -58676,7 +64385,7 @@ resources: path_matcher.default_custom_error_response_policy: |- - (Optional, Beta) - defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendService or BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors @@ -58744,7 +64453,7 @@ resources: path_rule.custom_error_response_policy: |- - (Optional, Beta) - customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. + customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendService or BackendBucket responds with an error. If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors @@ -59911,7 +65620,7 @@ resources: (Optional) Binary Authorization configuration. Structure is documented below. - fleet.deletion_policy: '- (Optional) Policy to determine what flags to send on delete.' + fleet.deletion_policy: '- (Optional) Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS' fleet.description: |- - (Optional) @@ -59943,6 +65652,11 @@ resources: (Optional) Support for proxy configuration. Structure is documented below. + fleet.security_posture_config: |- + - + (Optional, Deprecated) + Enable/Disable Security Posture API features for the cluster. + Structure is documented below. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/attachedClusters/{{name}}' kubernetes_version: |- - @@ -60015,6 +65729,11 @@ resources: reconciling: |- - If set, there are currently changes in flight to the cluster. + security_posture_config.vulnerability_mode: |- + - + (Required) + Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. + Possible values are: VULNERABILITY_DISABLED, VULNERABILITY_ENTERPRISE. state: |- - The current state of the cluster. Possible values: @@ -60689,6 +66408,14 @@ resources: ] } ], + "kubelet_config": [ + { + "cpu_cfs_quota": true, + "cpu_cfs_quota_period": "100ms", + "cpu_manager_policy": "none", + "pod_pids_limit": 1024 + } + ], "location": "us-west1", "management": [ { @@ -61253,6 +66980,22 @@ resources: - (Optional) The tenancy for the instance. Possible values: TENANCY_UNSPECIFIED, DEFAULT, DEDICATED, HOST + kubelet_config.cpu_cfs_quota: |- + - + (Optional) + Whether or not to enable CPU CFS quota. Defaults to true. + kubelet_config.cpu_cfs_quota_period: |- + - + (Optional) + Optional. The CPU CFS quota period to use for the node. Defaults to "100ms". + kubelet_config.cpu_manager_policy: |- + - + (Optional) + The CpuManagerPolicy to use for the node. Defaults to "none". + kubelet_config.pod_pids_limit: |- + - + (Optional) + Optional. The maximum number of PIDs in each pod running on the node. The limit scales automatically based on underlying machine size if left unset. location: |- - (Required) @@ -61269,6 +67012,10 @@ resources: - (Optional) Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between. + max_pods_constraint.kubelet_config: |- + - + (Optional) + The kubelet configuration for the node pool. max_pods_constraint.management: |- - (Optional) @@ -62110,6 +67857,8 @@ resources: CGROUP_MODE_UNSPECIFIED: ': CGROUP_MODE_UNSPECIFIED is when unspecified cgroup configuration is used. The default for the GKE node OS image will be used.' CGROUP_MODE_V1: ': CGROUP_MODE_V1 specifies to use cgroupv1 for the cgroup configuration on the node image.' CGROUP_MODE_V2: ': CGROUP_MODE_V2 specifies to use cgroupv2 for the cgroup configuration on the node image.' + EPHEMERAL_KEY_ENCRYPTION: ': The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.' + STANDARD_ENCRYPTION: ': The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.' additional_pod_ranges_config.pod_range_names: '- (Required) The names of the Pod ranges to add to the cluster.' addons_config: |- - (Optional) The configuration for addons supported by GKE. @@ -62161,6 +67910,12 @@ resources: otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable. + addons_config.parallelstore_csi_driver_config: |- + - (Optional) The status of the Parallelstore CSI driver addon, + which allows the usage of a Parallelstore instances as volumes. + It is disabled by default for Standard clusters; set enabled = true to enable. + It is enabled by default for Autopilot clusters with version 1.29 or later; set enabled = true to enable it explicitly. + See Enable the Parallelstore CSI driver for more information. addons_config.ray_cluster_logging_config.enabled: |- and ray_cluster_monitoring_config.enabled which control Ray Cluster logging @@ -62178,8 +67933,7 @@ resources: The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. It is disabled by default for Standard clusters. Set enabled = true to enable. advanced_datapath_observability_config.enable_metrics: '- (Required) Whether or not to enable advanced datapath metrics.' - advanced_datapath_observability_config.enable_relay: '- (Optional) Whether or not Relay is enabled.' - advanced_datapath_observability_config.relay_mode: '- (Optional, Deprecated) Mode used to make Relay available. Deprecated in favor of enable_relay field. Remove this attribute''s configuration as this field will be removed in the next major release and enable_relay will become a required field.' + advanced_datapath_observability_config.enable_relay: '- (Required) Whether or not Relay is enabled.' advanced_machine_features.enable_nested_virtualization: '- (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false.' advanced_machine_features.threads_per_core: '- (Required) The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.' allow_net_admin: |- @@ -62193,7 +67947,7 @@ resources: authenticator_groups_config.security_group: '- (Required) The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.' auto_provisioning_defaults.boot_disk_kms_key: '- (Optional) The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption' auto_provisioning_defaults.disk_size: '- (Optional) Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. Defaults to 100' - auto_provisioning_defaults.disk_type: '- (Optional) Type of the disk attached to each node (e.g. ''pd-standard'', ''pd-ssd'' or ''pd-balanced''). Defaults to pd-standard' + auto_provisioning_defaults.disk_type: '- (Optional) Type of the disk attached to each node (e.g. ''pd-standard'', ''pd-ssd'', ''pd-balanced'', or ''hyperdisk-balanced''). Defaults to hyperdisk-balanced if hyperdisk-balanced is supported and pd-balanced is not supported for the machine type; otherwise defaults to pd-balanced.' auto_provisioning_defaults.image_type: '- (Optional) The default image type used by NAP once a new node pool is being created. Please note that according to the official documentation the value must be one of the [COS_CONTAINERD, COS, UBUNTU_CONTAINERD, UBUNTU]. NOTE : COS AND UBUNTU are deprecated as of GKE 1.24' auto_provisioning_defaults.management: '- (Optional) NodeManagement configuration for this NodePool. Structure is documented below.' auto_provisioning_defaults.min_cpu_platform: |- @@ -62264,6 +68018,12 @@ resources: (Required) - Enable Confidential GKE Nodes for this node pool, to enforce encryption of data in-use. containerd_config.private_registry_access_config: '(Optional) - Configuration for private container registries. There are two fields in this config:' + control_plane_endpoints_config: |- + - (Optional) Configuration for all of the cluster's control plane endpoints. + Structure is documented below. + control_plane_endpoints_config.dns_endpoint_config: '- (Optional) DNS endpoint configuration.' + control_plane_endpoints_config.dns_endpoint_config.allow_external_traffic: '- (Optional) Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.' + control_plane_endpoints_config.dns_endpoint_config.endpoint: '- (Output) The cluster''s DNS endpoint.' cost_management_config: |- - (Optional) Configuration for the Cost Allocation feature. @@ -62289,17 +68049,21 @@ resources: default_snat_status.disabled: '- (Required) Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic' delete: '- Default is 40 minutes.' deletion_protection: |- - - (Optional) Whether or not to allow Terraform to destroy - the cluster. Unless this field is set to false in Terraform state, a - terraform destroy or terraform apply that would delete the cluster will fail. + - (Optional) Whether Terraform will be prevented from + destroying the cluster. Deleting this cluster via terraform destroy or + terraform apply will only succeed if this field is false in the Terraform + state. description: '- (Optional) Description of the cluster.' dns_config: |- - (Optional) Configuration for Using Cloud DNS for GKE. Structure is documented below. - dns_config.additive_vpc_scope_dns_domain: '- (Optional, Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.' + dns_config.additive_vpc_scope_dns_domain: '- (Optional) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = "CLOUD_DNS" and cluster_dns_scope = "CLUSTER_SCOPE" must both be set as well.' dns_config.cluster_dns: '- (Optional) Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS.' dns_config.cluster_dns_domain: '- (Optional) The suffix used for all cluster service records.' dns_config.cluster_dns_scope: '- (Optional) The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. enable_autopilot: |- - (Optional) Enable Autopilot for this cluster. Defaults to false. Note that when this option is enabled, certain features of Standard GKE are not available. @@ -62309,7 +68073,7 @@ resources: - (Optional) Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. enable_fqdn_network_policy: |- - - (Optional, Beta) + - (Optional) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. enable_intranode_visibility: |- - (Optional) @@ -62339,6 +68103,11 @@ resources: See the official documentation. enabled: (Required) - Enables private registry config. If set to false, all other fields in this object must not be set. endpoint: '- The IP address of this cluster''s Kubernetes master.' + enterprise_config: |- + - (Optional) + Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is documented below. + enterprise_config.0.cluster_tier: '- The effective tier of the cluster.' + enterprise_config.desired_tier: '- (Optional) Sets the tier of the cluster. Available options include STANDARD and ENTERPRISE.' ephemeral_storage_config.local_ssd_count: (Required) - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage. ephemeral_storage_local_ssd_config.local_ssd_count: (Required) - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage. fast_socket.enabled: (Required) - Whether or not the NCCL Fast Socket is enabled @@ -62368,6 +68137,8 @@ resources: guest_accelerator.gpu_sharing_config: (Optional) - Configuration for GPU sharing. Structure is documented below. guest_accelerator.type: (Required) - The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80. gvnic.enabled: (Required) - Whether or not the Google Virtual NIC (gVNIC) is enabled + hugepages_config.hugepage_size_1g: '- (Optional) Amount of 1G hugepages.' + hugepages_config.hugepage_size_2m: '- (Optional) Amount of 2M hugepages.' id: '- an identifier for the resource with format projects/{{project}}/locations/{{zone}}/clusters/{{name}}' identity_service_config: '- (Optional). Structure is documented below.' identity_service_config.enabled: '- (Optional) Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.' @@ -62424,13 +68195,18 @@ resources: such as "300ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". The value must be a positive duration. kubelet_config.cpu_manager_policy: |- - - (Required) The CPU management policy on the node. See + - (Optional) The CPU management policy on the node. See K8S CPU Management Policies. - One of "none" or "static". Defaults to none when kubelet_config is unset. + One of "none" or "static". If unset (or set to the empty string ""), the API will treat the field as if set to "none". + Prior to the 6.4.0 this field was marked as required. The workaround for the required field + is setting the empty string "", which will function identically to not setting this field. + kubelet_config.insecure_kubelet_readonly_port_enabled: '- (Optional) Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.' + kubelet_config.pod_pids_limit: '- (Optional) Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.' label_fingerprint: '- The fingerprint of the set of labels for this cluster.' linux_node_config.cgroup_mode: |- - (Optional) Possible cgroup modes that can be used. Accepted values are: + linux_node_config.hugepages_config: '- (Optional) Amounts for 2M and 1G hugepages. Structure is documented below.' linux_node_config.sysctls: |- - (Optional) The Linux kernel parameters to be applied to the nodes and all pods running on the nodes. Specified as a map from the key, such as @@ -62507,6 +68283,7 @@ resources: - (Optional) External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation. master_authorized_networks_config.cidr_blocks.display_name: '- (Optional) Field for users to identify CIDR blocks.' + master_authorized_networks_config.cidr_blocks.private_endpoint_enforcement_enabled: '- (Optional) Whether authorized networks is enforced on the private endpoint or not.' master_authorized_networks_config.gcp_public_cidrs_access_enabled: |- - (Optional) Whether Kubernetes master is accessible via Google Compute Engine Public IPs. @@ -62600,8 +68377,10 @@ resources: node_config.guest_accelerator: |- - (Optional) List of the type and count of accelerator cards attached to the instance. Structure documented below. - To support removal of guest_accelerators in Terraform 0.12 this field is an - Attribute as Block + Note: As of 6.0.0, argument syntax + is no longer supported for this field in favor of block syntax. + To dynamically set a list of guest accelerators, use dynamic blocks. + To set an empty list, use a single guest_accelerator block with count = 0. node_config.gvnic: |- - (Optional) Google Virtual NIC (gVNIC) is a virtual network interface. Installing the gVNIC driver allows for more efficient traffic transmission across the Google network infrastructure. @@ -62623,6 +68402,9 @@ resources: node_config.local_ssd_count: |- - (Optional) The amount of local SSD disks that will be attached to each cluster node. Defaults to 0. + node_config.local_ssd_encryption_mode: |- + - (Optional) Possible Local SSD encryption modes: + Accepted values are: node_config.logging_variant: (Optional) Parameter for specifying the type of logging agent used in a node pool. This will override any cluster-wide default value. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information. node_config.machine_type: |- - (Optional) The name of a Google Compute Engine machine type. @@ -62667,6 +68449,7 @@ resources: - (Optional) A boolean that represents whether the underlying node VMs are spot. See the official documentation for more information. Defaults to false. + node_config.storage_pools: '- (Optional) The list of Storage Pools where boot disks are provisioned.' node_config.tags: |- - (Optional) The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls. @@ -62698,6 +68481,7 @@ resources: - (Optional) Node pool configs that apply to auto-provisioned node pools in autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below. + node_pool_auto_config.linux_node_config: (Optional) - Linux system configuration for the cluster's automatically provisioned node pools. Only cgroup_mode field is supported in node_pool_auto_config. Structure is documented below. node_pool_auto_config.network_tags: (Optional) - The network tag config for the cluster's automatically provisioned node pools. Structure is documented below. node_pool_auto_config.node_kubelet_config: |- - (Optional) Kubelet configuration for Autopilot clusters. Currently, only insecure_kubelet_readonly_port_enabled is supported here. @@ -62705,7 +68489,7 @@ resources: node_pool_auto_config.resource_manager_tags: '- (Optional) A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.' node_pool_defaults: '- (Optional) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.' node_pool_defaults.node_config_defaults: (Optional) - Subset of NodeConfig message that has defaults. - node_pool_defaults.node_config_defaults.gcfs_config: (Optional, Beta) The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. + node_pool_defaults.node_config_defaults.gcfs_config: (Optional) The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. node_pool_defaults.node_config_defaults.insecure_kubelet_readonly_port_enabled: '(Optional) Controls whether the kubelet read-only port is enabled for newly created node pools in the cluster. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.' node_pool_defaults.node_config_defaults.logging_variant: (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. See Increasing logging agent throughput for more information. node_version: |- @@ -62717,8 +68501,6 @@ resources: when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool. - none.insecure_kubelet_readonly_port_enabled: '- (Optional) Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to FALSE. Possible values: TRUE, FALSE.' - none.pod_pids_limit: '- (Optional) Controls the maximum number of processes allowed to run in a pod. The value must be greater than or equal to 1024 and less than 4194304.' notification_config: '- (Optional) Configuration for the cluster upgrade notifications feature. Structure is documented below.' notification_config.pubsub: (Required) - The pubsub config for the cluster's upgrade notifications. notification_config.pubsub.enabled: (Required) - Whether or not the notification config is enabled @@ -62828,7 +68610,7 @@ resources: secondary_boot_disks.disk_image: (Required) - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME. secondary_boot_disks.mode: (Optional) - Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE. secret_manager_config: |- - - (Optional, Beta) Configuration for the + - (Optional) Configuration for the SecretManagerConfig feature. Structure is documented below. secret_manager_config.enabled: (Required) - Enable the Secret Manager add-on for this cluster. @@ -62858,6 +68640,9 @@ resources: taint.effect: (Required) Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. taint.key: (Required) Key for taint. taint.value: (Required) Value for taint. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. tpu_ipv4_cidr_block: |- - The IP address range of the Cloud TPUs in this cluster, in CIDR @@ -62984,6 +68769,8 @@ resources: '"NO_RESERVATION"': ': Do not consume from any reserved capacity.' '"SPECIFIC_RESERVATION"': ': Must consume from a specific reservation. Must specify key value fields for specifying the reservations.' '"UNSPECIFIED"': ': Default value. This should not be used.' + EPHEMERAL_KEY_ENCRYPTION: ': The given node will opt-in for using ephemeral key for encrypting Local SSDs. The Local SSDs will not be able to recover data in case of node crash.' + STANDARD_ENCRYPTION: ': The given node will be encrypted using keys managed by Google infrastructure and the keys wll be deleted when the node is deleted.' additional_node_network_configs.network: '- Name of the VPC where the additional interface belongs.' additional_node_network_configs.subnetwork: '- Name of the subnetwork where the additional interface belongs.' additional_pod_network_configs.max_pods_per_node: '- The maximum number of pods per node which use this pod network.' @@ -63012,6 +68799,9 @@ resources: batch_node_count: '- (Optional) Number of blue nodes to drain in a batch.' batch_percentage: '- (Optional) Percentage of the blue pool nodes to drain in a batch.' batch_soak_duration: '- (Optionial) Soak time after each batch gets drained.' + blue_green_settings.local_ssd_encryption_mode: |- + - (Optional) Possible Local SSD encryption modes: + Accepted values are: blue_green_settings.node_pool_soak_duration: |- - (Optional) Time needed after draining the entire blue pool. After this period, the blue pool will be cleaned up. @@ -65786,6 +71576,43 @@ resources: "topic": "projects//topics/${google_pubsub_topic.actions.name}" } ] + }, + { + "tag_resources": [ + { + "lower_data_risk_to_low": true, + "profile_generations_to_tag": [ + "PROFILE_GENERATION_NEW", + "PROFILE_GENERATION_UPDATE" + ], + "tag_conditions": [ + { + "sensitivity_score": [ + { + "score": "SENSITIVITY_HIGH" + } + ], + "tag": [ + { + "namespaced_value": "123456/environment/prod" + } + ] + }, + { + "sensitivity_score": [ + { + "score": "SENSITIVITY_LOW" + } + ], + "tag": [ + { + "namespaced_value": "123456/environment/test" + } + ] + } + ] + } + ] } ], "inspect_templates": [ @@ -65826,10 +71653,26 @@ resources: ], "parent": "projects/my-project-name" } + google_project_iam_member.tag_role: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@dlp-api.iam.gserviceaccount.com", + "project": "", + "role": "roles/resourcemanager.tagUser" + } google_pubsub_topic.actions: |- { "name": "fake-topic" } + google_tags_tag_key.tag_key: |- + { + "parent": "${data.google_project.project.id}", + "short_name": "environment" + } + google_tags_tag_value.tag_value: |- + { + "parent": "${google_tags_tag_key.tag_key.id}", + "short_name": "prod" + } - name: org_running manifest: |- { @@ -65947,6 +71790,11 @@ resources: { "cadence": [ { + "inspect_template_modified_cadence": [ + { + "frequency": "UPDATE_FREQUENCY_DAILY" + } + ], "schema_modified_cadence": [ { "frequency": "UPDATE_FREQUENCY_DAILY", @@ -66371,6 +72219,11 @@ resources: (Optional) Publish a message into the Pub/Sub topic. Structure is documented below. + actions.tag_resources: |- + - + (Optional) + Publish a message into the Pub/Sub topic. + Structure is documented below. big_query_target.cadence: |- - (Optional) @@ -66390,6 +72243,11 @@ resources: (Optional) Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table Structure is documented below. + cadence.inspect_template_modified_cadence: |- + - + (Optional) + Governs when to update data profiles when the inspection rules defined by the InspectTemplate change. If not set, changing the template will not cause a data profile to update. + Structure is documented below. cadence.schema_modified_cadence: |- - (Optional) @@ -66692,7 +72550,7 @@ resources: org_config: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. org_config.location: |- - @@ -66751,6 +72609,11 @@ resources: (Optional) The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMN. Each value may be one of: SCHEMA_NEW_COLUMNS, SCHEMA_REMOVED_COLUMNS. + sensitivity_score.score: |- + - + (Required) + The sensitivity score applied to the resource. + Possible values are: SENSITIVITY_LOW, SENSITIVITY_MODERATE, SENSITIVITY_HIGH. status: |- - (Optional) @@ -66796,6 +72659,34 @@ resources: - (Optional) if unset, this property matches all tables + tag.namespaced_value: |- + - + (Optional) + The namespaced name for the tag value to attach to resources. Must be in the format {parent_id}/{tag_key_short_name}/{short_name}, for example, "123456/environment/prod". + tag_conditions.sensitivity_score: |- + - + (Optional) + Conditions attaching the tag to a resource on its profile having this sensitivity score. + Structure is documented below. + tag_conditions.tag: |- + - + (Optional) + The tag value to attach to resources. + Structure is documented below. + tag_resources.lower_data_risk_to_low: |- + - + (Optional) + Whether applying a tag to a resource should lower the risk of the profile for that resource. For example, in conjunction with an IAM deny policy, you can deny all principals a permission if a tag value is present, mitigating the risk of the resource. This also lowers the data risk of resources at the lower levels of the resource hierarchy. For example, reducing the data risk of a table data profile also reduces the data risk of the constituent column data profiles. + tag_resources.profile_generations_to_tag: |- + - + (Optional) + The profile generations for which the tag should be attached to resources. If you attach a tag to only new profiles, then if the sensitivity score of a profile subsequently changes, its tag doesn't change. By default, this field includes only new profiles. To include both new and updated profiles for tagging, this field should explicitly include both PROFILE_GENERATION_NEW and PROFILE_GENERATION_UPDATE. + Each value may be one of: PROFILE_GENERATION_NEW, PROFILE_GENERATION_UPDATE. + tag_resources.tag_conditions: |- + - + (Optional) + The tags to associate with different conditions. + Structure is documented below. targets: |- - (Optional) @@ -69907,6 +75798,134 @@ resources: ], "service": "servicenetworking.googleapis.com" } + - name: existing-mysql + manifest: |- + { + "connection_profile_id": "destination-cp", + "depends_on": [ + "${google_sql_database_instance.destination_csql}" + ], + "display_name": "destination-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "mysql": [ + { + "cloud_sql_id": "destination-csql" + } + ] + } + dependencies: + google_sql_database_instance.destination_csql: |- + { + "database_version": "MYSQL_5_7", + "deletion_protection": false, + "name": "destination-csql", + "settings": [ + { + "deletion_protection_enabled": false, + "tier": "db-n1-standard-1" + } + ] + } + - name: existing-psql + manifest: |- + { + "connection_profile_id": "destination-cp", + "depends_on": [ + "${google_sql_database_instance.destination_csql}" + ], + "display_name": "destination-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "postgresql": [ + { + "cloud_sql_id": "destination-csql" + } + ] + } + dependencies: + google_sql_database_instance.destination_csql: |- + { + "database_version": "POSTGRES_15", + "deletion_protection": false, + "name": "destination-csql", + "settings": [ + { + "deletion_protection_enabled": false, + "tier": "db-custom-2-13312" + } + ] + } + - name: existing-alloydb + manifest: |- + { + "connection_profile_id": "destination-cp", + "depends_on": [ + "${google_alloydb_cluster.destination_alloydb}", + "${google_alloydb_instance.destination_alloydb_primary}" + ], + "display_name": "destination-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "postgresql": [ + { + "alloydb_cluster_id": "destination-alloydb" + } + ] + } + dependencies: + google_alloydb_cluster.destination_alloydb: |- + { + "cluster_id": "destination-alloydb", + "database_version": "POSTGRES_15", + "initial_user": [ + { + "password": "destination-alloydb", + "user": "destination-alloydb" + } + ], + "location": "us-central1", + "network_config": [ + { + "network": "${google_compute_network.default.id}" + } + ] + } + google_alloydb_instance.destination_alloydb_primary: |- + { + "cluster": "${google_alloydb_cluster.destination_alloydb.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "destination-alloydb-primary", + "instance_type": "PRIMARY" + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "destination-alloydb", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "destination-alloydb" + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } argumentDocs: alloydb: |- - @@ -70070,12 +76089,12 @@ resources: If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source. mysql.host: |- - - (Required) - Required. The IP or hostname of the source MySQL database. + (Optional) + The IP or hostname of the source MySQL database. mysql.password: |- - - (Required) - Required. Input only. The password for the user that Database Migration Service will be using to connect to the database. + (Optional) + Input only. The password for the user that Database Migration Service will be using to connect to the database. This field is not returned on request, and the value is encrypted when stored in Database Migration Service. Note: This property is sensitive and will not be displayed in the plan. mysql.password_set: |- @@ -70084,8 +76103,8 @@ resources: Output only. Indicates If this connection profile password is stored. mysql.port: |- - - (Required) - Required. The network port of the source MySQL database. + (Optional) + The network port of the source MySQL database. mysql.ssl: |- - (Optional) @@ -70093,8 +76112,8 @@ resources: Structure is documented below. mysql.username: |- - - (Required) - Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. + (Optional) + The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. name: |- - The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}. @@ -70154,22 +76173,26 @@ resources: (Optional) Specifies connection parameters required specifically for PostgreSQL databases. Structure is documented below. + postgresql.alloydb_cluster_id: |- + - + (Optional) + If the connected database is an AlloyDB instance, use this field to provide the AlloyDB cluster ID. postgresql.cloud_sql_id: |- - (Optional) If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source. postgresql.host: |- - - (Required) - Required. The IP or hostname of the source MySQL database. + (Optional) + The IP or hostname of the source MySQL database. postgresql.network_architecture: |- - (Output) Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with. postgresql.password: |- - - (Required) - Required. Input only. The password for the user that Database Migration Service will be using to connect to the database. + (Optional) + Input only. The password for the user that Database Migration Service will be using to connect to the database. This field is not returned on request, and the value is encrypted when stored in Database Migration Service. Note: This property is sensitive and will not be displayed in the plan. postgresql.password_set: |- @@ -70178,8 +76201,8 @@ resources: Output only. Indicates If this connection profile password is stored. postgresql.port: |- - - (Required) - Required. The network port of the source MySQL database. + (Optional) + The network port of the source MySQL database. postgresql.ssl: |- - (Optional) @@ -70187,8 +76210,8 @@ resources: Structure is documented below. postgresql.username: |- - - (Required) - Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. + (Optional) + The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service. primary_instance_settings.database_flags: |- - (Optional) @@ -70343,6 +76366,539 @@ resources: and default labels configured on the provider. update: '- Default is 60 minutes.' importStatements: [] + google_database_migration_service_migration_job: + subCategory: DatabaseMigrationService + description: A migration job definition. + name: google_database_migration_service_migration_job + title: "" + examples: + - name: mysqltomysql + manifest: |- + { + "destination": "${google_database_migration_service_connection_profile.destination_cp.name}", + "display_name": "my-migrationid_display", + "dump_flags": [ + { + "dump_flags": [ + { + "name": "max-allowed-packet", + "value": "1073741824" + } + ] + } + ], + "dump_type": "LOGICAL", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "migration_job_id": "my-migrationid", + "performance_config": [ + { + "dump_parallel_level": "MAX" + } + ], + "source": "${google_database_migration_service_connection_profile.source_cp.name}", + "type": "CONTINUOUS", + "vpc_peering_connectivity": [ + { + "vpc": "${google_compute_network.default.id}" + } + ] + } + references: + destination: google_database_migration_service_connection_profile.destination_cp.name + source: google_database_migration_service_connection_profile.source_cp.name + vpc_peering_connectivity.vpc: google_compute_network.default.id + dependencies: + google_compute_network.default: |- + { + "name": "destination-csql" + } + google_database_migration_service_connection_profile.destination_cp: |- + { + "connection_profile_id": "destination-cp", + "depends_on": [ + "${google_sql_database_instance.destination_csql}" + ], + "display_name": "destination-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "mysql": [ + { + "cloud_sql_id": "destination-csql" + } + ] + } + google_database_migration_service_connection_profile.source_cp: |- + { + "connection_profile_id": "source-cp", + "depends_on": [ + "${google_sql_user.source_sqldb_user}" + ], + "display_name": "source-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "mysql": [ + { + "cloud_sql_id": "source-csql", + "host": "${google_sql_database_instance.source_csql.ip_address.0.ip_address}", + "password": "${google_sql_user.source_sqldb_user.password}", + "port": 3306, + "ssl": [ + { + "ca_certificate": "${google_sql_ssl_cert.source_sql_client_cert.server_ca_cert}", + "client_certificate": "${google_sql_ssl_cert.source_sql_client_cert.cert}", + "client_key": "${google_sql_ssl_cert.source_sql_client_cert.private_key}" + } + ], + "username": "${google_sql_user.source_sqldb_user.name}" + } + ] + } + google_sql_database_instance.destination_csql: |- + { + "database_version": "MYSQL_5_7", + "deletion_protection": false, + "name": "destination-csql", + "settings": [ + { + "deletion_protection_enabled": false, + "tier": "db-n1-standard-1" + } + ] + } + google_sql_database_instance.source_csql: |- + { + "database_version": "MYSQL_5_7", + "deletion_protection": false, + "name": "source-csql", + "settings": [ + { + "deletion_protection_enabled": false, + "tier": "db-n1-standard-1" + } + ] + } + google_sql_ssl_cert.source_sql_client_cert: |- + { + "common_name": "cert", + "depends_on": [ + "${google_sql_database_instance.source_csql}" + ], + "instance": "${google_sql_database_instance.source_csql.name}" + } + google_sql_user.source_sqldb_user: |- + { + "depends_on": [ + "${google_sql_ssl_cert.source_sql_client_cert}" + ], + "instance": "${google_sql_database_instance.source_csql.name}", + "name": "username", + "password": "password" + } + - name: psqltopsql + manifest: |- + { + "destination": "${google_database_migration_service_connection_profile.destination_cp.name}", + "display_name": "my-migrationid_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "migration_job_id": "my-migrationid", + "source": "${google_database_migration_service_connection_profile.source_cp.name}", + "static_ip_connectivity": [ + {} + ], + "type": "CONTINUOUS" + } + references: + destination: google_database_migration_service_connection_profile.destination_cp.name + source: google_database_migration_service_connection_profile.source_cp.name + dependencies: + google_database_migration_service_connection_profile.destination_cp: |- + { + "connection_profile_id": "destination-cp", + "depends_on": [ + "${google_sql_database_instance.destination_csql}" + ], + "display_name": "destination-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "postgresql": [ + { + "cloud_sql_id": "destination-csql" + } + ] + } + google_database_migration_service_connection_profile.source_cp: |- + { + "connection_profile_id": "source-cp", + "depends_on": [ + "${google_sql_user.source_sqldb_user}" + ], + "display_name": "source-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "postgresql": [ + { + "cloud_sql_id": "source-csql", + "host": "${google_sql_database_instance.source_csql.ip_address.0.ip_address}", + "password": "${google_sql_user.source_sqldb_user.password}", + "port": 3306, + "ssl": [ + { + "ca_certificate": "${google_sql_ssl_cert.source_sql_client_cert.server_ca_cert}", + "client_certificate": "${google_sql_ssl_cert.source_sql_client_cert.cert}", + "client_key": "${google_sql_ssl_cert.source_sql_client_cert.private_key}" + } + ], + "username": "${google_sql_user.source_sqldb_user.name}" + } + ] + } + google_sql_database_instance.destination_csql: |- + { + "database_version": "POSTGRES_15", + "deletion_protection": false, + "name": "destination-csql", + "settings": [ + { + "deletion_protection_enabled": false, + "tier": "db-custom-2-13312" + } + ] + } + google_sql_database_instance.source_csql: |- + { + "database_version": "POSTGRES_15", + "deletion_protection": false, + "name": "source-csql", + "settings": [ + { + "deletion_protection_enabled": false, + "tier": "db-custom-2-13312" + } + ] + } + google_sql_ssl_cert.source_sql_client_cert: |- + { + "common_name": "cert", + "depends_on": [ + "${google_sql_database_instance.source_csql}" + ], + "instance": "${google_sql_database_instance.source_csql.name}" + } + google_sql_user.source_sqldb_user: |- + { + "depends_on": [ + "${google_sql_ssl_cert.source_sql_client_cert}" + ], + "instance": "${google_sql_database_instance.source_csql.name}", + "name": "username", + "password": "password" + } + - name: psqltoalloydb + manifest: |- + { + "destination": "${google_database_migration_service_connection_profile.destination_cp.name}", + "display_name": "my-migrationid_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "migration_job_id": "my-migrationid", + "source": "${google_database_migration_service_connection_profile.source_cp.name}", + "static_ip_connectivity": [ + {} + ], + "type": "CONTINUOUS" + } + references: + destination: google_database_migration_service_connection_profile.destination_cp.name + source: google_database_migration_service_connection_profile.source_cp.name + dependencies: + google_alloydb_cluster.destination_alloydb: |- + { + "cluster_id": "destination-alloydb", + "database_version": "POSTGRES_15", + "initial_user": [ + { + "password": "destination-alloydb", + "user": "destination-alloydb" + } + ], + "location": "us-central1", + "network_config": [ + { + "network": "${google_compute_network.default.id}" + } + ] + } + google_alloydb_instance.destination_alloydb_primary: |- + { + "cluster": "${google_alloydb_cluster.destination_alloydb.name}", + "depends_on": [ + "${google_service_networking_connection.vpc_connection}" + ], + "instance_id": "destination-alloydb-primary", + "instance_type": "PRIMARY" + } + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "destination-alloydb", + "network": "${google_compute_network.default.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "destination-alloydb" + } + google_database_migration_service_connection_profile.destination_cp: |- + { + "connection_profile_id": "destination-cp", + "depends_on": [ + "${google_alloydb_cluster.destination_alloydb}", + "${google_alloydb_instance.destination_alloydb_primary}" + ], + "display_name": "destination-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "postgresql": [ + { + "alloydb_cluster_id": "destination-alloydb" + } + ] + } + google_database_migration_service_connection_profile.source_cp: |- + { + "connection_profile_id": "source-cp", + "depends_on": [ + "${google_sql_user.source_sqldb_user}" + ], + "display_name": "source-cp_display", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "postgresql": [ + { + "cloud_sql_id": "source-csql", + "host": "${google_sql_database_instance.source_csql.ip_address.0.ip_address}", + "password": "${google_sql_user.source_sqldb_user.password}", + "port": 3306, + "ssl": [ + { + "ca_certificate": "${google_sql_ssl_cert.source_sql_client_cert.server_ca_cert}", + "client_certificate": "${google_sql_ssl_cert.source_sql_client_cert.cert}", + "client_key": "${google_sql_ssl_cert.source_sql_client_cert.private_key}" + } + ], + "username": "${google_sql_user.source_sqldb_user.name}" + } + ] + } + google_service_networking_connection.vpc_connection: |- + { + "network": "${google_compute_network.default.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + google_sql_database_instance.source_csql: |- + { + "database_version": "POSTGRES_15", + "deletion_protection": false, + "name": "source-csql", + "settings": [ + { + "deletion_protection_enabled": false, + "tier": "db-custom-2-13312" + } + ] + } + google_sql_ssl_cert.source_sql_client_cert: |- + { + "common_name": "cert", + "depends_on": [ + "${google_sql_database_instance.source_csql}" + ], + "instance": "${google_sql_database_instance.source_csql.name}" + } + google_sql_user.source_sqldb_user: |- + { + "depends_on": [ + "${google_sql_ssl_cert.source_sql_client_cert}" + ], + "instance": "${google_sql_database_instance.source_csql.name}", + "name": "username", + "password": "password" + } + argumentDocs: + create: '- Default is 60 minutes.' + create_time: |- + - + Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'. + delete: '- Default is 60 minutes.' + destination: |- + - + (Required) + The name of the destination connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{destinationConnectionProfile}. + display_name: |- + - + (Optional) + The migration job display name. + dump_flags: |- + - + (Optional) + The initial dump flags. + Structure is documented below. + dump_flags.dump_flags: |- + - + (Optional) + A list of dump flags + Structure is documented below. + dump_flags.dump_flags.name: |- + - + (Optional) + The name of the flag + dump_flags.dump_flags.value: |- + - + (Optional) + The vale of the flag + dump_path: |- + - + (Optional) + The path to the dump file in Google Cloud Storage, + in the format: (gs://[BUCKET_NAME]/[OBJECT_NAME]). + This field and the "dump_flags" field are mutually exclusive. + dump_type: |- + - + (Optional) + The type of the data dump. Supported for MySQL to CloudSQL for MySQL + migrations only. + Possible values are: LOGICAL, PHYSICAL. + effective_labels: for all of the labels present on the resource. + error: |- + - + Output only. The error details in case of state FAILED. + Structure is documented below. + error.code: |- + - + (Output) + The status code, which should be an enum value of google.rpc.Code. + error.details: |- + - + (Output) + A list of messages that carry the error details. + error.message: |- + - + (Output) + Human readable message indicating details about the current status. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/migrationJobs/{{migration_job_id}}' + labels: |- + - + (Optional) + The resource labels for migration job to use to annotate any related underlying resources such as Compute Engine VMs. + location: |- + - + (Optional) + The location where the migration job should reside. + migration_job_id: |- + - + (Required) + The ID of the migration job. + name: |- + - + The name of this migration job resource in the form of projects/{project}/locations/{location}/migrationJobs/{migrationJob}. + performance_config: |- + - + (Optional) + Data dump parallelism settings used by the migration. + Structure is documented below. + performance_config.dump_parallel_level: |- + - + (Optional) + Initial dump parallelism level. + Possible values are: MIN, OPTIMAL, MAX. + phase: |- + - + The current migration job phase. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reverse_ssh_connectivity: |- + - + (Optional) + The details of the VPC network that the source database is located in. + Structure is documented below. + reverse_ssh_connectivity.vm: |- + - + (Optional) + The name of the virtual machine (Compute Engine) used as the bastion server + for the SSH tunnel. + reverse_ssh_connectivity.vm_ip: |- + - + (Optional) + The IP of the virtual machine (Compute Engine) used as the bastion server + for the SSH tunnel. + reverse_ssh_connectivity.vm_port: |- + - + (Optional) + The forwarding port of the virtual machine (Compute Engine) used as the + bastion server for the SSH tunnel. + reverse_ssh_connectivity.vpc: |- + - + (Optional) + The name of the VPC to peer with the Cloud SQL private network. + source: |- + - + (Required) + The name of the source connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{sourceConnectionProfile}. + state: |- + - + The current migration job state. + static_ip_connectivity: |- + - + (Optional) + If set to an empty object ({}), the source database will allow incoming + connections from the public IP of the destination database. + You can retrieve the public IP of the Cloud SQL instance from the + Cloud SQL console or using Cloud SQL APIs. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: |- + - + (Required) + The type of the migration job. + Possible values are: ONE_TIME, CONTINUOUS. + update: '- Default is 60 minutes.' + vpc_peering_connectivity: |- + - + (Optional) + The details of the VPC network that the source database is located in. + Structure is documented below. + vpc_peering_connectivity.vpc: |- + - + (Optional) + The name of the VPC network to peer with the Cloud SQL private network. + importStatements: [] google_database_migration_service_private_connection: subCategory: DatabaseMigrationService description: The PrivateConnection resource is used to establish private connectivity between Database Migration Service and a customer's network. @@ -73607,6 +80163,693 @@ resources: google_dataproc_autoscaling_policy_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] + google_dataproc_batch: + subCategory: Dataproc + description: Dataproc Serverless Batches lets you run Spark workloads without requiring you to provision and manage your own Dataproc cluster. + name: google_dataproc_batch + title: "" + examples: + - name: example_batch_spark + manifest: |- + { + "batch_id": "tf-test-batch", + "environment_config": [ + { + "execution_config": [ + { + "network_tags": [ + "tag1" + ], + "subnetwork_uri": "default", + "ttl": "3600s" + } + ] + } + ], + "labels": { + "batch_test": "terraform" + }, + "location": "us-central1", + "runtime_config": [ + { + "properties": { + "spark.dynamicAllocation.enabled": "false", + "spark.executor.instances": "2" + } + } + ], + "spark_batch": [ + { + "args": [ + "10" + ], + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "main_class": "org.apache.spark.examples.SparkPi" + } + ] + } + - name: example_batch_spark + manifest: |- + { + "batch_id": "dataproc-batch", + "depends_on": [ + "${google_kms_crypto_key_iam_member.crypto_key_member_1}" + ], + "environment_config": [ + { + "execution_config": [ + { + "kms_key": "example-key", + "network_tags": [ + "tag1" + ], + "network_uri": "default", + "service_account": "${data.google_project.project.number}-compute@developer.gserviceaccount.com", + "staging_bucket": "${google_storage_bucket.bucket.name}", + "ttl": "3600s" + } + ], + "peripherals_config": [ + { + "metastore_service": "${google_dataproc_metastore_service.ms.name}", + "spark_history_server_config": [ + { + "dataproc_cluster": "${google_dataproc_cluster.basic.id}" + } + ] + } + ] + } + ], + "labels": { + "batch_test": "terraform" + }, + "location": "us-central1", + "runtime_config": [ + { + "properties": { + "spark.dynamicAllocation.enabled": "false", + "spark.executor.instances": "2" + }, + "version": "2.2" + } + ], + "spark_batch": [ + { + "args": [ + "10" + ], + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "main_class": "org.apache.spark.examples.SparkPi" + } + ] + } + references: + environment_config.execution_config.staging_bucket: google_storage_bucket.bucket.name + environment_config.peripherals_config.metastore_service: google_dataproc_metastore_service.ms.name + environment_config.peripherals_config.spark_history_server_config.dataproc_cluster: google_dataproc_cluster.basic.id + dependencies: + google_dataproc_cluster.basic: |- + { + "cluster_config": [ + { + "endpoint_config": [ + { + "enable_http_port_access": true + } + ], + "master_config": [ + { + "disk_config": [ + { + "boot_disk_size_gb": 35 + } + ], + "machine_type": "e2-standard-2", + "num_instances": 1 + } + ], + "metastore_config": [ + { + "dataproc_metastore_service": "${google_dataproc_metastore_service.ms.name}" + } + ], + "software_config": [ + { + "override_properties": { + "dataproc:dataproc.allow.zero.workers": "true", + "spark:spark.history.fs.logDirectory": "gs://${google_storage_bucket.bucket.name}/*/spark-job-history" + } + } + ] + } + ], + "name": "dataproc-batch", + "region": "us-central1" + } + google_dataproc_metastore_service.ms: |- + { + "hive_metastore_config": [ + { + "version": "3.1.2" + } + ], + "location": "us-central1", + "maintenance_window": [ + { + "day_of_week": "SUNDAY", + "hour_of_day": 2 + } + ], + "port": 9080, + "service_id": "dataproc-batch", + "tier": "DEVELOPER" + } + google_kms_crypto_key_iam_member.crypto_key_member_1: |- + { + "crypto_key_id": "example-key", + "member": "serviceAccount:service-${data.google_project.project.number}@dataproc-accounts.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_storage_bucket.bucket: |- + { + "force_destroy": true, + "location": "US", + "name": "dataproc-bucket", + "uniform_bucket_level_access": true + } + - name: example_batch_sparsql + manifest: |- + { + "batch_id": "tf-test-batch", + "environment_config": [ + { + "execution_config": [ + { + "subnetwork_uri": "default" + } + ] + } + ], + "location": "us-central1", + "runtime_config": [ + { + "properties": { + "spark.dynamicAllocation.enabled": "false", + "spark.executor.instances": "2" + } + } + ], + "spark_sql_batch": [ + { + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "query_file_uri": "gs://dataproc-examples/spark-sql/natality/cigarette_correlations.sql", + "query_variables": { + "name": "value" + } + } + ] + } + - name: example_batch_pyspark + manifest: |- + { + "batch_id": "tf-test-batch", + "environment_config": [ + { + "execution_config": [ + { + "subnetwork_uri": "default" + } + ] + } + ], + "location": "us-central1", + "pyspark_batch": [ + { + "archive_uris": [ + "https://storage.googleapis.com/terraform-batches/animals.txt.tar.gz#unpacked", + "https://storage.googleapis.com/terraform-batches/animals.txt.jar", + "https://storage.googleapis.com/terraform-batches/animals.txt" + ], + "args": [ + "10" + ], + "file_uris": [ + "https://storage.googleapis.com/terraform-batches/people.txt" + ], + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "main_python_file_uri": "https://storage.googleapis.com/terraform-batches/test_util.py", + "python_file_uris": [ + "gs://dataproc-examples/pyspark/hello-world/hello-world.py" + ] + } + ], + "runtime_config": [ + { + "properties": { + "spark.dynamicAllocation.enabled": "false", + "spark.executor.instances": "2" + } + } + ] + } + - name: example_batch_sparkr + manifest: |- + { + "batch_id": "tf-test-batch", + "environment_config": [ + { + "execution_config": [ + { + "network_tags": [ + "tag1" + ], + "subnetwork_uri": "default", + "ttl": "3600s" + } + ] + } + ], + "labels": { + "batch_test": "terraform" + }, + "location": "us-central1", + "runtime_config": [ + { + "properties": { + "spark.dynamicAllocation.enabled": "false", + "spark.executor.instances": "2" + } + } + ], + "spark_r_batch": [ + { + "args": [ + "https://storage.googleapis.com/terraform-batches/flights.csv" + ], + "main_r_file_uri": "https://storage.googleapis.com/terraform-batches/spark-r-flights.r" + } + ] + } + - name: example_batch_autotuning + manifest: |- + { + "batch_id": "tf-test-batch", + "environment_config": [ + { + "execution_config": [ + { + "subnetwork_uri": "default", + "ttl": "3600s" + } + ] + } + ], + "labels": { + "batch_test": "terraform" + }, + "location": "us-central1", + "runtime_config": [ + { + "autotuning_config": [ + { + "scenarios": [ + "SCALING", + "MEMORY" + ] + } + ], + "cohort": "tf-dataproc-batch-example", + "properties": { + "spark.dynamicAllocation.enabled": "false", + "spark.executor.instances": "2" + }, + "version": "2.2" + } + ], + "spark_batch": [ + { + "args": [ + "10" + ], + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "main_class": "org.apache.spark.examples.SparkPi" + } + ] + } + argumentDocs: + approximate_usage.accelerator_type: |- + - + (Output) + Accelerator type being used, if any + approximate_usage.milli_accelerator_seconds: |- + - + (Output) + Accelerator usage in (milliAccelerator x seconds) + approximate_usage.milli_dcu_seconds: |- + - + (Output) + DCU (Dataproc Compute Units) usage in (milliDCU x seconds) + approximate_usage.shuffle_storage_gb_seconds: |- + - + (Output) + Shuffle storage usage in (GB x seconds) + autotuning_config.scenarios: |- + - + (Optional) + Optional. Scenarios for which tunings are applied. + Each value may be one of: SCALING, BROADCAST_HASH_JOIN, MEMORY. + batch_id: |- + - + (Optional) + The ID to use for the batch, which will become the final component of the batch's resource name. + This value must be 4-63 characters. Valid characters are /[a-z][0-9]-/. + create: '- Default is 10 minutes.' + create_time: |- + - + The time when the batch was created. + creator: |- + - + The email address of the user who created the batch. + current_usage.accelerator_type: |- + - + (Output) + Accelerator type being used, if any. + current_usage.milli_accelerator: |- + - + (Output) + Milli (one-thousandth) accelerator.. + current_usage.milli_dcu: |- + - + (Output) + Milli (one-thousandth) Dataproc Compute Units (DCUs). + current_usage.milli_dcu_premium: |- + - + (Output) + Milli (one-thousandth) Dataproc Compute Units (DCUs) charged at premium tier. + current_usage.shuffle_storage_gb: |- + - + (Output) + Shuffle Storage in gigabytes (GB). + current_usage.shuffle_storage_gb_premium: |- + - + (Output) + Shuffle Storage in gigabytes (GB) charged at premium tier. + current_usage.snapshot_time: |- + - + (Output) + The timestamp of the usage snapshot. + delete: '- Default is 5 minutes.' + effective_labels: for all of the labels present on the resource. + environment_config: |- + - + (Optional) + Environment configuration for the batch execution. + Structure is documented below. + environment_config.execution_config: |- + - + (Optional) + Execution configuration for a workload. + Structure is documented below. + environment_config.peripherals_config: |- + - + (Optional) + Peripherals configuration that workload has access to. + Structure is documented below. + execution_config.kms_key: |- + - + (Optional) + The Cloud KMS key to use for encryption. + execution_config.network_tags: |- + - + (Optional) + Tags used for network traffic control. + execution_config.network_uri: |- + - + (Optional) + Network configuration for workload execution. + execution_config.service_account: |- + - + (Optional) + Service account that used to execute workload. + execution_config.staging_bucket: |- + - + (Optional) + A Cloud Storage bucket used to stage workload dependencies, config files, and store + workload output and other ephemeral data, such as Spark history files. If you do not specify a staging bucket, + Cloud Dataproc will determine a Cloud Storage location according to the region where your workload is running, + and then create and manage project-level, per-location staging and temporary buckets. + This field requires a Cloud Storage bucket name, not a gs://... URI to a Cloud Storage bucket. + execution_config.subnetwork_uri: |- + - + (Optional) + Subnetwork configuration for workload execution. + execution_config.ttl: |- + - + (Optional) + The duration after which the workload will be terminated. + When the workload exceeds this duration, it will be unconditionally terminated without waiting for ongoing + work to finish. If ttl is not specified for a batch workload, the workload will be allowed to run until it + exits naturally (or run forever without exiting). If ttl is not specified for an interactive session, + it defaults to 24 hours. If ttl is not specified for a batch that uses 2.1+ runtime version, it defaults to 4 hours. + Minimum value is 10 minutes; maximum value is 14 days. If both ttl and idleTtl are specified (for an interactive session), + the conditions are treated as OR conditions: the workload will be terminated when it has been idle for idleTtl or + when ttl has been exceeded, whichever occurs first. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/batches/{{batch_id}}' + labels: |- + - + (Optional) + The labels to associate with this batch. + location: |- + - + (Optional) + The location in which the batch will be created in. + name: |- + - + The resource name of the batch. + operation: |- + - + The resource name of the operation associated with this batch. + peripherals_config.metastore_service: |- + - + (Optional) + Resource name of an existing Dataproc Metastore service. + peripherals_config.spark_history_server_config: |- + - + (Optional) + The Spark History Server configuration for the workload. + Structure is documented below. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + pyspark_batch: |- + - + (Optional) + PySpark batch config. + Structure is documented below. + pyspark_batch.archive_uris: |- + - + (Optional) + HCFS URIs of archives to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + pyspark_batch.args: |- + - + (Optional) + The arguments to pass to the driver. Do not include arguments that can be set as batch + properties, such as --conf, since a collision can occur that causes an incorrect batch submission. + pyspark_batch.file_uris: |- + - + (Optional) + HCFS URIs of files to be placed in the working directory of each executor. + pyspark_batch.jar_file_uris: |- + - + (Optional) + HCFS URIs of jar files to add to the classpath of the Spark driver and tasks. + pyspark_batch.main_python_file_uri: |- + - + (Optional) + The HCFS URI of the main Python file to use as the Spark driver. Must be a .py file. + pyspark_batch.python_file_uris: |- + - + (Optional) + HCFS file URIs of Python files to pass to the PySpark framework. + Supported file types: .py, .egg, and .zip. + runtime_config: |- + - + (Optional) + Runtime configuration for the batch execution. + Structure is documented below. + runtime_config.autotuning_config: |- + - + (Optional) + Optional. Autotuning configuration of the workload. + Structure is documented below. + runtime_config.cohort: |- + - + (Optional) + Optional. Cohort identifier. Identifies families of the workloads having the same shape, e.g. daily ETL jobs. + runtime_config.container_image: |- + - + (Optional) + Optional custom container image for the job runtime environment. If not specified, a default container image will be used. + runtime_config.effective_properties: |- + - + (Output) + A mapping of property names to values, which are used to configure workload execution. + runtime_config.properties: |- + - + (Optional) + A mapping of property names to values, which are used to configure workload execution. + runtime_config.version: |- + - + (Optional) + Version of the batch runtime. + runtime_info: |- + - + Runtime information about batch execution. + Structure is documented below. + runtime_info.approximate_usage: |- + - + (Output) + Approximate workload resource usage, calculated when the workload completes(see Dataproc Serverless pricing) + Structure is documented below. + runtime_info.current_usage: |- + - + (Output) + Snapshot of current workload resource usage(see Dataproc Serverless pricing) + Structure is documented below. + runtime_info.diagnostic_output_uri: |- + - + (Output) + A URI pointing to the location of the diagnostics tarball. + runtime_info.endpoints: |- + - + (Output) + Map of remote access endpoints (such as web interfaces and APIs) to their URIs. + runtime_info.output_uri: |- + - + (Output) + A URI pointing to the location of the stdout and stderr of the workload. + spark_batch: |- + - + (Optional) + Spark batch config. + Structure is documented below. + spark_batch.archive_uris: |- + - + (Optional) + HCFS URIs of archives to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + spark_batch.args: |- + - + (Optional) + The arguments to pass to the driver. Do not include arguments that can be set as batch + properties, such as --conf, since a collision can occur that causes an incorrect batch submission. + spark_batch.file_uris: |- + - + (Optional) + HCFS URIs of files to be placed in the working directory of each executor. + spark_batch.jar_file_uris: |- + - + (Optional) + HCFS URIs of jar files to add to the classpath of the Spark driver and tasks. + spark_batch.main_class: |- + - + (Optional) + The name of the driver main class. The jar file that contains the class must be in the + classpath or specified in jarFileUris. + spark_batch.main_jar_file_uri: |- + - + (Optional) + The HCFS URI of the jar file that contains the main class. + spark_history_server_config.dataproc_cluster: |- + - + (Optional) + Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. + spark_r_batch: |- + - + (Optional) + SparkR batch config. + Structure is documented below. + spark_r_batch.archive_uris: |- + - + (Optional) + HCFS URIs of archives to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + spark_r_batch.args: |- + - + (Optional) + The arguments to pass to the driver. Do not include arguments that can be set as batch + properties, such as --conf, since a collision can occur that causes an incorrect batch submission. + spark_r_batch.file_uris: |- + - + (Optional) + HCFS URIs of files to be placed in the working directory of each executor. + spark_r_batch.main_r_file_uri: |- + - + (Optional) + The HCFS URI of the main R file to use as the driver. Must be a .R or .r file. + spark_sql_batch: |- + - + (Optional) + Spark SQL batch config. + Structure is documented below. + spark_sql_batch.jar_file_uris: |- + - + (Optional) + HCFS URIs of jar files to be added to the Spark CLASSPATH. + spark_sql_batch.query_file_uri: |- + - + (Optional) + The HCFS URI of the script that contains Spark SQL queries to execute. + spark_sql_batch.query_variables: |- + - + (Optional) + Mapping of query variable names to values (equivalent to the Spark SQL command: SET name="value";). + state: |- + - + The state of the batch. For possible values, see the API documentation. + state_history: |- + - + Historical state information for the batch. + Structure is documented below. + state_history.state: |- + - + (Output) + The state of the batch at this point in history. For possible values, see the API documentation. + state_history.state_message: |- + - + (Output) + Details about the state at this point in history. + state_history.state_start_time: |- + - + (Output) + The time when the batch entered the historical state. + state_message: |- + - + Batch state details, such as a failure description if the state is FAILED. + state_time: |- + - + Batch state details, such as a failure description if the state is FAILED. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + uuid: |- + - + A batch UUID (Unique Universal Identifier). The service generates this value when it creates the batch. + importStatements: [] google_dataproc_cluster: subCategory: Dataproc description: Manages a Cloud Dataproc cluster resource. @@ -73790,6 +81033,7 @@ resources: cluster_config.gce_cluster_config: |- (Optional) Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster. Structure defined below. + cluster_config.gce_cluster_config.confidential_instance_config: '- (Optional) Confidential Instance Config for clusters using Confidential VMs' cluster_config.gce_cluster_config.internal_ip_only: |- - (Optional) By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. If set to true, all @@ -73956,6 +81200,7 @@ resources: - (Computed) The list of labels (key/value pairs) to be applied to instances in the cluster. GCP generates some itself including goog-dataproc-cluster-name which is the name of the cluster. + enable_confidential_compute: '- (Optional) Defines whether the instance should have confidential compute enabled.' enable_kerberos: '- (Optional) Flag to indicate whether to Kerberize the cluster.' encryption_config.kms_key_name: |- - (Required) The Cloud KMS key name to use for PD disk encryption for @@ -74156,6 +81401,598 @@ resources: google_dataproc_cluster_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] + google_dataproc_gdc_application_environment: + subCategory: Dataproc on GDC + description: An ApplicationEnvironment contains shared configuration that may be referenced by multiple SparkApplications. + name: google_dataproc_gdc_application_environment + title: "" + examples: + - name: application-environment + manifest: |- + { + "application_environment_id": "dp-tf-e2e-application-environment-basic", + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "serviceinstance": "do-not-delete-dataproc-gdc-instance" + } + - name: application-environment + manifest: |- + { + "annotations": { + "an_annotation": "annotation_value" + }, + "application_environment_id": "dp-tf-e2e-application-environment", + "display_name": "An application environment", + "labels": { + "test-label": "label-value" + }, + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "serviceinstance": "do-not-delete-dataproc-gdc-instance", + "spark_application_environment_config": [ + { + "default_properties": { + "spark.executor.memory": "4g" + }, + "default_version": "1.2" + } + ] + } + argumentDocs: + annotations: |- + - + (Optional) + The annotations to associate with this application environment. Annotations may be used to store client information, but are not used by the server. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + application_environment_id: |- + - + (Optional) + The id of the application environment + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp when the resource was created. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + User-provided human-readable name to be used in user interfaces. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/serviceInstances/{{serviceinstance}}/applicationEnvironments/{{application_environment_id}}' + labels: |- + - + (Optional) + The labels to associate with this application environment. Labels may be used for filtering and billing tracking. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The location of the application environment + name: |- + - + Identifier. The name of the application environment. Format: projects/{project}/locations/{location}/serviceInstances/{service_instance}/applicationEnvironments/{application_environment_id} + namespace: |- + - + (Optional) + The name of the namespace in which to create this ApplicationEnvironment. This namespace must already exist in the cluster + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + serviceinstance: |- + - + (Required) + The id of the service instance to which this application environment belongs. + spark_application_environment_config: |- + - + (Optional) + Represents the SparkApplicationEnvironmentConfig. + Structure is documented below. + spark_application_environment_config.default_properties: |- + - + (Optional) + A map of default Spark properties to apply to workloads in this application environment. These defaults may be overridden by per-application properties. + spark_application_environment_config.default_version: |- + - + (Optional) + The default Dataproc version to use for applications submitted to this application environment + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + System generated unique identifier for this application environment, formatted as UUID4. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp when the resource was most recently updated. + importStatements: [] + google_dataproc_gdc_service_instance: + subCategory: Dataproc on GDC + description: A service instance is an instance of the Dataproc operator running on a GDC cluster. + name: google_dataproc_gdc_service_instance + title: "" + examples: + - name: service-instance + manifest: |- + { + "display_name": "A service instance", + "gdce_cluster": [ + { + "gdce_cluster": "projects/gdce-cluster-monitoring/locations/us-west2/clusters/gdce-prism-prober-ord106" + } + ], + "labels": { + "test-label": "label-value" + }, + "location": "us-west2", + "project": "my-project", + "service_account": "dataprocgdc-cep-workflows@gdce-cluster-monitoring.iam.gserviceaccount.com", + "service_instance_id": "tf-e2e-service-instance" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp when the resource was created. + delete: '- Default is 20 minutes.' + display_name: |- + - + (Optional) + User-provided human-readable name to be used in user interfaces. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + effective_service_account: |- + - + Effective service account associated with ServiceInstance. This will be the service_account if specified. Otherwise, it will be an automatically created per-resource P4SA that also automatically has Fleet Workload. Identity bindings applied. + gdce_cluster: |- + - + (Optional) + Gdce cluster information. + Structure is documented below. + gdce_cluster.gdce_cluster: |- + - + (Required) + Gdce cluster resource id. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/serviceInstances/{{service_instance_id}}' + labels: |- + - + (Optional) + The labels to associate with this service instance. Labels may be used for filtering and billing tracking. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Location of the resource. + name: |- + - + Identifier. The name of the service instance. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- + - + Whether the service instance is currently reconciling. True if the current state of the resource does not match the intended state, and the system is working to reconcile them, whether or not the change was user initiated. + requested_state: |- + - + The intended state to which the service instance is reconciling. Possible values: + service_account: |- + - + (Optional) + Requested service account to associate with ServiceInstance. + service_instance_id: |- + - + (Required) + Id of the service instance. + spark_service_instance_config: |- + - + (Optional) + Spark-specific service instance configuration. + state: |- + - + The current state. Possible values: + state_message: |- + - + A message explaining the current state. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + System generated unique identifier for this service instance, formatted as UUID4. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp when the resource was most recently updated. + importStatements: [] + google_dataproc_gdc_spark_application: + subCategory: Dataproc on GDC + description: A Spark application is a single Spark workload run on a GDC cluster. + name: google_dataproc_gdc_spark_application + title: "" + examples: + - name: spark-application + manifest: |- + { + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "serviceinstance": "do-not-delete-dataproc-gdc-instance", + "spark_application_config": [ + { + "args": [ + "10000" + ], + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "main_class": "org.apache.spark.examples.SparkPi" + } + ], + "spark_application_id": "tf-e2e-spark-app-basic" + } + - name: spark-application + manifest: |- + { + "annotations": { + "an_annotation": "annotation_value" + }, + "application_environment": "${google_dataproc_gdc_application_environment.app_env.name}", + "labels": { + "test-label": "label-value" + }, + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "properties": { + "spark.executor.instances": "2" + }, + "serviceinstance": "do-not-delete-dataproc-gdc-instance", + "spark_application_config": [ + { + "archive_uris": [ + "file://usr/lib/spark/examples/spark-examples.jar" + ], + "file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "main_jar_file_uri": "file:///usr/lib/spark/examples/jars/spark-examples.jar" + } + ], + "spark_application_id": "tf-e2e-spark-app", + "version": "1.2" + } + references: + application_environment: google_dataproc_gdc_application_environment.app_env.name + dependencies: + google_dataproc_gdc_application_environment.app_env: |- + { + "application_environment_id": "tf-e2e-spark-app-env", + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "serviceinstance": "do-not-delete-dataproc-gdc-instance" + } + - name: spark-application + manifest: |- + { + "dependency_images": [ + "gcr.io/some/image" + ], + "display_name": "A Pyspark application for a Terraform create test", + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "pyspark_application_config": [ + { + "archive_uris": [ + "file://usr/lib/spark/examples/spark-examples.jar" + ], + "args": [ + "10" + ], + "file_uris": [ + "file://usr/lib/spark/examples/spark-examples.jar" + ], + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "main_python_file_uri": "gs://goog-dataproc-initialization-actions-us-west2/conda/test_conda.py", + "python_file_uris": [ + "gs://goog-dataproc-initialization-actions-us-west2/conda/get-sys-exec.py" + ] + } + ], + "serviceinstance": "do-not-delete-dataproc-gdc-instance", + "spark_application_id": "tf-e2e-pyspark-app" + } + - name: spark-application + manifest: |- + { + "display_name": "A SparkR application for a Terraform create test", + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "serviceinstance": "do-not-delete-dataproc-gdc-instance", + "spark_application_id": "tf-e2e-sparkr-app", + "spark_r_application_config": [ + { + "archive_uris": [ + "file://usr/lib/spark/examples/spark-examples.jar" + ], + "args": [ + "10" + ], + "file_uris": [ + "file://usr/lib/spark/examples/spark-examples.jar" + ], + "main_r_file_uri": "gs://some-bucket/something.R" + } + ] + } + - name: spark-application + manifest: |- + { + "display_name": "A SparkSql application for a Terraform create test", + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "serviceinstance": "do-not-delete-dataproc-gdc-instance", + "spark_application_id": "tf-e2e-sparksql-app", + "spark_sql_application_config": [ + { + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "query_list": [ + { + "queries": [ + "show tables;" + ] + } + ], + "script_variables": { + "MY_VAR": "1" + } + } + ] + } + - name: spark-application + manifest: |- + { + "display_name": "A SparkSql application for a Terraform create test", + "location": "us-west2", + "namespace": "default", + "project": "my-project", + "serviceinstance": "do-not-delete-dataproc-gdc-instance", + "spark_application_id": "tf-e2e-sparksql-app", + "spark_sql_application_config": [ + { + "jar_file_uris": [ + "file:///usr/lib/spark/examples/jars/spark-examples.jar" + ], + "query_file_uri": "gs://some-bucket/something.sql", + "script_variables": { + "MY_VAR": "1" + } + } + ] + } + argumentDocs: + annotations: |- + - + (Optional) + The annotations to associate with this application. Annotations may be used to store client information, but are not used by the server. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + application_environment: |- + - + (Optional) + An ApplicationEnvironment from which to inherit configuration properties. + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp when the resource was created. + delete: '- Default is 20 minutes.' + dependency_images: |- + - + (Optional) + List of container image uris for additional file dependencies. Dependent files are sequentially copied from each image. If a file with the same name exists in 2 images then the file from later image is used. + display_name: |- + - + (Optional) + User-provided human-readable name to be used in user interfaces. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/serviceInstances/{{serviceinstance}}/sparkApplications/{{spark_application_id}}' + labels: |- + - + (Optional) + The labels to associate with this application. Labels may be used for filtering and billing tracking. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The location of the spark application. + monitoring_endpoint: |- + - + URL for a monitoring UI for this application (for eventual Spark PHS/UI support) Out of scope for private GA + name: |- + - + Identifier. The name of the application. Format: projects/{project}/locations/{location}/serviceInstances/{service_instance}/sparkApplications/{application} + namespace: |- + - + (Optional) + The Kubernetes namespace in which to create the application. This namespace must already exist on the cluster. + output_uri: |- + - + An HCFS URI pointing to the location of stdout and stdout of the application Mainly useful for Pantheon and gcloud Not in scope for private GA + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + properties: |- + - + (Optional) + application-specific properties. + pyspark_application_config: |- + - + (Optional) + Represents the PySparkApplicationConfig. + Structure is documented below. + pyspark_application_config.archive_uris: |- + - + (Optional) + HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + pyspark_application_config.args: |- + - + (Optional) + The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission. + pyspark_application_config.file_uris: |- + - + (Optional) + HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks. + pyspark_application_config.jar_file_uris: |- + - + (Optional) + HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks. + pyspark_application_config.main_python_file_uri: |- + - + (Required) + The HCFS URI of the main Python file to use as the driver. Must be a .py file. + pyspark_application_config.python_file_uris: |- + - + (Optional) + HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip. + query_list.queries: |- + - + (Required) + The queries to run. + reconciling: |- + - + Whether the application is currently reconciling. True if the current state of the resource does not match the intended state, and the system is working to reconcile them, whether or not the change was user initiated. + serviceinstance: |- + - + (Required) + The id of the service instance to which this spark application belongs. + spark_application_config: |- + - + (Optional) + Represents the SparkApplicationConfig. + Structure is documented below. + spark_application_config.archive_uris: |- + - + (Optional) + HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + spark_application_config.args: |- + - + (Optional) + The arguments to pass to the driver. Do not include arguments that can be set as application properties, such as --conf, since a collision can occur that causes an incorrect application submission. + spark_application_config.file_uris: |- + - + (Optional) + HCFS URIs of files to be placed in the working directory of each executor. + spark_application_config.jar_file_uris: |- + - + (Optional) + HCFS URIs of jar files to add to the classpath of the Spark driver and tasks. + spark_application_config.main_class: |- + - + (Optional) + The name of the driver main class. The jar file that contains the class must be in the classpath or specified in jar_file_uris. + spark_application_config.main_jar_file_uri: |- + - + (Optional) + The HCFS URI of the jar file that contains the main class. + spark_application_id: |- + - + (Required) + The id of the application + spark_r_application_config: |- + - + (Optional) + Represents the SparkRApplicationConfig. + Structure is documented below. + spark_r_application_config.archive_uris: |- + - + (Optional) + HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip. + spark_r_application_config.args: |- + - + (Optional) + The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission. + spark_r_application_config.file_uris: |- + - + (Optional) + HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks. + spark_r_application_config.main_r_file_uri: |- + - + (Required) + The HCFS URI of the main R file to use as the driver. Must be a .R file. + spark_sql_application_config: |- + - + (Optional) + Represents the SparkRApplicationConfig. + Structure is documented below. + spark_sql_application_config.jar_file_uris: |- + - + (Optional) + HCFS URIs of jar files to be added to the Spark CLASSPATH. + spark_sql_application_config.query_file_uri: |- + - + (Optional) + The HCFS URI of the script that contains SQL queries. + spark_sql_application_config.query_list: |- + - + (Optional) + Represents a list of queries. + Structure is documented below. + spark_sql_application_config.script_variables: |- + - + (Optional) + Mapping of query variable names to values (equivalent to the Spark SQL command: SET name="value";). + state: |- + - + The current state. + Possible values: + state_message: |- + - + A message explaining the current state. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + System generated unique identifier for this application, formatted as UUID4. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp when the resource was most recently updated. + version: |- + - + (Optional) + The Dataproc version of this application. + importStatements: [] google_dataproc_job: subCategory: Dataproc description: Manages a job resource within a Dataproc cluster. @@ -74410,7 +82247,7 @@ resources: "rank": "1" } ], - "federation_id": "", + "federation_id": "metastore-fed", "location": "us-central1", "version": "3.1.2" } @@ -74426,7 +82263,7 @@ resources: } ], "location": "us-central1", - "service_id": "", + "service_id": "metastore-service", "tier": "DEVELOPER" } - name: default @@ -74444,7 +82281,7 @@ resources: "rank": "1" } ], - "federation_id": "", + "federation_id": "metastore-fed", "location": "us-central1", "version": "3.1.2" } @@ -74460,7 +82297,7 @@ resources: } ], "location": "us-central1", - "service_id": "", + "service_id": "metastore-service", "tier": "DEVELOPER" } argumentDocs: @@ -74600,6 +82437,29 @@ resources: "service_id": "metastore-srv", "tier": "DEVELOPER" } + - name: default + manifest: |- + { + "deletion_protection": true, + "hive_metastore_config": [ + { + "version": "2.3.6" + } + ], + "labels": { + "env": "test" + }, + "location": "us-central1", + "maintenance_window": [ + { + "day_of_week": "SUNDAY", + "hour_of_day": 2 + } + ], + "port": 9080, + "service_id": "metastore-srv", + "tier": "DEVELOPER" + } - name: default manifest: |- { @@ -74650,7 +82510,8 @@ resources: ] } ], - "service_id": "metastore-srv" + "service_id": "metastore-srv", + "tier": "DEVELOPER" } references: network_config.consumers.subnetwork: google_compute_subnetwork.subnet.id @@ -74789,6 +82650,7 @@ resources: } ], "location": "us-central1", + "provider": "${google-beta}", "scaling_config": [ { "autoscaling_config": [ @@ -74805,6 +82667,8 @@ resources: ], "service_id": "test-service" } + references: + provider: google-beta - name: test_resource manifest: |- { @@ -74815,6 +82679,7 @@ resources: } ], "location": "us-central1", + "provider": "${google-beta}", "scaling_config": [ { "autoscaling_config": [ @@ -74832,6 +82697,8 @@ resources: ], "service_id": "test-service" } + references: + provider: google-beta - name: test_resource manifest: |- { @@ -74842,6 +82709,7 @@ resources: } ], "location": "us-central1", + "provider": "${google-beta}", "scaling_config": [ { "autoscaling_config": [ @@ -74858,6 +82726,8 @@ resources: ], "service_id": "test-service" } + references: + provider: google-beta - name: test_resource manifest: |- { @@ -74924,6 +82794,10 @@ resources: Default value is MYSQL. Possible values are: MYSQL, SPANNER. delete: '- Default is 60 minutes.' + deletion_protection: |- + - + (Optional) + Indicates if the dataproc metastore should be protected against accidental deletions. effective_labels: |- - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. @@ -75340,7 +83214,7 @@ resources: config.labels: |- - (Optional) - The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label keys must contain 1 to 63 characters, and must conform to (https://www.ietf.org/rfc/rfc1035.txt). No more than 32 labels can be associated with a template. + The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label keys must contain 1 to 63 characters, and must conform to RFC 1035. No more than 32 labels can be associated with a template. config.lifecycle_config: |- - (Optional) @@ -75376,7 +83250,7 @@ resources: config.staging_bucket: |- - (Optional) - A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). + A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging and temp buckets). config.temp_bucket: |- - (Optional) @@ -75424,7 +83298,7 @@ resources: gce_cluster_config.metadata: |- - (Optional) - The Compute Engine metadata entries to add to all instances (see (https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + The Compute Engine metadata entries to add to all instances (see About VM metadata). gce_cluster_config.network: |- - (Optional) @@ -75460,7 +83334,7 @@ resources: gce_cluster_config.tags: |- - (Optional) - The Compute Engine tags to add to all instances (see (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + The Compute Engine tags to add to all instances (see Manage tags for resources). gce_cluster_config.zone: |- - (Optional) @@ -75541,7 +83415,7 @@ resources: initialization_actions.execution_timeout: |- - (Optional) - Amount of time executable has to complete. Default is 10 minutes (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. + Amount of time executable has to complete. Default is 10 minutes (see JSON representation of JSON Mapping - Language Guide (proto 3)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period. jobs: |- - (Required) @@ -75597,18 +83471,18 @@ resources: lifecycle_config.auto_delete_time: |- - (Optional) - The time when cluster will be auto-deleted (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + The time when cluster will be auto-deleted (see JSON representation of JSON Mapping - Language Guide (proto 3)). lifecycle_config.auto_delete_ttl: |- - (Optional) - The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3)). lifecycle_config.idle_delete_ttl: |- - (Optional) - The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json). + The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of JSON Mapping - Language Guide (proto 3). lifecycle_config.idle_start_time: |- - - Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of (https://developers.google.com/protocol-buffers/docs/proto3#json)). + Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of JSON Mapping - Language Guide (proto 3)). location: |- - (Required) @@ -75657,7 +83531,7 @@ resources: master_config.min_cpu_platform: |- - (Optional) - Specifies the minimum cpu platform for the Instance Group. See (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + Specifies the minimum cpu platform for the Instance Group. See Minimum CPU platform. master_config.num_instances: |- - (Optional) @@ -76007,75 +83881,6 @@ resources: (Required) Required. List of allowed values for the parameter. importStatements: [] - google_datastore_index: - subCategory: Datastore - description: Describes a composite index for Firestore in Datastore Mode. - name: google_datastore_index - title: "" - examples: - - name: default - manifest: |- - { - "depends_on": [ - "${google_firestore_database.database}" - ], - "kind": "foo", - "properties": [ - { - "direction": "ASCENDING", - "name": "property_a" - }, - { - "direction": "ASCENDING", - "name": "property_b" - } - ] - } - dependencies: - google_firestore_database.database: |- - { - "delete_protection_state": "DELETE_PROTECTION_DISABLED", - "deletion_policy": "DELETE", - "location_id": "nam5", - "name": "(default)", - "project": "my-project-name", - "type": "DATASTORE_MODE" - } - argumentDocs: - ancestor: |- - - - (Optional) - Policy for including ancestors in the index. - Default value is NONE. - Possible values are: NONE, ALL_ANCESTORS. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/indexes/{{index_id}}' - index_id: |- - - - The index id. - kind: |- - - - (Required) - The entity kind which the index applies to. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - properties: |- - - - (Optional) - An ordered list of properties to index on. - Structure is documented below. - properties.direction: |- - - - (Required) - The direction the index should optimize for sorting. - Possible values are: ASCENDING, DESCENDING. - properties.name: |- - - - (Required) - The property name to index. - importStatements: [] google_datastream_connection_profile: subCategory: Datastream description: A set of reusable connection configurations to be used as a source or destination for a stream. @@ -76149,7 +83954,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "POSTGRES_14", - "deletion_protection": "true", + "deletion_protection": true, "name": "my-instance", "region": "us-central1", "settings": [ @@ -76243,7 +84048,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "POSTGRES_14", - "deletion_protection": "true", + "deletion_protection": true, "name": "my-instance", "region": "us-central1", "settings": [ @@ -76314,7 +84119,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "SQLSERVER_2019_STANDARD", - "deletion_protection": "true", + "deletion_protection": true, "name": "sql-server", "region": "us-central1", "root_password": "root-password", @@ -77053,7 +84858,7 @@ resources: "database": "postgres", "hostname": "hostname", "password": "pass", - "port": 3306, + "port": 5432, "username": "user" } ] @@ -77233,6 +85038,9 @@ resources: } ] } + ], + "transaction_logs": [ + {} ] } ] @@ -77279,7 +85087,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "SQLSERVER_2019_STANDARD", - "deletion_protection": "true", + "deletion_protection": true, "name": "sql-server", "region": "us-central1", "root_password": "root-password", @@ -77319,7 +85127,7 @@ resources: - name: default manifest: |- { - "backfill_all": [ + "backfill_none": [ {} ], "destination_config": [ @@ -77327,81 +85135,95 @@ resources: "bigquery_destination_config": [ { "data_freshness": "900s", - "single_target_dataset": [ + "source_hierarchy_datasets": [ { - "dataset_id": "${google_bigquery_dataset.postgres.id}" + "dataset_template": [ + { + "location": "us-central1" + } + ] } ] } ], - "destination_connection_profile": "${google_datastream_connection_profile.destination_connection_profile2.id}" + "destination_connection_profile": "${google_datastream_connection_profile.destination.id}" } ], - "display_name": "postgres to bigQuery", + "display_name": "SQL Server to BigQuery", "location": "us-central1", "source_config": [ { - "mysql_source_config": [ - {} - ], - "source_connection_profile": "${google_datastream_connection_profile.source_connection_profile.id}" + "source_connection_profile": "${google_datastream_connection_profile.source.id}", + "sql_server_source_config": [ + { + "change_tables": [ + {} + ], + "include_objects": [ + { + "schemas": [ + { + "schema": "schema", + "tables": [ + { + "table": "table" + } + ] + } + ] + } + ] + } + ] } ], - "stream_id": "postgres-bigquery" + "stream_id": "stream" } references: - destination_config.bigquery_destination_config.single_target_dataset.dataset_id: google_bigquery_dataset.postgres.id - destination_config.destination_connection_profile: google_datastream_connection_profile.destination_connection_profile2.id - source_config.source_connection_profile: google_datastream_connection_profile.source_connection_profile.id + destination_config.destination_connection_profile: google_datastream_connection_profile.destination.id + source_config.source_connection_profile: google_datastream_connection_profile.source.id dependencies: - google_bigquery_dataset.postgres: |- - { - "dataset_id": "postgres", - "description": "Database of postgres", - "friendly_name": "postgres", - "location": "us-central1" - } - google_datastream_connection_profile.destination_connection_profile2: |- + google_datastream_connection_profile.destination: |- { "bigquery_profile": [ {} ], - "connection_profile_id": "dest-profile", - "display_name": "Connection profile", + "connection_profile_id": "destination-profile", + "display_name": "BigQuery Destination", "location": "us-central1" } - google_datastream_connection_profile.source_connection_profile: |- + google_datastream_connection_profile.source: |- { "connection_profile_id": "source-profile", - "display_name": "Source connection profile", + "display_name": "SQL Server Source", "location": "us-central1", - "mysql_profile": [ + "sql_server_profile": [ { + "database": "${google_sql_database.db.name}", "hostname": "${google_sql_database_instance.instance.public_ip_address}", "password": "${google_sql_user.user.password}", + "port": 1433, "username": "${google_sql_user.user.name}" } ] } google_sql_database.db: |- { + "depends_on": [ + "${google_sql_user.user}" + ], "instance": "${google_sql_database_instance.instance.name}", "name": "db" } google_sql_database_instance.instance: |- { - "database_version": "MYSQL_8_0", - "deletion_protection": false, - "name": "instance-name", + "database_version": "SQLSERVER_2019_STANDARD", + "deletion_protection": true, + "name": "sql-server", "region": "us-central1", + "root_password": "root-password", "settings": [ { - "backup_configuration": [ - { - "binary_log_enabled": true, - "enabled": true - } - ], "ip_configuration": [ { "authorized_networks": [ @@ -77423,21 +85245,15 @@ resources: ] } ], - "tier": "db-f1-micro" + "tier": "db-custom-2-4096" } ] } google_sql_user.user: |- { - "host": "%", "instance": "${google_sql_database_instance.instance.name}", - "name": "my-user", - "password": "${random_password.pwd.result}" - } - random_password.pwd: |- - { - "length": 16, - "special": false + "name": "user", + "password": "password" } - name: default manifest: |- @@ -77445,18 +85261,15 @@ resources: "backfill_none": [ {} ], - "depends_on": [ - "${google_kms_crypto_key_iam_member.bigquery_key_user}" - ], "destination_config": [ { "bigquery_destination_config": [ { + "data_freshness": "900s", "source_hierarchy_datasets": [ { "dataset_template": [ { - "kms_key_name": "bigquery-kms-name", "location": "us-central1" } ] @@ -77464,72 +85277,84 @@ resources: ] } ], - "destination_connection_profile": "${google_datastream_connection_profile.destination_connection_profile.id}" + "destination_connection_profile": "${google_datastream_connection_profile.destination.id}" } ], - "display_name": "my stream", + "display_name": "MySQL to BigQuery", "location": "us-central1", "source_config": [ { "mysql_source_config": [ - {} + { + "gtid": [ + {} + ], + "include_objects": [ + { + "schemas": [ + { + "schema": "schema", + "tables": [ + { + "table": "table" + } + ] + } + ] + } + ] + } ], - "source_connection_profile": "${google_datastream_connection_profile.source_connection_profile.id}" + "source_connection_profile": "${google_datastream_connection_profile.source.id}" } ], - "stream_id": "my-stream" + "stream_id": "\u003c%= ctx[:vars]['stream_id'] %\u003e" } references: - destination_config.destination_connection_profile: google_datastream_connection_profile.destination_connection_profile.id - source_config.source_connection_profile: google_datastream_connection_profile.source_connection_profile.id + destination_config.destination_connection_profile: google_datastream_connection_profile.destination.id + source_config.source_connection_profile: google_datastream_connection_profile.source.id dependencies: - google_datastream_connection_profile.destination_connection_profile: |- + google_datastream_connection_profile.destination: |- { "bigquery_profile": [ {} ], - "connection_profile_id": "destination-profile", - "display_name": "Connection profile", + "connection_profile_id": "\u003c%= ctx[:vars]['destination_connection_profile_id'] %\u003e", + "display_name": "BigQuery Destination", "location": "us-central1" } - google_datastream_connection_profile.source_connection_profile: |- + google_datastream_connection_profile.source: |- { - "connection_profile_id": "source-profile", - "display_name": "Source connection profile", + "connection_profile_id": "\u003c%= ctx[:vars]['source_connection_profile_id'] %\u003e", + "display_name": "MySQL Source", "location": "us-central1", "mysql_profile": [ { + "database": "${google_sql_database.db.name}", "hostname": "${google_sql_database_instance.instance.public_ip_address}", "password": "${google_sql_user.user.password}", + "port": 1433, "username": "${google_sql_user.user.name}" } ] } - google_kms_crypto_key_iam_member.bigquery_key_user: |- - { - "crypto_key_id": "bigquery-kms-name", - "member": "serviceAccount:${data.google_bigquery_default_service_account.bq_sa.email}", - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" - } google_sql_database.db: |- { + "depends_on": [ + "${google_sql_user.user}" + ], "instance": "${google_sql_database_instance.instance.name}", - "name": "db" + "name": "\u003c%= ctx[:vars]['database_name'] %\u003e" } google_sql_database_instance.instance: |- { "database_version": "MYSQL_8_0", - "deletion_protection": true, - "name": "my-instance", + "deletion_protection": "\u003c%= ctx[:vars]['deletion_protection'] %\u003e", + "name": "\u003c%= ctx[:vars]['mysql_name'] %\u003e", "region": "us-central1", + "root_password": "\u003c%= ctx[:vars]['mysql_root_password'] %\u003e", "settings": [ { - "backup_configuration": [ - { - "binary_log_enabled": true, - "enabled": true - } - ], "ip_configuration": [ { "authorized_networks": [ @@ -77551,50 +85376,38 @@ resources: ] } ], - "tier": "db-f1-micro" + "tier": "db-custom-2-4096" } ] } google_sql_user.user: |- { - "host": "%", "instance": "${google_sql_database_instance.instance.name}", - "name": "user", - "password": "${random_password.pwd.result}" - } - random_password.pwd: |- - { - "length": 16, - "special": false + "name": "\u003c%= ctx[:vars]['database_user'] %\u003e", + "password": "\u003c%= ctx[:vars]['database_password'] %\u003e" } - name: default manifest: |- { - "backfill_none": [ + "backfill_all": [ {} ], "destination_config": [ { "bigquery_destination_config": [ { - "append_only": [ - {} - ], - "source_hierarchy_datasets": [ + "data_freshness": "900s", + "single_target_dataset": [ { - "dataset_template": [ - { - "location": "us-central1" - } - ] + "dataset_id": "${google_bigquery_dataset.postgres.id}" } ] } ], - "destination_connection_profile": "${google_datastream_connection_profile.destination_connection_profile.id}" + "destination_connection_profile": "${google_datastream_connection_profile.destination_connection_profile2.id}" } ], - "display_name": "my stream", + "display_name": "postgres to bigQuery", "location": "us-central1", "source_config": [ { @@ -77604,18 +85417,275 @@ resources: "source_connection_profile": "${google_datastream_connection_profile.source_connection_profile.id}" } ], - "stream_id": "my-stream" + "stream_id": "postgres-bigquery" } references: - destination_config.destination_connection_profile: google_datastream_connection_profile.destination_connection_profile.id + destination_config.bigquery_destination_config.single_target_dataset.dataset_id: google_bigquery_dataset.postgres.id + destination_config.destination_connection_profile: google_datastream_connection_profile.destination_connection_profile2.id source_config.source_connection_profile: google_datastream_connection_profile.source_connection_profile.id dependencies: - google_datastream_connection_profile.destination_connection_profile: |- + google_bigquery_dataset.postgres: |- + { + "dataset_id": "postgres", + "description": "Database of postgres", + "friendly_name": "postgres", + "location": "us-central1" + } + google_datastream_connection_profile.destination_connection_profile2: |- { "bigquery_profile": [ {} ], - "connection_profile_id": "destination-profile", + "connection_profile_id": "dest-profile", + "display_name": "Connection profile", + "location": "us-central1" + } + google_datastream_connection_profile.source_connection_profile: |- + { + "connection_profile_id": "source-profile", + "display_name": "Source connection profile", + "location": "us-central1", + "mysql_profile": [ + { + "hostname": "${google_sql_database_instance.instance.public_ip_address}", + "password": "${google_sql_user.user.password}", + "username": "${google_sql_user.user.name}" + } + ] + } + google_sql_database.db: |- + { + "instance": "${google_sql_database_instance.instance.name}", + "name": "db" + } + google_sql_database_instance.instance: |- + { + "database_version": "MYSQL_8_0", + "deletion_protection": false, + "name": "instance-name", + "region": "us-central1", + "settings": [ + { + "backup_configuration": [ + { + "binary_log_enabled": true, + "enabled": true + } + ], + "ip_configuration": [ + { + "authorized_networks": [ + { + "value": "34.71.242.81" + }, + { + "value": "34.72.28.29" + }, + { + "value": "34.67.6.157" + }, + { + "value": "34.67.234.134" + }, + { + "value": "34.72.239.218" + } + ] + } + ], + "tier": "db-f1-micro" + } + ] + } + google_sql_user.user: |- + { + "host": "%", + "instance": "${google_sql_database_instance.instance.name}", + "name": "my-user", + "password": "${random_password.pwd.result}" + } + random_password.pwd: |- + { + "length": 16, + "special": false + } + - name: default + manifest: |- + { + "backfill_none": [ + {} + ], + "depends_on": [ + "${google_kms_crypto_key_iam_member.bigquery_key_user}" + ], + "destination_config": [ + { + "bigquery_destination_config": [ + { + "source_hierarchy_datasets": [ + { + "dataset_template": [ + { + "kms_key_name": "bigquery-kms-name", + "location": "us-central1" + } + ] + } + ] + } + ], + "destination_connection_profile": "${google_datastream_connection_profile.destination_connection_profile.id}" + } + ], + "display_name": "my stream", + "location": "us-central1", + "source_config": [ + { + "mysql_source_config": [ + {} + ], + "source_connection_profile": "${google_datastream_connection_profile.source_connection_profile.id}" + } + ], + "stream_id": "my-stream" + } + references: + destination_config.destination_connection_profile: google_datastream_connection_profile.destination_connection_profile.id + source_config.source_connection_profile: google_datastream_connection_profile.source_connection_profile.id + dependencies: + google_datastream_connection_profile.destination_connection_profile: |- + { + "bigquery_profile": [ + {} + ], + "connection_profile_id": "destination-profile", + "display_name": "Connection profile", + "location": "us-central1" + } + google_datastream_connection_profile.source_connection_profile: |- + { + "connection_profile_id": "source-profile", + "display_name": "Source connection profile", + "location": "us-central1", + "mysql_profile": [ + { + "hostname": "${google_sql_database_instance.instance.public_ip_address}", + "password": "${google_sql_user.user.password}", + "username": "${google_sql_user.user.name}" + } + ] + } + google_kms_crypto_key_iam_member.bigquery_key_user: |- + { + "crypto_key_id": "bigquery-kms-name", + "member": "serviceAccount:${data.google_bigquery_default_service_account.bq_sa.email}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_sql_database.db: |- + { + "instance": "${google_sql_database_instance.instance.name}", + "name": "db" + } + google_sql_database_instance.instance: |- + { + "database_version": "MYSQL_8_0", + "deletion_protection": true, + "name": "my-instance", + "region": "us-central1", + "settings": [ + { + "backup_configuration": [ + { + "binary_log_enabled": true, + "enabled": true + } + ], + "ip_configuration": [ + { + "authorized_networks": [ + { + "value": "34.71.242.81" + }, + { + "value": "34.72.28.29" + }, + { + "value": "34.67.6.157" + }, + { + "value": "34.67.234.134" + }, + { + "value": "34.72.239.218" + } + ] + } + ], + "tier": "db-f1-micro" + } + ] + } + google_sql_user.user: |- + { + "host": "%", + "instance": "${google_sql_database_instance.instance.name}", + "name": "user", + "password": "${random_password.pwd.result}" + } + random_password.pwd: |- + { + "length": 16, + "special": false + } + - name: default + manifest: |- + { + "backfill_none": [ + {} + ], + "destination_config": [ + { + "bigquery_destination_config": [ + { + "append_only": [ + {} + ], + "source_hierarchy_datasets": [ + { + "dataset_template": [ + { + "location": "us-central1" + } + ] + } + ] + } + ], + "destination_connection_profile": "${google_datastream_connection_profile.destination_connection_profile.id}" + } + ], + "display_name": "my stream", + "location": "us-central1", + "source_config": [ + { + "mysql_source_config": [ + {} + ], + "source_connection_profile": "${google_datastream_connection_profile.source_connection_profile.id}" + } + ], + "stream_id": "my-stream" + } + references: + destination_config.destination_connection_profile: google_datastream_connection_profile.destination_connection_profile.id + source_config.source_connection_profile: google_datastream_connection_profile.source_connection_profile.id + dependencies: + google_datastream_connection_profile.destination_connection_profile: |- + { + "bigquery_profile": [ + {} + ], + "connection_profile_id": "destination-profile", "display_name": "Connection profile", "location": "us-central1" } @@ -77991,11 +86061,19 @@ resources: (Optional) Tables in the database. Structure is documented below. + mysql_source_config.binary_log_position: |- + - + (Optional) + CDC reader reads from binary logs replication cdc method. mysql_source_config.exclude_objects: |- - (Optional) MySQL objects to exclude from the stream. Structure is documented below. + mysql_source_config.gtid: |- + - + (Optional) + CDC reader reads from gtid based replication. mysql_source_config.include_objects: |- - (Optional) @@ -78254,7 +86332,11 @@ resources: (Optional) If supplied, every created dataset will have its name prefixed by the provided value. The prefix and name will be separated by an underscore. i.e. _. - source_hierarchy_datasets.dataset_template.desired_state: '- (Optional) Desired state of the Stream. Set this field to RUNNING to start the stream, and PAUSED to pause the stream.' + source_hierarchy_datasets.dataset_template.desired_state: |- + - (Optional) Desired state of the Stream. Set this field to RUNNING to start the stream, + NOT_STARTED to create the stream without starting and PAUSED to pause + the stream from a RUNNING state. + Possible values: NOT_STARTED, RUNNING, PAUSED. Default: NOT_STARTED source_hierarchy_datasets.dataset_template.kms_key_name: |- - (Optional) @@ -78290,6 +86372,10 @@ resources: (Optional) Tables in the database. Structure is documented below. + sql_server_source_config.change_tables: |- + - + (Optional) + CDC reader reads from change tables. sql_server_source_config.exclude_objects: |- - (Optional) @@ -78308,6 +86394,10 @@ resources: - (Optional) Max concurrent CDC tasks. + sql_server_source_config.transaction_logs: |- + - + (Optional) + CDC reader reads from transaction logs. state: |- - The state of the stream. @@ -78483,6 +86573,698 @@ resources: Structure is documented below. update: '- Default is 60 minutes.' importStatements: [] + google_developer_connect_connection: + subCategory: Developer Connect + description: A connection for GitHub, GitHub Enterprise, GitLab, and GitLab Enterprise. + name: google_developer_connect_connection + title: "" + examples: + - name: my-connection + manifest: |- + { + "connection_id": "tf-test-connection-new", + "depends_on": [ + "${google_project_iam_member.devconnect-secret}" + ], + "github_config": [ + { + "github_app": "FIREBASE" + } + ], + "location": "us-central1", + "provider": "${google-beta}" + } + references: + provider: google-beta + dependencies: + google_project_iam_member.devconnect-secret: |- + { + "member": "${google_project_service_identity.devconnect-p4sa.member}", + "project": "my-project-name", + "provider": "${google-beta}", + "role": "roles/secretmanager.admin" + } + google_project_service_identity.devconnect-p4sa: |- + { + "provider": "${google-beta}", + "service": "developerconnect.googleapis.com" + } + - name: my-connection + manifest: |- + { + "connection_id": "tf-test-connection-cred", + "github_config": [ + { + "authorizer_credential": [ + { + "oauth_token_secret_version": "projects/your-project/secrets/your-secret-id/versions/latest" + } + ], + "github_app": "DEVELOPER_CONNECT" + } + ], + "location": "us-central1" + } + - name: my-connection + manifest: |- + { + "connection_id": "my-connection", + "github_config": [ + { + "app_installation_id": 123123, + "authorizer_credential": [ + { + "oauth_token_secret_version": "${google_secret_manager_secret_version.github-token-secret-version.id}" + } + ], + "github_app": "DEVELOPER_CONNECT" + } + ], + "location": "us-central1" + } + references: + github_config.authorizer_credential.oauth_token_secret_version: google_secret_manager_secret_version.github-token-secret-version.id + dependencies: + google_project_service_identity.devconnect-p4sa: |- + { + "service": "developerconnect.googleapis.com" + } + google_secret_manager_secret.github-token-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "github-token-secret" + } + google_secret_manager_secret_iam_policy.policy: |- + { + "policy_data": "${data.google_iam_policy.p4sa-secretAccessor.policy_data}", + "secret_id": "${google_secret_manager_secret.github-token-secret.secret_id}" + } + google_secret_manager_secret_version.github-token-secret-version: |- + { + "secret": "${google_secret_manager_secret.github-token-secret.id}", + "secret_data": "${file(\"my-github-token.txt\")}" + } + - name: my-connection + manifest: |- + { + "connection_id": "tf-test-connection", + "github_config": [ + { + "authorizer_credential": [ + { + "oauth_token_secret_version": "projects/devconnect-terraform-creds/secrets/tf-test-do-not-change-github-oauthtoken-e0b9e7/versions/1" + } + ], + "github_app": "DEVELOPER_CONNECT" + } + ], + "location": "us-central1" + } + - name: my-connection + manifest: |- + { + "connection_id": "my-connection", + "github_config": [ + { + "app_installation_id": 123123, + "authorizer_credential": [ + { + "oauth_token_secret_version": "${google_secret_manager_secret_version.github-token-secret-version.id}" + } + ], + "github_app": "DEVELOPER_CONNECT" + } + ], + "location": "us-central1" + } + references: + github_config.authorizer_credential.oauth_token_secret_version: google_secret_manager_secret_version.github-token-secret-version.id + dependencies: + google_secret_manager_secret.github-token-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "github-token-secret" + } + google_secret_manager_secret_iam_policy.policy: |- + { + "policy_data": "${data.google_iam_policy.p4sa-secretAccessor.policy_data}", + "secret_id": "${google_secret_manager_secret.github-token-secret.secret_id}" + } + google_secret_manager_secret_version.github-token-secret-version: |- + { + "secret": "${google_secret_manager_secret.github-token-secret.id}", + "secret_data": "${file(\"my-github-token.txt\")}" + } + - name: my-connection + manifest: |- + { + "connection_id": "tf-test-connection", + "github_enterprise_config": [ + { + "app_id": 864434, + "app_installation_id": 837537, + "host_uri": "https://ghe.proctor-staging-test.com", + "private_key_secret_version": "projects/devconnect-terraform-creds/secrets/tf-test-ghe-do-not-change-ghe-private-key-f522d2/versions/latest", + "webhook_secret_secret_version": "projects/devconnect-terraform-creds/secrets/tf-test-ghe-do-not-change-ghe-webhook-secret-3c806f/versions/latest" + } + ], + "location": "us-central1" + } + - name: my-connection + manifest: |- + { + "connection_id": "my-connection", + "depends_on": [ + "${google_secret_manager_secret_iam_policy.policy-pk}", + "${google_secret_manager_secret_iam_policy.policy-whs}" + ], + "github_enterprise_config": [ + { + "app_id": 100, + "app_installation_id": 123123, + "host_uri": "https://ghe.com", + "private_key_secret_version": "${google_secret_manager_secret_version.private-key-secret-version.id}", + "webhook_secret_secret_version": "${google_secret_manager_secret_version.webhook-secret-secret-version.id}" + } + ], + "location": "us-central1" + } + references: + github_enterprise_config.private_key_secret_version: google_secret_manager_secret_version.private-key-secret-version.id + github_enterprise_config.webhook_secret_secret_version: google_secret_manager_secret_version.webhook-secret-secret-version.id + dependencies: + google_secret_manager_secret.private-key-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "ghe-pk-secret" + } + google_secret_manager_secret.webhook-secret-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "ghe-token-secret" + } + google_secret_manager_secret_iam_policy.policy-pk: |- + { + "policy_data": "${data.google_iam_policy.p4sa-secretAccessor.policy_data}", + "secret_id": "${google_secret_manager_secret.private-key-secret.secret_id}" + } + google_secret_manager_secret_iam_policy.policy-whs: |- + { + "policy_data": "${data.google_iam_policy.p4sa-secretAccessor.policy_data}", + "secret_id": "${google_secret_manager_secret.webhook-secret-secret.secret_id}" + } + google_secret_manager_secret_version.private-key-secret-version: |- + { + "secret": "${google_secret_manager_secret.private-key-secret.id}", + "secret_data": "${file(\"private-key.pem\")}" + } + google_secret_manager_secret_version.webhook-secret-secret-version: |- + { + "secret": "${google_secret_manager_secret.webhook-secret-secret.id}", + "secret_data": "\u003cwebhook-secret-data\u003e" + } + - name: my-connection + manifest: |- + { + "connection_id": "tf-test-connection", + "gitlab_config": [ + { + "authorizer_credential": [ + { + "user_token_secret_version": "projects/devconnect-terraform-creds/secrets/gitlab-auth-cred/versions/latest" + } + ], + "read_authorizer_credential": [ + { + "user_token_secret_version": "projects/devconnect-terraform-creds/secrets/gitlab-read-cred/versions/latest" + } + ], + "webhook_secret_secret_version": "projects/devconnect-terraform-creds/secrets/gitlab-webhook/versions/latest" + } + ], + "location": "us-central1" + } + - name: my-connection + manifest: |- + { + "connection_id": "tf-test-connection", + "gitlab_enterprise_config": [ + { + "authorizer_credential": [ + { + "user_token_secret_version": "projects/devconnect-terraform-creds/secrets/gitlab-enterprise-auth-cred/versions/latest" + } + ], + "host_uri": "https://gle-us-central1.gcb-test.com", + "read_authorizer_credential": [ + { + "user_token_secret_version": "projects/devconnect-terraform-creds/secrets/gitlab-enterprise-read-cred/versions/latest" + } + ], + "webhook_secret_secret_version": "projects/devconnect-terraform-creds/secrets/gitlab-enterprise-webhook/versions/latest" + } + ], + "location": "us-central1" + } + argumentDocs: + annotations: |- + - + (Optional) + Optional. Allows clients to store small amounts of arbitrary data. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + authorizer_credential.oauth_token_secret_version: |- + - + (Required) + Required. A SecretManager resource containing the OAuth token that authorizes + the connection. Format: projects/*/secrets/*/versions/*. + authorizer_credential.user_token_secret_version: |- + - + (Required) + Required. A SecretManager resource containing the user token that authorizes + the Developer Connect connection. Format: + projects/*/secrets/*/versions/*. + authorizer_credential.username: |- + - + (Output) + Output only. The username associated with this token. + connection_id: |- + - + (Required) + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + connection_id from the method_signature of Create RPC + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. [Output only] Create timestamp + crypto_key_config: |- + - + (Optional) + The crypto key configuration. This field is used by the Customer-managed + encryption keys (CMEK) feature. + Structure is documented below. + crypto_key_config.key_reference: |- + - + (Required) + Required. The name of the key which is used to encrypt/decrypt customer data. For key + in Cloud KMS, the key should be in the format of + projects/*/locations/*/keyRings/*/cryptoKeys/*. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. [Output only] Delete timestamp + disabled: |- + - + (Optional) + Optional. If disabled is set to true, functionality is disabled for this connection. + Repository based API methods and webhooks processing for repositories in + this connection will be disabled. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + etag: |- + - + (Optional) + Optional. This checksum is computed by the server based on the value of other + fields, and may be sent on update and delete requests to ensure the + client has an up-to-date value before proceeding. + github_config: |- + - + (Optional) + Configuration for connections to github.com. + Structure is documented below. + github_config.app_installation_id: |- + - + (Optional) + Optional. GitHub App installation id. + github_config.authorizer_credential: |- + - + (Optional) + Represents an OAuth token of the account that authorized the Connection, + and associated metadata. + Structure is documented below. + github_config.github_app: |- + - + (Required) + Required. Immutable. The GitHub Application that was installed to the GitHub user or + organization. + Possible values: + GIT_HUB_APP_UNSPECIFIED + DEVELOPER_CONNECT + FIREBASE + github_config.installation_uri: |- + - + (Output) + Output only. The URI to navigate to in order to manage the installation associated + with this GitHubConfig. + github_enterprise_config: |- + - + (Optional) + Configuration for connections to an instance of GitHub Enterprise. + Structure is documented below. + github_enterprise_config.app_id: |- + - + (Optional) + Optional. ID of the GitHub App created from the manifest. + github_enterprise_config.app_installation_id: |- + - + (Optional) + Optional. ID of the installation of the GitHub App. + github_enterprise_config.app_slug: |- + - + (Output) + Output only. The URL-friendly name of the GitHub App. + github_enterprise_config.host_uri: |- + - + (Required) + Required. The URI of the GitHub Enterprise host this connection is for. + github_enterprise_config.installation_uri: |- + - + (Output) + Output only. The URI to navigate to in order to manage the installation associated + with this GitHubEnterpriseConfig. + github_enterprise_config.private_key_secret_version: |- + - + (Optional) + Optional. SecretManager resource containing the private key of the GitHub App, + formatted as projects/*/secrets/*/versions/*. + github_enterprise_config.server_version: |- + - + (Output) + Output only. GitHub Enterprise version installed at the host_uri. + github_enterprise_config.service_directory_config: |- + - + (Optional) + ServiceDirectoryConfig represents Service Directory configuration for a + connection. + Structure is documented below. + github_enterprise_config.ssl_ca_certificate: |- + - + (Optional) + Optional. SSL certificate to use for requests to GitHub Enterprise. + github_enterprise_config.webhook_secret_secret_version: |- + - + (Optional) + Optional. SecretManager resource containing the webhook secret of the GitHub App, + formatted as projects/*/secrets/*/versions/*. + gitlab_config: |- + - + (Optional) + Configuration for connections to gitlab.com. + Structure is documented below. + gitlab_config.authorizer_credential: |- + - + (Required) + Represents a personal access token that authorized the Connection, + and associated metadata. + Structure is documented below. + gitlab_config.read_authorizer_credential: |- + - + (Required) + Represents a personal access token that authorized the Connection, + and associated metadata. + Structure is documented below. + gitlab_config.webhook_secret_secret_version: |- + - + (Required) + Required. Immutable. SecretManager resource containing the webhook secret of a GitLab project, + formatted as projects/*/secrets/*/versions/*. This is used to validate + webhooks. + gitlab_enterprise_config: |- + - + (Optional) + Configuration for connections to an instance of GitLab Enterprise. + Structure is documented below. + gitlab_enterprise_config.authorizer_credential: |- + - + (Required) + Represents a personal access token that authorized the Connection, + and associated metadata. + Structure is documented below. + gitlab_enterprise_config.host_uri: |- + - + (Required) + Required. The URI of the GitLab Enterprise host this connection is for. + gitlab_enterprise_config.read_authorizer_credential: |- + - + (Required) + Represents a personal access token that authorized the Connection, + and associated metadata. + Structure is documented below. + gitlab_enterprise_config.server_version: |- + - + (Output) + Output only. Version of the GitLab Enterprise server running on the host_uri. + gitlab_enterprise_config.service_directory_config: |- + - + (Optional) + ServiceDirectoryConfig represents Service Directory configuration for a + connection. + Structure is documented below. + gitlab_enterprise_config.ssl_ca_certificate: |- + - + (Optional) + Optional. SSL Certificate Authority certificate to use for requests to GitLab + Enterprise instance. + gitlab_enterprise_config.webhook_secret_secret_version: |- + - + (Required) + Required. Immutable. SecretManager resource containing the webhook secret of a GitLab project, + formatted as projects/*/secrets/*/versions/*. This is used to validate + webhooks. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/connections/{{connection_id}}' + installation_state: |- + - + Describes stage and necessary actions to be taken by the + user to complete the installation. Used for GitHub and GitHub Enterprise + based connections. + Structure is documented below. + installation_state.action_uri: |- + - + (Optional) + Output only. Link to follow for next action. Empty string if the installation is already + complete. + installation_state.message: |- + - + (Optional) + Output only. Message of what the user should do next to continue the installation. + Empty string if the installation is already complete. + installation_state.stage: |- + - + (Output) + Output only. Current step of the installation process. + Possible values: + STAGE_UNSPECIFIED + PENDING_CREATE_APP + PENDING_USER_OAUTH + PENDING_INSTALL_APP + COMPLETE + labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. + name: |- + - + Identifier. The resource name of the connection, in the format + projects/{project}/locations/{location}/connections/{connection_id}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + read_authorizer_credential.user_token_secret_version: |- + - + (Required) + Required. A SecretManager resource containing the user token that authorizes + the Developer Connect connection. Format: + projects/*/secrets/*/versions/*. + read_authorizer_credential.username: |- + - + (Output) + Output only. The username associated with this token. + reconciling: |- + - + Output only. Set to true when the connection is being set up or updated in the + background. + service_directory_config.service: |- + - + (Required) + Required. The Service Directory service name. + Format: + projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Output only. A system-assigned unique identifier for a the GitRepositoryLink. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. [Output only] Update timestamp + importStatements: [] + google_developer_connect_git_repository_link: + subCategory: Developer Connect + description: A git repository link to a parent connection. + name: google_developer_connect_git_repository_link + title: "" + examples: + - name: my-repository + manifest: |- + { + "git_repository_link_id": "my-repo", + "location": "us-central1", + "parent_connection": "${google_developer_connect_connection.my-connection.connection_id}", + "remote_uri": "https://github.com/myuser/myrepo.git" + } + references: + parent_connection: google_developer_connect_connection.my-connection.connection_id + dependencies: + google_developer_connect_connection.my-connection: |- + { + "connection_id": "my-connection", + "github_config": [ + { + "app_installation_id": 123123, + "authorizer_credential": [ + { + "oauth_token_secret_version": "${google_secret_manager_secret_version.github-token-secret-version.id}" + } + ], + "github_app": "DEVELOPER_CONNECT" + } + ], + "location": "us-central1" + } + google_secret_manager_secret.github-token-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "github-token-secret" + } + google_secret_manager_secret_iam_policy.policy: |- + { + "policy_data": "${data.google_iam_policy.p4sa-secretAccessor.policy_data}", + "secret_id": "${google_secret_manager_secret.github-token-secret.secret_id}" + } + google_secret_manager_secret_version.github-token-secret-version: |- + { + "secret": "${google_secret_manager_secret.github-token-secret.id}", + "secret_data": "${file(\"my-github-token.txt\")}" + } + argumentDocs: + annotations: |- + - + (Optional) + Optional. Allows clients to store small amounts of arbitrary data. + Note: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field effective_annotations for all of the annotations present on the resource. + clone_uri: |- + - + (Required) + Required. Git Clone URI. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. [Output only] Create timestamp + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. [Output only] Delete timestamp + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + etag: |- + - + (Optional) + Optional. This checksum is computed by the server based on the value of other + fields, and may be sent on update and delete requests to ensure the + client has an up-to-date value before proceeding. + git_repository_link_id: |- + - + (Required) + Required. The ID to use for the repository, which will become the final component of + the repository's resource name. This ID should be unique in the connection. + Allows alphanumeric characters and any of -._~%!$&'()*+,;=@. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/connections/{{parent_connection}}/gitRepositoryLinks/{{git_repository_link_id}}' + labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type developerconnect.googleapis.com/GitRepositoryLink. + name: |- + - + Identifier. Resource name of the repository, in the format + projects/*/locations/*/connections/*/gitRepositoryLinks/*. + parent_connection: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type developerconnect.googleapis.com/GitRepositoryLink. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- + - + Output only. Set to true when the connection is being set up or updated in the + background. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Output only. A system-assigned unique identifier for a the GitRepositoryLink. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. [Output only] Update timestamp + importStatements: [] google_dialogflow_agent: subCategory: Dialogflow description: A Dialogflow agent is a virtual agent that handles conversations with your end-users. @@ -78600,6 +87382,25 @@ resources: "finish_digit": "#", "max_digits": 1 } + ], + "logging_settings": [ + { + "enable_consent_based_redaction": true, + "enable_interaction_logging": true, + "enable_stackdriver_logging": true + } + ], + "speech_settings": [ + { + "endpointer_sensitivity": 30, + "models": { + "count": "3", + "mass": "1.3kg", + "name": "wrench" + }, + "no_speech_timeout": "3.500s", + "use_timeout_based_endpointing": true + } ] } ], @@ -78665,6 +87466,14 @@ resources: - (Optional) Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + advanced_settings.logging_settings: |- + - + (Optional) + Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + advanced_settings.speech_settings: |- + - + (Optional) + Settings for speech to text detection. Exposed at the following levels: audio_export_gcs_destination.uri: |- - (Optional) @@ -78707,7 +87516,7 @@ resources: Indicates if automatic spell correction is enabled in detect intent requests. enable_stackdriver_logging: |- - - (Optional) + (Optional, Deprecated) Determines whether this agent should log conversation queries. git_integration_settings: |- - @@ -78748,6 +87557,18 @@ resources: ~> Note: The first time you are deploying an Agent in your project you must configure location settings. This is a one time step but at the moment you can only configure location settings via the Dialogflow CX console. Another options is to use global location so you don't need to manually configure location settings. + logging_settings.enable_consent_based_redaction: |- + - + (Optional) + Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + logging_settings.enable_interaction_logging: |- + - + (Optional) + Enables DF Interaction logging. + logging_settings.enable_stackdriver_logging: |- + - + (Optional) + Enables Google Cloud Logging. name: |- - The unique identifier of the agent. @@ -78758,6 +87579,24 @@ resources: - (Optional) Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/. + speech_settings.endpointer_sensitivity: |- + - + (Optional) + Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + speech_settings.models: |- + - + (Optional) + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + speech_settings.no_speech_timeout: |- + - + (Optional) + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + speech_settings.use_timeout_based_endpointing: |- + - + (Optional) + Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. speech_to_text_settings: |- - (Optional) @@ -79117,6 +87956,25 @@ resources: "finish_digit": "#", "max_digits": 1 } + ], + "logging_settings": [ + { + "enable_consent_based_redaction": true, + "enable_interaction_logging": true, + "enable_stackdriver_logging": true + } + ], + "speech_settings": [ + { + "endpointer_sensitivity": 30, + "models": { + "count": "3", + "mass": "1.3kg", + "name": "wrench" + }, + "no_speech_timeout": "3.500s", + "use_timeout_based_endpointing": true + } ] } ], @@ -79408,6 +88266,14 @@ resources: - (Optional) Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels: + advanced_settings.logging_settings: |- + - + (Optional) + Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels: + advanced_settings.speech_settings: |- + - + (Optional) + Settings for speech to text detection. Exposed at the following levels: audio_export_gcs_destination.uri: |- - (Optional) @@ -79492,6 +88358,18 @@ resources: - (Optional) Custom metadata. Dialogflow doesn't impose any structure on this. + logging_settings.enable_consent_based_redaction: |- + - + (Optional) + Enables consent-based end-user input redaction, if true, a pre-defined session parameter $session.params.conversation-redaction will be used to determine if the utterance should be redacted. + logging_settings.enable_interaction_logging: |- + - + (Optional) + Enables DF Interaction logging. + logging_settings.enable_stackdriver_logging: |- + - + (Optional) + Enables Google Cloud Logging. messages.channel: |- - (Optional) @@ -79587,6 +88465,24 @@ resources: - (Optional) The new JSON-encoded value of the parameter. A null value clears the parameter. + speech_settings.endpointer_sensitivity: |- + - + (Optional) + Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100. + speech_settings.models: |- + - + (Optional) + Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see Speech models. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + speech_settings.no_speech_timeout: |- + - + (Optional) + Timeout before detecting no speech. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + speech_settings.use_timeout_based_endpointing: |- + - + (Optional) + Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value. telephony_transfer_call.phone_number: |- - (Required) @@ -81853,6 +90749,7 @@ resources: } google_project.agent_project: |- { + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -82021,47 +90918,98 @@ resources: "SOLUTION_TYPE_CHAT" ] } + - name: primary + manifest: |- + { + "chat_engine_config": [ + { + "dialogflow_agent_to_link": "${google_dialogflow_cx_agent.agent.id}" + } + ], + "collection_id": "default_collection", + "common_config": [ + { + "company_name": "test-company" + } + ], + "data_store_ids": [ + "${google_discovery_engine_data_store.test_data_store.data_store_id}" + ], + "display_name": "Chat engine", + "engine_id": "chat-engine-id", + "industry_vertical": "GENERIC", + "location": "${google_discovery_engine_data_store.test_data_store.location}" + } + references: + chat_engine_config.dialogflow_agent_to_link: google_dialogflow_cx_agent.agent.id + data_store_ids: google_discovery_engine_data_store.test_data_store.data_store_id + location: google_discovery_engine_data_store.test_data_store.location + dependencies: + google_dialogflow_cx_agent.agent: |- + { + "default_language_code": "en", + "display_name": "dialogflowcx-agent", + "location": "global", + "time_zone": "America/Los_Angeles" + } + google_discovery_engine_data_store.test_data_store: |- + { + "content_config": "NO_CONTENT", + "data_store_id": "data-store", + "display_name": "Structured datastore", + "industry_vertical": "GENERIC", + "location": "global", + "solution_types": [ + "SOLUTION_TYPE_CHAT" + ] + } argumentDocs: - chat_engine_config: |- - - - (Required) - Configurations for a chat Engine. - Structure is documented below. - chat_engine_config.agent_creation_config: |- - - - (Required) - The configuration to generate the Dialogflow agent that is associated to this Engine. - Structure is documented below. - chat_engine_config.agent_creation_config.business: |- + agent_creation_config.business: |- - (Optional) Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search. - chat_engine_config.agent_creation_config.common_config: |- + agent_creation_config.common_config: |- - (Optional) Common config spec that specifies the metadata of the engine. Structure is documented below. - chat_engine_config.agent_creation_config.default_language_code: |- + agent_creation_config.default_language_code: |- - (Required) The default language of the agent as a language tag. See Language Support for a list of the currently supported language codes. - chat_engine_config.agent_creation_config.industry_vertical: |- + agent_creation_config.industry_vertical: |- - (Optional) The industry vertical that the chat engine registers. Vertical on Engine has to match vertical of the DataStore linked to the engine. Default value is GENERIC. Possible values are: GENERIC. - chat_engine_config.agent_creation_config.location: |- + agent_creation_config.location: |- - (Optional) Agent location for Agent creation, currently supported values: global/us/eu, it needs to be the same region as the Chat Engine. - chat_engine_config.agent_creation_config.project: |- + agent_creation_config.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - chat_engine_config.agent_creation_config.time_zone: |- + agent_creation_config.time_zone: |- - (Required) The time zone of the agent from the time zone database, e.g., America/New_York, Europe/Paris. + chat_engine_config: |- + - + (Required) + Configurations for a chat Engine. + Structure is documented below. + chat_engine_config.agent_creation_config: |- + - + (Optional) + The configuration to generate the Dialogflow agent that is associated to this Engine. + Exactly one of agent_creation_config or dialogflow_agent_to_link must be set. + Structure is documented below. + chat_engine_config.dialogflow_agent_to_link: |- + - + (Optional) + The resource name of an existing Dialogflow agent to link to this Chat Engine. Format: projects//locations//agents/. + Exactly one of agent_creation_config or dialogflow_agent_to_link must be set. chat_engine_metadata: |- - Additional information of the Chat Engine. @@ -82166,6 +91114,21 @@ resources: ] } argumentDocs: + chunking_config.layout_based_chunking_config: |- + - + (Optional) + Configuration for the layout based chunking. + Structure is documented below. + chunking_config.layout_based_chunking_config.chunk_size: |- + - + (Optional) + The token size limit for each chunk. + Supported values: 100-500 (inclusive). Default value: 500. + chunking_config.layout_based_chunking_config.include_ancestor_headings: |- + - + (Optional) + Whether to include appending different levels of headings to chunks from the middle of the document to prevent context loss. + Default value: False. content_config: |- - (Required) @@ -82189,6 +91152,10 @@ resources: - (Optional) Configurations applied to digital parser. + default_parsing_config.layout_parsing_config: |- + - + (Optional) + Configurations applied to layout parser. default_parsing_config.ocr_parsing_config: |- - (Optional) @@ -82208,6 +91175,11 @@ resources: (Optional) Configuration for Document understanding and enrichment. Structure is documented below. + document_processing_config.chunking_config: |- + - + (Optional) + Whether chunking mode is enabled. + Structure is documented below. document_processing_config.default_parsing_config: |- - (Optional) @@ -82233,7 +91205,7 @@ resources: - (Required) The industry vertical that the data store registers. - Possible values are: GENERIC, MEDIA. + Possible values are: GENERIC, MEDIA, HEALTHCARE_FHIR. location: |- - (Required) @@ -82254,6 +91226,10 @@ resources: (Optional) Configurations applied to digital parser. parsing_config_overrides.file_type: '- (Required) The identifier for this object. Format specified above.' + parsing_config_overrides.layout_parsing_config: |- + - + (Optional) + Configurations applied to layout parser. parsing_config_overrides.ocr_parsing_config: |- - (Optional) @@ -82277,7 +91253,7 @@ resources: - (Optional) The solutions that the data store enrolls. - Each value may be one of: SOLUTION_TYPE_RECOMMENDATION, SOLUTION_TYPE_SEARCH, SOLUTION_TYPE_CHAT. + Each value may be one of: SOLUTION_TYPE_RECOMMENDATION, SOLUTION_TYPE_SEARCH, SOLUTION_TYPE_CHAT, SOLUTION_TYPE_GENERATIVE_CHAT. update: '- Default is 20 minutes.' importStatements: [] google_discovery_engine_schema: @@ -82430,7 +91406,7 @@ resources: (Optional) The industry vertical that the engine registers. The restriction of the Engine industry vertical is based on DataStore: If unspecified, default to GENERIC. Vertical on Engine has to match vertical of the DataStore liniked to the engine. Default value is GENERIC. - Possible values are: GENERIC, MEDIA. + Possible values are: GENERIC, MEDIA, HEALTHCARE_FHIR. search_engine_config.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -82450,6 +91426,148 @@ resources: - Timestamp the Engine was last updated. importStatements: [] + google_discovery_engine_target_site: + subCategory: Discovery Engine + description: TargetSite represents a URI pattern that the users want to confine their search. + name: google_discovery_engine_target_site + title: "" + examples: + - name: basic + manifest: |- + { + "data_store_id": "${google_discovery_engine_data_store.basic.data_store_id}", + "exact_match": false, + "location": "${google_discovery_engine_data_store.basic.location}", + "provided_uri_pattern": "http://cloud.google.com/docs/*", + "type": "INCLUDE" + } + references: + data_store_id: google_discovery_engine_data_store.basic.data_store_id + location: google_discovery_engine_data_store.basic.location + dependencies: + google_discovery_engine_data_store.basic: |- + { + "content_config": "PUBLIC_WEBSITE", + "create_advanced_site_search": false, + "data_store_id": "data-store-id", + "display_name": "tf-test-basic-site-search-datastore", + "industry_vertical": "GENERIC", + "location": "global", + "skip_default_schema_creation": false, + "solution_types": [ + "SOLUTION_TYPE_SEARCH" + ] + } + - name: advanced + manifest: |- + { + "data_store_id": "${google_discovery_engine_data_store.advanced.data_store_id}", + "exact_match": false, + "location": "${google_discovery_engine_data_store.advanced.location}", + "provided_uri_pattern": "http://cloud.google.com/docs/*", + "type": "INCLUDE" + } + references: + data_store_id: google_discovery_engine_data_store.advanced.data_store_id + location: google_discovery_engine_data_store.advanced.location + dependencies: + google_discovery_engine_data_store.advanced: |- + { + "content_config": "PUBLIC_WEBSITE", + "create_advanced_site_search": true, + "data_store_id": "data-store-id", + "display_name": "tf-test-advanced-site-search-datastore", + "industry_vertical": "GENERIC", + "location": "global", + "skip_default_schema_creation": false, + "solution_types": [ + "SOLUTION_TYPE_SEARCH" + ] + } + argumentDocs: + create: '- Default is 60 minutes.' + data_store_id: |- + - + (Required) + The unique id of the data store. + delete: '- Default is 60 minutes.' + exact_match: |- + - + (Optional) + If set to false, a uri_pattern is generated to include all pages whose + address contains the provided_uri_pattern. If set to true, an uri_pattern + is generated to try to be an exact match of the provided_uri_pattern or + just the specific page if the provided_uri_pattern is a specific one. + provided_uri_pattern is always normalized to generate the URI pattern to + be used by the search engine. + failure_reason: |- + - + Site search indexing failure reasons. + Structure is documented below. + failure_reason.quota_failure: |- + - + (Optional) + Site verification state indicating the ownership and validity. + Structure is documented below. + failure_reason.quota_failure.total_required_quota: |- + - + (Optional) + This number is an estimation on how much total quota this project + needs to successfully complete indexing. + generated_uri_pattern: |- + - + This is system-generated based on the provided_uri_pattern. + id: '- an identifier for the resource with format {{name}}' + indexing_status: |- + - + The indexing status. + location: |- + - + (Required) + The geographic location where the data store should reside. The value can + only be one of "global", "us" and "eu". + name: |- + - + The unique full resource name of the target site. Values are of the format + projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}/siteSearchEngine/targetSites/{target_site_id}. + This field must be a UTF-8 encoded string with a length limit of 1024 + characters. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + provided_uri_pattern: |- + - + (Required) + The user provided URI pattern from which the generated_uri_pattern is + generated. + root_domain_uri: |- + - + Root domain of the provided_uri_pattern. + site_verification_info: |- + - + Site ownership and validity verification status. + Structure is documented below. + site_verification_info.site_verification_state: |- + - + (Optional) + Site verification state indicating the ownership and validity. + Possible values are: VERIFIED, UNVERIFIED, EXEMPTED. + site_verification_info.verify_time: |- + - + (Optional) + Latest site verification time. + target_site_id: |- + - + The unique id of the target site. + type: |- + - + (Optional) + The possible target site types. + Possible values are: INCLUDE, EXCLUDE. + update_time: |- + - + The target site's last updated time. + importStatements: [] google_dns_managed_zone: subCategory: Cloud DNS description: A zone is a subtree of the DNS namespace under one administrative responsibility. @@ -82608,7 +91726,7 @@ resources: "disabled": true } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "ip_allocation_policy": [ { @@ -83346,23 +92464,84 @@ resources: "dns_name": "prod.mydomain.com.", "name": "prod-zone" } + - name: a + manifest: |- + { + "managed_zone": "${google_dns_managed_zone.prod.name}", + "name": "backend.${google_dns_managed_zone.prod.dns_name}", + "routing_policy": [ + { + "health_check": "${google_compute_health_check.http-health-check.id}", + "primary_backup": [ + { + "backup_geo": [ + { + "health_checked_targets": [ + { + "external_endpoints": [ + "10.130.1.1" + ] + } + ], + "location": "us-west1" + } + ], + "primary": [ + { + "external_endpoints": [ + "10.128.1.1" + ] + } + ], + "trickle_ratio": 0.1 + } + ] + } + ], + "ttl": 300, + "type": "A" + } + references: + managed_zone: google_dns_managed_zone.prod.name + routing_policy.health_check: google_compute_health_check.http-health-check.id + dependencies: + google_compute_health_check.http-health-check: |- + { + "check_interval_sec": 30, + "description": "Health check via http", + "healthy_threshold": 4, + "http_health_check": [ + { + "port_specification": "USE_SERVING_PORT" + } + ], + "name": "http-health-check", + "timeout_sec": 5, + "unhealthy_threshold": 5 + } + google_dns_managed_zone.prod: |- + { + "dns_name": "prod.mydomain.com.", + "name": "prod-zone" + } argumentDocs: geo.health_checked_targets: |- - (Optional) For A and AAAA types only. The list of targets to be health checked. These can be specified along with rrdatas within this item. Structure is documented below. geo.location: '- (Required) The location name defined in Google Cloud.' geo.rrdatas: '- (Optional) Same as rrdatas above.' + health_checked_targets.external_endpoints: '- (Optional) The list of external endpoint addresses to health check.' health_checked_targets.internal_load_balancers: |- - - (Required) The list of internal load balancers to health check. - Structure is documented below. - health_checked_targets.internal_load_balancers.ip_address: '- (Required) The frontend IP address of the load balancer.' - health_checked_targets.internal_load_balancers.ip_protocol: '- (Required) The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"]' - health_checked_targets.internal_load_balancers.load_balancer_type: '- (Optional) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"]' - health_checked_targets.internal_load_balancers.network_url: '- (Required) The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}.' - health_checked_targets.internal_load_balancers.port: '- (Required) The configured port of the load balancer.' - health_checked_targets.internal_load_balancers.project: '- (Required) The ID of the project in which the load balancer belongs.' - health_checked_targets.internal_load_balancers.region: '- (Optional) The region of the load balancer. Only needed for regional load balancers.' + - (Optional) The list of internal load balancers to health check. + Structure is documented below. id: '- an identifier for the resource with format projects/{{project}}/managedZones/{{zone}}/rrsets/{{name}}/{{type}}' + internal_load_balancers.ip_address: '- (Required) The frontend IP address of the load balancer.' + internal_load_balancers.ip_protocol: '- (Required) The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"]' + internal_load_balancers.load_balancer_type: '- (Optional) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"]' + internal_load_balancers.network_url: '- (Required) The fully qualified url of the network in which the load balancer belongs. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}.' + internal_load_balancers.port: '- (Required) The configured port of the load balancer.' + internal_load_balancers.project: '- (Required) The ID of the project in which the load balancer belongs.' + internal_load_balancers.region: '- (Optional) The region of the load balancer. Only needed for regional load balancers.' managed_zone: |- - (Required) The name of the zone in which this record set will reside. @@ -83386,6 +92565,7 @@ resources: routing_policy.geo: |- - (Optional) The configuration for Geolocation based routing policy. Structure is documented below. + routing_policy.health_check: '- (Optional) Specifies the health check (used with external endpoints).' routing_policy.primary_backup: |- - (Optional) The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. Structure is documented below. @@ -83466,7 +92646,7 @@ resources: "disabled": true } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "ip_allocation_policy": [ { @@ -84832,7 +94012,7 @@ resources: delete: '- Default is 30 minutes.' details: |- - - A nested object resource + A nested object resource. Structure is documented below. details.cloud_router: |- - @@ -84938,6 +94118,7 @@ resources: - (Optional) A free-text description of the resource. Max length 1024 characters. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}' labels: |- - @@ -84962,6 +94143,11 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' update_time: |- - The time when the subnet was last updated. @@ -85043,6 +94229,7 @@ resources: - (Optional) A free-text description of the resource. Max length 1024 characters. + effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}' ipv4_cidr: |- - @@ -85079,6 +94266,11 @@ resources: - (Required) A unique ID that identifies this subnet. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' update_time: |- - The time when the subnet was last updated. @@ -85692,6 +94884,13 @@ resources: storage_bytes: |- - The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. + tags: |- + - + (Optional) + A map of resource manager tags. + Resource manager tag keys and values have the same definition as resource manager tags. + Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}. + The field is ignored (both PUT & PATCH) when empty. terraform_labels: |- - The combination of labels configured directly on the resource @@ -85785,11 +94984,8 @@ resources: } ], "protocol": "NFS_V4_1", - "provider": "${google-beta}", "tier": "ENTERPRISE" } - references: - provider: google-beta - name: instance manifest: |- { @@ -85864,7 +95060,20 @@ resources: The resource name of the backup, in the format projects/{projectId}/locations/{locationId}/backups/{backupId}, that this file share has been restored from. + fixed_iops.max_iops: |- + - + (Optional) + The number of IOPS to provision for the instance. + max_iops must be in multiple of 1000. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{name}}' + iops_per_tb.max_iops_per_tb: |- + - + (Optional) + The instance max IOPS will be calculated by multiplying + the capacity of the instance (TB) by max_iops_per_tb, + and rounding to the nearest 1000. The instance max IOPS + will be changed dynamically based on the instance + capacity. name: |- - (Required) @@ -85883,6 +95092,14 @@ resources: DIRECT_PEERING. Default value is DIRECT_PEERING. Possible values are: DIRECT_PEERING, PRIVATE_SERVICE_ACCESS. + networks.deletion_protection_enabled: |- + - + (Optional) + Indicates whether the instance is protected against deletion. + networks.deletion_protection_reason: |- + - + (Optional) + The reason for enabling deletion protection. networks.description: |- - (Optional) @@ -85915,12 +95132,18 @@ resources: (Required) The name of the GCE VPC network to which the instance is connected. + networks.performance_config: |- + - + (Optional) + Performance configuration for the instance. If not provided, + the default performance settings will be used. + Structure is documented below. networks.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. networks.protocol: |- - - (Optional, Beta) + (Optional) Either NFSv3, for using NFS version 3 as file sharing protocol, or NFSv4.1, for using NFS version 4.1 as file sharing protocol. NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. @@ -85968,6 +95191,19 @@ resources: for not allowing root access. The default is NO_ROOT_SQUASH. Default value is NO_ROOT_SQUASH. Possible values are: NO_ROOT_SQUASH, ROOT_SQUASH. + performance_config.fixed_iops: |- + - + (Optional) + The instance will have a fixed provisioned IOPS value, + which will remain constant regardless of instance + capacity. + Structure is documented below. + performance_config.iops_per_tb: |- + - + (Optional) + The instance provisioned IOPS will change dynamically + based on the capacity of the instance. + Structure is documented below. terraform_labels: |- - The combination of labels configured directly on the resource @@ -86966,7 +96202,7 @@ resources: manifest: |- { "depends_on": [ - "${google_project_service.firebase_database}" + "${time_sleep.wait_60_seconds}" ], "instance_id": "rtdb-project-default-rtdb", "project": "${google_firebase_project.default.project}", @@ -86980,11 +96216,15 @@ resources: dependencies: google_firebase_project.default: |- { + "depends_on": [ + "${google_project_service.firebase}" + ], "project": "${google_project.default.project_id}", "provider": "${google-beta}" } google_project.default: |- { + "deletion_policy": "DELETE", "labels": { "firebase": "enabled" }, @@ -86993,12 +96233,27 @@ resources: "project_id": "rtdb-project", "provider": "${google-beta}" } + google_project_service.firebase: |- + { + "disable_on_destroy": false, + "project": "${google_project.default.project_id}", + "provider": "${google-beta}", + "service": "firebase.googleapis.com" + } google_project_service.firebase_database: |- { + "disable_on_destroy": false, "project": "${google_firebase_project.default.project}", "provider": "${google-beta}", "service": "firebasedatabase.googleapis.com" } + time_sleep.wait_60_seconds: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_project_service.firebase_database}" + ] + } argumentDocs: create: '- Default is 20 minutes.' database_url: |- @@ -87006,7 +96261,7 @@ resources: The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances or https://{instance-id}.{region}.firebasedatabase.app in other regions. delete: '- Default is 20 minutes.' - desired_state: '- (Optional) The intended database state.' + desired_state: '- (Optional) The intended database state. Possible values: ACTIVE, DISABLED.' id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{instance_id}}' instance_id: |- - @@ -87394,6 +96649,7 @@ resources: dependencies: google_cloud_run_v2_service.default: |- { + "deletion_protection": true, "ingress": "INGRESS_TRAFFIC_ALL", "location": "us-central1", "name": "cloud-run-service-via-hosting", @@ -87633,7 +96889,7 @@ resources: If it is not provided, the provider project is used. reconciling: |- - - if true, indicates that Hosting's systems are attmepting to + if true, indicates that Hosting's systems are attempting to make the CustomDomain's state match your preferred state. This is most frequently true when initially provisioning a CustomDomain or when creating a new SSL certificate to match an updated cert_preference @@ -87953,6 +97209,76 @@ resources: "provider": "${google-beta}", "site_id": "site-id" } + - name: default + manifest: |- + { + "config": [ + { + "headers": [ + { + "glob": "/headers/**", + "headers": { + "my-header": "my-value" + } + } + ] + } + ], + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" + } + references: + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + dependencies: + google_firebase_hosting_release.default: |- + { + "message": "With custom headers", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" + } + google_firebase_hosting_site.default: |- + { + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" + } + - name: default + manifest: |- + { + "config": [ + { + "headers": [ + { + "headers": { + "my-header": "my-value" + }, + "regex": "^~/headers$" + } + ] + } + ], + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" + } + references: + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + dependencies: + google_firebase_hosting_release.default: |- + { + "message": "With custom headers", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" + } + google_firebase_hosting_site.default: |- + { + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" + } - name: default manifest: |- { @@ -88015,6 +97341,7 @@ resources: dependencies: google_cloud_run_v2_service.default: |- { + "deletion_protection": true, "ingress": "INGRESS_TRAFFIC_ALL", "location": "us-central1", "name": "cloud-run-service-via-hosting", @@ -88111,6 +97438,12 @@ resources: (Optional) The configuration for the behavior of the site. This configuration exists in the firebase.json file. Structure is documented below. + config.headers: |- + - + (Optional) + An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to apply the specified custom response headers. + Structure is documented below. config.redirects: |- - (Optional) @@ -88125,6 +97458,18 @@ resources: Structure is documented below. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + headers.glob: |- + - + (Optional) + The user-supplied glob to match against the request URL path. + headers.headers: |- + - + (Required) + The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + headers.regex: |- + - + (Optional) + The user-supplied RE2 regular expression to match against the request URL path. id: '- an identifier for the resource with format sites/{{site_id}}/versions/{{version_id}}' name: |- - @@ -88203,6 +97548,7 @@ resources: dependencies: google_project.default: |- { + "deletion_policy": "DELETE", "labels": { "firebase": "enabled" }, @@ -88223,7 +97569,7 @@ resources: If it is not provided, the provider project is used. project_number: |- - - The number of the google project that firebase is enabled on. + The number of the Google Project that Firebase is enabled on. importStatements: [] google_firebase_storage_bucket: subCategory: Cloud Storage for Firebase @@ -88366,19 +97712,32 @@ resources: - name: primary manifest: |- { - "lifecycle": [ + "name": "cloud.firestore", + "project": "my-project-name", + "ruleset_name": "projects/my-project-name/rulesets/${google_firebaserules_ruleset.firestore.name}" + } + dependencies: + google_firebaserules_ruleset.firestore: |- { - "replace_triggered_by": [ - "${google_firebaserules_ruleset.firestore}" + "project": "my-project-name", + "source": [ + { + "files": [ + { + "content": "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } } }", + "name": "firestore.rules" + } + ] + } ] } - ], + - name: primary + manifest: |- + { "name": "cloud.firestore/database", "project": "my-project-name", "ruleset_name": "projects/my-project-name/rulesets/${google_firebaserules_ruleset.firestore.name}" } - references: - lifecycle.replace_triggered_by: google_firebaserules_ruleset.firestore dependencies: google_firebaserules_ruleset.firestore: |- { @@ -88805,7 +98164,7 @@ resources: Cloud KMS multi-region europe. See https://cloud.google.com/kms/docs/locations. This value should be the KMS key resource ID in the format of projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. - How to retrive this resource ID is listed at + How to retrieve this resource ID is listed at https://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version. concurrency_mode: |- - @@ -88927,6 +98286,7 @@ resources: } google_project.project: |- { + "deletion_policy": "DELETE", "name": "project-id", "org_id": "123456789", "project_id": "project-id" @@ -88971,6 +98331,7 @@ resources: } google_project.project: |- { + "deletion_policy": "DELETE", "name": "project-id", "org_id": "123456789", "project_id": "project-id" @@ -89015,6 +98376,7 @@ resources: } google_project.project: |- { + "deletion_policy": "DELETE", "name": "project-id", "org_id": "123456789", "project_id": "project-id" @@ -89059,6 +98421,7 @@ resources: } google_project.project: |- { + "deletion_policy": "DELETE", "name": "project-id", "org_id": "123456789", "project_id": "project-id" @@ -89389,6 +98752,31 @@ resources: "project": "my-project-name", "type": "FIRESTORE_NATIVE" } + - name: my-index + manifest: |- + { + "collection": "atestcollection", + "database": "${google_firestore_database.database.name}", + "fields": [ + { + "field_path": "__name__", + "order": "DESCENDING" + } + ], + "project": "my-project-name" + } + references: + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- + { + "delete_protection_state": "DELETE_PROTECTION_DISABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" + } argumentDocs: collection: |- - @@ -89482,6 +98870,15 @@ resources: } references: parent: google_folder.department1.name + - name: department1 + manifest: |- + { + "display_name": "Department 1", + "parent": "organizations/1234567", + "tags": { + "1234567/env": "staging" + } + } argumentDocs: create_time: |- - Timestamp when the Folder was created. Assigned by the server. @@ -89495,6 +98892,7 @@ resources: parent: |- - (Required) The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}. + tags: '- (Optional) A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource.' importStatements: [] google_folder_access_approval_settings: subCategory: Access Approval @@ -89521,6 +98919,7 @@ resources: dependencies: google_folder.my_folder: |- { + "deletion_protection": false, "display_name": "my-folder", "parent": "organizations/123456789" } @@ -89544,6 +98943,7 @@ resources: dependencies: google_folder.my_folder: |- { + "deletion_protection": false, "display_name": "my-folder", "parent": "organizations/123456789" } @@ -89572,6 +98972,7 @@ resources: } google_project.my_project: |- { + "deletion_policy": "DELETE", "folder_id": "${google_folder.my_folder.name}", "name": "My Project", "project_id": "your-project-id" @@ -89762,6 +99163,204 @@ resources: update_time: '- (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".' version: '- (Optional) Version of the Policy. Default version is 0.' importStatements: [] + google_gemini_code_repository_index: + subCategory: Gemini for Google Cloud + description: The resource for managing Code Repository Index for Gemini Code Assist. + name: google_gemini_code_repository_index + title: "" + examples: + - name: example + manifest: |- + { + "code_repository_index_id": "", + "kms_key": "projects/projectExample/locations/locationExample/keyRings/keyRingExample/cryptoKeys/cryptoKeyExample", + "location": "us-central1", + "provider": "${google-beta}" + } + references: + provider: google-beta + argumentDocs: + code_repository_index_id: |- + - + (Required) + Required. Id of the Code Repository Index. + create: '- Default is 90 minutes.' + create_time: |- + - + Output only. Create time stamp. + delete: '- Default is 90 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/codeRepositoryIndexes/{{code_repository_index_id}}' + kms_key: |- + - + (Optional) + Optional. Immutable. Customer-managed encryption key name, in the format + projects//locations//keyRings//cryptoKeys/. + labels: |- + - + (Optional) + Optional. Labels as key value pairs. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The location of the Code Repository Index, for example us-central1. + name: |- + - + Immutable. Identifier. Name of Code Repository Index. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + state: |- + - + Output only. Code Repository Index instance State. + Possible values: + STATE_UNSPECIFIED + CREATING + ACTIVE + DELETING + SUSPENDED + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 90 minutes.' + update_time: |- + - + Output only. Update time stamp. + importStatements: [] + google_gemini_repository_group: + subCategory: Gemini for Google Cloud + description: The resource for managing Repository Group for Gemini Code Assist. + name: google_gemini_repository_group + title: "" + examples: + - name: example + manifest: |- + { + "code_repository_index": "", + "labels": { + "label1": "value1" + }, + "location": "us-central1", + "provider": "${google-beta}", + "repositories": [ + { + "branch_pattern": "main", + "resource": "projects/example-project/locations/us-central1/connections/example-connection/gitRepositoryLinks/example-repo" + } + ], + "repository_group_id": "gen-repository-group-" + } + references: + provider: google-beta + argumentDocs: + code_repository_index: |- + - + (Required) + Required. Id of the Code Repository Index. + create: '- Default is 30 minutes.' + create_time: |- + - + Output only. Create time stamp + delete: '- Default is 30 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/codeRepositoryIndexes/{{code_repository_index}}/repositoryGroups/{{repository_group_id}}' + location: |- + - + (Required) + The location of the Code Repository Index, for example us-central1. + name: |- + - + Immutable. Identifier. name of resource + repositories: |- + - + (Required) + Required. List of repositories to group + Structure is documented below. + repositories.branch_pattern: |- + - + (Required) + Required. The Git branch pattern used for indexing in RE2 syntax. + See https://github.com/google/re2/wiki/syntax for syntax. + repositories.labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + repositories.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + repositories.resource: |- + - + (Required) + Required. The DeveloperConnect repository full resource name, relative resource name + or resource URL to be indexed. + repository_group_id: |- + - + (Required) + Required. Id of the Repository Group. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + update_time: |- + - + Output only. Update time stamp + importStatements: [] + google_gemini_repository_group_iam_policy: + subCategory: Gemini for Google Cloud + description: Collection of resources to manage IAM policy for Gemini for Google Cloud RepositoryGroup + name: google_gemini_repository_group_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "code_repository_index": "${google_gemini_repository_group.example.code_repository_index}", + "location": "${google_gemini_repository_group.example.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_gemini_repository_group.example.project}", + "provider": "${google-beta}", + "repository_group_id": "${google_gemini_repository_group.example.repository_group_id}" + } + references: + code_repository_index: google_gemini_repository_group.example.code_repository_index + location: google_gemini_repository_group.example.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_gemini_repository_group.example.project + provider: google-beta + repository_group_id: google_gemini_repository_group.example.repository_group_id + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_gemini_repository_group_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repositorygroup are preserved.' + google_gemini_repository_group_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repositorygroup are preserved.' + google_gemini_repository_group_iam_policy: ': Authoritative. Sets the IAM policy for the repositorygroup and replaces any existing policy already attached.' + location: |- + - (Optional) The location of the Code Repository Index, for example us-central1. Used to find the parent resource to bind the IAM policy to. If not specified, + the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no + location is specified, it is taken from the provider configuration. + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_gemini_repository_group_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_gemini_repository_group_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] google_gke_backup_backup_plan: subCategory: Backup for GKE description: Represents a Backup Plan instance. @@ -89796,7 +99395,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "basic-cluster", @@ -89836,7 +99435,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "enable_autopilot": true, "ip_allocation_policy": [ {} @@ -89892,7 +99491,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "cmek-cluster", @@ -89966,7 +99565,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "full-cluster", @@ -90031,7 +99630,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "permissive-cluster", @@ -90116,7 +99715,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "rpo-daily-cluster", @@ -90222,7 +99821,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "rpo-weekly-cluster", @@ -90583,7 +100182,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "restore-all-ns-cluster", @@ -90659,7 +100258,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "rollback-ns-cluster", @@ -90728,7 +100327,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "rollback-app-cluster", @@ -90788,7 +100387,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "all-groupkinds-cluster", @@ -90893,7 +100492,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "rename-ns-cluster", @@ -90992,7 +100591,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "transform-rule-cluster", @@ -91053,7 +100652,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "gitops-mode-cluster", @@ -91148,7 +100747,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "restore-order-cluster", @@ -91215,7 +100814,7 @@ resources: ] } ], - "deletion_protection": "", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1", "name": "volume-res-cluster", @@ -91659,7 +101258,6 @@ resources: } google_gke_hub_membership.membership: |- { - "description": "Membership", "endpoint": [ { "gke_cluster": [ @@ -92035,7 +101633,7 @@ resources: configmanagement.version: |- - (Optional) - Version of ACM installed + Version of Config Sync installed container_resources.limits: |- - (Optional) @@ -92201,7 +101799,7 @@ resources: - (Optional) The full, unique name of this Feature resource - oci.configmanagement.config_sync.oci.version: field is deprecated and will be removed in a future major release. Please use configmanagement.version field to specify the version of ACM installed instead. + oci.configmanagement.config_sync.oci.version: field is deprecated and will be removed in a future major release. Please use configmanagement.version field to specify the version of Config Sync installed instead. oci.gcp_service_account_email: |- - (Optional) @@ -92225,7 +101823,7 @@ resources: oci.version: |- - (Optional, Deprecated) - Version of ACM installed + Version of Config Sync installed pod_toleration.effect: |- - (Optional) @@ -92377,7 +101975,7 @@ resources: - (Optional) Configures the manner in which the template library is installed on the cluster. - Possible values are: INSTALATION_UNSPECIFIED, NOT_INSTALLED, ALL. + Possible values are: INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL. terraform_labels: |- - The combination of labels configured directly on the resource @@ -92451,14 +102049,10 @@ resources: { "config_sync": [ { - "git": [ - { - "sync_repo": "https://github.com/hashicorp/terraform" - } - ] + "enabled": true } ], - "version": "1.6.2" + "management": "MANAGEMENT_AUTOMATIC" } ], "feature": "${google_gke_hub_feature.feature.name}", @@ -92503,18 +102097,15 @@ resources: { "config_sync": [ { - "oci": [ + "enabled": true, + "git": [ { - "gcp_service_account_email": "sa@project-id.iam.gserviceaccount.com", - "policy_dir": "config-connector", - "secret_type": "gcpserviceaccount", - "sync_repo": "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest", - "sync_wait_secs": "20" + "sync_repo": "https://github.com/hashicorp/terraform" } ] } ], - "version": "1.15.1" + "version": "1.19.0" } ], "feature": "${google_gke_hub_feature.feature.name}", @@ -92555,14 +102146,28 @@ resources: - name: feature_member manifest: |- { - "feature": "${google_gke_hub_feature.feature.name}", - "location": "global", - "membership": "${google_gke_hub_membership.membership.membership_id}", - "mesh": [ + "configmanagement": [ { - "management": "MANAGEMENT_AUTOMATIC" + "config_sync": [ + { + "enabled": true, + "oci": [ + { + "gcp_service_account_email": "sa@project-id.iam.gserviceaccount.com", + "policy_dir": "config-connector", + "secret_type": "gcpserviceaccount", + "sync_repo": "us-central1-docker.pkg.dev/sample-project/config-repo/config-sync-gke:latest", + "sync_wait_secs": "20" + } + ] + } + ], + "version": "1.19.0" } - ] + ], + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}" } references: feature: google_gke_hub_feature.feature.name @@ -92576,8 +102181,11 @@ resources: } google_gke_hub_feature.feature: |- { + "labels": { + "foo": "bar" + }, "location": "global", - "name": "servicemesh" + "name": "configmanagement" } google_gke_hub_membership.membership: |- { @@ -92599,6 +102207,7 @@ resources: { "config_sync": [ { + "enabled": true, "git": [ { "sync_repo": "https://github.com/hashicorp/terraform" @@ -92606,7 +102215,7 @@ resources: ] } ], - "version": "1.6.2" + "version": "1.19.0" } ], "feature": "${google_gke_hub_feature.feature.name}", @@ -92647,6 +102256,46 @@ resources: "location": "us-central1", "membership_id": "my-membership" } + - name: feature_member + manifest: |- + { + "feature": "${google_gke_hub_feature.feature.name}", + "location": "global", + "membership": "${google_gke_hub_membership.membership.membership_id}", + "mesh": [ + { + "management": "MANAGEMENT_AUTOMATIC" + } + ] + } + references: + feature: google_gke_hub_feature.feature.name + membership: google_gke_hub_membership.membership.membership_id + dependencies: + google_container_cluster.cluster: |- + { + "initial_node_count": 1, + "location": "us-central1-a", + "name": "my-cluster" + } + google_gke_hub_feature.feature: |- + { + "location": "global", + "name": "servicemesh" + } + google_gke_hub_membership.membership: |- + { + "endpoint": [ + { + "gke_cluster": [ + { + "resource_link": "//container.googleapis.com/${google_container_cluster.cluster.id}" + } + ] + } + ], + "membership_id": "my-membership" + } - name: feature_member manifest: |- { @@ -92763,28 +102412,39 @@ resources: - (Optional) The set of namespaces to be exempted from the bundle. + config_sync.enabled: |- + - + (Optional) + Whether Config Sync is enabled in the cluster. This field was introduced in Terraform version + 5.41.0, and + needs to be set to true explicitly to install Config Sync. config_sync.git: |- - (Optional) Structure is documented below. config_sync.oci: |- - - (Optional) Supported from ACM versions 1.12.0 onwards. Structure is documented below. + (Optional) Supported from Config Sync versions 1.12.0 onwards. Structure is documented below. config_sync.prevent_drift: |- - (Optional) - Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts. + Supported from Config Sync versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to false, disables the Config Sync admission webhook and does not prevent drifts. config_sync.source_format: |- - (Optional) Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. + config_sync.stop_syncing: |- + - + (Optional) + Set to true to stop syncing configurations for a single cluster. This field is only available on clusters using Config Sync auto-upgrades or on Config Sync version 1.20.0 or later. Defaults: false. configmanagement: |- - (Optional) Config Management-specific spec. Structure is documented below. configmanagement.binauthz: |- - - (Optional) + (Optional, Deprecated) Binauthz configuration for the cluster. Structure is documented below. + This field will be ignored and should not be set. configmanagement.config_sync: |- - (Optional) @@ -92793,14 +102453,27 @@ resources: - (Optional) Hierarchy Controller configuration for the cluster. Structure is documented below. + Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. + Use open source Kubernetes Hierarchical Namespace Controller (HNC) instead. + Follow the instructions + to migrate from Hierarchy Controller to HNC. + configmanagement.management: |- + - + (Optional) + Set this field to MANAGEMENT_AUTOMATIC to enable + Config Sync auto-upgrades, + and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + This field was introduced in Terraform version 5.41.0. configmanagement.policy_controller: |- - (Optional) Policy Controller configuration for the cluster. Structure is documented below. + Configuring Policy Controller through the configmanagement feature is no longer recommended. + Use the policycontroller feature instead. configmanagement.version: |- - (Optional) - Version of ACM installed. + Version of Config Sync installed. container_resources.limits: |- - (Optional) @@ -93203,7 +102876,7 @@ resources: dependencies: google_container_cluster.primary: |- { - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1-a", "name": "basic-cluster", @@ -93234,7 +102907,7 @@ resources: dependencies: google_container_cluster.primary: |- { - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1-a", "name": "basic-cluster", @@ -93258,7 +102931,7 @@ resources: - (Required) A JSON Web Token (JWT) issuer URI. issuer must start with https:// and // be a valid - with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster (must be locations rather than zones). If the cluster is provisioned with Terraform, this is "https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}". + with length <2000 characters. For example: https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster. If the cluster is provisioned with Terraform, this is "https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}". create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' description: |- @@ -93280,7 +102953,7 @@ resources: - (Required) Self-link of the GCP resource for the GKE cluster. - For example: //container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster. + For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster. It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, this can be "//container.googleapis.com/${google_container_cluster.my-cluster.id}" or google_container_cluster.my-cluster.id. @@ -93339,7 +103012,7 @@ resources: dependencies: google_container_cluster.primary: |- { - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1-a", "name": "basic-cluster", @@ -93497,7 +103170,7 @@ resources: dependencies: google_container_cluster.primary: |- { - "deletion_protection": "true", + "deletion_protection": true, "initial_node_count": 1, "location": "us-central1-a", "name": "basic-cluster", @@ -94291,7 +103964,7 @@ resources: load_balancer.manual_lb_config: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. load_balancer.port_config: |- - @@ -94372,7 +104045,7 @@ resources: network_config.island_mode_cidr: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. network_config.island_mode_cidr.pod_address_cidr_blocks: |- - @@ -95246,12 +104919,12 @@ resources: load_balancer.manual_lb_config: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. load_balancer.metal_lb_config: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. load_balancer.port_config: |- - @@ -95450,7 +105123,7 @@ resources: network_config.island_mode_cidr: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. network_config.multiple_network_interfaces_config: |- - @@ -96086,59 +105759,43 @@ resources: - The time the cluster was last updated, in RFC3339 text format. importStatements: [] - google_gkeonprem_vmware_cluster: + google_gkeonprem_vmware_admin_cluster: subCategory: Anthos On-Prem - description: A Google VMware User Cluster. - name: google_gkeonprem_vmware_cluster + description: A Google VMware Admin Cluster. + name: google_gkeonprem_vmware_admin_cluster title: "" examples: - - name: cluster-basic + - name: admin-cluster-basic manifest: |- { - "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", - "annotations": {}, + "bootstrap_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", "control_plane_node": [ { "cpus": 4, - "memory": 8192, - "replicas": 1 + "memory": 8192 } ], - "description": "test cluster", + "description": "test admin cluster", + "image_type": "ubuntu_containerd", "load_balancer": [ { - "metal_lb_config": [ + "f5_config": [ { - "address_pools": [ - { - "addresses": [ - "10.251.135.19" - ], - "avoid_buggy_ips": true, - "manual_assign": "true", - "pool": "ingress-ip" - }, - { - "addresses": [ - "10.251.135.19" - ], - "avoid_buggy_ips": true, - "manual_assign": "true", - "pool": "lb-test-ip" - } - ] + "address": "10.251.135.22", + "partition": "test-parition", + "snat_pool": "test-snat-pool" } ], "vip_config": [ { - "control_plane_vip": "10.251.133.5", - "ingress_vip": "10.251.135.19" + "addons_vip": "10.251.135.19", + "control_plane_vip": "10.251.133.5" } ] } ], "location": "us-west1", - "name": "cluster-basic", + "name": "basic", "network_config": [ { "dhcp_ip_config": [ @@ -96154,12 +105811,35 @@ resources: ] } ], - "on_prem_version": "1.13.1-gke.35" + "on_prem_version": "1.31.0-gke.35", + "provider": "${google-beta}", + "vcenter": [ + { + "address": "10.0.0.1", + "ca_cert_data": "test ca cert data", + "cluster": "test cluster", + "data_disk": "test data disk", + "datacenter": "test data center", + "datastore": "test data store", + "folder": "test folder", + "resource_pool": "test resource pool" + } + ] } - - name: cluster-f5lb + references: + provider: google-beta + - name: admin-cluster-full manifest: |- { - "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", + "addon_node": [ + { + "auto_resize_config": [ + { + "enabled": true + } + ] + } + ], "annotations": {}, "anti_affinity_groups": [ { @@ -96168,9 +105848,9 @@ resources: ], "authorization": [ { - "admin_users": [ + "viewer_users": [ { - "username": "testuser@gmail.com" + "username": "user1@gmail.com" } ] } @@ -96180,154 +105860,873 @@ resources: "enabled": true } ], + "bootstrap_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", "control_plane_node": [ { - "auto_resize_config": [ - { - "enabled": true - } - ], "cpus": 4, "memory": 8192, - "replicas": 1 - } - ], - "dataplane_v2": [ - { - "advanced_networking": true, - "dataplane_v2_enabled": true, - "windows_dataplane_v2_enabled": true + "replicas": 3 } ], - "description": "test cluster", - "disable_bundled_ingress": true, - "enable_control_plane_v2": true, + "description": "test admin cluster", + "image_type": "ubuntu_containerd", "load_balancer": [ { - "f5_config": [ + "manual_lb_config": [ { - "address": "10.0.0.1", - "partition": "test-partition", - "snat_pool": "test-snap-pool" + "addons_node_port": 30005, + "control_plane_node_port": 30006, + "ingress_http_node_port": 30007, + "ingress_https_node_port": 30008, + "konnectivity_server_node_port": 30009 } ], "vip_config": [ { - "control_plane_vip": "10.251.133.5", - "ingress_vip": "10.251.135.19" + "addons_vip": "10.251.135.19", + "control_plane_vip": "10.251.133.5" } ] } ], "location": "us-west1", - "name": "cluster-f5lb", + "name": "full", "network_config": [ { - "control_plane_v2_config": [ + "ha_control_plane_config": [ { "control_plane_ip_block": [ { - "gateway": "test-gateway", + "gateway": "10.0.0.3", "ips": [ { - "hostname": "test-hostname", - "ip": "10.0.0.1" + "hostname": "hostname", + "ip": "10.0.0.4" } ], - "netmask": "10.0.0.1/32" + "netmask": "10.0.0.3/32" } ] } ], - "dhcp_ip_config": [ - { - "enabled": true - } - ], - "pod_address_cidr_blocks": [ - "192.168.0.0/16" - ], - "service_address_cidr_blocks": [ - "10.96.0.0/12" - ], - "vcenter_network": "test-vcenter-network" - } - ], - "on_prem_version": "1.13.1-gke.35", - "storage": [ - { - "vsphere_csi_disabled": true - } - ], - "vm_tracking_enabled": true - } - - name: cluster-manuallb - manifest: |- - { - "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", - "annotations": {}, - "anti_affinity_groups": [ - { - "aag_config_disabled": true - } - ], - "authorization": [ - { - "admin_users": [ - { - "username": "testuser@gmail.com" - } - ] - } - ], - "auto_repair_config": [ - { - "enabled": true - } - ], - "control_plane_node": [ - { - "auto_resize_config": [ - { - "enabled": true - } - ], - "cpus": 4, - "memory": 8192, - "replicas": 1 - } - ], - "dataplane_v2": [ - { - "advanced_networking": true, - "dataplane_v2_enabled": true, - "windows_dataplane_v2_enabled": true - } - ], - "description": "test cluster", - "enable_control_plane_v2": true, - "load_balancer": [ - { - "manual_lb_config": [ - { - "control_plane_node_port": 30007, - "ingress_http_node_port": 30005, - "ingress_https_node_port": 30006, - "konnectivity_server_node_port": 30008 - } - ], - "vip_config": [ - { - "control_plane_vip": "10.251.133.5", - "ingress_vip": "10.251.135.19" - } - ] - } - ], - "location": "us-west1", - "name": "cluster-manuallb", - "network_config": [ - { + "host_config": [ + { + "dns_search_domains": [ + "test-domain" + ], + "dns_servers": [ + "10.254.41.1" + ], + "ntp_servers": [ + "216.239.35.8" + ] + } + ], + "pod_address_cidr_blocks": [ + "192.168.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.96.0.0/12" + ], + "static_ip_config": [ + { + "ip_blocks": [ + { + "gateway": "10.0.0.1", + "ips": [ + { + "hostname": "hostname", + "ip": "10.0.0.2" + } + ], + "netmask": "10.0.0.3/32" + } + ] + } + ], + "vcenter_network": "test-vcenter-network" + } + ], + "on_prem_version": "1.31.0-gke.35", + "platform_config": [ + { + "required_platform_version": "1.31.0" + } + ], + "provider": "${google-beta}", + "vcenter": [ + { + "address": "10.0.0.1", + "ca_cert_data": "test ca cert data", + "cluster": "test cluster", + "data_disk": "test data disk", + "datacenter": "test data center", + "datastore": "test data store", + "folder": "test folder", + "resource_pool": "test resource pool", + "storage_policy_name": "storage_policy_name" + } + ] + } + references: + provider: google-beta + - name: admin-cluster-metallb + manifest: |- + { + "bootstrap_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", + "control_plane_node": [ + { + "cpus": 4, + "memory": 8192 + } + ], + "description": "test admin cluster", + "image_type": "ubuntu_containerd", + "load_balancer": [ + { + "metal_lb_config": [ + { + "enabled": true + } + ], + "vip_config": [ + { + "addons_vip": "10.251.135.19", + "control_plane_vip": "10.251.133.5" + } + ] + } + ], + "location": "us-west1", + "name": "metallb", + "network_config": [ + { + "dhcp_ip_config": [ + { + "enabled": true + } + ], + "pod_address_cidr_blocks": [ + "192.168.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.96.0.0/12" + ] + } + ], + "on_prem_version": "1.31.0-gke.35", + "provider": "${google-beta}", + "vcenter": [ + { + "address": "10.0.0.1", + "ca_cert_data": "test ca cert data", + "cluster": "test cluster", + "data_disk": "test data disk", + "datacenter": "test data center", + "datastore": "test data store", + "folder": "test folder", + "resource_pool": "test resource pool" + } + ] + } + references: + provider: google-beta + argumentDocs: + addon_node.auto_resize_config: |- + - + (Optional) + Specifies auto resize config. + Structure is documented below. + addon_node.auto_resize_config.enabled: |- + - + (Required) + Whether to enable controle plane node auto resizing. + anti_affinity_groups.aag_config_disabled: |- + - + (Required) + Spread nodes across at least three physical hosts (requires at least three + hosts). + Enabled by default. + authorization.viewer_users: |- + - + (Optional) + Users that will be granted the cluster-admin role on the cluster, providing + full access to the cluster. + Structure is documented below. + authorization.viewer_users.username: |- + - + (Required) + The name of the user, e.g. my-gcp-id@gmail.com. + auto_repair_config.enabled: |- + - + (Required) + Whether auto repair is enabled. + bundles.status: |- + - + (Output) + ResourceStatus representing detailed cluster state. + Structure is documented below. + bundles.version: |- + - + (Output) + The version of the bundle. + conditions.last_transition_time: |- + - + (Output) + Last time the condition transit from one status to another. + conditions.message: |- + - + (Output) + Human-readable message indicating details about last transition. + conditions.reason: |- + - + (Output) + Machine-readable message indicating details about last transition. + conditions.state: |- + - + (Output) + The lifecycle state of the condition. + conditions.type: |- + - + (Output) + Type of the condition. + (e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady) + control_plane_node.cpus: |- + - + (Optional) + The number of vCPUs for the control-plane node of the admin cluster. + control_plane_node.memory: |- + - + (Optional) + The number of mebibytes of memory for the control-plane node of the admin cluster. + control_plane_node.replicas: |- + - + (Optional) + The number of control plane nodes for this VMware admin cluster. + create: '- Default is 60 minutes.' + create_time: |- + - + The time the cluster was created, in RFC3339 text format. + delete: '- Default is 60 minutes.' + dhcp_ip_config.enabled: |- + - + (Required) + enabled is a flag to mark if DHCP IP allocation is + used for VMware admin clusters. + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + endpoint: |- + - + The DNS name of VMware admin cluster's API server. + etag: |- + - + This checksum is computed by the server based on the value of other + fields, and may be sent on update and delete requests to ensure the + client has an up-to-date value before proceeding. + Allows clients to perform consistent read-modify-writes + through optimistic concurrency control. + f5_config.address: |- + - + (Optional) + The load balancer's IP address. + f5_config.partition: |- + - + (Optional) + he preexisting partition to be used by the load balancer. T + his partition is usually created for the admin cluster for example: + 'my-f5-admin-partition'. + f5_config.snat_pool: |- + - + (Optional) + The pool name. Only necessary, if using SNAT. + fleet: |- + - + Fleet configuration for the cluster. + Structure is documented below. + fleet.membership: |- + - + (Output) + The name of the managed Fleet Membership resource associated to this cluster. + Membership names are formatted as + projects//locations//memberships/. + ha_control_plane_config.control_plane_ip_block: |- + - + (Optional) + Static IP addresses for the control plane nodes. + Structure is documented below. + ha_control_plane_config.control_plane_ip_block.gateway: |- + - + (Required) + The network gateway used by the VMware Admin Cluster. + ha_control_plane_config.control_plane_ip_block.ips: |- + - + (Required) + The node's network configurations used by the VMware Admin Cluster. + Structure is documented below. + ha_control_plane_config.control_plane_ip_block.netmask: |- + - + (Required) + The netmask used by the VMware Admin Cluster. + host_config.dns_search_domains: |- + - + (Optional) + DNS search domains. + host_config.dns_servers: |- + - + (Optional) + DNS servers. + host_config.ntp_servers: |- + - + (Optional) + NTP servers. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/vmwareAdminClusters/{{name}}' + ips.addon_node: |- + - + (Optional) + The VMware admin cluster addon node configuration. + Structure is documented below. + ips.annotations: |- + - + (Optional) + Annotations on the VMware Admin Cluster. + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + ips.anti_affinity_groups: |- + - + (Optional) + AAGConfig specifies whether to spread VMware Admin Cluster nodes across at + least three physical hosts in the datacenter. + Structure is documented below. + ips.authorization: |- + - + (Optional) + The VMware admin cluster authorization configuration. + Structure is documented below. + ips.auto_repair_config: |- + - + (Optional) + Configuration for auto repairing. + Structure is documented below. + ips.bootstrap_cluster_membership: |- + - + (Optional) + The bootstrap cluster this VMware admin cluster belongs to. + ips.control_plane_node: |- + - + (Optional) + The VMware admin cluster control plane node configuration. + Structure is documented below. + ips.description: |- + - + (Optional) + A human readable description of this VMware admin cluster. + ips.effective_annotations: for all of the annotations present on the resource. + ips.hostname: |- + - + (Optional) + Hostname of the machine. VM's name will be used if this field is empty. + ips.image_type: |- + - + (Optional) + The OS image type for the VMware admin cluster. + ips.ip: |- + - + (Required) + IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24). + ips.load_balancer: |- + - + (Optional) + Specifies the load balancer configuration for VMware admin cluster. + Structure is documented below. + ips.on_prem_version: |- + - + (Optional) + The Anthos clusters on the VMware version for the admin cluster. + ips.platform_config: |- + - + (Optional) + The VMware platform configuration. + Structure is documented below. + ips.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + ips.vcenter: |- + - + (Optional) + Specifies vCenter config for the admin cluster. + Structure is documented below. + load_balancer.f5_config: |- + - + (Optional) + Configuration for F5 Big IP typed load balancers. + Structure is documented below. + load_balancer.manual_lb_config: |- + - + (Optional) + Manually configured load balancers. + Structure is documented below. + load_balancer.metal_lb_config: |- + - + (Optional) + Metal LB load balancers. + Structure is documented below. + load_balancer.vip_config: |- + - + (Required) + Specified the VMware Load Balancer Config + Structure is documented below. + local_name: |- + - + The object name of the VMwareAdminCluster custom resource on the + associated admin cluster. This field is used to support conflicting + names when enrolling existing clusters to the API. When used as a part of + cluster enrollment, this field will differ from the ID in the resource + name. For new clusters, this field will match the user provided cluster ID + and be visible in the last component of the resource name. It is not + modifiable. + All users should use this name to access their cluster using gkectl or + kubectl and should expect to see the local name when viewing admin + cluster controller logs. + location: |- + - + (Required) + The location of the resource. + manual_lb_config.addons_node_port: |- + - + (Optional) + NodePort for add-ons server in the admin cluster. + manual_lb_config.control_plane_node_port: |- + - + (Optional) + NodePort for control plane service. The Kubernetes API server in the admin + cluster is implemented as a Service of type NodePort (ex. 30968). + manual_lb_config.ingress_http_node_port: |- + - + (Optional) + NodePort for ingress service's http. The ingress service in the admin + cluster is implemented as a Service of type NodePort (ex. 32527). + manual_lb_config.ingress_https_node_port: |- + - + (Optional) + NodePort for ingress service's https. The ingress service in the admin + cluster is implemented as a Service of type NodePort (ex. 30139). + manual_lb_config.konnectivity_server_node_port: |- + - + (Optional) + NodePort for konnectivity server service running as a sidecar in each + kube-apiserver pod (ex. 30564). + metal_lb_config.enabled: |- + - + (Optional) + Metal LB is enabled. + name: |- + - + (Required) + The VMware admin cluster resource name. + network_config: |- + - + (Required) + The VMware admin cluster network configuration. + Structure is documented below. + network_config.dhcp_ip_config: |- + - + (Optional) + Configuration settings for a DHCP IP configuration. + Structure is documented below. + network_config.ha_control_plane_config: |- + - + (Optional) + Configuration for HA admin cluster control plane. + Structure is documented below. + network_config.host_config: |- + - + (Optional) + Represents common network settings irrespective of the host's IP address. + Structure is documented below. + network_config.pod_address_cidr_blocks: |- + - + (Required) + All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. + Only a single range is supported. This field cannot be changed after creation. + network_config.service_address_cidr_blocks: |- + - + (Required) + All services in the cluster are assigned an RFC1918 IPv4 address + from these ranges. Only a single range is supported.. This field + cannot be changed after creation. + network_config.static_ip_config: |- + - + (Optional) + Configuration settings for a static IP configuration. + Structure is documented below. + network_config.vcenter_network: |- + - + (Optional) + vcenter_network specifies vCenter network name. + platform_config.bundles: |- + - + (Output) + The list of bundles installed in the admin cluster. + Structure is documented below. + platform_config.platform_version: |- + - + (Output) + The platform version e.g. 1.13.2. + platform_config.required_platform_version: |- + - + (Optional) + The required platform version e.g. 1.13.1. + If the current platform version is lower than the target version, + the platform version will be updated to the target version. + If the target version is not installed in the platform + (bundle versions), download the target version bundle. + platform_config.status: |- + - + (Output) + ResourceStatus representing detailed cluster state. + Structure is documented below. + reconciling: |- + - + If set, there are currently changes in flight to the VMware admin cluster. + state: |- + - + The lifecycle state of the VMware admin cluster. + static_ip_config.ip_blocks: |- + - + (Optional) + Represents the configuration values for static IP allocation to nodes. + Structure is documented below. + static_ip_config.ip_blocks.gateway: |- + - + (Required) + The network gateway used by the VMware Admin Cluster. + static_ip_config.ip_blocks.ips: |- + - + (Required) + The node's network configurations used by the VMware Admin Cluster. + Structure is documented below. + static_ip_config.ip_blocks.netmask: |- + - + (Required) + The netmask used by the VMware Admin Cluster. + status: |- + - + ResourceStatus representing detailed cluster state. + Structure is documented below. + status.conditions: |- + - + (Output) + ResourceConditions provide a standard mechanism for higher-level status reporting from admin cluster controller. + Structure is documented below. + status.error_message: |- + - + (Output) + Human-friendly representation of the error message from the admin cluster + controller. The error message can be temporary as the admin cluster + controller creates a cluster or node pool. If the error message persists + for a longer period of time, it can be used to surface error message to + indicate real problems requiring user intervention. + uid: |- + - + The unique identifier of the VMware Admin Cluster. + update: '- Default is 60 minutes.' + update_time: |- + - + The time the cluster was last updated, in RFC3339 text format. + vcenter.address: |- + - + (Optional) + The vCenter IP address. + vcenter.ca_cert_data: |- + - + (Optional) + Contains the vCenter CA certificate public key for SSL verification. + vcenter.cluster: |- + - + (Optional) + The name of the vCenter cluster for the admin cluster. + vcenter.data_disk: |- + - + (Optional) + The name of the virtual machine disk (VMDK) for the admin cluster. + vcenter.datacenter: |- + - + (Optional) + The name of the vCenter datacenter for the admin cluster. + vcenter.datastore: |- + - + (Optional) + The name of the vCenter datastore for the admin cluster. + vcenter.folder: |- + - + (Optional) + The name of the vCenter folder for the admin cluster. + vcenter.resource_pool: |- + - + (Optional) + The name of the vCenter resource pool for the admin cluster. + vcenter.storage_policy_name: |- + - + (Optional) + The name of the vCenter storage policy for the user cluster. + vip_config.addons_vip: |- + - + (Optional) + The VIP to configure the load balancer for add-ons. + vip_config.control_plane_vip: |- + - + (Required) + The VIP which you previously set aside for the Kubernetes + API of this VMware Admin Cluster. + importStatements: [] + google_gkeonprem_vmware_cluster: + subCategory: Anthos On-Prem + description: A Google VMware User Cluster. + name: google_gkeonprem_vmware_cluster + title: "" + examples: + - name: cluster-basic + manifest: |- + { + "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", + "annotations": {}, + "control_plane_node": [ + { + "cpus": 4, + "memory": 8192, + "replicas": 1 + } + ], + "description": "test cluster", + "load_balancer": [ + { + "metal_lb_config": [ + { + "address_pools": [ + { + "addresses": [ + "10.251.135.19" + ], + "avoid_buggy_ips": true, + "manual_assign": "true", + "pool": "ingress-ip" + }, + { + "addresses": [ + "10.251.135.19" + ], + "avoid_buggy_ips": true, + "manual_assign": "true", + "pool": "lb-test-ip" + } + ] + } + ], + "vip_config": [ + { + "control_plane_vip": "10.251.133.5", + "ingress_vip": "10.251.135.19" + } + ] + } + ], + "location": "us-west1", + "name": "cluster-basic", + "network_config": [ + { + "dhcp_ip_config": [ + { + "enabled": true + } + ], + "pod_address_cidr_blocks": [ + "192.168.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.96.0.0/12" + ] + } + ], + "on_prem_version": "1.13.1-gke.35" + } + - name: cluster-f5lb + manifest: |- + { + "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", + "annotations": {}, + "anti_affinity_groups": [ + { + "aag_config_disabled": true + } + ], + "authorization": [ + { + "admin_users": [ + { + "username": "testuser@gmail.com" + } + ] + } + ], + "auto_repair_config": [ + { + "enabled": true + } + ], + "control_plane_node": [ + { + "auto_resize_config": [ + { + "enabled": true + } + ], + "cpus": 4, + "memory": 8192, + "replicas": 1 + } + ], + "dataplane_v2": [ + { + "advanced_networking": true, + "dataplane_v2_enabled": true, + "windows_dataplane_v2_enabled": true + } + ], + "description": "test cluster", + "disable_bundled_ingress": true, + "enable_control_plane_v2": true, + "load_balancer": [ + { + "f5_config": [ + { + "address": "10.0.0.1", + "partition": "test-partition", + "snat_pool": "test-snap-pool" + } + ], + "vip_config": [ + { + "control_plane_vip": "10.251.133.5", + "ingress_vip": "10.251.135.19" + } + ] + } + ], + "location": "us-west1", + "name": "cluster-f5lb", + "network_config": [ + { + "control_plane_v2_config": [ + { + "control_plane_ip_block": [ + { + "gateway": "test-gateway", + "ips": [ + { + "hostname": "test-hostname", + "ip": "10.0.0.1" + } + ], + "netmask": "10.0.0.1/32" + } + ] + } + ], + "dhcp_ip_config": [ + { + "enabled": true + } + ], + "pod_address_cidr_blocks": [ + "192.168.0.0/16" + ], + "service_address_cidr_blocks": [ + "10.96.0.0/12" + ], + "vcenter_network": "test-vcenter-network" + } + ], + "on_prem_version": "1.13.1-gke.35", + "storage": [ + { + "vsphere_csi_disabled": true + } + ], + "vm_tracking_enabled": true + } + - name: cluster-manuallb + manifest: |- + { + "admin_cluster_membership": "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test", + "annotations": {}, + "anti_affinity_groups": [ + { + "aag_config_disabled": true + } + ], + "authorization": [ + { + "admin_users": [ + { + "username": "testuser@gmail.com" + } + ] + } + ], + "auto_repair_config": [ + { + "enabled": true + } + ], + "control_plane_node": [ + { + "auto_resize_config": [ + { + "enabled": true + } + ], + "cpus": 4, + "memory": 8192, + "replicas": 1 + } + ], + "dataplane_v2": [ + { + "advanced_networking": true, + "dataplane_v2_enabled": true, + "windows_dataplane_v2_enabled": true + } + ], + "description": "test cluster", + "enable_control_plane_v2": true, + "load_balancer": [ + { + "manual_lb_config": [ + { + "control_plane_node_port": 30007, + "ingress_http_node_port": 30005, + "ingress_https_node_port": 30006, + "konnectivity_server_node_port": 30008 + } + ], + "vip_config": [ + { + "control_plane_vip": "10.251.133.5", + "ingress_vip": "10.251.135.19" + } + ] + } + ], + "location": "us-west1", + "name": "cluster-manuallb", + "network_config": [ + { "host_config": [ { "dns_search_domains": [ @@ -97182,7 +107581,7 @@ resources: - (Required) The OS image to be used for each node in a node pool. - Currently cos, ubuntu, ubuntu_containerd and windows are supported. + Currently cos, cos_cgv2, ubuntu, ubuntu_cgv2, ubuntu_containerd and windows are supported. config.labels: |- - (Optional) @@ -97341,18 +107740,6 @@ resources: Tags to apply to VMs. Structure is documented below. importStatements: [] - google_google_project_iam_member_remove: - subCategory: Cloud Platform - description: Ensures that a member:role pairing does not exist in a project's IAM policy. - name: google_google_project_iam_member_remove - title: "" - argumentDocs: - member: |- - - (Required) The IAM principal that should not have the target role. - Each entry can have one of the following values: - project: '- (Required) The project id of the target project.' - role: '- (Required) The target role that should be removed.' - importStatements: [] google_healthcare_consent_store: subCategory: Cloud Healthcare description: The Consent Management API is a tool for tracking user consents and the documentation associated with the consents. @@ -97553,7 +107940,7 @@ resources: encryption_spec: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. encryption_spec.kms_key_name: |- - @@ -97739,7 +108126,7 @@ resources: notification_config: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. notification_config.pubsub_topic: |- - @@ -98045,7 +108432,7 @@ resources: notification_config: |- - (Optional, Deprecated) - A nested object resource + A nested object resource. Structure is documented below. notification_config.pubsub_topic: |- - @@ -98288,7 +108675,7 @@ resources: notification_config: |- - (Optional, Deprecated) - A nested object resource + A nested object resource. Structure is documented below. notification_config.pubsub_topic: |- - @@ -98325,7 +108712,7 @@ resources: parser_config: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. parser_config.allow_null_header: |- - @@ -98395,6 +108782,534 @@ resources: google_healthcare_hl7_v2_store_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] + google_healthcare_pipeline_job: + subCategory: Cloud Healthcare + description: PipelineJobs are Long Running Operations on Healthcare API to Map or Reconcile incoming data into FHIR format + name: google_healthcare_pipeline_job + title: "" + examples: + - name: example-pipeline + manifest: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_lineage": true, + "location": "us-central1", + "name": "example_pipeline_job", + "reconciliation_pipeline_job": [ + { + "fhir_store_destination": "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.fhirstore.name}", + "matching_uri_prefix": "gs://${google_storage_bucket.bucket.name}", + "merge_config": [ + { + "description": "sample description for reconciliation rules", + "whistle_config_source": [ + { + "import_uri_prefix": "gs://${google_storage_bucket.bucket.name}", + "uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.merge_file.name}" + } + ] + } + ] + } + ] + } + references: + dataset: google_healthcare_dataset.dataset.id + dependencies: + google_healthcare_dataset.dataset: |- + { + "location": "us-central1", + "name": "example_dataset" + } + google_healthcare_fhir_store.fhirstore: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_referential_integrity": true, + "enable_update_create": true, + "name": "fhir_store", + "version": "R4" + } + google_storage_bucket.bucket: |- + { + "location": "us-central1", + "name": "example_bucket_name", + "uniform_bucket_level_access": true + } + google_storage_bucket_iam_member.hsa: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com", + "role": "roles/storage.objectUser" + } + google_storage_bucket_object.merge_file: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "merge.wstl" + } + - name: example-pipeline + manifest: |- + { + "backfill_pipeline_job": [ + { + "mapping_pipeline_job": "${google_healthcare_dataset.dataset.id}/pipelinejobs/example_mapping_pipeline" + } + ], + "dataset": "${google_healthcare_dataset.dataset.id}", + "location": "us-central1", + "name": "example_backfill_pipeline" + } + references: + dataset: google_healthcare_dataset.dataset.id + dependencies: + google_healthcare_dataset.dataset: |- + { + "location": "us-central1", + "name": "example_dataset" + } + - name: example-mapping-pipeline + manifest: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_lineage": true, + "labels": { + "example_label_key": "example_label_value" + }, + "location": "us-central1", + "mapping_pipeline_job": [ + { + "fhir_store_destination": "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.dest_fhirstore.name}", + "fhir_streaming_source": [ + { + "description": "example description for streaming fhirstore", + "fhir_store": "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.source_fhirstore.name}" + } + ], + "mapping_config": [ + { + "description": "example description for mapping configuration", + "whistle_config_source": [ + { + "import_uri_prefix": "gs://${google_storage_bucket.bucket.name}", + "uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.mapping_file.name}" + } + ] + } + ] + } + ], + "name": "example_mapping_pipeline_job" + } + references: + dataset: google_healthcare_dataset.dataset.id + dependencies: + google_healthcare_dataset.dataset: |- + { + "location": "us-central1", + "name": "example_dataset" + } + google_healthcare_fhir_store.dest_fhirstore: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_referential_integrity": true, + "enable_update_create": true, + "name": "dest_fhir_store", + "version": "R4" + } + google_healthcare_fhir_store.source_fhirstore: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_referential_integrity": true, + "enable_update_create": true, + "name": "source_fhir_store", + "version": "R4" + } + google_storage_bucket.bucket: |- + { + "location": "us-central1", + "name": "example_bucket_name", + "uniform_bucket_level_access": true + } + google_storage_bucket_iam_member.hsa: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com", + "role": "roles/storage.objectUser" + } + google_storage_bucket_object.mapping_file: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "mapping.wstl" + } + - name: recon + manifest: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_lineage": true, + "location": "us-central1", + "name": "example_recon_pipeline_job", + "reconciliation_pipeline_job": [ + { + "fhir_store_destination": "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.dest_fhirstore.name}", + "matching_uri_prefix": "gs://${google_storage_bucket.bucket.name}", + "merge_config": [ + { + "description": "sample description for reconciliation rules", + "whistle_config_source": [ + { + "import_uri_prefix": "gs://${google_storage_bucket.bucket.name}", + "uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.merge_file.name}" + } + ] + } + ] + } + ] + } + references: + dataset: google_healthcare_dataset.dataset.id + dependencies: + google_healthcare_dataset.dataset: |- + { + "location": "us-central1", + "name": "example_dataset" + } + google_healthcare_fhir_store.dest_fhirstore: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_referential_integrity": true, + "enable_update_create": true, + "name": "dest_fhir_store", + "version": "R4" + } + google_healthcare_fhir_store.source_fhirstore: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_referential_integrity": true, + "enable_update_create": true, + "name": "source_fhir_store", + "version": "R4" + } + google_storage_bucket.bucket: |- + { + "location": "us-central1", + "name": "example_bucket_name", + "uniform_bucket_level_access": true + } + google_storage_bucket_iam_member.hsa: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com", + "role": "roles/storage.objectUser" + } + google_storage_bucket_object.mapping_file: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "mapping.wstl" + } + google_storage_bucket_object.merge_file: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "merge.wstl" + } + - name: example-mapping-pipeline + manifest: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "depends_on": [ + "${google_healthcare_pipeline_job.recon}" + ], + "disable_lineage": true, + "labels": { + "example_label_key": "example_label_value" + }, + "location": "us-central1", + "mapping_pipeline_job": [ + { + "fhir_streaming_source": [ + { + "description": "example description for streaming fhirstore", + "fhir_store": "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.source_fhirstore.name}" + } + ], + "mapping_config": [ + { + "description": "example description for mapping configuration", + "whistle_config_source": [ + { + "import_uri_prefix": "gs://${google_storage_bucket.bucket.name}", + "uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.mapping_file.name}" + } + ] + } + ], + "reconciliation_destination": true + } + ], + "name": "example_mapping_pipeline_job" + } + references: + dataset: google_healthcare_dataset.dataset.id + dependencies: + google_healthcare_dataset.dataset: |- + { + "location": "us-central1", + "name": "example_dataset" + } + google_healthcare_fhir_store.dest_fhirstore: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_referential_integrity": true, + "enable_update_create": true, + "name": "dest_fhir_store", + "version": "R4" + } + google_healthcare_fhir_store.source_fhirstore: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "disable_referential_integrity": true, + "enable_update_create": true, + "name": "source_fhir_store", + "version": "R4" + } + google_storage_bucket.bucket: |- + { + "location": "us-central1", + "name": "example_bucket_name", + "uniform_bucket_level_access": true + } + google_storage_bucket_iam_member.hsa: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com", + "role": "roles/storage.objectUser" + } + google_storage_bucket_object.mapping_file: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "mapping.wstl" + } + google_storage_bucket_object.merge_file: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "merge.wstl" + } + argumentDocs: + backfill_pipeline_job: |- + - + (Optional) + Specifies the backfill configuration. + Structure is documented below. + backfill_pipeline_job.mapping_pipeline_job: |- + - + (Optional) + Specifies the mapping pipeline job to backfill, the name format + should follow: projects/{projectId}/locations/{locationId}/datasets/{datasetId}/pipelineJobs/{pipelineJobId}. + create: '- Default is 20 minutes.' + dataset: |- + - + (Required) + Healthcare Dataset under which the Pipeline Job is to run + delete: '- Default is 20 minutes.' + disable_lineage: |- + - + (Optional) + If true, disables writing lineage for the pipeline. + effective_labels: for all of the labels present on the resource. + fhir_streaming_source.description: |- + - + (Optional) + Describes the streaming FHIR data source. + fhir_streaming_source.fhir_store: |- + - + (Required) + The path to the FHIR store in the format projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}. + id: '- an identifier for the resource with format {{dataset}}/pipelineJobs/{{name}}' + labels: |- + - + (Optional) + User-supplied key-value pairs used to organize Pipeline Jobs. + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, and must conform to the following PCRE regular expression: + [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}-]{0,62} + Label values are optional, must be between 1 and 63 characters long, have a + UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE + regular expression: [\p{Ll}\p{Lo}\p{N}-]{0,63} + No more than 64 labels can be associated with a given pipeline. + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + location: |- + - + (Required) + Location where the Pipeline Job is to run + mapping_config.description: |- + - + (Optional) + Describes the mapping configuration. + mapping_config.whistle_config_source: |- + - + (Optional) + Specifies the path to the mapping configuration for harmonization pipeline. + Structure is documented below. + mapping_pipeline_job: |- + - + (Optional) + Specifies mapping configuration. + Structure is documented below. + mapping_pipeline_job.fhir_store_destination: |- + - + (Optional) + If set, the mapping pipeline will write snapshots to this + FHIR store without assigning stable IDs. You must + grant your pipeline project's Cloud Healthcare Service + Agent serviceaccount healthcare.fhirResources.executeBundle + and healthcare.fhirResources.create permissions on the + destination store. The destination store must set + [disableReferentialIntegrity][FhirStore.disable_referential_integrity] + to true. The destination store must use FHIR version R4. + Format: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{fhirStoreID}. + mapping_pipeline_job.fhir_streaming_source: |- + - + (Optional) + A streaming FHIR data source. + Structure is documented below. + mapping_pipeline_job.mapping_config: |- + - + (Required) + The location of the mapping configuration. + Structure is documented below. + mapping_pipeline_job.reconciliation_destination: |- + - + (Optional) + If set to true, a mapping pipeline will send output snapshots + to the reconciliation pipeline in its dataset. A reconciliation + pipeline must exist in this dataset before a mapping pipeline + with a reconciliation destination can be created. + merge_config.description: |- + - + (Optional) + Describes the mapping configuration. + merge_config.whistle_config_source: |- + - + (Required) + Specifies the path to the mapping configuration for harmonization pipeline. + Structure is documented below. + name: |- + - + (Required) + Specifies the name of the pipeline job. This field is user-assigned. + reconciliation_pipeline_job: |- + - + (Optional) + Specifies reconciliation configuration. + Structure is documented below. + reconciliation_pipeline_job.fhir_store_destination: |- + - + (Optional) + The harmonized FHIR store to write harmonized FHIR resources to, + in the format of: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{id} + reconciliation_pipeline_job.matching_uri_prefix: |- + - + (Required) + Specifies the top level directory of the matching configs used + in all mapping pipelines, which extract properties for resources + to be matched on. + Example: gs://{bucket-id}/{path/to/matching/configs} + reconciliation_pipeline_job.merge_config: |- + - + (Required) + Specifies the location of the reconciliation configuration. + Structure is documented below. + self_link: |- + - + The fully qualified name of this dataset + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + whistle_config_source.import_uri_prefix: |- + - + (Required) + Directory path where all the Whistle files are located. + Example: gs://{bucket-id}/{path/to/import-root/dir} + whistle_config_source.uri: |- + - + (Required) + Main configuration file which has the entrypoint or the root function. + Example: gs://{bucket-id}/{path/to/import-root/dir}/entrypoint-file-name.wstl. + importStatements: [] + google_healthcare_workspace: + subCategory: Cloud Healthcare + description: A Data Mapper workspace is used to configure Data Mapper access, permissions and data sources for mapping clinical patient data to the FHIR standard. + name: google_healthcare_workspace + title: "" + examples: + - name: default + manifest: |- + { + "dataset": "${google_healthcare_dataset.dataset.id}", + "labels": { + "label1": "labelvalue1" + }, + "name": "example-dm-workspace", + "settings": [ + { + "data_project_ids": [ + "example-data-source-project-id" + ] + } + ] + } + references: + dataset: google_healthcare_dataset.dataset.id + dependencies: + google_healthcare_dataset.dataset: |- + { + "location": "us-central1", + "name": "example-dataset" + } + argumentDocs: + create: '- Default is 20 minutes.' + dataset: |- + - + (Required) + Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}' + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format {{dataset}}/dataMapperWorkspaces/{{name}}' + name: |- + - + (Required) + The name of the workspace, in the format 'projects/{projectId}/locations/{location}/datasets/{datasetId}/dataMapperWorkspaces/{workspaceId}' + settings: |- + - + (Required) + Settings associated with this workspace. + Structure is documented below. + settings.data_project_ids: |- + - + (Required) + Project IDs for data projects hosted in a workspace. + settings.effective_labels: for all of the labels present on the resource. + settings.labels: |- + - + (Optional) + The user labels. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" } + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + importStatements: [] google_iam_access_boundary_policy: subCategory: Cloud IAM description: Represents a collection of access boundary policies to apply to a given resource. @@ -98465,6 +109380,7 @@ resources: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -98596,6 +109512,7 @@ resources: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -98685,6 +109602,540 @@ resources: The description of the rule. update: '- Default is 20 minutes.' importStatements: [] + google_iam_folders_policy_binding: + subCategory: Cloud IAM + description: A policy binding to a folder + name: google_iam_folders_policy_binding + title: "" + examples: + - name: my-folder-binding + manifest: |- + { + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "display_name": "test folder binding", + "folder": "${google_folder.folder.folder_id}", + "location": "global", + "policy": "organizations/123456789/locations/global/principalAccessBoundaryPolicies/${google_iam_principal_access_boundary_policy.pab_policy.principal_access_boundary_policy_id}", + "policy_binding_id": "test-folder-binding", + "policy_kind": "PRINCIPAL_ACCESS_BOUNDARY", + "target": [ + { + "principal_set": "//cloudresourcemanager.googleapis.com/folders/${google_folder.folder.folder_id}" + } + ] + } + references: + folder: google_folder.folder.folder_id + dependencies: + google_folder.folder: |- + { + "deletion_protection": false, + "display_name": "test folder", + "parent": "organizations/123456789" + } + google_iam_principal_access_boundary_policy.pab_policy: |- + { + "display_name": "test folder binding", + "location": "global", + "organization": "123456789", + "principal_access_boundary_policy_id": "my-pab-policy" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_folder.folder}" + ] + } + argumentDocs: + condition.description: |- + - + (Optional) + Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + condition.expression: |- + - + (Optional) + Textual representation of an expression in Common Expression Language syntax. + condition.location: |- + - + (Optional) + Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + condition.title: |- + - + (Optional) + Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time when the policy binding was created. + delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + etag: |- + - + Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. + folder: |- + - + (Required) + The parent folder for the PolicyBinding. + id: '- an identifier for the resource with format folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}' + location: |- + - + (Required) + The location of the PolicyBinding. + name: |- + - + The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id} + policy: |- + - + (Required) + Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). + policy_binding_id: |- + - + (Required) + The Policy Binding ID. + policy_uid: |- + - + Output only. The globally unique ID of the policy to be bound. + target: |- + - + (Required) + Target is the full resource name of the resource to which the policy will be bound. Immutable once set. + Structure is documented below. + target.annotations: |- + - + (Optional) + Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations + target.condition: |- + - + (Optional) + Represents a textual expression in the Common Expression Language + (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of + CEL are documented at https://github.com/google/cel-spec. + Example (Comparison): + title: "Summary size limit" + description: "Determines if a summary is less than 100 chars" + expression: "document.summary.size() < 100" + Example + (Equality): + title: "Requestor is owner" + description: "Determines if requestor is the document owner" + expression: "document.owner == request.auth.claims.email" Example + (Logic): + title: "Public documents" + description: "Determine whether the document should be publicly visible" + expression: "document.type != 'private' && document.type != 'internal'" + Example (Data Manipulation): + title: "Notification string" + description: "Create a notification string with a timestamp." + expression: "'New message received at ' + string(document.create_time)" + The exact variables and functions that may be referenced within an expression are + determined by the service that evaluates it. See the service documentation for + additional information. + Structure is documented below. + target.display_name: |- + - + (Optional) + Optional. The description of the policy binding. Must be less than or equal to 63 characters. + target.effective_annotations: for all of the annotations present on the resource. + target.policy_kind: |- + - + (Optional) + Immutable. The kind of the policy to attach in this binding. This + field must be one of the following: - Left empty (will be automatically set + to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS + target.principal_set: |- + - + (Optional) + Required. Immutable. The resource name of the policy to be bound. + The binding parent and policy must belong to the same Organization (or Project). + uid: |- + - + Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time when the policy binding was most recently updated. + importStatements: [] + google_iam_organizations_policy_binding: + subCategory: Cloud IAM + description: A policy binding to an organizations + name: google_iam_organizations_policy_binding + title: "" + examples: + - name: my-org-binding + manifest: |- + { + "display_name": "test org binding", + "location": "global", + "organization": "123456789", + "policy": "organizations/123456789/locations/global/principalAccessBoundaryPolicies/${google_iam_principal_access_boundary_policy.pab_policy.principal_access_boundary_policy_id}", + "policy_binding_id": "test-org-binding", + "policy_kind": "PRINCIPAL_ACCESS_BOUNDARY", + "target": [ + { + "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789" + } + ] + } + dependencies: + google_iam_principal_access_boundary_policy.pab_policy: |- + { + "display_name": "test org binding", + "location": "global", + "organization": "123456789", + "principal_access_boundary_policy_id": "my-pab-policy" + } + argumentDocs: + condition.description: |- + - + (Optional) + Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + condition.expression: |- + - + (Optional) + Textual representation of an expression in Common Expression Language syntax. + condition.location: |- + - + (Optional) + Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + condition.title: |- + - + (Optional) + Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time when the policy binding was created. + delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + etag: |- + - + Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. + id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/policyBindings/{{policy_binding_id}}' + location: |- + - + (Required) + The location of the Policy Binding + name: |- + - + The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id} + organization: |- + - + (Required) + The parent organization of the Policy Binding. + policy: |- + - + (Required) + Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). + policy_binding_id: |- + - + (Required) + The Policy Binding ID. + policy_uid: |- + - + Output only. The globally unique ID of the policy to be bound. + target: |- + - + (Required) + Target is the full resource name of the resource to which the policy will be bound. Immutable once set. + Structure is documented below. + target.annotations: |- + - + (Optional) + Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations + target.condition: |- + - + (Optional) + Represents a textual expression in the Common Expression Language + (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of + CEL are documented at https://github.com/google/cel-spec. + Example (Comparison): + title: "Summary size limit" + description: "Determines if a summary is less than 100 chars" + expression: "document.summary.size() < 100" + Example + (Equality): + title: "Requestor is owner" + description: "Determines if requestor is the document owner" + expression: "document.owner == request.auth.claims.email" Example + (Logic): + title: "Public documents" + description: "Determine whether the document should be publicly visible" + expression: "document.type != 'private' && document.type != 'internal'" + Example (Data Manipulation): + title: "Notification string" + description: "Create a notification string with a timestamp." + expression: "'New message received at ' + string(document.create_time)" + The exact variables and functions that may be referenced within an expression are + determined by the service that evaluates it. See the service documentation for + additional information. + Structure is documented below. + target.display_name: |- + - + (Optional) + Optional. The description of the policy binding. Must be less than or equal to 63 characters. + target.effective_annotations: for all of the annotations present on the resource. + target.policy_kind: |- + - + (Optional) + Immutable. The kind of the policy to attach in this binding. This + field must be one of the following: - Left empty (will be automatically set + to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS + target.principal_set: |- + - + (Optional) + Required. Immutable. The resource name of the policy to be bound. + The binding parent and policy must belong to the same Organization (or Project). + uid: |- + - + Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time when the policy binding was most recently updated. + importStatements: [] + google_iam_principal_access_boundary_policy: + subCategory: Cloud IAM + description: An IAM Principal Access Boundary Policy resource + name: google_iam_principal_access_boundary_policy + title: "" + examples: + - name: my-pab-policy + manifest: |- + { + "display_name": "test pab policy", + "location": "global", + "organization": "123456789", + "principal_access_boundary_policy_id": "test-pab-policy" + } + argumentDocs: + //cloudresourcemanager.googleapis.com/folders/123: . + //cloudresourcemanager.googleapis.com/organizations/123: . + //cloudresourcemanager.googleapis.com/projects/123: or //cloudresourcemanager.googleapis.com/projects/my-project-id. + annotations: |- + - + (Optional) + User defined annotations. See https://google.aip.dev/148#annotations + for more details such as format and size limitations + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time when the principal access boundary policy was created. + delete: '- Default is 20 minutes.' + details: |- + - + (Optional) + Principal access boundary policy details + Structure is documented below. + details.enforcement_version: |- + - + (Optional) + The version number that indicates which Google Cloud services + are included in the enforcement (e.g. "latest", "1", ...). If empty, the + PAB policy version will be set to the current latest version, and this version + won't get updated when new versions are released. + details.rules: |- + - + (Required) + A list of principal access boundary policy rules. The number of rules in a policy is limited to 500. + Structure is documented below. + display_name: |- + - + (Optional) + The description of the principal access boundary policy. Must be less than or equal to 63 characters. + effective_annotations: for all of the annotations present on the resource. + etag: |- + - + The etag for the principal access boundary. If this is provided on update, it must match the server's etag. + id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/principalAccessBoundaryPolicies/{{principal_access_boundary_policy_id}}' + location: |- + - + (Required) + The location the principal access boundary policy is in. + name: |- + - + Identifier. The resource name of the principal access boundary policy. The following format is supported: + organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id} + organization: |- + - + (Required) + The parent organization of the principal access boundary policy. + principal_access_boundary_policy_id: |- + - + (Required) + The ID to use to create the principal access boundary policy. + This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/. + rules.description: |- + - + (Optional) + The description of the principal access boundary policy rule. Must be less than or equal to 256 characters. + rules.effect: |- + - + (Required) + The access relationship of principals to the resources in this rule. + Possible values: ALLOW + rules.resources: |- + - + (Required) + A list of Cloud Resource Manager resources. The resource + and all the descendants are included. The number of resources in a policy + is limited to 500 across all rules. + The following resource types are supported: + uid: |- + - + Output only. The globally unique ID of the principal access boundary policy. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time when the principal access boundary policy was most recently updated. + importStatements: [] + google_iam_projects_policy_binding: + subCategory: Cloud IAM + description: A policy binding to a Project + name: google_iam_projects_policy_binding + title: "" + examples: + - name: my-project-binding + manifest: |- + { + "display_name": "test project binding", + "location": "global", + "policy": "organizations/123456789/locations/global/principalAccessBoundaryPolicies/${google_iam_principal_access_boundary_policy.pab_policy.principal_access_boundary_policy_id}", + "policy_binding_id": "test-project-binding", + "policy_kind": "PRINCIPAL_ACCESS_BOUNDARY", + "project": "${data.google_project.project.project_id}", + "target": [ + { + "principal_set": "//cloudresourcemanager.googleapis.com/projects/${data.google_project.project.project_id}" + } + ] + } + references: + project: data.google_project.project.project_id + dependencies: + google_iam_principal_access_boundary_policy.pab_policy: |- + { + "display_name": "test project binding", + "location": "global", + "organization": "123456789", + "principal_access_boundary_policy_id": "my-pab-policy" + } + argumentDocs: + condition.description: |- + - + (Optional) + Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + condition.expression: |- + - + (Optional) + Textual representation of an expression in Common Expression Language syntax. + condition.location: |- + - + (Optional) + Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + condition.title: |- + - + (Optional) + Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time when the policy binding was created. + delete: '- Default is 20 minutes.' + effective_annotations: |- + - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + etag: |- + - + Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}' + location: |- + - + (Required) + The location of the Policy Binding + name: |- + - + The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id} + policy: |- + - + (Required) + Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project). + policy_binding_id: |- + - + (Required) + The Policy Binding ID. + policy_uid: |- + - + Output only. The globally unique ID of the policy to be bound. + target: |- + - + (Required) + Target is the full resource name of the resource to which the policy will be bound. Immutable once set. + Structure is documented below. + target.annotations: |- + - + (Optional) + Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations + target.condition: |- + - + (Optional) + Represents a textual expression in the Common Expression Language + (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of + CEL are documented at https://github.com/google/cel-spec. + Example (Comparison): + title: "Summary size limit" + description: "Determines if a summary is less than 100 chars" + expression: "document.summary.size() < 100" + Example + (Equality): + title: "Requestor is owner" + description: "Determines if requestor is the document owner" + expression: "document.owner == request.auth.claims.email" Example + (Logic): + title: "Public documents" + description: "Determine whether the document should be publicly visible" + expression: "document.type != 'private' && document.type != 'internal'" + Example (Data Manipulation): + title: "Notification string" + description: "Create a notification string with a timestamp." + expression: "'New message received at ' + string(document.create_time)" + The exact variables and functions that may be referenced within an expression are + determined by the service that evaluates it. See the service documentation for + additional information. + Structure is documented below. + target.display_name: |- + - + (Optional) + Optional. The description of the policy binding. Must be less than or equal to 63 characters. + target.effective_annotations: for all of the annotations present on the resource. + target.policy_kind: |- + - + (Optional) + Immutable. The kind of the policy to attach in this binding. This + field must be one of the following: - Left empty (will be automatically set + to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS + target.principal_set: |- + - + (Optional) + Required. Immutable. The resource name of the policy to be bound. + The binding parent and policy must belong to the same Organization (or Project). + target.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + uid: |- + - + Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time when the policy binding was most recently updated. + importStatements: [] google_iam_workforce_pool: subCategory: Cloud IAM description: Represents a collection of external workforces. @@ -99386,6 +110837,34 @@ resources: { "workload_identity_pool_id": "example-pool" } + - name: example + manifest: |- + { + "attribute_condition": " assertion.repository_owner_id == \"123456789\" \u0026\u0026\n attribute.repository == \"gh-org/gh-repo\" \u0026\u0026\n assertion.ref == \"refs/heads/main\" \u0026\u0026\n assertion.ref_type == \"branch\"\n", + "attribute_mapping": { + "attribute.actor": "assertion.actor", + "attribute.aud": "assertion.aud", + "attribute.repository": "assertion.repository", + "google.subject": "assertion.sub" + }, + "description": "GitHub Actions identity pool provider for automated test", + "disabled": true, + "display_name": "Name of provider", + "oidc": [ + { + "issuer_uri": "https://token.actions.githubusercontent.com" + } + ], + "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", + "workload_identity_pool_provider_id": "example-prvdr" + } + references: + workload_identity_pool_id: google_iam_workload_identity_pool.pool.workload_identity_pool_id + dependencies: + google_iam_workload_identity_pool.pool: |- + { + "workload_identity_pool_id": "example-pool" + } - name: example manifest: |- { @@ -99519,6 +110998,72 @@ resources: { "workload_identity_pool_id": "example-pool" } + - name: example + manifest: |- + { + "attribute_mapping": { + "google.subject": "assertion.subject.dn.cn" + }, + "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", + "workload_identity_pool_provider_id": "example-prvdr", + "x509": [ + { + "trust_store": [ + { + "trust_anchors": [ + { + "pem_certificate": "${file(\"test-fixtures/trust_anchor.pem\")}" + } + ] + } + ] + } + ] + } + references: + workload_identity_pool_id: google_iam_workload_identity_pool.pool.workload_identity_pool_id + dependencies: + google_iam_workload_identity_pool.pool: |- + { + "workload_identity_pool_id": "example-pool" + } + - name: example + manifest: |- + { + "attribute_mapping": { + "google.subject": "assertion.subject.dn.cn" + }, + "description": "X.509 identity pool provider for automated test", + "disabled": true, + "display_name": "Name of provider", + "workload_identity_pool_id": "${google_iam_workload_identity_pool.pool.workload_identity_pool_id}", + "workload_identity_pool_provider_id": "example-prvdr", + "x509": [ + { + "trust_store": [ + { + "intermediate_cas": [ + { + "pem_certificate": "${file(\"test-fixtures/intermediate_ca.pem\")}" + } + ], + "trust_anchors": [ + { + "pem_certificate": "${file(\"test-fixtures/trust_anchor.pem\")}" + } + ] + } + ] + } + ] + } + references: + workload_identity_pool_id: google_iam_workload_identity_pool.pool.workload_identity_pool_id + dependencies: + google_iam_workload_identity_pool.pool: |- + { + "workload_identity_pool_id": "example-pool" + } argumentDocs: assertion: ': JSON representing the authentication credential issued by the provider.' attribute: |- @@ -99593,6 +111138,11 @@ resources: in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters. id: '- an identifier for the resource with format projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}' + intermediate_cas.pem_certificate: |- + - + (Optional) + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). name: |- - The resource name of the provider as @@ -99640,6 +111190,11 @@ resources: state: |- - The state of the provider. + trust_anchors.pem_certificate: |- + - + (Optional) + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). update: '- Default is 20 minutes.' workload_identity_pool_id: |- - @@ -99653,6 +111208,35 @@ resources: The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix gcp- is reserved for use by Google, and may not be specified. + x509: |- + - + (Optional) + An X.509-type identity provider represents a CA. It is trusted to assert a + client identity if the client has a certificate that chains up to this CA. + Structure is documented below. + x509.trust_store: |- + - + (Required) + A Trust store, use this trust store as a wrapper to config the trust + anchor and optional intermediate cas to help build the trust chain for + the incoming end entity certificate. Follow the x509 guidelines to + define those PEM encoded certs. Only 1 trust store is currently + supported. + Structure is documented below. + x509.trust_store.intermediate_cas: |- + - + (Optional) + Set of intermediate CA certificates used for building the trust chain to + trust anchor. + IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + Structure is documented below. + x509.trust_store.trust_anchors: |- + - + (Required) + List of Trust Anchors to be used while performing validation + against a given TrustStore. The incoming end entity's certificate + must be chained up to one of the trust anchors here. + Structure is documented below. importStatements: [] google_iap_app_engine_service_iam_policy: subCategory: Identity-Aware Proxy @@ -99781,6 +111365,7 @@ resources: dependencies: google_project.project: |- { + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -99842,6 +111427,7 @@ resources: } google_project.project: |- { + "deletion_policy": "DELETE", "name": "my-project", "org_id": "123456789", "project_id": "my-project" @@ -99873,6 +111459,329 @@ resources: Output only. Client secret of the OAuth client. Note: This property is sensitive and will not be displayed in the plan. importStatements: [] + google_iap_settings: + subCategory: Identity-Aware Proxy + description: IAP settings - manage IAP settings + name: google_iap_settings + title: "" + examples: + - name: iap_settings + manifest: |- + { + "access_settings": [ + { + "allowed_domains_settings": [ + { + "domains": [ + "test.abc.com" + ], + "enable": true + } + ], + "cors_settings": [ + { + "allow_http_options": true + } + ], + "gcip_settings": [ + { + "login_page_uri": "https://test.com/?apiKey=abc" + } + ], + "identity_sources": [ + "WORKFORCE_IDENTITY_FEDERATION" + ], + "oauth_settings": [ + { + "login_hint": "test" + } + ], + "reauth_settings": [ + { + "max_age": "305s", + "method": "SECURE_KEY", + "policy_type": "MINIMUM" + } + ], + "workforce_identity_settings": [ + { + "oauth2": [ + { + "client_id": "test-client-id", + "client_secret": "test-client-secret" + } + ], + "workforce_pools": [ + "wif-pool" + ] + } + ] + } + ], + "application_settings": [ + { + "access_denied_page_settings": [ + { + "access_denied_page_uri": "test-uri", + "generate_troubleshooting_uri": true, + "remediation_token_generation_enabled": false + } + ], + "attribute_propagation_settings": [ + { + "enable": false, + "expression": "attributes.saml_attributes.filter(attribute, attribute.name in [\"test1\", \"test2\"])", + "output_credentials": [ + "HEADER" + ] + } + ], + "cookie_domain": "test.abc.com", + "csm_settings": [ + { + "rctoken_aud": "test-aud-set" + } + ] + } + ], + "name": "projects/${data.google_project.project.number}/iap_web/compute-us-central1/services/${google_compute_region_backend_service.default.name}" + } + dependencies: + google_compute_health_check.default: |- + { + "check_interval_sec": 1, + "name": "iap-bs-health-check", + "tcp_health_check": [ + { + "port": "80" + } + ], + "timeout_sec": 1 + } + google_compute_region_backend_service.default: |- + { + "connection_draining_timeout_sec": 10, + "health_checks": [ + "${google_compute_health_check.default.id}" + ], + "name": "iap-settings-tf", + "region": "us-central1", + "session_affinity": "CLIENT_IP" + } + argumentDocs: + DEFAULT: |- + : This policy acts as a default if no other reauth policy is set. + Possible values are: MINIMUM, DEFAULT. + ENROLLED_SECOND_FACTORS: |- + : User can use any enabled 2nd factor. + Possible values are: LOGIN, SECURE_KEY, ENROLLED_SECOND_FACTORS. + HEADER: ': Propagate attributes in the headers with "x-goog-iap-attr-" prefix.' + JWT: |- + : Propagate attributes in the JWT of the form: + "additional_claims": { "my_attribute": ["value1", "value2"] } + LOGIN: ': Prompts the user to log in again.' + MINIMUM: |- + : This policy acts as a minimum to other policies, lower in the hierarchy. + Effective policy may only be the same or stricter. + RCTOKEN: |- + : Propagate attributes in the RCToken of the form: " + additional_claims": { "my_attribute": ["value1", "value2"] } + Each value may be one of: HEADER, JWT, RCTOKEN. + SECURE_KEY: ': User must use their secure key 2nd factor device.' + WORKFORCE_IDENTITY_FEDERATION: |- + : Use external identities set up on Google Cloud Workforce + Identity Federation. + Each value may be one of: WORKFORCE_IDENTITY_FEDERATION. + access_denied_page_settings.access_denied_page_uri: |- + - + (Optional) + The URI to be redirected to when access is denied. + access_denied_page_settings.generate_troubleshooting_uri: |- + - + (Optional) + Whether to generate a troubleshooting URL on access denied events to this application. + access_denied_page_settings.remediation_token_generation_enabled: |- + - + (Optional) + Whether to generate remediation token on access denied events to this application. + access_settings: |- + - + (Optional) + Top level wrapper for all access related setting in IAP. + Structure is documented below. + access_settings.allowed_domains_settings: |- + - + (Optional) + Settings to configure and enable allowed domains. + Structure is documented below. + access_settings.cors_settings: |- + - + (Optional) + Configuration to allow cross-origin requests via IAP. + Structure is documented below. + access_settings.gcip_settings: |- + - + (Optional) + GCIP claims and endpoint configurations for 3p identity providers. + access_settings.identity_sources: |- + - + (Optional) + Identity sources that IAP can use to authenticate the end user. Only one identity source + can be configured. The possible values are: + access_settings.oauth_settings: |- + - + (Optional) + Settings to configure IAP's OAuth behavior. + Structure is documented below. + access_settings.reauth_settings: |- + - + (Optional) + Settings to configure reauthentication policies in IAP. + Structure is documented below. + access_settings.workforce_identity_settings: |- + - + (Optional) + Settings to configure the workforce identity federation, including workforce pools + and OAuth 2.0 settings. + Structure is documented below. + allowed_domains_settings.domains: |- + - + (Optional) + List of trusted domains. + allowed_domains_settings.enable: |- + - + (Optional) + Configuration for customers to opt in for the feature. + application_settings: |- + - + (Optional) + Top level wrapper for all application related settings in IAP. + Structure is documented below. + application_settings.access_denied_page_settings: |- + - + (Optional) + Customization for Access Denied page. IAP allows customers to define a custom URI + to use as the error page when access is denied to users. If IAP prevents access + to this page, the default IAP error page will be displayed instead. + Structure is documented below. + application_settings.attribute_propagation_settings: |- + - + (Optional) + Settings to configure attribute propagation. + Structure is documented below. + application_settings.cookie_domain: |- + - + (Optional) + The Domain value to set for cookies generated by IAP. This value is not validated by the API, + but will be ignored at runtime if invalid. + application_settings.csm_settings: |- + - + (Optional) + Settings to configure IAP's behavior for a service mesh. + Structure is documented below. + attribute_propagation_settings.enable: |- + - + (Optional) + Whether the provided attribute propagation settings should be evaluated on user requests. + If set to true, attributes returned from the expression will be propagated in the set output credentials. + attribute_propagation_settings.expression: |- + - + (Optional) + Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can + be selected. Expressions can select different attribute types from attributes: + attributes.saml_attributes, attributes.iap_attributes. + attribute_propagation_settings.output_credentials: |- + - + (Optional) + Which output credentials attributes selected by the CEL expression should be propagated in. + All attributes will be fully duplicated in each selected output credential. + Possible values are: + cors_settings.allow_http_options: |- + - + (Optional) + Configuration to allow HTTP OPTIONS calls to skip authorization. + If undefined, IAP will not apply any special logic to OPTIONS requests. + create: '- Default is 20 minutes.' + csm_settings.rctoken_aud: |- + - + (Optional) + Audience claim set in the generated RCToken. This value is not validated by IAP. + delete: '- Default is 20 minutes.' + gcip_settings.login_page_uri: |- + - + (Optional) + Login page URI associated with the GCIP tenants. Typically, all resources within + the same project share the same login page, though it could be overridden at the + sub resource level. + gcip_settings.tenant_ids: |- + - + (Optional) + GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string + beginning with a number character to indicate authenticating with GCIP tenant flow, + or in the format of _ to indicate authenticating with GCIP agent flow. If agent flow + is used, tenantIds should only contain one single element, while for tenant flow, + tenantIds can contain multiple elements. + id: '- an identifier for the resource with format {{name}}/iapSettings' + name: |- + - + (Required) + The resource name of the IAP protected resource. Name can have below resources: + oauth_settings.login_hint: |- + - + (Optional) + Domain hint to send as hd=? parameter in OAuth request flow. + Enables redirect to primary IDP by skipping Google's login screen. + (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param) + Note: IAP does not verify that the id token's hd claim matches this value + since access behavior is managed by IAM policies. + oauth_settings.programmatic_clients: |- + - + (Optional) + List of client ids allowed to use IAP programmatically. + oauth2.client_id: |- + - + (Optional) + The OAuth 2.0 client ID registered in the workforce identity + federation OAuth 2.0 Server. + oauth2.client_secret: |- + - + (Optional) + Input only. The OAuth 2.0 client secret created while registering + the client ID. + Note: This property is sensitive and will not be displayed in the plan. + oauth2.client_secret_sha256: |- + - + (Output) + Output only. SHA256 hash value for the client secret. This field + is returned by IAP when the settings are retrieved. + reauth_settings.max_age: |- + - + (Required) + Reauth session lifetime, how long before a user has to reauthenticate again. + A duration in seconds with up to nine fractional digits, ending with 's'. + Example: "3.5s". + reauth_settings.method: |- + - + (Required) + Reauth method requested. The possible values are: + reauth_settings.policy_type: |- + - + (Required) + How IAP determines the effective policy in cases of hierarchical policies. + Policies are merged from higher in the hierarchy to lower in the hierarchy. + The possible values are: + update: '- Default is 20 minutes.' + workforce_identity_settings.oauth2: |- + - + (Optional) + OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity + federation services. + Structure is documented below. + workforce_identity_settings.workforce_pools: |- + - + (Optional) + The workforce pool resources. Only one workforce pool is accepted. + importStatements: [] google_iap_tunnel_dest_group: subCategory: Identity-Aware Proxy description: Tunnel destination groups represent resources that have the same tunnel access restrictions. @@ -100388,7 +112297,7 @@ resources: { "quota": 1000, "quota_duration": "7200s", - "start_time": "" + "start_time": "2014-10-02T15:01:23Z" } ] } @@ -100436,6 +112345,7 @@ resources: google_project.default: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "labels": { "firebase": "enabled" }, @@ -100638,12 +112548,12 @@ resources: quota.sign_up_quota_config: |- - (Optional) - Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. Structure is documented below. quota.sign_up_quota_config.quota: |- - (Optional) - A sign up APIs quota that customers can override temporarily. + A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. quota.sign_up_quota_config.quota_duration: |- - (Optional) @@ -100904,123 +112814,6 @@ resources: If it is not provided, the provider project is used. update: '- Default is 20 minutes.' importStatements: [] - google_identity_platform_project_default_config: - subCategory: Identity Platform - description: There is no persistent data associated with this resource. - name: google_identity_platform_project_default_config - title: "" - examples: - - name: default - manifest: |- - { - "sign_in": [ - { - "allow_duplicate_emails": true, - "anonymous": [ - { - "enabled": true - } - ], - "email": [ - { - "enabled": true, - "password_required": false - } - ], - "phone_number": [ - { - "enabled": true, - "test_phone_numbers": { - "+11231231234": "000000" - } - } - ] - } - ] - } - argumentDocs: - anonymous.enabled: |- - - - (Required) - Whether anonymous user auth is enabled for the project or not. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - email.enabled: |- - - - (Optional) - Whether email auth is enabled for the project or not. - email.password_required: |- - - - (Optional) - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - hash_config.algorithm: |- - - - (Output) - Different password hash algorithms used in Identity Toolkit. - hash_config.memory_cost: |- - - - (Output) - Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. - hash_config.rounds: |- - - - (Output) - How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. - hash_config.salt_separator: |- - - - (Output) - Non-printable character to be inserted between the salt and plain text password in base64. - hash_config.signer_key: |- - - - (Output) - Signer key in base64. - id: '- an identifier for the resource with format {{project}}' - name: |- - - - The name of the Config resource. Example: "projects/my-awesome-project/config" - phone_number.enabled: |- - - - (Optional) - Whether phone number auth is enabled for the project or not. - phone_number.test_phone_numbers: |- - - - (Optional) - A map of that can be used for phone auth testing. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - sign_in: |- - - - (Optional) - Configuration related to local sign in methods. - Structure is documented below. - sign_in.allow_duplicate_emails: |- - - - (Optional) - Whether to allow more than one account to have the same email. - sign_in.anonymous: |- - - - (Optional) - Configuration options related to authenticating an anonymous user. - Structure is documented below. - sign_in.email: |- - - - (Optional) - Configuration options related to authenticating a user by their email address. - Structure is documented below. - sign_in.hash_config: |- - - - (Output) - Output only. Hash config information. - Structure is documented below. - sign_in.phone_number: |- - - - (Optional) - Configuration options related to authenticated a user by their phone number. - Structure is documented below. - update: '- Default is 20 minutes.' - importStatements: [] google_identity_platform_tenant: subCategory: Identity Platform description: Tenant configuration in a multi-tenant project. @@ -101638,7 +113431,7 @@ resources: additional_variable.encryption_key_value: |- - (Optional) - Encription key value of configVariable. + Encryption key value of configVariable. Structure is documented below. additional_variable.integer_value: |- - @@ -101675,7 +113468,7 @@ resources: - (Required) authType of the Connection - Possible values are: USER_PASSWORD, OAUTH2_JWT_BEARER, OAUTH2_CLIENT_CREDENTIALS, SSH_PUBLIC_KEY, OAUTH2_AUTH_CODE_FLOW. + Possible values are: AUTH_TYPE_UNSPECIFIED, USER_PASSWORD, OAUTH2_JWT_BEARER, OAUTH2_CLIENT_CREDENTIALS, SSH_PUBLIC_KEY, OAUTH2_AUTH_CODE_FLOW. auth_config.oauth2_auth_code_flow: |- - (Optional) @@ -101735,7 +113528,7 @@ resources: config_variable.encryption_key_value: |- - (Optional) - Encription key value of configVariable. + Encryption key value of configVariable. Structure is documented below. config_variable.integer_value: |- - @@ -101780,7 +113573,7 @@ resources: description: |- - (Optional) - An arbitrary description for the Conection. + An arbitrary description for the Connection. destination.host: |- - (Optional) @@ -101817,7 +113610,7 @@ resources: encryption_key_value.type: |- - (Required) - Type of Encription Key + Type of Encryption Key Possible values are: GOOGLE_MANAGED, CUSTOMER_MANAGED. eventing_config: |- - @@ -102239,6 +114032,7 @@ resources: google_project.target_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "tf-test", "org_id": "123456789", "project_id": "tf-test" @@ -102622,11 +114416,11 @@ resources: { "cloud_kms_config": [ { - "key": "${google_kms_crypto_key.cryptokey.id}", - "key_version": "${google_kms_crypto_key_version.test_key.id}", + "key": "${basename(google_kms_crypto_key.cryptokey.id)}", + "key_version": "${basename(google_kms_crypto_key_version.test_key.id)}", "kms_location": "us-east1", "kms_project_id": "${data.google_project.test_project.project_id}", - "kms_ring": "${google_kms_key_ring.keyring.id}" + "kms_ring": "${basename(google_kms_key_ring.keyring.id)}" } ], "create_sample_integrations": true, @@ -102634,10 +114428,7 @@ resources: "run_as_service_account": "${google_service_account.service_account.email}" } references: - cloud_kms_config.key: google_kms_crypto_key.cryptokey.id - cloud_kms_config.key_version: google_kms_crypto_key_version.test_key.id cloud_kms_config.kms_project_id: data.google_project.test_project.project_id - cloud_kms_config.kms_ring: google_kms_key_ring.keyring.id run_as_service_account: google_service_account.service_account.email dependencies: google_kms_crypto_key.cryptokey: |- @@ -102701,10 +114492,6 @@ resources: - (Optional) Indicates if sample integrations should be created along with provisioning. - create_sample_workflows: |- - - - (Optional, Deprecated) - Indicates if sample workflow should be created along with provisioning. delete: '- Default is 20 minutes.' id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/clients' location: |- @@ -102714,10 +114501,6 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - provision_gmek: |- - - - (Optional, Deprecated) - Indicates provision with GMEK or CMEK. run_as_service_account: |- - (Optional) @@ -102734,16 +114517,17 @@ resources: "depends_on": [ "${time_sleep.wait_srv_acc_permissions}" ], - "folder": "${google_folder.autokms_folder.folder_id}", + "folder": "${google_folder.autokms_folder.id}", "key_project": "projects/${google_project.key_project.project_id}", "provider": "${google-beta}" } references: - folder: google_folder.autokms_folder.folder_id + folder: google_folder.autokms_folder.id provider: google-beta dependencies: google_folder.autokms_folder: |- { + "deletion_protection": false, "display_name": "my-folder", "parent": "organizations/123456789", "provider": "${google-beta}" @@ -102751,6 +114535,7 @@ resources: google_project.key_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "depends_on": [ "${google_folder.autokms_folder}" ], @@ -102789,6 +114574,13 @@ resources: "provider": "${google-beta}", "service": "cloudkms.googleapis.com" } + time_sleep.wait_autokey_propagation: |- + { + "create_duration": "30s", + "depends_on": [ + "${google_kms_autokey_config.example-autokeyconfig}" + ] + } time_sleep.wait_enable_service_api: |- { "create_duration": "30s", @@ -103336,7 +115128,7 @@ resources: "${time_sleep.wait_autokey_config}" ], "location": "global", - "name": "example-key-handle", + "name": "tf-test-key-handle", "project": "${google_project.resource_project.project_id}", "provider": "${google-beta}", "resource_type_selector": "storage.googleapis.com/Bucket" @@ -103347,7 +115139,8 @@ resources: dependencies: google_folder.autokms_folder: |- { - "display_name": "folder-example", + "deletion_protection": false, + "display_name": "my-folder", "parent": "organizations/123456789", "provider": "${google-beta}" } @@ -103363,6 +115156,7 @@ resources: google_project.key_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "depends_on": [ "${google_folder.autokms_folder}" ], @@ -103374,12 +115168,13 @@ resources: google_project.resource_project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "depends_on": [ "${google_folder.autokms_folder}" ], "folder_id": "${google_folder.autokms_folder.folder_id}", - "name": "resources", - "project_id": "resources", + "name": "res-proj", + "project_id": "res-proj", "provider": "${google-beta}" } google_project_iam_member.autokey_project_admin: |- @@ -103937,6 +115732,7 @@ resources: dependencies: google_folder.my_folder: |- { + "deletion_protection": false, "display_name": "folder-name", "parent": "organizations/123456789" } @@ -104142,6 +115938,57 @@ resources: (Optional) The parent of the linked dataset. importStatements: [] + google_logging_log_scope: + subCategory: Cloud (Stackdriver) Logging + description: Describes a group of resources to read log entries from + name: google_logging_log_scope + title: "" + examples: + - name: logging_log_scope + manifest: |- + { + "description": "A log scope configured with Terraform", + "location": "global", + "name": "projects/my-project-name/locations/global/logScopes/my-log-scope", + "parent": "projects/my-project-name", + "resource_names": [ + "projects/my-project-name", + "projects/my-project-name/locations/global/buckets/_Default/views/view1", + "projects/my-project-name/locations/global/buckets/_Default/views/view2" + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The creation timestamp of the log scopes. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Describes this log scopes. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/logScopes/{{name}}' + location: |- + - + (Optional) + The location of the resource. The only supported location is global so far. + name: |- + - + (Required) + The resource name of the log scope. For example: `projects/my-project/locations/global/logScopes/my-log-scope` + parent: |- + - + (Optional) + The parent of the resource. + resource_names: |- + - + (Required) + Names of one or more parent resources : * `projects/[PROJECT_ID]` May alternatively be one or more views : * `projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]/views/[VIEW_ID]` A log scope can include a maximum of 50 projects and a maximum of 100 resources in total. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The last update timestamp of the log scopes. + importStatements: [] google_logging_log_view: subCategory: Cloud (Stackdriver) Logging description: Describes a view over log entries in a bucket. @@ -105026,6 +116873,7 @@ resources: - name: looker-instance manifest: |- { + "deletion_policy": "DEFAULT", "name": "my-instance", "oauth_config": [ { @@ -105096,6 +116944,21 @@ resources: "public_ip_enabled": true, "region": "us-central1" } + - name: looker-instance + manifest: |- + { + "fips_enabled": true, + "name": "my-instance-fips", + "oauth_config": [ + { + "client_id": "my-client-id", + "client_secret": "my-client-secret" + } + ], + "platform_edition": "LOOKER_CORE_ENTERPRISE_ANNUAL", + "public_ip_enabled": true, + "region": "us-central1" + } - name: looker-instance manifest: |- { @@ -105214,16 +117077,48 @@ resources: "platform_edition": "LOOKER_CORE_STANDARD_ANNUAL", "region": "us-central1" } + - name: looker-instance + manifest: |- + { + "name": "my-instance", + "oauth_config": [ + { + "client_id": "my-client-id", + "client_secret": "my-client-secret" + } + ], + "platform_edition": "LOOKER_CORE_ENTERPRISE_ANNUAL", + "private_ip_enabled": false, + "psc_config": [ + { + "allowed_vpcs": [ + "projects/test-project/global/networks/test" + ] + } + ], + "psc_enabled": true, + "public_ip_enabled": false, + "region": "us-central1" + } + - name: looker-instance + manifest: |- + { + "deletion_policy": "FORCE", + "name": "my-instance", + "oauth_config": [ + { + "client_id": "my-client-id", + "client_secret": "my-client-secret" + } + ], + "platform_edition": "LOOKER_CORE_STANDARD_ANNUAL", + "region": "us-central1" + } argumentDocs: LOOKER_CORE_TRIAL: |- . - Possible values are: LOOKER_CORE_TRIAL, LOOKER_CORE_STANDARD, LOOKER_CORE_STANDARD_ANNUAL, LOOKER_CORE_ENTERPRISE_ANNUAL, LOOKER_CORE_EMBED_ANNUAL. + Possible values are: LOOKER_CORE_TRIAL, LOOKER_CORE_STANDARD, LOOKER_CORE_STANDARD_ANNUAL, LOOKER_CORE_ENTERPRISE_ANNUAL, LOOKER_CORE_EMBED_ANNUAL, LOOKER_CORE_NONPROD_STANDARD_ANNUAL, LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL, LOOKER_CORE_NONPROD_EMBED_ANNUAL. MONDAY: ', TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.' - admin_settings: |- - - - (Optional) - Looker instance Admin settings. - Structure is documented below. admin_settings.allowed_email_domains: |- - (Optional) @@ -105232,22 +117127,11 @@ resources: Updating this list will restart the instance. Updating the allowed email domains from terraform means the value provided will be considered as the entire list and not an amendment to the existing list of allowed email domains. - consumer_network: |- - - - (Optional) - Network name in the consumer project in the format of: projects/{project}/global/networks/{network} - Note that the consumer network may be in a different GCP project than the consumer - project that is hosting the Looker Instance. create: '- Default is 90 minutes.' create_time: |- - The time the instance was created in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - custom_domain: |- - - - (Optional) - Custom domain settings for a Looker instance. - Structure is documented below. custom_domain.domain: |- - (Optional) @@ -105257,13 +117141,6 @@ resources: (Output) Status of the custom domain. delete: '- Default is 90 minutes.' - deny_maintenance_period: |- - - - (Optional) - Maintenance denial period for this instance. - You must allow at least 14 days of maintenance availability - between any two deny maintenance periods. - Structure is documented below. deny_maintenance_period.end_date: |- - (Required) @@ -105282,11 +117159,6 @@ resources: egress_public_ip: |- - Public Egress IP (IPv4). - encryption_config: |- - - - (Optional) - Looker instance encryption settings. - Structure is documented below. encryption_config.kms_key_name: |- - (Optional) @@ -105327,14 +117199,6 @@ resources: looker_version: |- - The Looker version that the instance is using. - maintenance_window: |- - - - (Optional) - Maintenance window for an instance. - Maintenance of your instance takes place once a month, and will require - your instance to be restarted during updates, which will temporarily - disrupt service. - Structure is documented below. maintenance_window.day_of_week: |- - (Required) @@ -105350,9 +117214,14 @@ resources: The ID of the instance or a fully qualified identifier for the instance. oauth_config: |- - - (Optional) + (Required) Looker Instance OAuth login settings. Structure is documented below. + oauth_config.admin_settings: |- + - + (Optional) + Looker instance Admin settings. + Structure is documented below. oauth_config.client_id: |- - (Required) @@ -105361,30 +117230,115 @@ resources: - (Required) The client secret for the Oauth config. - platform_edition: |- + oauth_config.consumer_network: |- + - + (Optional) + Network name in the consumer project in the format of: projects/{project}/global/networks/{network} + Note that the consumer network may be in a different GCP project than the consumer + project that is hosting the Looker Instance. + oauth_config.custom_domain: |- + - + (Optional) + Custom domain settings for a Looker instance. + Structure is documented below. + oauth_config.deletion_policy: |- + - (Optional) Policy to determine if the cluster should be deleted forcefully. + If setting deletion_policy = "FORCE", the Looker instance will be deleted regardless + of its nested resources. If set to "DEFAULT", Looker instances that still have + nested resources will return an error. Possible values: DEFAULT, FORCE + oauth_config.deny_maintenance_period: |- + - + (Optional) + Maintenance denial period for this instance. + You must allow at least 14 days of maintenance availability + between any two deny maintenance periods. + Structure is documented below. + oauth_config.encryption_config: |- + - + (Optional) + Looker instance encryption settings. + Structure is documented below. + oauth_config.fips_enabled: |- + - + (Optional) + FIPS 140-2 Encryption enablement for Looker (Google Cloud Core). + oauth_config.maintenance_window: |- + - + (Optional) + Maintenance window for an instance. + Maintenance of your instance takes place once a month, and will require + your instance to be restarted during updates, which will temporarily + disrupt service. + Structure is documented below. + oauth_config.platform_edition: |- - (Optional) Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values: - private_ip_enabled: |- + oauth_config.private_ip_enabled: |- - (Optional) Whether private IP is enabled on the Looker instance. - project: |- + oauth_config.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - public_ip_enabled: |- + oauth_config.psc_config: |- + - + (Optional) + Information for Private Service Connect (PSC) setup for a Looker instance. + Structure is documented below. + oauth_config.psc_enabled: |- + - + (Optional) + Whether Public Service Connect (PSC) is enabled on the Looker instance + oauth_config.public_ip_enabled: |- - (Optional) Whether public IP is enabled on the Looker instance. - region: |- + oauth_config.region: |- - (Optional) The name of the Looker region of the instance. - reserved_range: |- + oauth_config.reserved_range: |- - (Optional) Name of a reserved IP address range within the consumer network, to be used for private service access connection. User may or may not specify this in a request. + oauth_config.user_metadata: |- + - + (Optional) + Metadata about users for a Looker instance. + These settings are only available when platform edition LOOKER_CORE_STANDARD is set. + There are ten Standard and two Developer users included in the cost of the product. + You can allocate additional Standard, Viewer, and Developer users for this instance. + It is an optional step and can be modified later. + With the Standard edition of Looker (Google Cloud core), you can provision up to 50 + total users, distributed across Viewer, Standard, and Developer. + Structure is documented below. + psc_config.allowed_vpcs: |- + - + (Optional) + List of VPCs that are allowed ingress into the Looker instance. + psc_config.looker_service_attachment_uri: |- + - + (Output) + URI of the Looker service attachment. + psc_config.service_attachments: |- + - + (Optional) + List of egress service attachment configurations. + Structure is documented below. + service_attachments.connection_status: |- + - + (Output) + Status of the service attachment connection. + service_attachments.local_fqdn: |- + - + (Optional) + Fully qualified domain name that will be used in the private DNS record created for the service attachment. + service_attachments.target_service_attachment_uri: |- + - + (Optional) + URI of the service attachment to connect to. start_date.day: |- - (Optional) @@ -105437,17 +117391,6 @@ resources: - The time the instance was updated in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - user_metadata: |- - - - (Optional) - Metadata about users for a Looker instance. - These settings are only available when platform edition LOOKER_CORE_STANDARD is set. - There are ten Standard and two Developer users included in the cost of the product. - You can allocate additional Standard, Viewer, and Developer users for this instance. - It is an optional step and can be modified later. - With the Standard edition of Looker (Google Cloud core), you can provision up to 50 - total users, distributed across Viewer, Standard, and Developer. - Structure is documented below. user_metadata.additional_developer_user_count: |- - (Optional) @@ -105494,15 +117437,12 @@ resources: "key": "value" }, "location": "us-central1", - "provider": "${google-beta}", "rebalance_config": [ { "mode": "NO_REBALANCE" } ] } - references: - provider: google-beta - name: example manifest: |- { @@ -105663,13 +117603,11 @@ resources: }, "location": "us-central1", "partition_count": 2, - "provider": "${google-beta}", "replication_factor": 3, "topic_id": "my-topic" } references: cluster: google_managed_kafka_cluster.cluster.cluster_id - provider: google-beta dependencies: google_managed_kafka_cluster.cluster: |- { @@ -105693,8 +117631,7 @@ resources: ] } ], - "location": "us-central1", - "provider": "${google-beta}" + "location": "us-central1" } argumentDocs: cluster: |- @@ -106003,6 +117940,477 @@ resources: Required. Start time of the window in UTC time. Structure is documented below. importStatements: [] + google_memorystore_instance: + subCategory: Memorystore + description: A Google Cloud Memorystore instance. + name: google_memorystore_instance + title: "" + examples: + - name: instance-basic + manifest: |- + { + "deletion_protection_enabled": false, + "depends_on": [ + "${google_network_connectivity_service_connection_policy.default}" + ], + "desired_psc_auto_connections": [ + { + "network": "${google_compute_network.producer_net.id}", + "project_id": "${data.google_project.project.project_id}" + } + ], + "instance_id": "basic-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "us-central1", + "shard_count": 3 + } + references: + desired_psc_auto_connections.network: google_compute_network.producer_net.id + desired_psc_auto_connections.project_id: data.google_project.project.project_id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "my-network" + } + google_compute_subnetwork.producer_subnet: |- + { + "ip_cidr_range": "10.0.0.248/29", + "name": "my-subnet", + "network": "${google_compute_network.producer_net.id}", + "region": "us-central1" + } + google_network_connectivity_service_connection_policy.default: |- + { + "description": "my basic service connection policy", + "location": "us-central1", + "name": "my-policy", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore" + } + - name: instance-full + manifest: |- + { + "authorization_mode": "AUTH_DISABLED", + "deletion_protection_enabled": false, + "depends_on": [ + "${google_network_connectivity_service_connection_policy.default}" + ], + "desired_psc_auto_connections": [ + { + "network": "${google_compute_network.producer_net.id}", + "project_id": "${data.google_project.project.project_id}" + } + ], + "engine_configs": { + "maxmemory-policy": "volatile-ttl" + }, + "engine_version": "VALKEY_7_2", + "instance_id": "full-instance", + "labels": { + "abc": "xyz" + }, + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "us-central1", + "mode": "CLUSTER", + "node_type": "SHARED_CORE_NANO", + "persistence_config": [ + { + "mode": "RDB", + "rdb_config": [ + { + "rdb_snapshot_period": "ONE_HOUR", + "rdb_snapshot_start_time": "2024-10-02T15:01:23Z" + } + ] + } + ], + "replica_count": 2, + "shard_count": 3, + "transit_encryption_mode": "TRANSIT_ENCRYPTION_DISABLED", + "zone_distribution_config": [ + { + "mode": "SINGLE_ZONE", + "zone": "us-central1-b" + } + ] + } + references: + desired_psc_auto_connections.network: google_compute_network.producer_net.id + desired_psc_auto_connections.project_id: data.google_project.project.project_id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "my-network" + } + google_compute_subnetwork.producer_subnet: |- + { + "ip_cidr_range": "10.0.0.248/29", + "name": "my-subnet", + "network": "${google_compute_network.producer_net.id}", + "region": "us-central1" + } + google_network_connectivity_service_connection_policy.default: |- + { + "description": "my basic service connection policy", + "location": "us-central1", + "name": "my-policy", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore" + } + - name: instance-persistence-aof + manifest: |- + { + "deletion_protection_enabled": false, + "depends_on": [ + "${google_network_connectivity_service_connection_policy.default}" + ], + "desired_psc_auto_connections": [ + { + "network": "${google_compute_network.producer_net.id}", + "project_id": "${data.google_project.project.project_id}" + } + ], + "instance_id": "aof-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "us-central1", + "persistence_config": [ + { + "aof_config": [ + { + "append_fsync": "EVERY_SEC" + } + ], + "mode": "AOF" + } + ], + "shard_count": 3 + } + references: + desired_psc_auto_connections.network: google_compute_network.producer_net.id + desired_psc_auto_connections.project_id: data.google_project.project.project_id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "my-network" + } + google_compute_subnetwork.producer_subnet: |- + { + "ip_cidr_range": "10.0.0.248/29", + "name": "my-subnet", + "network": "${google_compute_network.producer_net.id}", + "region": "us-central1" + } + google_network_connectivity_service_connection_policy.default: |- + { + "description": "my basic service connection policy", + "location": "us-central1", + "name": "my-policy", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore" + } + argumentDocs: + aof_config.append_fsync: |- + - + (Optional) + Optional. The fsync mode. + Possible values: + NEVER + EVERY_SEC + ALWAYS + authorization_mode: |- + - + (Optional) + Optional. Immutable. Authorization mode of the instance. Possible values: + AUTH_DISABLED + IAM_AUTH + create: '- Default is 60 minutes.' + create_time: |- + - + Output only. Creation timestamp of the instance. + delete: '- Default is 30 minutes.' + deletion_protection_enabled: |- + - + (Optional) + Optional. If set to true deletion of the instance will fail. + desired_psc_auto_connections: '- (Optional) Required. Immutable. User inputs for the auto-created PSC connections.' + discovery_endpoints: |- + - + Output only. Endpoints clients can connect to the instance through. Currently only one + discovery endpoint is supported. + Structure is documented below. + discovery_endpoints.address: |- + - + (Output) + Output only. IP address of the exposed endpoint clients connect to. + discovery_endpoints.network: |- + - + (Output) + Output only. The network where the IP address of the discovery endpoint will be + reserved, in the form of + projects/{network_project}/global/networks/{network_id}. + discovery_endpoints.port: |- + - + (Output) + Output only. The port number of the exposed endpoint. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + endpoints: |- + - + Endpoints for the instance. + engine_configs: |- + - + (Optional) + Optional. User-provided engine configurations for the instance. + engine_version: |- + - + (Optional) + Optional. Immutable. Engine version of the instance. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance_id}}' + instance_id: |- + - + (Required) + Required. The ID to use for the instance, which will become the final component of + the instance's resource name. + This value is subject to the following restrictions: + labels: |- + - + (Optional) + Optional. Labels to represent user-provided metadata. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type memorystore.googleapis.com/CertificateAuthority. + mode: |- + - + (Optional) + Optional. Standalone or cluster. + Possible values: + CLUSTER + STANDALONE + Possible values are: CLUSTER, STANDALONE. + name: |- + - + Identifier. Unique name of the instance. + Format: projects/{project}/locations/{location}/instances/{instance} + node_config: |- + - + Represents configuration for nodes of the instance. + Structure is documented below. + node_config.size_gb: |- + - + (Output) + Output only. Memory size in GB of the node. + node_type: |- + - + (Optional) + Optional. Immutable. Machine type for individual nodes of the instance. + Possible values: + SHARED_CORE_NANO + HIGHMEM_MEDIUM + HIGHMEM_XLARGE + STANDARD_SMALL + persistence_config: |- + - + (Optional) + Represents persistence configuration for a instance. + Structure is documented below. + persistence_config.aof_config: |- + - + (Optional) + Configuration for AOF based persistence. + Structure is documented below. + persistence_config.mode: |- + - + (Optional) + Optional. Current persistence mode. + Possible values: + DISABLED + RDB + AOF + Possible values are: DISABLED, RDB, AOF. + persistence_config.rdb_config: |- + - + (Optional) + Configuration for RDB based persistence. + Structure is documented below. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + psc_auto_connections: |- + - + Output only. User inputs and resource details of the auto-created PSC connections. + Structure is documented below. + psc_auto_connections.connection_type: |- + - + (Output) + Output Only. Type of a PSC Connection. + Possible values: + CONNECTION_TYPE_DISCOVERY + CONNECTION_TYPE_PRIMARY + CONNECTION_TYPE_READER + psc_auto_connections.forwarding_rule: |- + - + (Output) + Output only. The URI of the consumer side forwarding rule. + Format: + projects/{project}/regions/{region}/forwardingRules/{forwarding_rule} + psc_auto_connections.ip_address: |- + - + (Output) + Output only. The IP allocated on the consumer network for the PSC forwarding rule. + psc_auto_connections.network: |- + - + (Output) + Output only. The consumer network where the IP address resides, in the form of + projects/{project_id}/global/networks/{network_id}. + psc_auto_connections.port: |- + - + (Output) + Output only. Ports of the exposed endpoint. + psc_auto_connections.project_id: |- + - + (Output) + Output only. The consumer project_id where the forwarding rule is created from. + psc_auto_connections.psc_connection_id: |- + - + (Output) + Output only. The PSC connection id of the forwarding rule connected to the + service attachment. + psc_auto_connections.psc_connection_status: |- + - + (Output) + Output Only. The status of the PSC connection: whether a connection exists and ACTIVE or it no longer exists. + Possible values: + ACTIVE + NOT_FOUND + psc_auto_connections.service_attachment: |- + - + (Output) + Output only. The service attachment which is the target of the PSC connection, in the form of projects/{project-id}/regions/{region}/serviceAttachments/{service-attachment-id}. + rdb_config.rdb_snapshot_period: |- + - + (Optional) + Optional. Period between RDB snapshots. + Possible values: + ONE_HOUR + SIX_HOURS + TWELVE_HOURS + TWENTY_FOUR_HOURS + rdb_config.rdb_snapshot_start_time: |- + - + (Optional) + Optional. Time that the first snapshot was/will be attempted, and to which future + snapshots will be aligned. If not provided, the current time will be + used. + replica_count: |- + - + (Optional) + Optional. Number of replica nodes per shard. If omitted the default is 0 replicas. + shard_count: |- + - + (Required) + Required. Number of shards for the instance. + state: |- + - + Output only. Current state of the instance. + Possible values: + CREATING + ACTIVE + UPDATING + DELETING + state_info: |- + - + Additional information about the state of the instance. + Structure is documented below. + state_info.update_info: |- + - + (Output) + Represents information about instance with state UPDATING. + Structure is documented below. + state_info.update_info.target_replica_count: |- + - + (Output) + Output only. Target number of replica nodes per shard for the instance. + state_info.update_info.target_shard_count: |- + - + (Output) + Output only. Target number of shards for the instance. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + transit_encryption_mode: |- + - + (Optional) + Optional. Immutable. In-transit encryption mode of the instance. + Possible values: + TRANSIT_ENCRYPTION_DISABLED + SERVER_AUTHENTICATION + uid: |- + - + Output only. System assigned, unique identifier for the instance. + update: '- Default is 120 minutes.' + update_time: |- + - + Output only. Latest update timestamp of the instance. + zone_distribution_config: |- + - + (Optional) + Zone distribution configuration for allocation of instance resources. + Structure is documented below. + zone_distribution_config.mode: |- + - + (Optional) + Optional. Current zone distribution mode. Defaults to MULTI_ZONE. + Possible values: + MULTI_ZONE + SINGLE_ZONE + Possible values are: MULTI_ZONE, SINGLE_ZONE. + zone_distribution_config.zone: |- + - + (Optional) + Optional. Defines zone where all resources will be allocated with SINGLE_ZONE mode. + Ignored for MULTI_ZONE mode. + importStatements: [] google_migration_center_group: subCategory: Migration Center description: A resource that represents an asset group. @@ -106575,6 +118983,11 @@ resources: Control over how the notification channels in notification_channels are notified when this alert fires, on a per-channel basis. Structure is documented below. + alert_strategy.notification_prompts: |- + - + (Optional) + Control when notifications will be sent out. + Each value may be one of: NOTIFICATION_PROMPT_UNSPECIFIED, OPENED, CLOSED. alert_strategy.notification_rate_limit: |- - (Optional) @@ -106705,6 +119118,15 @@ resources: (Optional) Control over how this alert policy's notification channels are notified. Structure is documented below. + condition_prometheus_query_language.disable_metric_validation: |- + - + (Optional) + Whether to disable metric existence validation for this condition. + This allows alerting policies to be defined on metrics that do not yet + exist, improving advanced customer workflows such as configuring + alerting policies using Terraform. + Users with the monitoring.alertPolicyViewer role are able to see the + name of the non-existent metric in the alerting policy condition. condition_prometheus_query_language.documentation: |- - (Optional) @@ -107486,6 +119908,7 @@ resources: dependencies: google_project.basic: |- { + "deletion_policy": "DELETE", "name": "m-id-display", "org_id": "123456789", "project_id": "m-id" @@ -108770,7 +121193,7 @@ resources: kdc_hostname: |- - (Optional) - Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1 + Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only required for volumes using kerberized NFSv4.1 kdc_ip: |- - (Optional) @@ -109038,7 +121461,7 @@ resources: "labels": { "creator": "testuser" }, - "location": "us-central1", + "location": "us-west1", "name": "test-backup-vault" } argumentDocs: @@ -109086,24 +121509,11 @@ resources: - name: kmsConfig manifest: |- { - "crypto_key_name": "${google_kms_crypto_key.crypto_key.id}", + "crypto_key_name": "crypto-name", "description": "this is a test description", "location": "us-central1", "name": "kms-test" } - references: - crypto_key_name: google_kms_crypto_key.crypto_key.id - dependencies: - google_kms_crypto_key.crypto_key: |- - { - "key_ring": "${google_kms_key_ring.keyring.id}", - "name": "crypto-name" - } - google_kms_key_ring.keyring: |- - { - "location": "us-central1", - "name": "key-ring" - } argumentDocs: create: '- Default is 20 minutes.' crypto_key_name: |- @@ -109196,11 +121606,16 @@ resources: (Optional) Specifies the Active Directory policy to be used. Format: projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}. The policy needs to be in the same location as the storage pool. + allow_auto_tiering: |- + - + (Optional) + Optional. True if the storage pool supports Auto Tiering enabled volumes. Default is false. + Auto-tiering can be enabled after storage pool creation but it can't be disabled once enabled. capacity_gib: |- - (Required) Capacity of the storage pool (in GiB). - create: '- Default is 20 minutes.' + create: '- Default is 45 minutes.' delete: '- Default is 20 minutes.' description: |- - @@ -109242,7 +121657,7 @@ resources: If it is not provided, the provider project is used. replica_zone: |- - - (Optional, Beta) + (Optional) Specifies the replica zone for regional Flex pools. zone and replica_zone values can be swapped to initiate a zone switch. service_level: |- @@ -109263,7 +121678,7 @@ resources: Number of volume in the storage pool. zone: |- - - (Optional, Beta) + (Optional) Specifies the active zone for regional Flex pools. zone and replica_zone values can be swapped to initiate a zone switch. If you want to create a zonal Flex pool, specify a zone name for location and omit zone. @@ -109324,6 +121739,9 @@ resources: - (Required) Capacity of the volume (in GiB). + cold_tier_size_gib: |- + - + Output only. Size of the volume cold tier data in GiB. create: '- Default is 20 minutes.' create_time: |- - @@ -109345,6 +121763,7 @@ resources: - (Optional) Policy to determine if the volume should be deleted forcefully. Volumes may have nested snapshot resources. Deleting such a volume will fail. Setting this parameter to FORCE will delete volumes including nested snapshots. + Possible values: DEFAULT, FORCE. description: |- - (Optional) @@ -109371,7 +121790,7 @@ resources: export_policy.rules.allowed_clients: |- - (Optional) - Defines the client ingress specification (allowed clients) as a comma seperated list with IPv4 CIDRs or IPv4 host addresses. + Defines the client ingress specification (allowed clients) as a comma separated list with IPv4 CIDRs or IPv4 host addresses. export_policy.rules.has_root_access: |- - (Optional) @@ -109431,6 +121850,10 @@ resources: - (Optional) Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. + large_capacity: |- + - + (Optional) + Optional. Flag indicating if the volume will be a large capacity volume or a regular volume. ldap_enabled: |- - Flag indicating if the volume is NFS LDAP enabled or not. Inherited from storage pool. @@ -109476,6 +121899,11 @@ resources: - (Output) Protocol to mount with. + multiple_endpoints: |- + - + (Optional) + Optional. Flag indicating if the volume will have an IP address per node for volumes supporting multiple IP endpoints. + Only the volume with largeCapacity will be allowed to have multiple endpoints. name: |- - (Required) @@ -109496,7 +121924,6 @@ resources: Name of the Private Service Access allocated range. Inherited from storage pool. replica_zone: |- - - (Beta) Specifies the replica zone for regional volume. restore_parameters: |- - @@ -109528,7 +121955,7 @@ resources: Possible values are: NTFS, UNIX. service_level: |- - - Service level of the volume. Inherited from storage pool. Supported values are : PREMIUM, EXTERME, STANDARD, FLEX. + Service level of the volume. Inherited from storage pool. Supported values are : PREMIUM, EXTREME, STANDARD, FLEX. share_name: |- - (Required) @@ -109582,11 +122009,27 @@ resources: storage_pool: |- - (Required) - Name of the storage pool to create the volume in. Pool needs enough spare capacity to accomodate the volume. + Name of the storage pool to create the volume in. Pool needs enough spare capacity to accommodate the volume. terraform_labels: |- - The combination of labels configured directly on the resource and default labels configured on the provider. + tiering_policy: |- + - + (Optional) + Tiering policy for the volume. + Structure is documented below. + tiering_policy.cooling_threshold_days: |- + - + (Optional) + Optional. Time in days to mark the volume's data block as cold and make it eligible for tiering, can be range from 7-183. + Default is 31. + tiering_policy.tier_action: |- + - + (Optional) + Optional. Flag indicating if the volume has tiering policy enable/pause. Default is PAUSED. + Default value is PAUSED. + Possible values are: ENABLED, PAUSED. unix_permissions: |- - (Optional) @@ -109613,7 +122056,6 @@ resources: The maximum number of snapshots to keep for the weekly schedule. zone: |- - - (Beta) Specifies the active zone for regional volume. importStatements: [] google_netapp_volume_replication: @@ -109902,6 +122344,100 @@ resources: (Required) The name of the volume to create the snapshot in. importStatements: [] + google_network_connectivity_group: + subCategory: Network Connectivity + description: The NetworkConnectivity Group resource + name: google_network_connectivity_group + title: "" + examples: + - name: primary + manifest: |- + { + "auto_accept": [ + { + "auto_accept_projects": [ + "foo", + "bar" + ] + } + ], + "description": "A sample hub group", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "labels": { + "label-one": "value-one" + }, + "name": "default" + } + references: + hub: google_network_connectivity_hub.basic_hub.id + dependencies: + google_network_connectivity_hub.basic_hub: |- + { + "description": "A sample hub", + "labels": { + "label-one": "value-one" + }, + "name": "network-connectivity-hub1" + } + argumentDocs: + auto_accept: |- + - + (Optional) + Optional. The auto-accept setting for this group. + Structure is documented below. + auto_accept.auto_accept_projects: |- + - + (Required) + A list of project ids or project numbers for which you want to enable auto-accept. The auto-accept setting is applied to spokes being created or updated in these projects. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time the hub was created. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of the group. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + hub: |- + - + (Required) + The name of the hub. Hub names must be unique. They use the following form: projects/{projectNumber}/locations/global/hubs/{hubId} + id: '- an identifier for the resource with format projects/{{project}}/locations/global/hubs/{{hub}}/groups/{{name}}' + labels: |- + - + (Optional) + Optional labels in key:value format. For more information about labels, see Requirements for labels. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + name: |- + - + (Required) + The name of the group. Group names must be unique. + Possible values are: default, center, edge. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + route_table: |- + - + Output only. The name of the route table that corresponds to this group. They use the following form: projects/{projectNumber}/locations/global/hubs/{hubId}/routeTables/{route_table_id} + state: |- + - + Output only. The current lifecycle state of this hub. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + uid: |- + - + Output only. The Google-generated UUID for the group. This value is unique across all group resources. If a group is deleted and another with the same name is created, the new route table is assigned a different uniqueId. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time the hub was last updated. + importStatements: [] google_network_connectivity_hub: subCategory: Network Connectivity description: The NetworkConnectivity Hub resource @@ -109924,6 +122460,25 @@ resources: "export_psc": true, "name": "basic" } + - name: primary + manifest: |- + { + "description": "A sample mesh hub", + "labels": { + "label-one": "value-one" + }, + "name": "mesh" + } + - name: primary + manifest: |- + { + "description": "A sample star hub", + "labels": { + "label-one": "value-one" + }, + "name": "star", + "preset_topology": "STAR" + } argumentDocs: create: '- Default is 20 minutes.' create_time: |- @@ -109952,6 +122507,11 @@ resources: - (Required) Immutable. The name of the hub. Hub names must be unique. They use the following form: projects/{project_number}/locations/global/hubs/{hub_id} + preset_topology: |- + - + (Optional) + Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. + Possible values are: MESH, STAR. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -110076,6 +122636,38 @@ resources: "network": "${google_compute_network.default.id}", "region": "us-central1" } + - name: default + manifest: |- + { + "description": "Test internal range", + "ip_cidr_range": "10.1.0.0/16", + "migration": [ + { + "source": "${google_compute_subnetwork.source.self_link}", + "target": "projects/${data.google_project.target_project.project_id}/regions/us-central1/subnetworks/target-subnet" + } + ], + "name": "migration", + "network": "${google_compute_network.default.self_link}", + "peering": "FOR_SELF", + "usage": "FOR_MIGRATION" + } + references: + migration.source: google_compute_subnetwork.source.self_link + network: google_compute_network.default.self_link + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "internal-ranges" + } + google_compute_subnetwork.source: |- + { + "ip_cidr_range": "10.1.0.0/16", + "name": "source-subnet", + "network": "${google_compute_network.default.name}", + "region": "us-central1" + } argumentDocs: create: '- Default is 30 minutes.' delete: '- Default is 30 minutes.' @@ -110093,6 +122685,25 @@ resources: - (Optional) User-defined labels. + migration: |- + - + (Optional) + Specification for migration with source and target resource names. + Structure is documented below. + migration.source: |- + - + (Required) + Resource path as an URI of the source resource, for example a subnet. + The project for the source resource should match the project for the + InternalRange. + An example /projects/{project}/regions/{region}/subnetworks/{subnet} + migration.target: |- + - + (Required) + Resource path of the target resource. The target project can be + different, as in the cases when migrating to peer networks. The resource + may not exist yet. + For example /projects/{project}/regions/{region}/subnetworks/{subnet} name: |- - (Required) @@ -110133,7 +122744,7 @@ resources: - (Required) The type of usage set for this InternalRange. - Possible values are: FOR_VPC, EXTERNAL_TO_VPC. + Possible values are: FOR_VPC, EXTERNAL_TO_VPC, FOR_MIGRATION. users: |- - Output only. The list of resources that refer to this internal range. @@ -110634,6 +123245,10 @@ resources: "198.51.100.0/24", "10.10.0.0/16" ], + "include_export_ranges": [ + "198.51.100.0/23", + "10.0.0.0/8" + ], "uri": "${google_compute_network.network.self_link}" } ], @@ -110657,6 +123272,55 @@ resources: }, "name": "hub1" } + - name: primary + manifest: |- + { + "description": "A sample spoke with a linked VPC", + "group": "${google_network_connectivity_group.default_group.id}", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "labels": { + "label-one": "value-one" + }, + "linked_vpc_network": [ + { + "exclude_export_ranges": [ + "198.51.100.0/24", + "10.10.0.0/16" + ], + "include_export_ranges": [ + "198.51.100.0/23", + "10.0.0.0/8" + ], + "uri": "${google_compute_network.network.self_link}" + } + ], + "location": "global", + "name": "group-spoke1" + } + references: + group: google_network_connectivity_group.default_group.id + hub: google_network_connectivity_hub.basic_hub.id + linked_vpc_network.uri: google_compute_network.network.self_link + dependencies: + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "net-spoke" + } + google_network_connectivity_group.default_group: |- + { + "description": "A sample hub group", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "name": "default" + } + google_network_connectivity_hub.basic_hub: |- + { + "description": "A sample hub", + "labels": { + "label-two": "value-one" + }, + "name": "hub1-spoke" + } - name: primary manifest: |- { @@ -110667,6 +123331,9 @@ resources: }, "linked_router_appliance_instances": [ { + "include_import_ranges": [ + "ALL_IPV4_RANGES" + ], "instances": [ { "ip_address": "10.0.0.2", @@ -110730,6 +123397,468 @@ resources: }, "name": "tf-test-hub" } + - name: tunnel1 + manifest: |- + { + "description": "A sample spoke with a linked VPN Tunnel", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "labels": { + "label-one": "value-one" + }, + "linked_vpn_tunnels": [ + { + "include_import_ranges": [ + "ALL_IPV4_RANGES" + ], + "site_to_site_data_transfer": true, + "uris": [ + "${google_compute_vpn_tunnel.tunnel1.self_link}" + ] + } + ], + "location": "us-central1", + "name": "vpn-tunnel-1-spoke" + } + references: + hub: google_network_connectivity_hub.basic_hub.id + linked_vpn_tunnels.uris: google_compute_vpn_tunnel.tunnel1.self_link + dependencies: + google_compute_external_vpn_gateway.external_vpn_gw: |- + { + "description": "An externally managed VPN gateway", + "interface": [ + { + "id": 0, + "ip_address": "8.8.8.8" + } + ], + "name": "external-vpn-gateway", + "redundancy_type": "SINGLE_IP_INTERNALLY_REDUNDANT" + } + google_compute_ha_vpn_gateway.gateway: |- + { + "name": "vpn-gateway", + "network": "${google_compute_network.network.id}" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "basic-network" + } + google_compute_router.router: |- + { + "bgp": [ + { + "asn": 64514 + } + ], + "name": "external-vpn-gateway", + "network": "${google_compute_network.network.name}", + "region": "us-central1" + } + google_compute_router_interface.router_interface1: |- + { + "ip_range": "169.254.0.1/30", + "name": "router-interface1", + "region": "us-central1", + "router": "${google_compute_router.router.name}", + "vpn_tunnel": "${google_compute_vpn_tunnel.tunnel1.name}" + } + google_compute_router_interface.router_interface2: |- + { + "ip_range": "169.254.1.1/30", + "name": "router-interface2", + "region": "us-central1", + "router": "${google_compute_router.router.name}", + "vpn_tunnel": "${google_compute_vpn_tunnel.tunnel2.name}" + } + google_compute_router_peer.router_peer1: |- + { + "advertised_route_priority": 100, + "interface": "${google_compute_router_interface.router_interface1.name}", + "name": "router-peer1", + "peer_asn": 64515, + "peer_ip_address": "169.254.0.2", + "region": "us-central1", + "router": "${google_compute_router.router.name}" + } + google_compute_router_peer.router_peer2: |- + { + "advertised_route_priority": 100, + "interface": "${google_compute_router_interface.router_interface2.name}", + "name": "router-peer2", + "peer_asn": 64515, + "peer_ip_address": "169.254.1.2", + "region": "us-central1", + "router": "${google_compute_router.router.name}" + } + google_compute_subnetwork.subnetwork: |- + { + "ip_cidr_range": "10.0.0.0/28", + "name": "basic-subnetwork", + "network": "${google_compute_network.network.self_link}", + "region": "us-central1" + } + google_compute_vpn_tunnel.tunnel1: |- + { + "name": "tunnel1", + "peer_external_gateway": "${google_compute_external_vpn_gateway.external_vpn_gw.id}", + "peer_external_gateway_interface": 0, + "region": "us-central1", + "router": "${google_compute_router.router.id}", + "shared_secret": "a secret message", + "vpn_gateway": "${google_compute_ha_vpn_gateway.gateway.id}", + "vpn_gateway_interface": 0 + } + google_compute_vpn_tunnel.tunnel2: |- + { + "name": "tunnel2", + "peer_external_gateway": "${google_compute_external_vpn_gateway.external_vpn_gw.id}", + "peer_external_gateway_interface": 0, + "region": "us-central1", + "router": " ${google_compute_router.router.id}", + "shared_secret": "a secret message", + "vpn_gateway": "${google_compute_ha_vpn_gateway.gateway.id}", + "vpn_gateway_interface": 1 + } + google_network_connectivity_hub.basic_hub: |- + { + "description": "A sample hub", + "labels": { + "label-two": "value-one" + }, + "name": "basic-hub1" + } + - name: tunnel2 + manifest: |- + { + "description": "A sample spoke with a linked VPN Tunnel", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "labels": { + "label-one": "value-one" + }, + "linked_vpn_tunnels": [ + { + "include_import_ranges": [ + "ALL_IPV4_RANGES" + ], + "site_to_site_data_transfer": true, + "uris": [ + "${google_compute_vpn_tunnel.tunnel2.self_link}" + ] + } + ], + "location": "us-central1", + "name": "vpn-tunnel-2-spoke" + } + references: + hub: google_network_connectivity_hub.basic_hub.id + linked_vpn_tunnels.uris: google_compute_vpn_tunnel.tunnel2.self_link + dependencies: + google_compute_external_vpn_gateway.external_vpn_gw: |- + { + "description": "An externally managed VPN gateway", + "interface": [ + { + "id": 0, + "ip_address": "8.8.8.8" + } + ], + "name": "external-vpn-gateway", + "redundancy_type": "SINGLE_IP_INTERNALLY_REDUNDANT" + } + google_compute_ha_vpn_gateway.gateway: |- + { + "name": "vpn-gateway", + "network": "${google_compute_network.network.id}" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "basic-network" + } + google_compute_router.router: |- + { + "bgp": [ + { + "asn": 64514 + } + ], + "name": "external-vpn-gateway", + "network": "${google_compute_network.network.name}", + "region": "us-central1" + } + google_compute_router_interface.router_interface1: |- + { + "ip_range": "169.254.0.1/30", + "name": "router-interface1", + "region": "us-central1", + "router": "${google_compute_router.router.name}", + "vpn_tunnel": "${google_compute_vpn_tunnel.tunnel1.name}" + } + google_compute_router_interface.router_interface2: |- + { + "ip_range": "169.254.1.1/30", + "name": "router-interface2", + "region": "us-central1", + "router": "${google_compute_router.router.name}", + "vpn_tunnel": "${google_compute_vpn_tunnel.tunnel2.name}" + } + google_compute_router_peer.router_peer1: |- + { + "advertised_route_priority": 100, + "interface": "${google_compute_router_interface.router_interface1.name}", + "name": "router-peer1", + "peer_asn": 64515, + "peer_ip_address": "169.254.0.2", + "region": "us-central1", + "router": "${google_compute_router.router.name}" + } + google_compute_router_peer.router_peer2: |- + { + "advertised_route_priority": 100, + "interface": "${google_compute_router_interface.router_interface2.name}", + "name": "router-peer2", + "peer_asn": 64515, + "peer_ip_address": "169.254.1.2", + "region": "us-central1", + "router": "${google_compute_router.router.name}" + } + google_compute_subnetwork.subnetwork: |- + { + "ip_cidr_range": "10.0.0.0/28", + "name": "basic-subnetwork", + "network": "${google_compute_network.network.self_link}", + "region": "us-central1" + } + google_compute_vpn_tunnel.tunnel1: |- + { + "name": "tunnel1", + "peer_external_gateway": "${google_compute_external_vpn_gateway.external_vpn_gw.id}", + "peer_external_gateway_interface": 0, + "region": "us-central1", + "router": "${google_compute_router.router.id}", + "shared_secret": "a secret message", + "vpn_gateway": "${google_compute_ha_vpn_gateway.gateway.id}", + "vpn_gateway_interface": 0 + } + google_compute_vpn_tunnel.tunnel2: |- + { + "name": "tunnel2", + "peer_external_gateway": "${google_compute_external_vpn_gateway.external_vpn_gw.id}", + "peer_external_gateway_interface": 0, + "region": "us-central1", + "router": " ${google_compute_router.router.id}", + "shared_secret": "a secret message", + "vpn_gateway": "${google_compute_ha_vpn_gateway.gateway.id}", + "vpn_gateway_interface": 1 + } + google_network_connectivity_hub.basic_hub: |- + { + "description": "A sample hub", + "labels": { + "label-two": "value-one" + }, + "name": "basic-hub1" + } + - name: primary + manifest: |- + { + "description": "A sample spoke with a linked Interconnect Attachment", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "labels": { + "label-one": "value-one" + }, + "linked_interconnect_attachments": [ + { + "include_import_ranges": [ + "ALL_IPV4_RANGES" + ], + "site_to_site_data_transfer": true, + "uris": [ + "${google_compute_interconnect_attachment.interconnect-attachment.self_link}" + ] + } + ], + "location": "us-central1", + "name": "interconnect-attachment-spoke" + } + references: + hub: google_network_connectivity_hub.basic_hub.id + linked_interconnect_attachments.uris: google_compute_interconnect_attachment.interconnect-attachment.self_link + dependencies: + google_compute_interconnect_attachment.interconnect-attachment: |- + { + "edge_availability_domain": "AVAILABILITY_DOMAIN_1", + "mtu": 1500, + "name": "partner-interconnect1", + "region": "us-central1", + "router": "${google_compute_router.router.id}", + "type": "PARTNER" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "basic-network" + } + google_compute_router.router: |- + { + "bgp": [ + { + "asn": 16550 + } + ], + "name": "external-vpn-gateway", + "network": "${google_compute_network.network.name}", + "region": "us-central1" + } + google_network_connectivity_hub.basic_hub: |- + { + "description": "A sample hub", + "labels": { + "label-two": "value-one" + }, + "name": "basic-hub1" + } + - name: linked_vpc_spoke + manifest: |- + { + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "linked_vpc_network": [ + { + "uri": "${google_compute_network.network.self_link}" + } + ], + "location": "global", + "name": "vpc-spoke" + } + references: + hub: google_network_connectivity_hub.basic_hub.id + linked_vpc_network.uri: google_compute_network.network.self_link + dependencies: + google_compute_global_address.address: |- + { + "address_type": "INTERNAL", + "name": "test-address", + "network": "${google_compute_network.network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "net-spoke" + } + google_network_connectivity_hub.basic_hub: |- + { + "name": "hub-basic" + } + google_service_networking_connection.peering: |- + { + "network": "${google_compute_network.network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.address.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: primary + manifest: |- + { + "depends_on": [ + "${google_network_connectivity_spoke.linked_vpc_spoke}" + ], + "description": "A sample spoke with a linked router appliance instance", + "hub": "${google_network_connectivity_hub.basic_hub.id}", + "labels": { + "label-one": "value-one" + }, + "linked_producer_vpc_network": [ + { + "exclude_export_ranges": [ + "198.51.100.0/24", + "10.10.0.0/16" + ], + "network": "${google_compute_network.network.name}", + "peering": "${google_service_networking_connection.peering.peering}" + } + ], + "location": "global", + "name": "producer-spoke" + } + references: + hub: google_network_connectivity_hub.basic_hub.id + linked_producer_vpc_network.network: google_compute_network.network.name + linked_producer_vpc_network.peering: google_service_networking_connection.peering.peering + dependencies: + google_compute_global_address.address: |- + { + "address_type": "INTERNAL", + "name": "test-address", + "network": "${google_compute_network.network.id}", + "prefix_length": 16, + "purpose": "VPC_PEERING" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "net-spoke" + } + google_network_connectivity_hub.basic_hub: |- + { + "name": "hub-basic" + } + google_service_networking_connection.peering: |- + { + "network": "${google_compute_network.network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.address.name}" + ], + "service": "servicenetworking.googleapis.com" + } + - name: primary + manifest: |- + { + "description": "A sample spoke", + "group": "${google_network_connectivity_group.center_group.id}", + "hub": "${google_network_connectivity_hub.star_hub.id}", + "labels": { + "label-one": "value-one" + }, + "linked_vpc_network": [ + { + "uri": "${google_compute_network.network.self_link}" + } + ], + "location": "global", + "name": "vpc-spoke" + } + references: + group: google_network_connectivity_group.center_group.id + hub: google_network_connectivity_hub.star_hub.id + linked_vpc_network.uri: google_compute_network.network.self_link + dependencies: + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "tf-net" + } + google_network_connectivity_group.center_group: |- + { + "auto_accept": [ + { + "auto_accept_projects": [ + "foo" + ] + } + ], + "hub": "${google_network_connectivity_hub.star_hub.id}", + "name": "center" + } + google_network_connectivity_hub.star_hub: |- + { + "name": "hub-basic", + "preset_topology": "STAR" + } argumentDocs: create: '- Default is 20 minutes.' create_time: |- @@ -110743,6 +123872,10 @@ resources: effective_labels: |- - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + group: |- + - + (Optional) + The name of the group that this spoke is associated with. hub: |- - (Required) @@ -110750,11 +123883,11 @@ resources: id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/spokes/{{name}}' instances.ip_address: |- - - (Optional) + (Required) The IP address on the VM to use for peering. instances.virtual_machine: |- - - (Optional) + (Required) The URI of the virtual machine resource labels: |- - @@ -110767,6 +123900,11 @@ resources: (Optional) A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes. Structure is documented below. + linked_interconnect_attachments.include_import_ranges: |- + - + (Optional) + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". linked_interconnect_attachments.site_to_site_data_transfer: |- - (Required) @@ -110775,11 +123913,41 @@ resources: - (Required) The URIs of linked interconnect attachment resources + linked_producer_vpc_network: |- + - + (Optional) + Producer VPC network that is associated with the spoke. + Structure is documented below. + linked_producer_vpc_network.exclude_export_ranges: |- + - + (Optional) + IP ranges encompassing the subnets to be excluded from peering. + linked_producer_vpc_network.include_export_ranges: |- + - + (Optional) + IP ranges allowed to be included from peering. + linked_producer_vpc_network.network: |- + - + (Required) + The URI of the Service Consumer VPC that the Producer VPC is peered with. + linked_producer_vpc_network.peering: |- + - + (Required) + The name of the VPC peering between the Service Consumer VPC and the Producer VPC (defined in the Tenant project) which is added to the NCC hub. This peering must be in ACTIVE state. + linked_producer_vpc_network.producer_network: |- + - + (Output) + The URI of the Producer VPC. linked_router_appliance_instances: |- - (Optional) The URIs of linked Router appliance resources Structure is documented below. + linked_router_appliance_instances.include_import_ranges: |- + - + (Optional) + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". linked_router_appliance_instances.instances: |- - (Required) @@ -110798,6 +123966,10 @@ resources: - (Optional) IP ranges encompassing the subnets to be excluded from peering. + linked_vpc_network.include_export_ranges: |- + - + (Optional) + IP ranges allowed to be included from peering. linked_vpc_network.uri: |- - (Required) @@ -110807,6 +123979,11 @@ resources: (Optional) The URIs of linked VPN tunnel resources Structure is documented below. + linked_vpn_tunnels.include_import_ranges: |- + - + (Optional) + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". linked_vpn_tunnels.site_to_site_data_transfer: |- - (Required) @@ -111109,6 +124286,292 @@ resources: and default labels configured on the provider. update: '- Default is 20 minutes.' importStatements: [] + google_network_management_vpc_flow_logs_config: + subCategory: NetworkManagement + description: VPC Flow Logs Config is a resource that lets you configure Flow Logs for VPC, Interconnect attachments or VPN Tunnels. + name: google_network_management_vpc_flow_logs_config + title: "" + examples: + - name: interconnect-test + manifest: |- + { + "aggregation_interval": "INTERVAL_5_SEC", + "description": "VPC Flow Logs over a VPN Gateway.", + "flow_sampling": 0.5, + "interconnect_attachment": "projects/${data.google_project.project.number}/regions/us-east4/interconnectAttachments/${google_compute_interconnect_attachment.attachment.name}", + "location": "global", + "metadata": "INCLUDE_ALL_METADATA", + "state": "ENABLED", + "vpc_flow_logs_config_id": "full-interconnect-test-id" + } + dependencies: + google_compute_interconnect_attachment.attachment: |- + { + "edge_availability_domain": "AVAILABILITY_DOMAIN_1", + "mtu": 1500, + "name": "full-interconnect-test-id", + "router": "${google_compute_router.router.id}", + "type": "PARTNER" + } + google_compute_network.network: |- + { + "name": "full-interconnect-test-network" + } + google_compute_router.router: |- + { + "bgp": [ + { + "asn": 16550 + } + ], + "name": "full-interconnect-test-router", + "network": "${google_compute_network.network.name}" + } + - name: interconnect-test + manifest: |- + { + "interconnect_attachment": "projects/${data.google_project.project.number}/regions/us-east4/interconnectAttachments/${google_compute_interconnect_attachment.attachment.name}", + "location": "global", + "vpc_flow_logs_config_id": "basic-interconnect-test-id" + } + dependencies: + google_compute_interconnect_attachment.attachment: |- + { + "edge_availability_domain": "AVAILABILITY_DOMAIN_1", + "mtu": 1500, + "name": "basic-interconnect-test-id", + "router": "${google_compute_router.router.id}", + "type": "PARTNER" + } + google_compute_network.network: |- + { + "name": "basic-interconnect-test-network" + } + google_compute_router.router: |- + { + "bgp": [ + { + "asn": 16550 + } + ], + "name": "basic-interconnect-test-router", + "network": "${google_compute_network.network.name}" + } + - name: vpn-test + manifest: |- + { + "location": "global", + "vpc_flow_logs_config_id": "basic-test-id", + "vpn_tunnel": "projects/${data.google_project.project.number}/regions/us-central1/vpnTunnels/${google_compute_vpn_tunnel.tunnel.name}" + } + dependencies: + google_compute_address.vpn_static_ip: |- + { + "name": "basic-test-address" + } + google_compute_forwarding_rule.fr_esp: |- + { + "ip_address": "${google_compute_address.vpn_static_ip.address}", + "ip_protocol": "ESP", + "name": "basic-test-fresp", + "target": "${google_compute_vpn_gateway.target_gateway.id}" + } + google_compute_forwarding_rule.fr_udp500: |- + { + "ip_address": "${google_compute_address.vpn_static_ip.address}", + "ip_protocol": "UDP", + "name": "basic-test-fr500", + "port_range": "500", + "target": "${google_compute_vpn_gateway.target_gateway.id}" + } + google_compute_forwarding_rule.fr_udp4500: |- + { + "ip_address": "${google_compute_address.vpn_static_ip.address}", + "ip_protocol": "UDP", + "name": "basic-test-fr4500", + "port_range": "4500", + "target": "${google_compute_vpn_gateway.target_gateway.id}" + } + google_compute_network.network: |- + { + "name": "basic-test-network" + } + google_compute_route.route: |- + { + "dest_range": "15.0.0.0/24", + "name": "basic-test-route", + "network": "${google_compute_network.network.name}", + "next_hop_vpn_tunnel": "${google_compute_vpn_tunnel.tunnel.id}", + "priority": 1000 + } + google_compute_vpn_gateway.target_gateway: |- + { + "name": "basic-test-gateway", + "network": "${google_compute_network.network.id}" + } + google_compute_vpn_tunnel.tunnel: |- + { + "depends_on": [ + "${google_compute_forwarding_rule.fr_esp}", + "${google_compute_forwarding_rule.fr_udp500}", + "${google_compute_forwarding_rule.fr_udp4500}" + ], + "name": "basic-test-tunnel", + "peer_ip": "15.0.0.120", + "shared_secret": "a secret message", + "target_vpn_gateway": "${google_compute_vpn_gateway.target_gateway.id}" + } + - name: vpn-test + manifest: |- + { + "aggregation_interval": "INTERVAL_5_SEC", + "description": "VPC Flow Logs over a VPN Gateway.", + "flow_sampling": 0.5, + "location": "global", + "metadata": "INCLUDE_ALL_METADATA", + "state": "ENABLED", + "vpc_flow_logs_config_id": "full-test-id", + "vpn_tunnel": "projects/${data.google_project.project.number}/regions/us-central1/vpnTunnels/${google_compute_vpn_tunnel.tunnel.name}" + } + dependencies: + google_compute_address.vpn_static_ip: |- + { + "name": "full-test-address" + } + google_compute_forwarding_rule.fr_esp: |- + { + "ip_address": "${google_compute_address.vpn_static_ip.address}", + "ip_protocol": "ESP", + "name": "full-test-fresp", + "target": "${google_compute_vpn_gateway.target_gateway.id}" + } + google_compute_forwarding_rule.fr_udp500: |- + { + "ip_address": "${google_compute_address.vpn_static_ip.address}", + "ip_protocol": "UDP", + "name": "full-test-fr500", + "port_range": "500", + "target": "${google_compute_vpn_gateway.target_gateway.id}" + } + google_compute_forwarding_rule.fr_udp4500: |- + { + "ip_address": "${google_compute_address.vpn_static_ip.address}", + "ip_protocol": "UDP", + "name": "full-test-fr4500", + "port_range": "4500", + "target": "${google_compute_vpn_gateway.target_gateway.id}" + } + google_compute_network.network: |- + { + "name": "full-test-network" + } + google_compute_route.route: |- + { + "dest_range": "15.0.0.0/24", + "name": "full-test-route", + "network": "${google_compute_network.network.name}", + "next_hop_vpn_tunnel": "${google_compute_vpn_tunnel.tunnel.id}", + "priority": 1000 + } + google_compute_vpn_gateway.target_gateway: |- + { + "name": "full-test-gateway", + "network": "${google_compute_network.network.id}" + } + google_compute_vpn_tunnel.tunnel: |- + { + "depends_on": [ + "${google_compute_forwarding_rule.fr_esp}", + "${google_compute_forwarding_rule.fr_udp500}", + "${google_compute_forwarding_rule.fr_udp4500}" + ], + "name": "full-test-tunnel", + "peer_ip": "15.0.0.120", + "shared_secret": "a secret message", + "target_vpn_gateway": "${google_compute_vpn_gateway.target_gateway.id}" + } + argumentDocs: + aggregation_interval: |- + - + (Optional) + Optional. The aggregation interval for the logs. Default value is + INTERVAL_5_SEC. Possible values: AGGREGATION_INTERVAL_UNSPECIFIED INTERVAL_5_SEC INTERVAL_30_SEC INTERVAL_1_MIN INTERVAL_5_MIN INTERVAL_10_MIN INTERVAL_15_MIN" + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time the config was created. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Optional. The user-supplied description of the VPC Flow Logs configuration. Maximum + of 512 characters. + effective_labels: for all of the labels present on the resource. + filter_expr: |- + - + (Optional) + Optional. Export filter used to define which VPC Flow Logs should be logged. + flow_sampling: |- + - + (Optional) + Optional. The value of the field must be in (0, 1]. The sampling rate + of VPC Flow Logs where 1.0 means all collected logs are reported. Setting the + sampling rate to 0.0 is not allowed. If you want to disable VPC Flow Logs, use + the state field instead. Default value is 1.0. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}' + interconnect_attachment: |- + - + (Optional) + Traffic will be logged from the Interconnect Attachment. Format: projects/{project_id}/regions/{region}/interconnectAttachments/{name} + labels: |- + - + (Optional) + Optional. Resource labels to represent user-provided metadata. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource + within its parent collection as described in https://google.aip.dev/122. See documentation + for resource type networkmanagement.googleapis.com/VpcFlowLogsConfig. + metadata: |- + - + (Optional) + Optional. Configures whether all, none or a subset of metadata fields + should be added to the reported VPC flow logs. Default value is INCLUDE_ALL_METADATA. + Possible values: METADATA_UNSPECIFIED INCLUDE_ALL_METADATA EXCLUDE_ALL_METADATA CUSTOM_METADATA + metadata_fields: |- + - + (Optional) + Optional. Custom metadata fields to include in the reported VPC flow + logs. Can only be specified if "metadata" was set to CUSTOM_METADATA. + name: |- + - + Identifier. Unique name of the configuration using the form: projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + state: |- + - + (Optional) + Optional. The state of the VPC Flow Log configuration. Default value + is ENABLED. When creating a new configuration, it must be enabled. Possible + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The time the config was updated. + vpc_flow_logs_config_id: |- + - + (Required) + Required. ID of the VpcFlowLogsConfig. + vpn_tunnel: |- + - + (Optional) + Traffic will be logged from the VPN Tunnel. Format: projects/{project_id}/regions/{region}/vpnTunnels/{name} + importStatements: [] google_network_security_address_group: subCategory: Network security description: AddressGroup is a resource that specifies how a collection of IP/DNS used in Firewall Policy. @@ -111453,6 +124916,467 @@ resources: - Time the AuthorizationPolicy was updated in UTC. importStatements: [] + google_network_security_authz_policy: + subCategory: Network security + description: AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes. + name: google_network_security_authz_policy + title: "" + examples: + - name: default + manifest: |- + { + "action": "CUSTOM", + "custom_provider": [ + { + "authz_extension": [ + { + "resources": [ + "${google_network_services_authz_extension.default.id}" + ] + } + ] + } + ], + "description": "my description", + "location": "us-west1", + "name": "my-authz-policy", + "project": "my-project-name", + "target": [ + { + "load_balancing_scheme": "INTERNAL_MANAGED", + "resources": [ + "${google_compute_forwarding_rule.default.self_link}" + ] + } + ] + } + references: + custom_provider.authz_extension.resources: google_network_services_authz_extension.default.id + target.resources: google_compute_forwarding_rule.default.self_link + dependencies: + google_compute_address.default: |- + { + "address_type": "INTERNAL", + "name": "l7-ilb-ip-address", + "project": "my-project-name", + "purpose": "GCE_ENDPOINT", + "region": "us-west1", + "subnetwork": "${google_compute_subnetwork.default.id}" + } + google_compute_forwarding_rule.default: |- + { + "depends_on": [ + "${google_compute_subnetwork.proxy_only}" + ], + "ip_address": "${google_compute_address.default.id}", + "ip_protocol": "TCP", + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "l7-ilb-forwarding-rule", + "network": "${google_compute_network.default.id}", + "port_range": "80", + "project": "my-project-name", + "region": "us-west1", + "subnetwork": "${google_compute_subnetwork.default.id}", + "target": "${google_compute_region_target_http_proxy.default.id}" + } + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "lb-network", + "project": "my-project-name" + } + google_compute_region_backend_service.authz_extension: |- + { + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "authz-service", + "port_name": "grpc", + "project": "my-project-name", + "protocol": "HTTP2", + "region": "us-west1" + } + google_compute_region_backend_service.url_map: |- + { + "health_checks": [ + "${google_compute_region_health_check.default.id}" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "l7-ilb-backend-service", + "project": "my-project-name", + "region": "us-west1" + } + google_compute_region_health_check.default: |- + { + "http_health_check": [ + { + "port_specification": "USE_SERVING_PORT" + } + ], + "name": "l7-ilb-basic-check", + "project": "my-project-name", + "region": "us-west1" + } + google_compute_region_target_http_proxy.default: |- + { + "name": "l7-ilb-proxy", + "project": "my-project-name", + "region": "us-west1", + "url_map": "${google_compute_region_url_map.default.id}" + } + google_compute_region_url_map.default: |- + { + "default_service": "${google_compute_region_backend_service.url_map.id}", + "name": "l7-ilb-map", + "project": "my-project-name", + "region": "us-west1" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.1.2.0/24", + "name": "backend-subnet", + "network": "${google_compute_network.default.id}", + "project": "my-project-name", + "region": "us-west1" + } + google_compute_subnetwork.proxy_only: |- + { + "ip_cidr_range": "10.129.0.0/23", + "name": "proxy-only-subnet", + "network": "${google_compute_network.default.id}", + "project": "my-project-name", + "purpose": "REGIONAL_MANAGED_PROXY", + "region": "us-west1", + "role": "ACTIVE" + } + google_network_services_authz_extension.default: |- + { + "authority": "ext11.com", + "description": "my description", + "fail_open": false, + "forward_headers": [ + "Authorization" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "location": "us-west1", + "name": "my-authz-ext", + "project": "my-project-name", + "service": "${google_compute_region_backend_service.authz_extension.self_link}", + "timeout": "0.1s" + } + argumentDocs: + ALLOW: ', DENY, CUSTOM.' + action: |- + - + (Required) + When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + authz_extension.resources: |- + - + (Required) + A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + cloud_iap.enabled: |- + - + (Required) + Enable Cloud IAP at the AuthzPolicy level. + create: '- Default is 30 minutes.' + create_time: |- + - + The timestamp when the resource was created. + custom_provider.authz_extension: |- + - + (Optional) + Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + Structure is documented below. + custom_provider.cloud_iap: |- + - + (Optional) + Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + Structure is documented below. + delete: '- Default is 30 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + from.not_sources: |- + - + (Optional) + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + from.sources: |- + - + (Optional) + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + header_set.headers: |- + - + (Optional) + A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + Structure is documented below. + header_set.headers.name: |- + - + (Optional) + Specifies the name of the header in the request. + header_set.headers.value: |- + - + (Optional) + Specifies how the header match will be performed. + Structure is documented below. + hosts.contains: |- + - + (Optional) + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + hosts.exact: |- + - + (Optional) + The input string must match exactly the string specified here. + Examples: + hosts.ignore_case: |- + - + (Optional) + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + hosts.prefix: |- + - + (Optional) + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + hosts.suffix: |- + - + (Optional) + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + http_rules.from: |- + - + (Optional) + Describes properties of one or more sources of a request. + Structure is documented below. + http_rules.to: |- + - + (Optional) + Describes properties of one or more targets of a request + Structure is documented below. + http_rules.when: |- + - + (Optional) + CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + iam_service_account.contains: |- + - + (Optional) + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + iam_service_account.exact: |- + - + (Optional) + The input string must match exactly the string specified here. + Examples: + iam_service_account.ignore_case: |- + - + (Optional) + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + iam_service_account.prefix: |- + - + (Optional) + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + iam_service_account.suffix: |- + - + (Optional) + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}' + location: |- + - + (Required) + The location of the resource. + name: |- + - + (Required) + Identifier. Name of the AuthzPolicy resource. + not_sources.principals: |- + - + (Optional) + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + not_sources.resources: |- + - + (Optional) + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + paths.contains: |- + - + (Optional) + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + paths.exact: |- + - + (Optional) + The input string must match exactly the string specified here. + Examples: + paths.ignore_case: |- + - + (Optional) + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + paths.prefix: |- + - + (Optional) + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + paths.suffix: |- + - + (Optional) + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + principals.contains: |- + - + (Optional) + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + principals.exact: |- + - + (Optional) + The input string must match exactly the string specified here. + Examples: + principals.ignore_case: |- + - + (Optional) + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + principals.prefix: |- + - + (Optional) + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + principals.suffix: |- + - + (Optional) + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + resources.iam_service_account: |- + - + (Optional) + An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + resources.tag_value_id_set: |- + - + (Optional) + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + sources.principals: |- + - + (Optional) + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + sources.resources: |- + - + (Optional) + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + tag_value_id_set.ids: |- + - + (Optional) + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + target: |- + - + (Required) + Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + target.custom_provider: |- + - + (Optional) + Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified. + Structure is documented below. + target.description: |- + - + (Optional) + A human-readable description of the resource. + target.effective_labels: for all of the labels present on the resource. + target.http_rules: |- + - + (Optional) + A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. + Limited to 5 rules. + Structure is documented below. + target.labels: |- + - + (Optional) + Set of labels associated with the AuthzExtension resource. + target.load_balancing_scheme: |- + - + (Required) + All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + For more information, refer to Backend services overview. + Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED, INTERNAL_SELF_MANAGED. + target.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + target.resources: |- + - + (Optional) + A list of references to the Forwarding Rules on which this policy will be applied. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + to.operations: |- + - + (Optional) + Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + Structure is documented below. + to.operations.header_set: |- + - + (Optional) + A list of headers to match against in http header. + Structure is documented below. + to.operations.hosts: |- + - + (Optional) + A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Structure is documented below. + to.operations.methods: |- + - + (Optional) + A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + to.operations.paths: |- + - + (Optional) + A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + Structure is documented below. + update: '- Default is 30 minutes.' + update_time: |- + - + The timestamp when the resource was updated. + value.contains: |- + - + (Optional) + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + value.exact: |- + - + (Optional) + The input string must match exactly the string specified here. + Examples: + value.ignore_case: |- + - + (Optional) + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + value.prefix: |- + - + (Optional) + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + value.suffix: |- + - + (Optional) + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + importStatements: [] google_network_security_client_tls_policy: subCategory: Network security description: ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. @@ -111467,11 +125391,8 @@ resources: "foo": "bar" }, "name": "my-client-tls-policy", - "provider": "${google-beta}", "sni": "secure.example.com" } - references: - provider: google-beta - name: default manifest: |- { @@ -111489,7 +125410,6 @@ resources: "foo": "bar" }, "name": "my-client-tls-policy", - "provider": "${google-beta}", "server_validation_ca": [ { "grpc_endpoint": [ @@ -111497,18 +125417,9 @@ resources: "target_uri": "unix:mypath" } ] - }, - { - "grpc_endpoint": [ - { - "target_uri": "unix:mypath1" - } - ] } ] } - references: - provider: google-beta argumentDocs: certificate_provider_instance.plugin_instance: |- - @@ -111934,8 +125845,9 @@ resources: Server-defined URL of this resource. tls_inspection_policy: |- - - (Optional, Beta) + (Optional) Name of a TlsInspectionPolicy resource that defines how TLS inspection is performed for any rule that enables it. + Note: google_network_security_tls_inspection_policy resource is still in Beta therefore it will need to import the provider. update: '- Default is 30 minutes.' update_time: |- - @@ -112058,487 +125970,1389 @@ resources: A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". importStatements: [] - google_network_security_security_profile: + google_network_security_intercept_deployment: subCategory: Network security - description: A security profile defines the behavior associated to a profile type. - name: google_network_security_security_profile + description: InterceptDeployment represents the collectors within a Zone and is associated with a deployment group. + name: google_network_security_intercept_deployment title: "" examples: - name: default manifest: |- { - "description": "my description", + "forwarding_rule": "${google_compute_forwarding_rule.forwarding_rule.id}", + "intercept_deployment_group": "${google_network_security_intercept_deployment_group.deployment_group.id}", + "intercept_deployment_id": "example-deployment", "labels": { "foo": "bar" }, - "name": "my-security-profile", - "parent": "organizations/123456789", - "type": "THREAT_PREVENTION" + "location": "us-central1-a", + "provider": "${google-beta}" } - - name: default - manifest: |- - { - "description": "my description", - "name": "my-security-profile", - "parent": "organizations/123456789", - "threat_prevention_profile": [ + references: + forwarding_rule: google_compute_forwarding_rule.forwarding_rule.id + intercept_deployment_group: google_network_security_intercept_deployment_group.deployment_group.id + provider: google-beta + dependencies: + google_compute_forwarding_rule.forwarding_rule: |- { - "severity_overrides": [ - { - "action": "ALLOW", - "severity": "INFORMATIONAL" - }, - { - "action": "DENY", - "severity": "HIGH" - } + "backend_service": "${google_compute_region_backend_service.backend_service.id}", + "ip_protocol": "UDP", + "load_balancing_scheme": "INTERNAL", + "name": "example-fwr", + "network": "${google_compute_network.network.name}", + "ports": [ + 6081 ], - "threat_overrides": [ + "provider": "${google-beta}", + "region": "us-central1", + "subnetwork": "${google_compute_subnetwork.subnetwork.name}" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "example-network", + "provider": "${google-beta}" + } + google_compute_region_backend_service.backend_service: |- + { + "health_checks": [ + "${google_compute_region_health_check.health_check.id}" + ], + "load_balancing_scheme": "INTERNAL", + "name": "example-bs", + "protocol": "UDP", + "provider": "${google-beta}", + "region": "us-central1" + } + google_compute_region_health_check.health_check: |- + { + "http_health_check": [ { - "action": "ALLOW", - "threat_id": "280647" + "port": 80 } - ] + ], + "name": "example-hc", + "provider": "${google-beta}", + "region": "us-central1" + } + google_compute_subnetwork.subnetwork: |- + { + "ip_cidr_range": "10.1.0.0/16", + "name": "example-subnet", + "network": "${google_compute_network.network.name}", + "provider": "${google-beta}", + "region": "us-central1" + } + google_network_security_intercept_deployment_group.deployment_group: |- + { + "intercept_deployment_group_id": "example-dg", + "location": "global", + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}" } - ], - "type": "THREAT_PREVENTION" - } argumentDocs: create: '- Default is 20 minutes.' create_time: |- - - Time the security profile was created in UTC. + Create time stamp delete: '- Default is 20 minutes.' - description: |- + effective_labels: |- - - (Optional) - An optional description of the security profile. The Max length is 512 characters. - effective_labels: for all of the labels present on the resource. - etag: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + forwarding_rule: |- - - This checksum is computed by the server based on the value of other fields, - and may be sent on update and delete requests to ensure the client has an up-to-date - value before proceeding. - id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/securityProfiles/{{name}}' + (Required) + Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}' + intercept_deployment_group: |- + - + (Required) + Immutable. The Intercept Deployment Group that this resource is part of. Format is: + projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup} + intercept_deployment_id: |- + - + (Required) + Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC labels: |- - (Optional) - A map of key/value label pairs to assign to the resource. + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - - - (Optional) - The location of the security profile. - The default value is global. - name: |- - (Required) - The name of the security profile resource. - parent: |- - - - (Optional) - The name of the parent this security profile belongs to. - Format: organizations/{organization_id}. - self_link: |- + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type networksecurity.googleapis.com/InterceptDeployment. + name: |- - - Server-defined URL of this resource. - severity_overrides.action: |- + Identifier. The name of the InterceptDeployment. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- - - (Required) - Threat action override. - Possible values are: ALERT, ALLOW, DEFAULT_ACTION, DENY. - severity_overrides.severity: |- + Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + state: |- - - (Required) - Severity level to match. - Possible values are: CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM. + Current state of the deployment. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + OUT_OF_SYNC + DELETE_FAILED terraform_labels: |- - The combination of labels configured directly on the resource and default labels configured on the provider. - threat_overrides.action: |- - - - (Required) - Threat action. - Possible values are: ALERT, ALLOW, DEFAULT_ACTION, DENY. - threat_overrides.threat_id: |- - - - (Required) - Vendor-specific ID of a threat to override. - threat_overrides.type: |- - - - (Output) - Type of threat. - threat_prevention_profile: |- - - - (Optional) - The threat prevention configuration for the security profile. - Structure is documented below. - threat_prevention_profile.severity_overrides: |- - - - (Optional) - The configuration for overriding threats actions by severity match. - Structure is documented below. - threat_prevention_profile.threat_overrides: |- - - - (Optional) - The configuration for overriding threats actions by threat id match. - If a threat is matched both by configuration provided in severity overrides - and threat overrides, the threat overrides action is applied. - Structure is documented below. - type: |- - - - (Required) - The type of security profile. - Possible values are: THREAT_PREVENTION. update: '- Default is 20 minutes.' update_time: |- - - Time the security profile was updated in UTC. + Update time stamp importStatements: [] - google_network_security_security_profile_group: + google_network_security_intercept_deployment_group: subCategory: Network security - description: A security profile group defines a container for security profiles. - name: google_network_security_security_profile_group + description: A Deployment Group represents the collector deployments across different zones within an organization. + name: google_network_security_intercept_deployment_group title: "" examples: - name: default manifest: |- { - "description": "my description", + "intercept_deployment_group_id": "example-dg", "labels": { "foo": "bar" }, - "name": "sec-profile-group", - "parent": "organizations/123456789", - "threat_prevention_profile": "${google_network_security_security_profile.security_profile.id}" + "location": "global", + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}" } references: - threat_prevention_profile: google_network_security_security_profile.security_profile.id + network: google_compute_network.network.id + provider: google-beta dependencies: - google_network_security_security_profile.security_profile: |- + google_compute_network.network: |- { - "location": "global", - "name": "sec-profile", - "parent": "organizations/123456789", - "type": "THREAT_PREVENTION" + "auto_create_subnetworks": false, + "name": "example-network", + "provider": "${google-beta}" } argumentDocs: + connected_endpoint_groups: |- + - + Output only. The list of Intercept Endpoint Groups that are connected to this resource. + Structure is documented below. + connected_endpoint_groups.name: |- + - + (Output) + Output only. A connected intercept endpoint group. create: '- Default is 20 minutes.' create_time: |- - - Time the security profile group was created in UTC. + Output only. [Output only] Create time stamp delete: '- Default is 20 minutes.' - description: |- + effective_labels: |- - - (Optional) - An optional description of the profile. The Max length is 512 characters. - effective_labels: for all of the labels present on the resource. - etag: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}' + intercept_deployment_group_id: |- - - This checksum is computed by the server based on the value of other fields, - and may be sent on update and delete requests to ensure the client has an up-to-date - value before proceeding. - id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/securityProfileGroups/{{name}}' + (Required) + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC labels: |- - (Optional) - A map of key/value label pairs to assign to the resource. + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. location: |- - - (Optional) - The location of the security profile group. - The default value is global. + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type networksecurity.googleapis.com/InterceptDeploymentGroup. name: |- + - + Output only. Identifier. Then name of the InterceptDeploymentGroup. + network: |- - (Required) - The name of the security profile group resource. - parent: |- + Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- - - (Optional) - The name of the parent this security profile group belongs to. - Format: organizations/{organization_id}. + Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + state: |- + - + Output only. Current state of the deployment group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING terraform_labels: |- - The combination of labels configured directly on the resource and default labels configured on the provider. - threat_prevention_profile: |- - - - (Optional) - Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup. update: '- Default is 20 minutes.' update_time: |- - - Time the security profile group was updated in UTC. + Output only. [Output only] Update time stamp importStatements: [] - google_network_security_server_tls_policy: + google_network_security_intercept_endpoint_group: subCategory: Network security - description: ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. - name: google_network_security_server_tls_policy + description: An intercept endpoint group is a global resource in the consumer account representing the producer’s deployment group. + name: google_network_security_intercept_endpoint_group title: "" examples: - name: default manifest: |- { - "allow_open": "false", - "description": "my description", - "labels": { - "foo": "bar" - }, - "mtls_policy": [ - { - "client_validation_ca": [ - { - "grpc_endpoint": [ - { - "target_uri": "unix:mypath" - } - ] - }, - { - "grpc_endpoint": [ - { - "target_uri": "unix:abc/mypath" - } - ] - }, - { - "certificate_provider_instance": [ - { - "plugin_instance": "google_cloud_private_spiffe" - } - ] - } - ] - } - ], - "name": "my-server-tls-policy", - "provider": "${google-beta}", - "server_certificate": [ - { - "certificate_provider_instance": [ - { - "plugin_instance": "google_cloud_private_spiffe" - } - ] - } - ] - } - references: - provider: google-beta - - name: default - manifest: |- - { - "allow_open": "false", - "description": "my description", + "intercept_deployment_group": "${google_network_security_intercept_deployment_group.deployment_group.id}", + "intercept_endpoint_group_id": "example-eg", "labels": { "foo": "bar" }, "location": "global", - "mtls_policy": [ - { - "client_validation_mode": "ALLOW_INVALID_OR_MISSING_CLIENT_CERT" - } - ], - "name": "my-server-tls-policy", "provider": "${google-beta}" } references: + intercept_deployment_group: google_network_security_intercept_deployment_group.deployment_group.id provider: google-beta - - name: default - manifest: |- - { - "allow_open": "false", - "description": "my description", - "labels": { - "foo": "bar" - }, - "location": "global", - "name": "my-server-tls-policy", - "provider": "${google-beta}", - "server_certificate": [ + dependencies: + google_compute_network.network: |- { - "grpc_endpoint": [ - { - "target_uri": "unix:mypath" - } - ] + "auto_create_subnetworks": false, + "name": "example-network", + "provider": "${google-beta}" } - ] - } - references: - provider: google-beta + google_network_security_intercept_deployment_group.deployment_group: |- + { + "intercept_deployment_group_id": "example-dg", + "location": "global", + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Create time stamp. + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/interceptEndpointGroups/{{intercept_endpoint_group_id}}' + intercept_deployment_group: |- + - + (Required) + Immutable. The Intercept Deployment Group that this resource is connected to. Format + is: + projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup} + intercept_endpoint_group_id: |- + - + (Required) + ID of the Intercept Endpoint Group. + labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + The location of the Intercept Endpoint Group, currently restricted to global. + name: |- + - + Identifier. The name of the Intercept Endpoint Group. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- + - + Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + state: |- + - + Current state of the endpoint group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CLOSED + CREATING + DELETING + OUT_OF_SYNC + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Update time stamp. + importStatements: [] + google_network_security_intercept_endpoint_group_association: + subCategory: Network security + description: Creates an association between a VPC and an Intercept Endpoint Group in order to intercept traffic in that VPC. + name: google_network_security_intercept_endpoint_group_association + title: "" + examples: - name: default manifest: |- { - "allow_open": "false", - "description": "my description", + "intercept_endpoint_group": "${google_network_security_intercept_endpoint_group.endpoint_group.id}", + "intercept_endpoint_group_association_id": "example-ega", "labels": { "foo": "bar" }, "location": "global", - "mtls_policy": [ - { - "client_validation_mode": "REJECT_INVALID", - "client_validation_trust_config": "projects/${data.google_project.project.number}/locations/global/trustConfigs/${google_certificate_manager_trust_config.default.name}" - } - ], - "name": "my-server-tls-policy", + "network": "${google_compute_network.consumer_network.id}", "provider": "${google-beta}" } references: + intercept_endpoint_group: google_network_security_intercept_endpoint_group.endpoint_group.id + network: google_compute_network.consumer_network.id provider: google-beta dependencies: - google_certificate_manager_trust_config.default: |- + google_compute_network.consumer_network: |- { - "description": "sample trust config description", - "labels": { - "foo": "bar" - }, + "auto_create_subnetworks": false, + "name": "example-cons-network", + "provider": "${google-beta}" + } + google_compute_network.producer_network: |- + { + "auto_create_subnetworks": false, + "name": "example-prod-network", + "provider": "${google-beta}" + } + google_network_security_intercept_deployment_group.deployment_group: |- + { + "intercept_deployment_group_id": "example-dg", "location": "global", - "name": "my-trust-config", - "provider": "${google-beta}", - "trust_stores": [ - { - "intermediate_cas": [ - { - "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" - } - ], - "trust_anchors": [ - { - "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" - } - ] - } - ] + "network": "${google_compute_network.producer_network.id}", + "provider": "${google-beta}" + } + google_network_security_intercept_endpoint_group.endpoint_group: |- + { + "intercept_deployment_group": "${google_network_security_intercept_deployment_group.deployment_group.id}", + "intercept_endpoint_group_id": "example-eg", + "location": "global", + "provider": "${google-beta}" } argumentDocs: - allow_open: |- - - - (Optional) - This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. - Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. - Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. - certificate_provider_instance.plugin_instance: |- - - - (Required) - Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance. - client_validation_ca.certificate_provider_instance: |- - - - (Optional) - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. - Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. - Structure is documented below. - client_validation_ca.grpc_endpoint: |- - - - (Optional) - gRPC specific configuration to access the gRPC server to obtain the cert and private key. - Structure is documented below. - create: '- Default is 30 minutes.' + create: '- Default is 20 minutes.' create_time: |- - - Time the ServerTlsPolicy was created in UTC. - delete: '- Default is 30 minutes.' - description: |- - - - (Optional) - A free-text description of the resource. Max length 1024 characters. + Create time stamp. + delete: '- Default is 20 minutes.' effective_labels: |- - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. - grpc_endpoint.target_uri: |- + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/interceptEndpointGroupAssociations/{{intercept_endpoint_group_association_id}}' + intercept_endpoint_group: |- - (Required) - The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:". - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}' + Immutable. The Intercept Endpoint Group that this resource is connected to. Format + is: + projects/{project}/locations/global/interceptEndpointGroups/{interceptEndpointGroup}. + intercept_endpoint_group_association_id: |- + - + (Optional) + ID of the Intercept Endpoint Group Association. labels: |- - (Optional) - Set of label tags associated with the ServerTlsPolicy resource. + Optional. Labels as key value pairs. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. location: |- - - (Optional) - The location of the server tls policy. - The default value is global. - mtls_policy: |- - - - (Optional) - This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. - Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. - Structure is documented below. - mtls_policy.client_validation_ca: |- + (Required) + The location of the Intercept Endpoint Group Association, currently restricted to global. + locations_details: |- - - (Optional) - Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. - Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. + The list of locations that are currently supported by the associated Intercept Deployment Group and their state. Structure is documented below. - mtls_policy.client_validation_mode: |- + locations_details.location: |- - - (Optional) - When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. - Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. - Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID. - mtls_policy.client_validation_trust_config: |- + (Output) + Location supported by the Intercept Deployment Group, for example us-central1-a + locations_details.state: |- - - (Optional) - Reference to the TrustConfig from certificatemanager.googleapis.com namespace. - If specified, the chain validation will be performed against certificates configured in the given TrustConfig. - Allowed only if the policy is to be used with external HTTPS load balancers. + (Output) + The association state in this location. + Possible values: + STATE_UNSPECIFIED + ACTIVE + OUT_OF_SYNC name: |- + - + Identifier. The name of the Intercept Endpoint Group Association. + network: |- - (Required) - Name of the ServerTlsPolicy resource. + Immutable. The VPC network associated. Format: + projects/{project}/global/networks/{network}. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - server_certificate: |- - - - (Optional) - Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. - Structure is documented below. - server_certificate.certificate_provider_instance: |- + reconciling: |- - - (Optional) - Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. - Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. - Structure is documented below. - server_certificate.grpc_endpoint: |- + Whether reconciling is in progress. + state: |- - - (Optional) - gRPC specific configuration to access the gRPC server to obtain the cert and private key. - Structure is documented below. + Current state of the Intercept Endpoint Group Association. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + CLOSED + OUT_OF_SYNC + DELETE_FAILED terraform_labels: |- - The combination of labels configured directly on the resource and default labels configured on the provider. - update: '- Default is 30 minutes.' + update: '- Default is 20 minutes.' update_time: |- - - Time the ServerTlsPolicy was updated in UTC. + Update time stamp. importStatements: [] - google_network_security_tls_inspection_policy: + google_network_security_mirroring_deployment: subCategory: Network security - description: The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata. - name: google_network_security_tls_inspection_policy + description: MirroringDeployment represents the collectors within a Zone and is associated with a deployment group. + name: google_network_security_mirroring_deployment title: "" examples: - name: default manifest: |- { - "ca_pool": "${google_privateca_ca_pool.default.id}", - "depends_on": [ - "${google_privateca_ca_pool.default}", - "${google_privateca_certificate_authority.default}", - "${google_privateca_ca_pool_iam_member.tls_inspection_permission}" - ], - "exclude_public_ca_set": false, - "location": "us-central1", - "name": "my-tls-inspection-policy" - } - references: - ca_pool: google_privateca_ca_pool.default.id + "forwarding_rule": "${google_compute_forwarding_rule.forwarding_rule.id}", + "labels": { + "foo": "bar" + }, + "location": "us-central1-a", + "mirroring_deployment_group": "${google_network_security_mirroring_deployment_group.deployment_group.id}", + "mirroring_deployment_id": "example-deployment", + "provider": "${google-beta}" + } + references: + forwarding_rule: google_compute_forwarding_rule.forwarding_rule.id + mirroring_deployment_group: google_network_security_mirroring_deployment_group.deployment_group.id + provider: google-beta + dependencies: + google_compute_forwarding_rule.forwarding_rule: |- + { + "backend_service": "${google_compute_region_backend_service.backend_service.id}", + "ip_protocol": "UDP", + "is_mirroring_collector": true, + "load_balancing_scheme": "INTERNAL", + "name": "example-fwr", + "network": "${google_compute_network.network.name}", + "ports": [ + 6081 + ], + "provider": "${google-beta}", + "region": "us-central1", + "subnetwork": "${google_compute_subnetwork.subnetwork.name}" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "example-network", + "provider": "${google-beta}" + } + google_compute_region_backend_service.backend_service: |- + { + "health_checks": [ + "${google_compute_region_health_check.health_check.id}" + ], + "load_balancing_scheme": "INTERNAL", + "name": "example-bs", + "protocol": "UDP", + "provider": "${google-beta}", + "region": "us-central1" + } + google_compute_region_health_check.health_check: |- + { + "http_health_check": [ + { + "port": 80 + } + ], + "name": "example-hc", + "provider": "${google-beta}", + "region": "us-central1" + } + google_compute_subnetwork.subnetwork: |- + { + "ip_cidr_range": "10.1.0.0/16", + "name": "example-subnet", + "network": "${google_compute_network.network.name}", + "provider": "${google-beta}", + "region": "us-central1" + } + google_network_security_mirroring_deployment_group.deployment_group: |- + { + "location": "global", + "mirroring_deployment_group_id": "example-dg", + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. [Output only] Create time stamp + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + forwarding_rule: |- + - + (Required) + Required. Immutable. The regional load balancer which the mirrored traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/mirroringDeployments/{{mirroring_deployment_id}}' + labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type networksecurity.googleapis.com/MirroringDeployment. + mirroring_deployment_group: |- + - + (Required) + Required. Immutable. The Mirroring Deployment Group that this resource is part of. Format is: + projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup} + mirroring_deployment_id: |- + - + (Required) + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + mirroring_deployment_id from the method_signature of Create RPC + name: |- + - + Immutable. Identifier. The name of the MirroringDeployment. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- + - + Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + state: |- + - + Output only. Current state of the deployment. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + OUT_OF_SYNC + DELETE_FAILED + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. [Output only] Update time stamp + importStatements: [] + google_network_security_mirroring_deployment_group: + subCategory: Network security + description: A Deployment Group represents the collector deployments across different zones within an organization. + name: google_network_security_mirroring_deployment_group + title: "" + examples: + - name: default + manifest: |- + { + "labels": { + "foo": "bar" + }, + "location": "global", + "mirroring_deployment_group_id": "example-dg", + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}" + } + references: + network: google_compute_network.network.id + provider: google-beta + dependencies: + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "example-network", + "provider": "${google-beta}" + } + argumentDocs: + connected_endpoint_groups: |- + - + Output only. The list of Mirroring Endpoint Groups that are connected to this resource. + Structure is documented below. + connected_endpoint_groups.name: |- + - + (Output) + Output only. A connected mirroring endpoint group. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. [Output only] Create time stamp + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/mirroringDeploymentGroups/{{mirroring_deployment_group_id}}' + labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type networksecurity.googleapis.com/MirroringDeploymentGroup. + mirroring_deployment_group_id: |- + - + (Required) + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + mirroring_deployment_group_id from the method_signature of Create RPC + name: |- + - + Immutable. Identifier. Then name of the MirroringDeploymentGroup. + network: |- + - + (Required) + Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- + - + Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + state: |- + - + Output only. Current state of the deployment group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. [Output only] Update time stamp + importStatements: [] + google_network_security_mirroring_endpoint_group: + subCategory: Network security + description: A mirroring endpoint group is a global resource in the consumer account representing the producer’s deployment group. + name: google_network_security_mirroring_endpoint_group + title: "" + examples: + - name: default + manifest: |- + { + "labels": { + "foo": "bar" + }, + "location": "global", + "mirroring_deployment_group": "${google_network_security_mirroring_deployment_group.deployment_group.id}", + "mirroring_endpoint_group_id": "example-eg", + "provider": "${google-beta}" + } + references: + mirroring_deployment_group: google_network_security_mirroring_deployment_group.deployment_group.id + provider: google-beta + dependencies: + google_compute_network.network: |- + { + "auto_create_subnetworks": false, + "name": "example-network", + "provider": "${google-beta}" + } + google_network_security_mirroring_deployment_group.deployment_group: |- + { + "location": "global", + "mirroring_deployment_group_id": "example-dg", + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. [Output only] Create time stamp + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/mirroringEndpointGroups/{{mirroring_endpoint_group_id}}' + labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type networksecurity.googleapis.com/MirroringEndpointGroup. + mirroring_deployment_group: |- + - + (Required) + Required. Immutable. The Mirroring Deployment Group that this resource is connected to. Format + is: + projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup} + mirroring_endpoint_group_id: |- + - + (Required) + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + mirroring_endpoint_group_id from the method_signature of Create RPC + name: |- + - + Immutable. Identifier. The name of the MirroringEndpointGroup. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- + - + Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + state: |- + - + Output only. Current state of the endpoint group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CLOSED + CREATING + DELETING + OUT_OF_SYNC + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. [Output only] Update time stamp + importStatements: [] + google_network_security_mirroring_endpoint_group_association: + subCategory: Network security + description: Creates an association between a VPC and a mirroring endpoint group in order to mirror traffic in that VPC. + name: google_network_security_mirroring_endpoint_group_association + title: "" + examples: + - name: default + manifest: |- + { + "labels": { + "foo": "bar" + }, + "location": "global", + "mirroring_endpoint_group": "${google_network_security_mirroring_endpoint_group.endpoint_group.id}", + "mirroring_endpoint_group_association_id": "example-ega", + "network": "${google_compute_network.consumer_network.id}", + "provider": "${google-beta}" + } + references: + mirroring_endpoint_group: google_network_security_mirroring_endpoint_group.endpoint_group.id + network: google_compute_network.consumer_network.id + provider: google-beta + dependencies: + google_compute_network.consumer_network: |- + { + "auto_create_subnetworks": false, + "name": "example-cons-network", + "provider": "${google-beta}" + } + google_compute_network.producer_network: |- + { + "auto_create_subnetworks": false, + "name": "example-prod-network", + "provider": "${google-beta}" + } + google_network_security_mirroring_deployment_group.deployment_group: |- + { + "location": "global", + "mirroring_deployment_group_id": "example-dg", + "network": "${google_compute_network.producer_network.id}", + "provider": "${google-beta}" + } + google_network_security_mirroring_endpoint_group.endpoint_group: |- + { + "location": "global", + "mirroring_deployment_group": "${google_network_security_mirroring_deployment_group.deployment_group.id}", + "mirroring_endpoint_group_id": "example-eg", + "provider": "${google-beta}" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. [Output only] Create time stamp + delete: '- Default is 20 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/mirroringEndpointGroupAssociations/{{mirroring_endpoint_group_association_id}}' + labels: |- + - + (Optional) + Optional. Labels as key value pairs + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type networksecurity.googleapis.com/MirroringEndpointGroupAssociation. + locations_details: |- + - + Output only. The list of locations that this association is in and its details. + Structure is documented below. + locations_details.location: |- + - + (Output) + Output only. The cloud location. + locations_details.state: |- + - + (Output) + Output only. The association state in this location. + Possible values: + STATE_UNSPECIFIED + ACTIVE + OUT_OF_SYNC + mirroring_endpoint_group: |- + - + (Required) + Required. Immutable. The Mirroring Endpoint Group that this resource is connected to. Format + is: + projects/{project}/locations/global/mirroringEndpointGroups/{mirroringEndpointGroup} + mirroring_endpoint_group_association_id: |- + - + (Optional) + Optional. Id of the requesting object + If auto-generating Id server-side, remove this field and + mirroring_endpoint_group_association_id from the method_signature of Create + RPC + name: |- + - + Immutable. Identifier. The name of the MirroringEndpointGroupAssociation. + network: |- + - + (Required) + Required. Immutable. The VPC network associated. Format: + projects/{project}/global/networks/{network}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reconciling: |- + - + Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + state: |- + - + Output only. Current state of the endpoint group association. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + CLOSED + OUT_OF_SYNC + DELETE_FAILED + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. [Output only] Update time stamp + importStatements: [] + google_network_security_security_profile: + subCategory: Network security + description: A security profile defines the behavior associated to a profile type. + name: google_network_security_security_profile + title: "" + examples: + - name: default + manifest: |- + { + "description": "my description", + "labels": { + "foo": "bar" + }, + "name": "my-security-profile", + "parent": "organizations/123456789", + "type": "THREAT_PREVENTION" + } + - name: default + manifest: |- + { + "description": "my description", + "name": "my-security-profile", + "parent": "organizations/123456789", + "threat_prevention_profile": [ + { + "severity_overrides": [ + { + "action": "ALLOW", + "severity": "INFORMATIONAL" + }, + { + "action": "DENY", + "severity": "HIGH" + } + ], + "threat_overrides": [ + { + "action": "ALLOW", + "threat_id": "280647" + } + ] + } + ], + "type": "THREAT_PREVENTION" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the security profile was created in UTC. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of the security profile. The Max length is 512 characters. + effective_labels: for all of the labels present on the resource. + etag: |- + - + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an up-to-date + value before proceeding. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/securityProfiles/{{name}}' + labels: |- + - + (Optional) + A map of key/value label pairs to assign to the resource. + location: |- + - + (Optional) + The location of the security profile. + The default value is global. + name: |- + - + (Required) + The name of the security profile resource. + parent: |- + - + (Optional) + The name of the parent this security profile belongs to. + Format: organizations/{organization_id}. + self_link: |- + - + Server-defined URL of this resource. + severity_overrides.action: |- + - + (Required) + Threat action override. + Possible values are: ALERT, ALLOW, DEFAULT_ACTION, DENY. + severity_overrides.severity: |- + - + (Required) + Severity level to match. + Possible values are: CRITICAL, HIGH, INFORMATIONAL, LOW, MEDIUM. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + threat_overrides.action: |- + - + (Required) + Threat action. + Possible values are: ALERT, ALLOW, DEFAULT_ACTION, DENY. + threat_overrides.threat_id: |- + - + (Required) + Vendor-specific ID of a threat to override. + threat_overrides.type: |- + - + (Output) + Type of threat. + threat_prevention_profile: |- + - + (Optional) + The threat prevention configuration for the security profile. + Structure is documented below. + threat_prevention_profile.severity_overrides: |- + - + (Optional) + The configuration for overriding threats actions by severity match. + Structure is documented below. + threat_prevention_profile.threat_overrides: |- + - + (Optional) + The configuration for overriding threats actions by threat id match. + If a threat is matched both by configuration provided in severity overrides + and threat overrides, the threat overrides action is applied. + Structure is documented below. + type: |- + - + (Required) + The type of security profile. + Possible values are: THREAT_PREVENTION. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the security profile was updated in UTC. + importStatements: [] + google_network_security_security_profile_group: + subCategory: Network security + description: A security profile group defines a container for security profiles. + name: google_network_security_security_profile_group + title: "" + examples: + - name: default + manifest: |- + { + "description": "my description", + "labels": { + "foo": "bar" + }, + "name": "sec-profile-group", + "parent": "organizations/123456789", + "threat_prevention_profile": "${google_network_security_security_profile.security_profile.id}" + } + references: + threat_prevention_profile: google_network_security_security_profile.security_profile.id + dependencies: + google_network_security_security_profile.security_profile: |- + { + "location": "global", + "name": "sec-profile", + "parent": "organizations/123456789", + "type": "THREAT_PREVENTION" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the security profile group was created in UTC. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of the profile. The Max length is 512 characters. + effective_labels: for all of the labels present on the resource. + etag: |- + - + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an up-to-date + value before proceeding. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/securityProfileGroups/{{name}}' + labels: |- + - + (Optional) + A map of key/value label pairs to assign to the resource. + location: |- + - + (Optional) + The location of the security profile group. + The default value is global. + name: |- + - + (Required) + The name of the security profile group resource. + parent: |- + - + (Optional) + The name of the parent this security profile group belongs to. + Format: organizations/{organization_id}. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + threat_prevention_profile: |- + - + (Optional) + Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the security profile group was updated in UTC. + importStatements: [] + google_network_security_server_tls_policy: + subCategory: Network security + description: ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. + name: google_network_security_server_tls_policy + title: "" + examples: + - name: default + manifest: |- + { + "allow_open": "false", + "description": "my description", + "labels": { + "foo": "bar" + }, + "mtls_policy": [ + { + "client_validation_ca": [ + { + "grpc_endpoint": [ + { + "target_uri": "unix:mypath" + } + ] + } + ] + } + ], + "name": "my-server-tls-policy", + "server_certificate": [ + { + "certificate_provider_instance": [ + { + "plugin_instance": "google_cloud_private_spiffe" + } + ] + } + ] + } + - name: default + manifest: |- + { + "allow_open": "false", + "description": "my description", + "labels": { + "foo": "bar" + }, + "location": "global", + "mtls_policy": [ + { + "client_validation_mode": "ALLOW_INVALID_OR_MISSING_CLIENT_CERT" + } + ], + "name": "my-server-tls-policy" + } + - name: default + manifest: |- + { + "allow_open": "false", + "description": "my description", + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "my-server-tls-policy", + "server_certificate": [ + { + "grpc_endpoint": [ + { + "target_uri": "unix:mypath" + } + ] + } + ] + } + - name: default + manifest: |- + { + "allow_open": "false", + "description": "my description", + "labels": { + "foo": "bar" + }, + "location": "global", + "mtls_policy": [ + { + "client_validation_mode": "REJECT_INVALID", + "client_validation_trust_config": "projects/${data.google_project.project.number}/locations/global/trustConfigs/${google_certificate_manager_trust_config.default.name}" + } + ], + "name": "my-server-tls-policy" + } + dependencies: + google_certificate_manager_trust_config.default: |- + { + "description": "sample trust config description", + "labels": { + "foo": "bar" + }, + "location": "global", + "name": "my-trust-config", + "trust_stores": [ + { + "intermediate_cas": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ], + "trust_anchors": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ] + } + ] + } + argumentDocs: + allow_open: |- + - + (Optional) + This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies. + Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. + Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80. + certificate_provider_instance.plugin_instance: |- + - + (Required) + Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to "google_cloud_private_spiffe" to use Certificate Authority Service certificate provider instance. + client_validation_ca.certificate_provider_instance: |- + - + (Optional) + Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. + Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. + Structure is documented below. + client_validation_ca.grpc_endpoint: |- + - + (Optional) + gRPC specific configuration to access the gRPC server to obtain the cert and private key. + Structure is documented below. + create: '- Default is 30 minutes.' + create_time: |- + - + Time the ServerTlsPolicy was created in UTC. + delete: '- Default is 30 minutes.' + description: |- + - + (Optional) + A free-text description of the resource. Max length 1024 characters. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + grpc_endpoint.target_uri: |- + - + (Required) + The target URI of the gRPC endpoint. Only UDS path is supported, and should start with "unix:". + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}' + labels: |- + - + (Optional) + Set of label tags associated with the ServerTlsPolicy resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Optional) + The location of the server tls policy. + The default value is global. + mtls_policy: |- + - + (Optional) + This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director. + Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. + Structure is documented below. + mtls_policy.client_validation_ca: |- + - + (Optional) + Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty. + Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate. + Structure is documented below. + mtls_policy.client_validation_mode: |- + - + (Optional) + When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled. + Required if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. + Possible values are: CLIENT_VALIDATION_MODE_UNSPECIFIED, ALLOW_INVALID_OR_MISSING_CLIENT_CERT, REJECT_INVALID. + mtls_policy.client_validation_trust_config: |- + - + (Optional) + Reference to the TrustConfig from certificatemanager.googleapis.com namespace. + If specified, the chain validation will be performed against certificates configured in the given TrustConfig. + Allowed only if the policy is to be used with external HTTPS load balancers. + name: |- + - + (Required) + Name of the ServerTlsPolicy resource. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + server_certificate: |- + - + (Optional) + Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS. + Structure is documented below. + server_certificate.certificate_provider_instance: |- + - + (Optional) + Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty. + Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported. + Structure is documented below. + server_certificate.grpc_endpoint: |- + - + (Optional) + gRPC specific configuration to access the gRPC server to obtain the cert and private key. + Structure is documented below. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + update_time: |- + - + Time the ServerTlsPolicy was updated in UTC. + importStatements: [] + google_network_security_tls_inspection_policy: + subCategory: Network security + description: The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata. + name: google_network_security_tls_inspection_policy + title: "" + examples: + - name: default + manifest: |- + { + "ca_pool": "${google_privateca_ca_pool.default.id}", + "depends_on": [ + "${google_privateca_ca_pool.default}", + "${google_privateca_certificate_authority.default}", + "${google_privateca_ca_pool_iam_member.tls_inspection_permission}" + ], + "exclude_public_ca_set": false, + "location": "us-central1", + "name": "my-tls-inspection-policy" + } + references: + ca_pool: google_privateca_ca_pool.default.id dependencies: google_privateca_ca_pool.default: |- { @@ -112919,6 +127733,116 @@ resources: (Required) FQDNs and URLs. importStatements: [] + google_network_services_authz_extension: + subCategory: Network services + description: AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. + name: google_network_services_authz_extension + title: "" + examples: + - name: default + manifest: |- + { + "authority": "ext11.com", + "description": "my description", + "fail_open": false, + "forward_headers": [ + "Authorization" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "location": "us-west1", + "name": "my-authz-ext", + "project": "my-project-name", + "service": "${google_compute_region_backend_service.default.self_link}", + "timeout": "0.1s" + } + references: + service: google_compute_region_backend_service.default.self_link + dependencies: + google_compute_region_backend_service.default: |- + { + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "authz-service", + "port_name": "grpc", + "project": "my-project-name", + "protocol": "HTTP2", + "region": "us-west1" + } + argumentDocs: + authority: |- + - + (Required) + The :authority header in the gRPC request sent from Envoy to the extension service. + create: '- Default is 30 minutes.' + create_time: |- + - + The timestamp when the resource was created. + delete: '- Default is 30 minutes.' + description: |- + - + (Optional) + A human-readable description of the resource. + effective_labels: for all of the labels present on the resource. + fail_open: |- + - + (Optional) + Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + forward_headers: |- + - + (Optional) + List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}' + labels: |- + - + (Optional) + Set of labels associated with the AuthzExtension resource. + load_balancing_scheme: |- + - + (Required) + All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to Backend services overview. + Possible values are: INTERNAL_MANAGED, EXTERNAL_MANAGED. + location: |- + - + (Required) + The location of the resource. + metadata: |- + - + (Optional) + The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + name: |- + - + (Required) + Identifier. Name of the AuthzExtension resource. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + service: |- + - + (Required) + The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a backend service in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + timeout: |- + - + (Required) + Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + update: '- Default is 30 minutes.' + update_time: |- + - + The timestamp when the resource was updated. + wire_format: |- + - + (Optional) + The format of communication supported by the callout extension. + Default value is EXT_PROC_GRPC. + Possible values are: WIRE_FORMAT_UNSPECIFIED, EXT_PROC_GRPC. + importStatements: [] google_network_services_edge_cache_keyset: subCategory: Network services description: EdgeCacheKeyset represents a collection of public keys used for validating signed requests. @@ -114932,6 +129856,11 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + routing_mode: |- + - + (Optional) + The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY. + Possible values are: NEXT_HOP_ROUTING_MODE. scope: |- - (Optional) @@ -118899,6 +133828,1445 @@ resources: [projects|organizations]/{parent-name}/roles/{role-name}. runtime_name: '- (Required) Used to find the parent resource to bind the IAM policy to' importStatements: [] + google_oracle_database_autonomous_database: + subCategory: Oracle Database + description: An AutonomousDatabase resource. + name: google_oracle_database_autonomous_database + title: "" + examples: + - name: myADB + manifest: |- + { + "admin_password": "123Abpassword", + "autonomous_database_id": "my-instance", + "cidr": "10.5.0.0/24", + "database": "mydatabase", + "deletion_protection": "true", + "location": "us-east4", + "network": "${data.google_compute_network.default.id}", + "project": "my-project", + "properties": [ + { + "compute_count": "2", + "data_storage_size_tb": "1", + "db_version": "19c", + "db_workload": "OLTP", + "license_type": "LICENSE_INCLUDED" + } + ] + } + references: + network: data.google_compute_network.default.id + - name: myADB + manifest: |- + { + "admin_password": "123Abpassword", + "autonomous_database_id": "my-instance", + "cidr": "10.5.0.0/24", + "database": "mydatabase", + "deletion_protection": "true", + "display_name": "autonomousDatabase displayname", + "labels": { + "label-one": "value-one" + }, + "location": "us-east4", + "network": "${data.google_compute_network.default.id}", + "project": "my-project", + "properties": [ + { + "backup_retention_period_days": "60", + "character_set": "AL32UTF8", + "compute_count": "2", + "customer_contacts": [ + { + "email": "xyz@example.com" + } + ], + "data_storage_size_gb": "48", + "db_edition": "STANDARD_EDITION", + "db_version": "19c", + "db_workload": "OLTP", + "is_auto_scaling_enabled": "true", + "is_storage_auto_scaling_enabled": "false", + "license_type": "BRING_YOUR_OWN_LICENSE", + "maintenance_schedule_type": "REGULAR", + "mtls_connection_required": "false", + "n_character_set": "AL16UTF16", + "operations_insights_state": "NOT_ENABLED", + "private_endpoint_ip": "10.5.0.11", + "private_endpoint_label": "myendpoint" + } + ] + } + references: + network: data.google_compute_network.default.id + argumentDocs: + all_connection_strings.high: |- + - + (Output) + The database service provides the highest level of resources to each SQL + statement. + all_connection_strings.low: |- + - + (Output) + The database service provides the least level of resources to each SQL + statement. + all_connection_strings.medium: |- + - + (Output) + The database service provides a lower level of resources to each SQL + statement. + apex_details.apex_version: |- + - + (Output) + The Oracle APEX Application Development version. + apex_details.ords_version: |- + - + (Output) + The Oracle REST Data Services (ORDS) version. + autonomous_database_id: |- + - + (Required) + The ID of the Autonomous Database to create. This value is restricted + to (^a-z?$) and must be a maximum of 63 + characters in length. The value must start with a letter and end with + a letter or a number. + cidr: |- + - + (Required) + The subnet CIDR range for the Autonmous Database. + connection_strings.all_connection_strings: |- + - + (Output) + A list of all connection strings that can be used to connect to the + Autonomous Database. + Structure is documented below. + connection_strings.dedicated: |- + - + (Output) + The database service provides the least level of resources to each SQL + statement, but supports the most number of concurrent SQL statements. + connection_strings.high: |- + - + (Output) + The database service provides the highest level of resources to each SQL + statement. + connection_strings.low: |- + - + (Output) + The database service provides the least level of resources to each SQL + statement. + connection_strings.medium: |- + - + (Output) + The database service provides a lower level of resources to each SQL + statement. + connection_strings.profiles: |- + - + (Output) + A list of connection string profiles to allow clients to group, filter, and + select values based on the structured metadata. + Structure is documented below. + connection_urls.apex_uri: |- + - + (Output) + Oracle Application Express (APEX) URL. + connection_urls.database_transforms_uri: |- + - + (Output) + The URL of the Database Transforms for the Autonomous Database. + connection_urls.graph_studio_uri: |- + - + (Output) + The URL of the Graph Studio for the Autonomous Database. + connection_urls.machine_learning_notebook_uri: |- + - + (Output) + The URL of the Oracle Machine Learning (OML) Notebook for the Autonomous + Database. + connection_urls.machine_learning_user_management_uri: |- + - + (Output) + The URL of Machine Learning user management the Autonomous Database. + connection_urls.mongo_db_uri: |- + - + (Output) + The URL of the MongoDB API for the Autonomous Database. + connection_urls.ords_uri: |- + - + (Output) + The Oracle REST Data Services (ORDS) URL of the Web Access for the + Autonomous Database. + connection_urls.sql_dev_web_uri: |- + - + (Output) + The URL of the Oracle SQL Developer Web for the Autonomous Database. + create: '- Default is 240 minutes.' + create_time: |- + - + The date and time that the Autonomous Database was created. + customer_contacts.email: |- + - + (Required) + The email address used by Oracle to send notifications regarding databases + and infrastructure. + database: |- + - + (Required) + The name of the Autonomous Database. The database name must be unique in + the project. The name must begin with a letter and can + contain a maximum of 30 alphanumeric characters. + delete: '- Default is 120 minutes.' + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + entitlement_id: |- + - + The ID of the subscription entitlement associated with the Autonomous + Database. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}' + local_standby_db.data_guard_role_changed_time: |- + - + (Output) + The date and time the Autonomous Data Guard role was switched for the + standby Autonomous Database. + local_standby_db.disaster_recovery_role_changed_time: |- + - + (Output) + The date and time the Disaster Recovery role was switched for the standby + Autonomous Database. + local_standby_db.lag_time_duration: |- + - + (Output) + The amount of time, in seconds, that the data of the standby database lags + in comparison to the data of the primary database. + local_standby_db.lifecycle_details: |- + - + (Output) + The additional details about the current lifecycle state of the + Autonomous Database. + local_standby_db.state: |- + - + (Output) + Possible values: + STATE_UNSPECIFIED + PROVISIONING + AVAILABLE + STOPPING + STOPPED + STARTING + TERMINATING + TERMINATED + UNAVAILABLE + RESTORE_IN_PROGRESS + RESTORE_FAILED + BACKUP_IN_PROGRESS + SCALE_IN_PROGRESS + AVAILABLE_NEEDS_ATTENTION + UPDATING + MAINTENANCE_IN_PROGRESS + RESTARTING + RECREATING + ROLE_CHANGE_IN_PROGRESS + UPGRADING + INACCESSIBLE + STANDBY + location: |- + - + (Required) + Resource ID segment making up resource name. See documentation for resource type oracledatabase.googleapis.com/AutonomousDatabaseBackup. + name: |- + - + Identifier. The name of the Autonomous Database resource in the following format: + projects/{project}/locations/{region}/autonomousDatabases/{autonomous_database} + network: |- + - + (Required) + The name of the VPC network used by the Autonomous Database. + Format: projects/{project}/global/networks/{network} + profiles.consumer_group: |- + - + (Output) + The current consumer group being used by the connection. + Possible values: + CONSUMER_GROUP_UNSPECIFIED + HIGH + MEDIUM + LOW + TP + TPURGENT + profiles.display_name: |- + - + (Output) + The display name for the database connection. + profiles.host_format: |- + - + (Output) + The host name format being currently used in connection string. + Possible values: + HOST_FORMAT_UNSPECIFIED + FQDN + IP + profiles.is_regional: |- + - + (Output) + This field indicates if the connection string is regional and is only + applicable for cross-region Data Guard. + profiles.protocol: |- + - + (Output) + The protocol being used by the connection. + Possible values: + PROTOCOL_UNSPECIFIED + TCP + TCPS + profiles.session_mode: |- + - + (Output) + The current session mode of the connection. + Possible values: + SESSION_MODE_UNSPECIFIED + DIRECT + INDIRECT + profiles.syntax_format: |- + - + (Output) + The syntax of the connection string. + Possible values: + SYNTAX_FORMAT_UNSPECIFIED + LONG + EZCONNECT + EZCONNECTPLUS + profiles.tls_authentication: |- + - + (Output) + This field indicates the TLS authentication type of the connection. + Possible values: + TLS_AUTHENTICATION_UNSPECIFIED + SERVER + MUTUAL + profiles.value: |- + - + (Output) + The value of the connection string. + properties: |- + - + (Required) + The properties of an Autonomous Database. + Structure is documented below. + properties.actual_used_data_storage_size_tb: |- + - + (Output) + The amount of storage currently being used for user and system data, in + terabytes. + properties.allocated_storage_size_tb: |- + - + (Output) + The amount of storage currently allocated for the database tables and + billed for, rounded up in terabytes. + properties.apex_details: |- + - + (Output) + Oracle APEX Application Development. + https://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseApex + Structure is documented below. + properties.are_primary_allowlisted_ips_used: |- + - + (Output) + This field indicates the status of Data Guard and Access control for the + Autonomous Database. The field's value is null if Data Guard is disabled + or Access Control is disabled. The field's value is TRUE if both Data Guard + and Access Control are enabled, and the Autonomous Database is using + primary IP access control list (ACL) for standby. The field's value is + FALSE if both Data Guard and Access Control are enabled, and the Autonomous + Database is using a different IP access control list (ACL) for standby + compared to primary. + properties.autonomous_container_database_id: |- + - + (Output) + The Autonomous Container Database OCID. + properties.available_upgrade_versions: |- + - + (Output) + The list of available Oracle Database upgrade versions for an Autonomous + Database. + properties.backup_retention_period_days: |- + - + (Optional) + The retention period for the Autonomous Database. This field is specified + in days, can range from 1 day to 60 days, and has a default value of + 60 days. + properties.character_set: |- + - + (Optional) + The character set for the Autonomous Database. The default is AL32UTF8. + properties.compute_count: |- + - + (Optional) + The number of compute servers for the Autonomous Database. + properties.connection_strings: |- + - + (Output) + The connection string used to connect to the Autonomous Database. + https://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseConnectionStrings + Structure is documented below. + properties.connection_urls: |- + - + (Output) + The URLs for accessing Oracle Application Express (APEX) and SQL Developer + Web with a browser from a Compute instance. + https://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseConnectionUrls + Structure is documented below. + properties.customer_contacts: |- + - + (Optional) + The list of customer contacts. + Structure is documented below. + properties.data_safe_state: |- + - + (Output) + The current state of the Data Safe registration for the + Autonomous Database. + Possible values: + DATA_SAFE_STATE_UNSPECIFIED + REGISTERING + REGISTERED + DEREGISTERING + NOT_REGISTERED + FAILED + properties.data_storage_size_gb: |- + - + (Optional) + The size of the data stored in the database, in gigabytes. + properties.data_storage_size_tb: |- + - + (Optional) + The size of the data stored in the database, in terabytes. + properties.database_management_state: |- + - + (Output) + The current state of database management for the Autonomous Database. + Possible values: + DATABASE_MANAGEMENT_STATE_UNSPECIFIED + ENABLING + ENABLED + DISABLING + NOT_ENABLED + FAILED_ENABLING + FAILED_DISABLING + properties.db_edition: |- + - + (Optional) + The edition of the Autonomous Databases. + Possible values: + DATABASE_EDITION_UNSPECIFIED + STANDARD_EDITION + ENTERPRISE_EDITION + properties.db_version: |- + - + (Optional) + The Oracle Database version for the Autonomous Database. + properties.db_workload: |- + - + (Required) + Possible values: + DB_WORKLOAD_UNSPECIFIED + OLTP + DW + AJD + APEX + properties.failed_data_recovery_duration: |- + - + (Output) + This field indicates the number of seconds of data loss during a Data + Guard failover. + properties.is_auto_scaling_enabled: |- + - + (Optional) + This field indicates if auto scaling is enabled for the Autonomous Database + CPU core count. + properties.is_local_data_guard_enabled: |- + - + (Output) + This field indicates whether the Autonomous Database has local (in-region) + Data Guard enabled. + properties.is_storage_auto_scaling_enabled: |- + - + (Optional) + This field indicates if auto scaling is enabled for the Autonomous Database + storage. + properties.license_type: |- + - + (Required) + The license type used for the Autonomous Database. + Possible values: + LICENSE_TYPE_UNSPECIFIED + LICENSE_INCLUDED + BRING_YOUR_OWN_LICENSE + properties.lifecycle_details: |- + - + (Output) + The details of the current lifestyle state of the Autonomous Database. + properties.local_adg_auto_failover_max_data_loss_limit: |- + - + (Output) + This field indicates the maximum data loss limit for an Autonomous + Database, in seconds. + properties.local_disaster_recovery_type: |- + - + (Output) + This field indicates the local disaster recovery (DR) type of an + Autonomous Database. + Possible values: + LOCAL_DISASTER_RECOVERY_TYPE_UNSPECIFIED + ADG + BACKUP_BASED + properties.local_standby_db: |- + - + (Output) + Autonomous Data Guard standby database details. + https://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseStandbySummary + Structure is documented below. + properties.maintenance_begin_time: |- + - + (Output) + The date and time when maintenance will begin. + properties.maintenance_end_time: |- + - + (Output) + The date and time when maintenance will end. + properties.maintenance_schedule_type: |- + - + (Optional) + The maintenance schedule of the Autonomous Database. + Possible values: + MAINTENANCE_SCHEDULE_TYPE_UNSPECIFIED + EARLY + REGULAR + properties.memory_per_oracle_compute_unit_gbs: |- + - + (Output) + The amount of memory enabled per ECPU, in gigabytes. + properties.memory_table_gbs: |- + - + (Output) + The memory assigned to in-memory tables in an Autonomous Database. + properties.mtls_connection_required: |- + - + (Optional) + This field specifies if the Autonomous Database requires mTLS connections. + properties.n_character_set: |- + - + (Optional) + The national character set for the Autonomous Database. The default is + AL16UTF16. + properties.next_long_term_backup_time: |- + - + (Output) + The long term backup schedule of the Autonomous Database. + properties.oci_url: |- + - + (Output) + The Oracle Cloud Infrastructure link for the Autonomous Database. + properties.ocid: |- + - + (Output) + OCID of the Autonomous Database. + https://docs.oracle.com/en-us/iaas/Content/General/Concepts/identifiers.htm#Oracle + properties.open_mode: |- + - + (Output) + This field indicates the current mode of the Autonomous Database. + Possible values: + OPEN_MODE_UNSPECIFIED + READ_ONLY + READ_WRITE + properties.operations_insights_state: |- + - + (Optional) + Possible values: + OPERATIONS_INSIGHTS_STATE_UNSPECIFIED + ENABLING + ENABLED + DISABLING + NOT_ENABLED + FAILED_ENABLING + FAILED_DISABLING + properties.peer_db_ids: |- + - + (Output) + The list of OCIDs of standby databases located in Autonomous Data Guard + remote regions that are associated with the source database. + properties.permission_level: |- + - + (Output) + The permission level of the Autonomous Database. + Possible values: + PERMISSION_LEVEL_UNSPECIFIED + RESTRICTED + UNRESTRICTED + properties.private_endpoint: |- + - + (Output) + The private endpoint for the Autonomous Database. + properties.private_endpoint_ip: |- + - + (Optional) + The private endpoint IP address for the Autonomous Database. + properties.private_endpoint_label: |- + - + (Optional) + The private endpoint label for the Autonomous Database. + properties.refreshable_mode: |- + - + (Output) + The refresh mode of the cloned Autonomous Database. + Possible values: + REFRESHABLE_MODE_UNSPECIFIED + AUTOMATIC + MANUAL + properties.refreshable_state: |- + - + (Output) + The refresh State of the clone. + Possible values: + REFRESHABLE_STATE_UNSPECIFIED + REFRESHING + NOT_REFRESHING + properties.role: |- + - + (Output) + The Data Guard role of the Autonomous Database. + Possible values: + ROLE_UNSPECIFIED + PRIMARY + STANDBY + DISABLED_STANDBY + BACKUP_COPY + SNAPSHOT_STANDBY + properties.scheduled_operation_details: |- + - + (Output) + The list and details of the scheduled operations of the Autonomous + Database. + Structure is documented below. + properties.sql_web_developer_url: |- + - + (Output) + The SQL Web Developer URL for the Autonomous Database. + properties.state: |- + - + (Output) + Possible values: + STATE_UNSPECIFIED + PROVISIONING + AVAILABLE + STOPPING + STOPPED + STARTING + TERMINATING + TERMINATED + UNAVAILABLE + RESTORE_IN_PROGRESS + RESTORE_FAILED + BACKUP_IN_PROGRESS + SCALE_IN_PROGRESS + AVAILABLE_NEEDS_ATTENTION + UPDATING + MAINTENANCE_IN_PROGRESS + RESTARTING + RECREATING + ROLE_CHANGE_IN_PROGRESS + UPGRADING + INACCESSIBLE + STANDBY + properties.supported_clone_regions: |- + - + (Output) + The list of available regions that can be used to create a clone for the + Autonomous Database. + properties.total_auto_backup_storage_size_gbs: |- + - + (Output) + The storage space used by automatic backups of Autonomous Database, in + gigabytes. + properties.used_data_storage_size_tbs: |- + - + (Output) + The storage space used by Autonomous Database, in gigabytes. + scheduled_operation_details.day_of_week: |- + - + (Output) + Possible values: + DAY_OF_WEEK_UNSPECIFIED + MONDAY + TUESDAY + WEDNESDAY + THURSDAY + FRIDAY + SATURDAY + SUNDAY + scheduled_operation_details.start_time: |- + - + (Output) + Represents a time of day. The date and time zone are either not significant + or are specified elsewhere. An API may choose to allow leap seconds. Related + types are google.type.Date and google.protobuf.Timestamp. + Structure is documented below. + scheduled_operation_details.stop_time: |- + - + (Output) + Represents a time of day. The date and time zone are either not significant + or are specified elsewhere. An API may choose to allow leap seconds. Related + types are google.type.Date and google.protobuf.Timestamp. + Structure is documented below. + start_time.hours: |- + - + (Output) + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose + to allow the value "24:00:00" for scenarios like business closing time. + start_time.minutes: |- + - + (Output) + Minutes of hour of day. Must be from 0 to 59. + start_time.nanos: |- + - + (Output) + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + start_time.seconds: |- + - + (Output) + Seconds of minutes of the time. Must normally be from 0 to 59. An API may + allow the value 60 if it allows leap-seconds. + stop_time.admin_password: |- + - + (Optional) + The password for the default ADMIN user. + stop_time.deletion_protection: '- (Optional) Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.' + stop_time.display_name: |- + - + (Optional) + The display name for the Autonomous Database. The name does not have to + be unique within your project. + stop_time.hours: |- + - + (Output) + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose + to allow the value "24:00:00" for scenarios like business closing time. + stop_time.labels: |- + - + (Optional) + The labels or tags associated with the Autonomous Database. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + stop_time.minutes: |- + - + (Output) + Minutes of hour of day. Must be from 0 to 59. + stop_time.nanos: |- + - + (Output) + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + stop_time.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + stop_time.seconds: |- + - + (Output) + Seconds of minutes of the time. Must normally be from 0 to 59. An API may + allow the value 60 if it allows leap-seconds. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 120 minutes.' + importStatements: [] + google_oracle_database_cloud_exadata_infrastructure: + subCategory: Oracle Database + description: A CloudExadataInfrastructure resource. + name: google_oracle_database_cloud_exadata_infrastructure + title: "" + examples: + - name: my-cloud-exadata + manifest: |- + { + "cloud_exadata_infrastructure_id": "my-instance", + "deletion_protection": "true", + "display_name": "my-instance displayname", + "location": "us-east4", + "project": "my-project", + "properties": [ + { + "compute_count": "2", + "shape": "Exadata.X9M", + "storage_count": "3" + } + ] + } + - name: my-cloud-exadata + manifest: |- + { + "cloud_exadata_infrastructure_id": "my-instance", + "deletion_protection": "true", + "display_name": "my-instance displayname", + "gcp_oracle_zone": "us-east4-b-r1", + "labels": { + "label-one": "value-one" + }, + "location": "us-east4", + "project": "my-project", + "properties": [ + { + "compute_count": "2", + "customer_contacts": [ + { + "email": "xyz@example.com" + } + ], + "maintenance_window": [ + { + "custom_action_timeout_mins": "20", + "days_of_week": [ + "SUNDAY" + ], + "hours_of_day": [ + 4 + ], + "is_custom_action_timeout_enabled": "0", + "lead_time_week": "1", + "months": [ + "JANUARY", + "APRIL", + "MAY", + "OCTOBER" + ], + "patching_mode": "ROLLING", + "preference": "CUSTOM_PREFERENCE", + "weeks_of_month": [ + 4 + ] + } + ], + "shape": "Exadata.X9M", + "storage_count": "3", + "total_storage_size_gb": "196608" + } + ] + } + argumentDocs: + cloud_exadata_infrastructure_id: |- + - + (Required) + The ID of the Exadata Infrastructure to create. This value is restricted + to (^a-z?$) and must be a maximum of 63 + characters in length. The value must start with a letter and end with + a letter or a number. + create: '- Default is 240 minutes.' + create_time: |- + - + The date and time that the Exadata Infrastructure was created. + customer_contacts.email: |- + - + (Required) + The email address used by Oracle to send notifications regarding databases + and infrastructure. + delete: '- Default is 120 minutes.' + deletion_protection: '- (Optional) Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.' + display_name: |- + - + (Optional) + User friendly name for this resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + entitlement_id: |- + - + Entitlement ID of the private offer against which this infrastructure + resource is provisioned. + gcp_oracle_zone: |- + - + (Optional) + GCP location where Oracle Exadata is hosted. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/cloudExadataInfrastructures/{{cloud_exadata_infrastructure_id}}' + labels: |- + - + (Optional) + Labels or tags associated with the resource. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. See documentation for resource type oracledatabase.googleapis.com/DbServer. + maintenance_window.custom_action_timeout_mins: |- + - + (Optional) + Determines the amount of time the system will wait before the start of each + database server patching operation. Custom action timeout is in minutes and + valid value is between 15 to 120 (inclusive). + maintenance_window.days_of_week: |- + - + (Optional) + Days during the week when maintenance should be performed. + maintenance_window.hours_of_day: |- + - + (Optional) + The window of hours during the day when maintenance should be performed. + The window is a 4 hour slot. Valid values are: + 0 - represents time slot 0:00 - 3:59 UTC + 4 - represents time slot 4:00 - 7:59 UTC + 8 - represents time slot 8:00 - 11:59 UTC + 12 - represents time slot 12:00 - 15:59 UTC + 16 - represents time slot 16:00 - 19:59 UTC + 20 - represents time slot 20:00 - 23:59 UTC + maintenance_window.is_custom_action_timeout_enabled: |- + - + (Optional) + If true, enables the configuration of a custom action timeout (waiting + period) between database server patching operations. + maintenance_window.lead_time_week: |- + - + (Optional) + Lead time window allows user to set a lead time to prepare for a down time. + The lead time is in weeks and valid value is between 1 to 4. + maintenance_window.months: |- + - + (Optional) + Months during the year when maintenance should be performed. + maintenance_window.patching_mode: |- + - + (Optional) + Cloud CloudExadataInfrastructure node patching method, either "ROLLING" + or "NONROLLING". Default value is ROLLING. + Possible values: + PATCHING_MODE_UNSPECIFIED + ROLLING + NON_ROLLING + maintenance_window.preference: |- + - + (Optional) + The maintenance window scheduling preference. + Possible values: + MAINTENANCE_WINDOW_PREFERENCE_UNSPECIFIED + CUSTOM_PREFERENCE + NO_PREFERENCE + maintenance_window.weeks_of_month: |- + - + (Optional) + Weeks during the month when maintenance should be performed. Weeks start on + the 1st, 8th, 15th, and 22nd days of the month, and have a duration of 7 + days. Weeks start and end based on calendar dates, not days of the week. + name: |- + - + Identifier. The name of the Exadata Infrastructure resource with the following format: + projects/{project}/locations/{region}/cloudExadataInfrastructures/{cloud_exadata_infrastructure} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + properties: |- + - + (Optional) + Various properties of Exadata Infrastructure. + Structure is documented below. + properties.activated_storage_count: |- + - + (Output) + The requested number of additional storage servers activated for the + Exadata Infrastructure. + properties.additional_storage_count: |- + - + (Output) + The requested number of additional storage servers for the Exadata + Infrastructure. + properties.available_storage_size_gb: |- + - + (Output) + The available storage can be allocated to the Exadata Infrastructure + resource, in gigabytes (GB). + properties.compute_count: |- + - + (Optional) + The number of compute servers for the Exadata Infrastructure. + properties.cpu_count: |- + - + (Output) + The number of enabled CPU cores. + properties.customer_contacts: |- + - + (Optional) + The list of customer contacts. + Structure is documented below. + properties.data_storage_size_tb: |- + - + (Output) + Size, in terabytes, of the DATA disk group. + properties.db_node_storage_size_gb: |- + - + (Output) + The local node storage allocated in GBs. + properties.db_server_version: |- + - + (Output) + The software version of the database servers (dom0) in the Exadata + Infrastructure. + properties.maintenance_window: |- + - + (Optional) + Maintenance window as defined by Oracle. + https://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/MaintenanceWindow + Structure is documented below. + properties.max_cpu_count: |- + - + (Output) + The total number of CPU cores available. + properties.max_data_storage_tb: |- + - + (Output) + The total available DATA disk group size. + properties.max_db_node_storage_size_gb: |- + - + (Output) + The total local node storage available in GBs. + properties.max_memory_gb: |- + - + (Output) + The total memory available in GBs. + properties.memory_size_gb: |- + - + (Output) + The memory allocated in GBs. + properties.monthly_db_server_version: |- + - + (Output) + The monthly software version of the database servers (dom0) + in the Exadata Infrastructure. Example: 20.1.15 + properties.monthly_storage_server_version: |- + - + (Output) + The monthly software version of the storage servers (cells) + in the Exadata Infrastructure. Example: 20.1.15 + properties.next_maintenance_run_id: |- + - + (Output) + The OCID of the next maintenance run. + properties.next_maintenance_run_time: |- + - + (Output) + The time when the next maintenance run will occur. + properties.next_security_maintenance_run_time: |- + - + (Output) + The time when the next security maintenance run will occur. + properties.oci_url: |- + - + (Output) + Deep link to the OCI console to view this resource. + properties.ocid: |- + - + (Output) + OCID of created infra. + https://docs.oracle.com/en-us/iaas/Content/General/Concepts/identifiers.htm#Oracle + properties.shape: |- + - + (Required) + The shape of the Exadata Infrastructure. The shape determines the + amount of CPU, storage, and memory resources allocated to the instance. + properties.state: |- + - + (Output) + The current lifecycle state of the Exadata Infrastructure. + Possible values: + STATE_UNSPECIFIED + PROVISIONING + AVAILABLE + UPDATING + TERMINATING + TERMINATED + FAILED + MAINTENANCE_IN_PROGRESS + properties.storage_count: |- + - + (Optional) + The number of Cloud Exadata storage servers for the Exadata Infrastructure. + properties.storage_server_version: |- + - + (Output) + The software version of the storage servers (cells) in the Exadata + Infrastructure. + properties.total_storage_size_gb: |- + - + (Optional) + The total storage allocated to the Exadata Infrastructure + resource, in gigabytes (GB). + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 120 minutes.' + importStatements: [] + google_oracle_database_cloud_vm_cluster: + subCategory: Oracle Database + description: A CloudVmCluster resource. + name: google_oracle_database_cloud_vm_cluster + title: "" + examples: + - name: my_vmcluster + manifest: |- + { + "backup_subnet_cidr": "10.6.0.0/24", + "cidr": "10.5.0.0/24", + "cloud_vm_cluster_id": "my-instance", + "deletion_protection": "true", + "display_name": "my-instance displayname", + "exadata_infrastructure": "${google_oracle_database_cloud_exadata_infrastructure.cloudExadataInfrastructures.id}", + "location": "us-east4", + "network": "${data.google_compute_network.default.id}", + "project": "my-project", + "properties": [ + { + "cpu_core_count": "4", + "gi_version": "19.0.0.0", + "hostname_prefix": "hostname1", + "license_type": "LICENSE_INCLUDED", + "ssh_public_keys": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com" + ] + } + ] + } + references: + exadata_infrastructure: google_oracle_database_cloud_exadata_infrastructure.cloudExadataInfrastructures.id + network: data.google_compute_network.default.id + dependencies: + google_oracle_database_cloud_exadata_infrastructure.cloudExadataInfrastructures: |- + { + "cloud_exadata_infrastructure_id": "my-exadata", + "deletion_protection": "true", + "display_name": "my-exadata displayname", + "location": "us-east4", + "project": "my-project", + "properties": [ + { + "compute_count": "2", + "shape": "Exadata.X9M", + "storage_count": "3" + } + ] + } + - name: my_vmcluster + manifest: |- + { + "backup_subnet_cidr": "10.6.0.0/24", + "cidr": "10.5.0.0/24", + "cloud_vm_cluster_id": "my-instance", + "deletion_protection": "true", + "display_name": "my-instance displayname", + "exadata_infrastructure": "${google_oracle_database_cloud_exadata_infrastructure.cloudExadataInfrastructures.id}", + "labels": { + "label-one": "value-one" + }, + "location": "us-east4", + "network": "${data.google_compute_network.default.id}", + "project": "my-project", + "properties": [ + { + "cluster_name": "pq-ppat4", + "cpu_core_count": "4", + "data_storage_size_tb": 2, + "db_node_storage_size_gb": 120, + "db_server_ocids": [ + "${data.google_oracle_database_db_servers.mydbserver.db_servers.0.properties.0.ocid}", + "${data.google_oracle_database_db_servers.mydbserver.db_servers.1.properties.0.ocid}" + ], + "diagnostics_data_collection_options": [ + { + "diagnostics_events_enabled": true, + "health_monitoring_enabled": true, + "incident_logs_enabled": true + } + ], + "disk_redundancy": "HIGH", + "gi_version": "19.0.0.0", + "hostname_prefix": "hostname1", + "license_type": "LICENSE_INCLUDED", + "local_backup_enabled": false, + "memory_size_gb": 60, + "node_count": "2", + "ocpu_count": "4.0", + "sparse_diskgroup_enabled": false, + "ssh_public_keys": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1X2744t+6vRLmE5u6nHi6/QWh8bQDgHmd+OIxRQIGA/IWUtCs2FnaCNZcqvZkaeyjk5v0lTA/n+9jvO42Ipib53athrfVG8gRt8fzPL66C6ZqHq+6zZophhrCdfJh/0G4x9xJh5gdMprlaCR1P8yAaVvhBQSKGc4SiIkyMNBcHJ5YTtMQMTfxaB4G1sHZ6SDAY9a6Cq/zNjDwfPapWLsiP4mRhE5SSjJX6l6EYbkm0JeLQg+AbJiNEPvrvDp1wtTxzlPJtIivthmLMThFxK7+DkrYFuLvN5AHUdo9KTDLvHtDCvV70r8v0gafsrKkM/OE9Jtzoo0e1N/5K/ZdyFRbAkFT4QSF3nwpbmBWLf2Evg//YyEuxnz4CwPqFST2mucnrCCGCVWp1vnHZ0y30nM35njLOmWdRDFy5l27pKUTwLp02y3UYiiZyP7d3/u5pKiN4vC27VuvzprSdJxWoAvluOiDeRh+/oeQDowxoT/Oop8DzB9uJmjktXw8jyMW2+Rpg+ENQqeNgF1OGlEzypaWiRskEFlkpLb4v/s3ZDYkL1oW0Nv/J8LTjTOTEaYt2Udjoe9x2xWiGnQixhdChWuG+MaoWffzUgx1tsVj/DBXijR5DjkPkrA1GA98zd3q8GKEaAdcDenJjHhNYSd4+rE9pIsnYn7fo5X/tFfcQH1XQ== nobody@google.com" + ], + "time_zone": [ + { + "id": "UTC" + } + ] + } + ] + } + references: + exadata_infrastructure: google_oracle_database_cloud_exadata_infrastructure.cloudExadataInfrastructures.id + network: data.google_compute_network.default.id + properties.db_server_ocids: data.google_oracle_database_db_servers.mydbserver.db_servers.0.properties.0.ocid + dependencies: + google_oracle_database_cloud_exadata_infrastructure.cloudExadataInfrastructures: |- + { + "cloud_exadata_infrastructure_id": "my-exadata", + "deletion_protection": "true", + "display_name": "my-exadata displayname", + "location": "us-east4", + "project": "my-project", + "properties": [ + { + "compute_count": "2", + "shape": "Exadata.X9M", + "storage_count": "3" + } + ] + } + argumentDocs: + backup_subnet_cidr: |- + - + (Required) + CIDR range of the backup subnet. + cidr: |- + - + (Required) + Network settings. CIDR to use for cluster IP allocation. + cloud_vm_cluster_id: |- + - + (Required) + The ID of the VM Cluster to create. This value is restricted + to (^a-z?$) and must be a maximum of 63 + characters in length. The value must start with a letter and end with + a letter or a number. + create: '- Default is 120 minutes.' + create_time: |- + - + The date and time that the VM cluster was created. + delete: '- Default is 60 minutes.' + deletion_protection: '- (Optional) Whether Terraform will be prevented from destroying the cluster. Deleting this cluster via terraform destroy or terraform apply will only succeed if this field is false in the Terraform state.' + diagnostics_data_collection_options.diagnostics_events_enabled: |- + - + (Optional) + Indicates whether diagnostic collection is enabled for the VM cluster + diagnostics_data_collection_options.health_monitoring_enabled: |- + - + (Optional) + Indicates whether health monitoring is enabled for the VM cluster + diagnostics_data_collection_options.incident_logs_enabled: |- + - + (Optional) + Indicates whether incident logs and trace collection are enabled for the VM + cluster + display_name: |- + - + (Optional) + User friendly name for this resource. + effective_labels: |- + - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + exadata_infrastructure: |- + - + (Required) + The name of the Exadata Infrastructure resource on which VM cluster + resource is created, in the following format: + projects/{project}/locations/{region}/cloudExadataInfrastuctures/{cloud_extradata_infrastructure} + gcp_oracle_zone: |- + - + GCP location where Oracle Exadata is hosted. It is same as GCP Oracle zone + of Exadata infrastructure. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/cloudVmClusters/{{cloud_vm_cluster_id}}' + labels: |- + - + (Optional) + Labels or tags associated with the VM Cluster. + Note: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field effective_labels for all of the labels present on the resource. + location: |- + - + (Required) + Resource ID segment making up resource name. See documentation for resource type oracledatabase.googleapis.com/DbNode. + name: |- + - + Identifier. The name of the VM Cluster resource with the format: + projects/{project}/locations/{region}/cloudVmClusters/{cloud_vm_cluster} + network: |- + - + (Required) + The name of the VPC network. + Format: projects/{project}/global/networks/{network} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + properties: |- + - + (Optional) + Various properties and settings associated with Exadata VM cluster. + Structure is documented below. + properties.cluster_name: |- + - + (Optional) + OCI Cluster name. + properties.compartment_id: |- + - + (Output) + Compartment ID of cluster. + properties.cpu_core_count: |- + - + (Required) + Number of enabled CPU cores. + properties.data_storage_size_tb: |- + - + (Optional) + The data disk group size to be allocated in TBs. + properties.db_node_storage_size_gb: |- + - + (Optional) + Local storage per VM + properties.db_server_ocids: |- + - + (Optional) + OCID of database servers. + properties.diagnostics_data_collection_options: |- + - + (Optional) + Data collection options for diagnostics. + Structure is documented below. + properties.disk_redundancy: |- + - + (Optional) + The type of redundancy. + Possible values: + DISK_REDUNDANCY_UNSPECIFIED + HIGH + NORMAL + properties.dns_listener_ip: |- + - + (Output) + DNS listener IP. + properties.domain: |- + - + (Output) + Parent DNS domain where SCAN DNS and hosts names are qualified. + ex: ocispdelegated.ocisp10jvnet.oraclevcn.com + properties.gi_version: |- + - + (Optional) + Grid Infrastructure Version. + properties.hostname: |- + - + (Output) + host name without domain. + format: "-" with some suffix. + ex: sp2-yi0xq where "sp2" is the hostname_prefix. + properties.hostname_prefix: |- + - + (Optional) + Prefix for VM cluster host names. + properties.license_type: |- + - + (Required) + License type of VM Cluster. + Possible values: + LICENSE_TYPE_UNSPECIFIED + LICENSE_INCLUDED + BRING_YOUR_OWN_LICENSE + properties.local_backup_enabled: |- + - + (Optional) + Use local backup. + properties.memory_size_gb: |- + - + (Optional) + Memory allocated in GBs. + properties.node_count: |- + - + (Optional) + Number of database servers. + properties.oci_url: |- + - + (Output) + Deep link to the OCI console to view this resource. + properties.ocid: |- + - + (Output) + Oracle Cloud Infrastructure ID of VM Cluster. + properties.ocpu_count: |- + - + (Optional) + OCPU count per VM. Minimum is 0.1. + properties.scan_dns: |- + - + (Output) + SCAN DNS name. + ex: sp2-yi0xq-scan.ocispdelegated.ocisp10jvnet.oraclevcn.com + properties.scan_dns_record_id: |- + - + (Output) + OCID of scan DNS record. + properties.scan_ip_ids: |- + - + (Output) + OCIDs of scan IPs. + properties.scan_listener_port_tcp: |- + - + (Output) + SCAN listener port - TCP + properties.scan_listener_port_tcp_ssl: |- + - + (Output) + SCAN listener port - TLS + properties.shape: |- + - + (Output) + Shape of VM Cluster. + properties.sparse_diskgroup_enabled: |- + - + (Optional) + Use exadata sparse snapshots. + properties.ssh_public_keys: |- + - + (Optional) + SSH public keys to be stored with cluster. + properties.state: |- + - + (Output) + State of the cluster. + Possible values: + STATE_UNSPECIFIED + PROVISIONING + AVAILABLE + UPDATING + TERMINATING + TERMINATED + FAILED + MAINTENANCE_IN_PROGRESS + properties.storage_size_gb: |- + - + (Output) + The storage allocation for the disk group, in gigabytes (GB). + properties.system_version: |- + - + (Output) + Operating system version of the image. + properties.time_zone: |- + - + (Optional) + Represents a time zone from the + IANA Time Zone Database. + Structure is documented below. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + time_zone.id: |- + - + (Optional) + IANA Time Zone Database time zone, e.g. "America/New_York". + update: '- Default is 60 minutes.' + importStatements: [] google_org_policy_custom_constraint: subCategory: Organization Policy description: Custom constraints are created by administrators to provide more granular and customizable control over the specific fields that are restricted by your organization policies. @@ -119003,8 +135371,8 @@ resources: - name: primary manifest: |- { - "name": "projects/${google_project.basic.name}/policies/iam.disableServiceAccountKeyUpload", - "parent": "projects/${google_project.basic.name}", + "name": "projects/${google_project.basic.project_id}/policies/iam.disableServiceAccountKeyUpload", + "parent": "projects/${google_project.basic.project_id}", "spec": [ { "rules": [ @@ -119018,6 +135386,7 @@ resources: dependencies: google_project.basic: |- { + "deletion_policy": "DELETE", "name": "id", "org_id": "123456789", "project_id": "id" @@ -119043,6 +135412,7 @@ resources: dependencies: google_folder.basic: |- { + "deletion_protection": false, "display_name": "folder", "parent": "organizations/123456789" } @@ -119060,8 +135430,8 @@ resources: - name: primary manifest: |- { - "name": "projects/${google_project.basic.name}/policies/gcp.resourceLocations", - "parent": "projects/${google_project.basic.name}", + "name": "projects/${google_project.basic.project_id}/policies/gcp.resourceLocations", + "parent": "projects/${google_project.basic.project_id}", "spec": [ { "rules": [ @@ -119095,6 +135465,7 @@ resources: dependencies: google_project.basic: |- { + "deletion_policy": "DELETE", "name": "id", "org_id": "123456789", "project_id": "id" @@ -119141,6 +135512,30 @@ resources: "container.googleapis.com/NodePool" ] } + - name: primary + manifest: |- + { + "name": "projects/${google_project.basic.name}/policies/compute.managed.restrictDiskCreation", + "parent": "projects/${google_project.basic.name}", + "spec": [ + { + "rules": [ + { + "enforce": "TRUE", + "parameters": "${jsonencode({\"isSizeLimitCheck\" : true, \"allowedDiskTypes\" : [\"pd-ssd\", \"pd-standard\"]})}" + } + ] + } + ] + } + dependencies: + google_project.basic: |- + { + "deletion_policy": "DELETE", + "name": "id", + "org_id": "123456789", + "project_id": "id" + } argumentDocs: condition.description: |- - @@ -119215,6 +135610,10 @@ resources: - (Optional) If "TRUE", then the Policy is enforced. If "FALSE", then any configuration is acceptable. This field can be set only in Policies for boolean constraints. + rules.parameters: |- + - + (Optional) + Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { "allowedLocations" : ["us-east1", "us-west1"], "allowAll" : true } rules.values: |- - (Optional) @@ -119240,7 +135639,7 @@ resources: spec.rules: |- - (Optional) - Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. + In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set enforced to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence. Structure is documented below. spec.update_time: |- - @@ -119322,6 +135721,7 @@ resources: } google_project.my_project: |- { + "deletion_policy": "DELETE", "name": "My Project", "org_id": "123456789", "project_id": "your-project-id" @@ -121406,6 +137806,7 @@ resources: "depends_on": [ "${google_service_networking_connection.default}" ], + "deployment_type": "SCRATCH", "description": "test instance", "directory_stripe_level": "DIRECTORY_STRIPE_LEVEL_MIN", "file_stripe_level": "FILE_STRIPE_LEVEL_MIN", @@ -121446,6 +137847,49 @@ resources: ], "service": "servicenetworking.googleapis.com" } + - name: instance + manifest: |- + { + "capacity_gib": 12000, + "depends_on": [ + "${google_service_networking_connection.default}" + ], + "deployment_type": "SCRATCH", + "description": "test instance", + "directory_stripe_level": "DIRECTORY_STRIPE_LEVEL_MIN", + "file_stripe_level": "FILE_STRIPE_LEVEL_MIN", + "instance_id": "instance", + "labels": { + "test": "value" + }, + "location": "us-central1-a", + "network": "${google_compute_network.network.name}" + } + references: + network: google_compute_network.network.name + dependencies: + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "address", + "network": "${google_compute_network.network.id}", + "prefix_length": 24, + "purpose": "VPC_PEERING" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": true, + "mtu": 8896, + "name": "network" + } + google_service_networking_connection.default: |- + { + "network": "${google_compute_network.network.id}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } argumentDocs: '[a-z0-9_-]{0,63}': . a-z{0,62}: . @@ -121463,8 +137907,16 @@ resources: The time when the instance was created. daos_version: |- - - The version of DAOS software running in the instance + The version of DAOS software running in the instance. delete: '- Default is 20 minutes.' + deployment_type: |- + - + (Optional) + Parallelstore Instance deployment type. + Possible values: + DEPLOYMENT_TYPE_UNSPECIFIED + SCRATCH + PERSISTENT description: |- - (Optional) @@ -121483,9 +137935,9 @@ resources: effective_labels: for all of the labels present on the resource. effective_reserved_ip_range: |- - - Immutable. Contains the id of the allocated IP address range associated with the - private service access connection for example, "test-default" associated - with IP range 10.0.0.0/29. This field is populated by the service and + Immutable. Contains the id of the allocated IP address + range associated with the private service access connection for example, "test-default" + associated with IP range 10.0.0.0/29. This field is populated by the service and contains the value currently used by the service. file_stripe_level: |- - @@ -121506,12 +137958,12 @@ resources: labels: |- - (Optional) - Cloud Labels are a flexible and lightweight mechanism for organizing cloud - resources into groups that reflect a customer's organizational needs and - deployment strategies. Cloud Labels can be used to filter collections of - resources. They can be used to control how resource metrics are aggregated. - And they can be used as arguments to policy management rules (e.g. route, - firewall, load balancing, etc.). + Cloud Labels are a flexible and lightweight mechanism for + organizing cloud resources into groups that reflect a customer's organizational + needs and deployment strategies. Cloud Labels can be used to filter collections + of resources. They can be used to control how resource metrics are aggregated. + And they can be used as arguments to policy management rules (e.g. route, firewall, + load balancing, etc.). location: |- - (Required) @@ -121520,22 +137972,24 @@ resources: - Identifier. The resource name of the instance, in the format projects/{project}/locations/{location}/instances/{instance_id} + name + "_" + value: |- + would prove problematic if we were to + allow "_" in a future release. " network: |- - (Optional) - Immutable. The name of the Google Compute Engine - VPC network to which the - instance is connected. + Immutable. The name of the Google Compute Engine VPC network + to which the instance is connected. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. reserved_ip_range: |- - (Optional) - Immutable. Contains the id of the allocated IP address range associated with the - private service access connection for example, "test-default" associated - with IP range 10.0.0.0/29. If no range id is provided all ranges will be - considered. + Immutable. Contains the id of the allocated IP address range + associated with the private service access connection for example, "test-default" + associated with IP range 10.0.0.0/29. If no range id is provided all ranges will + be considered. state: |- - The instance state. @@ -123320,7 +139774,7 @@ resources: subject_key_id.key_id: |- - (Optional) - The value of the KeyId in lowercase hexidecimal. + The value of the KeyId in lowercase hexadecimal. terraform_labels: |- - The combination of labels configured directly on the resource @@ -123412,14 +139866,7 @@ resources: "subject": [ { "common_name": "my-certificate-authority", - "organization": "HashiCorp" - } - ], - "subject_alt_name": [ - { - "dns_names": [ - "hashicorp.com" - ] + "organization": "ACME" } ] } @@ -123428,8 +139875,7 @@ resources: { "ca_options": [ { - "is_ca": true, - "max_issuer_path_length": 10 + "is_ca": true } ], "key_usage": [ @@ -123437,23 +139883,11 @@ resources: "base_key_usage": [ { "cert_sign": true, - "content_commitment": true, - "crl_sign": true, - "data_encipherment": true, - "decipher_only": true, - "digital_signature": true, - "key_agreement": true, - "key_encipherment": false + "crl_sign": true } ], "extended_key_usage": [ - { - "client_auth": false, - "code_signing": true, - "email_protection": true, - "server_auth": true, - "time_stamping": true - } + {} ] } ] @@ -123461,13 +139895,13 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "key_spec": [ { "algorithm": "RSA_PKCS1_4096_SHA256" } ], - "lifetime": "86400s", + "lifetime": "${10 * 365 * 24 * 3600}s", "location": "us-central1", "pool": "ca-pool" } @@ -123482,14 +139916,7 @@ resources: "subject": [ { "common_name": "my-certificate-authority", - "organization": "HashiCorp" - } - ], - "subject_alt_name": [ - { - "dns_names": [ - "hashicorp.com" - ] + "organization": "ACME" } ] } @@ -123510,9 +139937,7 @@ resources: } ], "extended_key_usage": [ - { - "server_auth": false - } + {} ] } ] @@ -123542,14 +139967,7 @@ resources: "subject": [ { "common_name": "my-subordinate-authority", - "organization": "HashiCorp" - } - ], - "subject_alt_name": [ - { - "dns_names": [ - "hashicorp.com" - ] + "organization": "ACME" } ] } @@ -123559,7 +139977,7 @@ resources: "ca_options": [ { "is_ca": true, - "max_issuer_path_length": 0 + "zero_max_issuer_path_length": true } ], "key_usage": [ @@ -123567,23 +139985,11 @@ resources: "base_key_usage": [ { "cert_sign": true, - "content_commitment": true, - "crl_sign": true, - "data_encipherment": true, - "decipher_only": true, - "digital_signature": true, - "key_agreement": true, - "key_encipherment": false + "crl_sign": true } ], "extended_key_usage": [ - { - "client_auth": false, - "code_signing": true, - "email_protection": true, - "server_auth": true, - "time_stamping": true - } + {} ] } ] @@ -123591,13 +139997,13 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "key_spec": [ { - "algorithm": "RSA_PKCS1_4096_SHA256" + "algorithm": "RSA_PKCS1_2048_SHA256" } ], - "lifetime": "86400s", + "lifetime": "${5 * 365 * 24 * 3600}s", "location": "us-central1", "pool": "ca-pool", "subordinate_config": [ @@ -123629,8 +140035,7 @@ resources: { "ca_options": [ { - "is_ca": true, - "max_issuer_path_length": 10 + "is_ca": true } ], "key_usage": [ @@ -123642,9 +140047,7 @@ resources: } ], "extended_key_usage": [ - { - "server_auth": false - } + {} ] } ], @@ -123681,7 +140084,7 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "depends_on": [ "${google_kms_crypto_key_iam_member.privateca_sa_keyuser_signerverifier}", "${google_kms_crypto_key_iam_member.privateca_sa_keyuser_viewer}" @@ -123722,14 +140125,7 @@ resources: "subject": [ { "common_name": "my-certificate-authority", - "organization": "HashiCorp" - } - ], - "subject_alt_name": [ - { - "dns_names": [ - "hashicorp.com" - ] + "organization": "ACME" } ] } @@ -123743,8 +140139,7 @@ resources: { "ca_options": [ { - "is_ca": true, - "max_issuer_path_length": 10 + "is_ca": true } ], "key_usage": [ @@ -123752,23 +140147,11 @@ resources: "base_key_usage": [ { "cert_sign": true, - "content_commitment": true, - "crl_sign": true, - "data_encipherment": true, - "decipher_only": true, - "digital_signature": true, - "key_agreement": true, - "key_encipherment": false + "crl_sign": true } ], "extended_key_usage": [ - { - "client_auth": false, - "code_signing": true, - "email_protection": true, - "server_auth": true, - "time_stamping": true - } + {} ] } ] @@ -123776,13 +140159,13 @@ resources: ] } ], - "deletion_protection": "true", + "deletion_protection": true, "key_spec": [ { "cloud_kms_key_version": "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1" } ], - "lifetime": "86400s", + "lifetime": "${10 * 365 * 24 * 3600}s", "location": "us-central1", "pool": "ca-pool" } @@ -123954,7 +140337,9 @@ resources: When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the CertificateAuthority will fail. When the field is set to false, deleting the CertificateAuthority is allowed. - key_spec.desired_state: '- (Optional) Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA.' + key_spec.desired_state: |- + - (Optional) Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. + Possible values: ENABLED, DISABLED, STAGED. key_spec.effective_labels: for all of the labels present on the resource. key_spec.gcs_bucket: |- - @@ -124179,7 +140564,7 @@ resources: subject_key_id.key_id: |- - (Optional) - The value of the KeyId in lowercase hexidecimal. + The value of the KeyId in lowercase hexadecimal. subordinate_config.certificate_authority: |- - (Optional) @@ -124902,6 +141287,16 @@ resources: "display_name": "Department 1", "parent": "organizations/1234567" } + - name: my_project + manifest: |- + { + "name": "My Project", + "org_id": "1234567", + "project_id": "your-project-id", + "tags": { + "1234567/env": "staging" + } + } argumentDocs: auto_create_network: |- - (Optional) Controls whether the 'default' network exists on the project. Defaults @@ -124922,7 +141317,7 @@ resources: - (Optional) The deletion policy for the Project. Setting PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting ABANDON allows the resource to be abandoned rather than deleted, i.e., the Terraform resource can be deleted without deleting the Project via - the Google API. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is DELETE. + the Google API. Possible values are: "PREVENT", "ABANDON", "DELETE". Default value is PREVENT. effective_labels: |- - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. @@ -124947,12 +141342,7 @@ resources: this forces the project to be migrated to the newly specified organization. project_id: '- (Required) The project ID. Changing this forces a new project to be created.' - skip_delete: |- - - (Optional) If true, the Terraform resource can be deleted without - deleting the Project via the Google API. skip_delete is deprecated and will be - removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false - can be changed to a deletion_policy value of DELETE and a skip_delete value of true - to a deletion_policy value of ABANDON for equivalent behavior. + tags: '- (Optional) A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. The field is immutable and causes resource replacement when mutated. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource.' terraform_labels: |- - The combination of labels configured directly on the resource and default labels configured on the provider. @@ -125155,6 +141545,28 @@ resources: List of possible stages is here. title: '- (Required) A human-readable title for the role.' importStatements: [] + google_project_iam_member_remove: + subCategory: Cloud Platform + description: Ensures that a member:role pairing does not exist in a project's IAM policy. + name: google_project_iam_member_remove + title: "" + examples: + - name: foo + manifest: |- + { + "member": "serviceAccount:${google_project.target_project.number}-compute@developer.gserviceaccount.com", + "project": "${google_project.target_project.project_id}", + "role": "roles/editor" + } + references: + project: google_project.target_project.project_id + argumentDocs: + member: |- + - (Required) The IAM principal that should not have the target role. + Each entry can have one of the following values: + project: '- (Required) The project id of the target project.' + role: '- (Required) The target role that should be removed.' + importStatements: [] google_project_iam_policy: subCategory: Cloud Platform description: Collection of resources to manage IAM policy for a project. @@ -125810,6 +142222,24 @@ resources: { "name": "example-topic" } + - name: example + manifest: |- + { + "ack_deadline_seconds": 20, + "filter": " attributes.foo = \"foo\"\n AND attributes.bar = \"bar\"\n", + "labels": { + "foo": "bar" + }, + "name": "example-subscription", + "topic": "${google_pubsub_topic.example.id}" + } + references: + topic: google_pubsub_topic.example.id + dependencies: + google_pubsub_topic.example: |- + { + "name": "example-topic" + } - name: example manifest: |- { @@ -125842,10 +142272,6 @@ resources: "table": "${google_bigquery_table.test.project}.${google_bigquery_table.test.dataset_id}.${google_bigquery_table.test.table_id}" } ], - "depends_on": [ - "${google_project_iam_member.viewer}", - "${google_project_iam_member.editor}" - ], "name": "example-subscription", "topic": "${google_pubsub_topic.example.id}" } @@ -125863,18 +142289,6 @@ resources: "schema": "[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n", "table_id": "example_table" } - google_project_iam_member.editor: |- - { - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", - "project": "${data.google_project.project.project_id}", - "role": "roles/bigquery.dataEditor" - } - google_project_iam_member.viewer: |- - { - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", - "project": "${data.google_project.project.project_id}", - "role": "roles/bigquery.metadataViewer" - } google_pubsub_topic.example: |- { "name": "example-topic" @@ -125888,10 +142302,6 @@ resources: "use_table_schema": true } ], - "depends_on": [ - "${google_project_iam_member.viewer}", - "${google_project_iam_member.editor}" - ], "name": "example-subscription", "topic": "${google_pubsub_topic.example.id}" } @@ -125909,18 +142319,6 @@ resources: "schema": "[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n", "table_id": "example_table" } - google_project_iam_member.editor: |- - { - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", - "project": "${data.google_project.project.project_id}", - "role": "roles/bigquery.dataEditor" - } - google_project_iam_member.viewer: |- - { - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com", - "project": "${data.google_project.project.project_id}", - "role": "roles/bigquery.metadataViewer" - } google_pubsub_topic.example: |- { "name": "example-topic" @@ -125936,8 +142334,8 @@ resources: ], "depends_on": [ "${google_service_account.bq_write_service_account}", - "${google_project_iam_member.viewer}", - "${google_project_iam_member.editor}" + "${google_project_iam_member.bigquery_metadata_viewer}", + "${google_project_iam_member.bigquery_data_editor}" ], "name": "example-subscription", "topic": "${google_pubsub_topic.example.id}" @@ -125957,13 +142355,13 @@ resources: "schema": "[\n {\n \"name\": \"data\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The data\"\n }\n]\n", "table_id": "example_table" } - google_project_iam_member.editor: |- + google_project_iam_member.bigquery_data_editor: |- { "member": "serviceAccount:${google_service_account.bq_write_service_account.email}", "project": "${data.google_project.project.project_id}", "role": "roles/bigquery.dataEditor" } - google_project_iam_member.viewer: |- + google_project_iam_member.bigquery_metadata_viewer: |- { "member": "serviceAccount:${google_service_account.bq_write_service_account.email}", "project": "${data.google_project.project.project_id}", @@ -125988,7 +142386,8 @@ resources: "filename_prefix": "pre-", "filename_suffix": "-", "max_bytes": 1000, - "max_duration": "300s" + "max_duration": "300s", + "max_messages": 1000 } ], "depends_on": [ @@ -126025,6 +142424,7 @@ resources: { "avro_config": [ { + "use_topic_schema": true, "write_metadata": true } ], @@ -126033,7 +142433,8 @@ resources: "filename_prefix": "pre-", "filename_suffix": "-", "max_bytes": 1000, - "max_duration": "300s" + "max_duration": "300s", + "max_messages": 1000 } ], "depends_on": [ @@ -126130,6 +142531,10 @@ resources: for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. + avro_config.use_topic_schema: |- + - + (Optional) + When true, the output Cloud Storage file will be serialized using the topic schema, if it exists. avro_config.write_metadata: |- - (Optional) @@ -126211,6 +142616,10 @@ resources: The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. May not exceed the subscription's acknowledgement deadline. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + cloud_storage_config.max_messages: |- + - + (Optional) + The maximum messages that can be written to a Cloud Storage file before a new file is created. Min 1000 messages. cloud_storage_config.service_account_email: |- - (Optional) @@ -126308,7 +142717,7 @@ resources: retain_acked_messages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ("604800s") or less than 10 minutes ("600s"). + than 31 days ("2678400s") or less than 10 minutes ("600s"). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "600.5s". name: |- @@ -126538,44 +142947,118 @@ resources: ], "name": "example-topic" } + - name: example + manifest: |- + { + "ingestion_data_source_settings": [ + { + "cloud_storage": [ + { + "bucket": "test-bucket", + "match_glob": "foo/**", + "minimum_object_create_time": "2024-01-01T00:00:00Z", + "text_format": [ + { + "delimiter": " " + } + ] + } + ], + "platform_logs_settings": [ + { + "severity": "WARNING" + } + ] + } + ], + "name": "example-topic" + } argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - effective_labels: for all of the labels present on the resource. - id: '- an identifier for the resource with format projects/{{project}}/topics/{{name}}' - ingestion_data_source_settings: |- - - - (Optional) - Settings for ingestion from a data source into this topic. - Structure is documented below. - ingestion_data_source_settings.aws_kinesis: |- - - - (Optional) - Settings for ingestion from Amazon Kinesis Data Streams. - Structure is documented below. - ingestion_data_source_settings.aws_kinesis.aws_role_arn: |- + aws_kinesis.aws_role_arn: |- - (Required) AWS role ARN to be used for Federated Identity authentication with Kinesis. Check the Pub/Sub docs for how to set up this role and the required permissions that need to be attached to it. - ingestion_data_source_settings.aws_kinesis.consumer_arn: |- + aws_kinesis.consumer_arn: |- - (Required) The Kinesis consumer ARN to used for ingestion in Enhanced Fan-Out mode. The consumer must be already created and ready to be used. - ingestion_data_source_settings.aws_kinesis.gcp_service_account: |- + aws_kinesis.gcp_service_account: |- - (Required) The GCP service account to be used for Federated Identity authentication with Kinesis (via a AssumeRoleWithWebIdentity call for the provided role). The awsRoleArn must be set up with accounts.google.com:sub equals to this service account number. - ingestion_data_source_settings.aws_kinesis.stream_arn: |- + aws_kinesis.stream_arn: |- - (Required) The Kinesis stream ARN to ingest data from. + cloud_storage.avro_format: |- + - + (Optional) + Configuration for reading Cloud Storage data in Avro binary format. The + bytes of each object will be set to the data field of a Pub/Sub message. + cloud_storage.bucket: |- + - + (Required) + Cloud Storage bucket. The bucket name must be without any + prefix like "gs://". See the bucket naming requirements: + https://cloud.google.com/storage/docs/buckets#naming. + cloud_storage.match_glob: |- + - + (Optional) + Glob pattern used to match objects that will be ingested. If unset, all + objects will be ingested. See the supported patterns: + https://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob + cloud_storage.minimum_object_create_time: |- + - + (Optional) + The timestamp set in RFC3339 text format. If set, only objects with a + larger or equal timestamp will be ingested. Unset by default, meaning + all objects will be ingested. + cloud_storage.pubsub_avro_format: |- + - + (Optional) + Configuration for reading Cloud Storage data written via Cloud Storage + subscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The + data and attributes fields of the originally exported Pub/Sub message + will be restored when publishing. + cloud_storage.text_format: |- + - + (Optional) + Configuration for reading Cloud Storage data in text format. Each line of + text as specified by the delimiter will be set to the data field of a + Pub/Sub message. + Structure is documented below. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/topics/{{name}}' + ingestion_data_source_settings: |- + - + (Optional) + Settings for ingestion from a data source into this topic. + Structure is documented below. + ingestion_data_source_settings.aws_kinesis: |- + - + (Optional) + Settings for ingestion from Amazon Kinesis Data Streams. + Structure is documented below. + ingestion_data_source_settings.cloud_storage: |- + - + (Optional) + Settings for ingestion from Cloud Storage. + Structure is documented below. + ingestion_data_source_settings.platform_logs_settings: |- + - + (Optional) + Settings for Platform Logs regarding ingestion to Pub/Sub. If unset, + no Platform Logs will be generated.' + Structure is documented below. kms_key_name: |- - (Optional) @@ -126619,6 +143102,13 @@ resources: - (Required) Name of the topic. + platform_logs_settings.severity: |- + - + (Optional) + The minimum severity level of Platform Logs that will be written. If unspecified, + no Platform Logs will be written. + Default value is SEVERITY_UNSPECIFIED. + Possible values are: SEVERITY_UNSPECIFIED, DISABLED, DEBUG, INFO, WARNING, ERROR. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -126644,6 +143134,12 @@ resources: - The combination of labels configured directly on the resource and default labels configured on the provider. + text_format.delimiter: |- + - + (Optional) + The delimiter to use when using the 'text' format. Each line of text as + specified by the delimiter will be set to the 'data' field of a Pub/Sub + message. When unset, '\n' is used. update: '- Default is 20 minutes.' importStatements: [] google_pubsub_topic_iam_policy: @@ -126928,12 +143424,25 @@ resources: manifest: |- { "authorization_mode": "AUTH_MODE_DISABLED", + "deletion_protection_enabled": true, "depends_on": [ "${google_network_connectivity_service_connection_policy.default}" ], - "lifecycle": [ + "maintenance_policy": [ { - "prevent_destroy": true + "weekly_maintenance_window": [ + { + "day": "MONDAY", + "start_time": [ + { + "hours": 1, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ] } ], "name": "ha-cluster", @@ -126989,12 +143498,25 @@ resources: - name: cluster-ha-single-zone manifest: |- { + "deletion_protection_enabled": true, "depends_on": [ "${google_network_connectivity_service_connection_policy.default}" ], - "lifecycle": [ + "maintenance_policy": [ { - "prevent_destroy": true + "weekly_maintenance_window": [ + { + "day": "MONDAY", + "start_time": [ + { + "hours": 1, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ] } ], "name": "ha-cluster-single-zone", @@ -127042,13 +143564,438 @@ resources: ], "service_class": "gcp-memorystore-redis" } + - name: primary_cluster + manifest: |- + { + "authorization_mode": "AUTH_MODE_DISABLED", + "deletion_protection_enabled": true, + "depends_on": [ + "${google_network_connectivity_service_connection_policy.primary_cluster_region_scp}" + ], + "maintenance_policy": [ + { + "weekly_maintenance_window": [ + { + "day": "MONDAY", + "start_time": [ + { + "hours": 1, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ] + } + ], + "name": "my-primary-cluster", + "node_type": "REDIS_HIGHMEM_MEDIUM", + "persistence_config": [ + { + "mode": "RDB", + "rdb_config": [ + { + "rdb_snapshot_period": "ONE_HOUR", + "rdb_snapshot_start_time": "2024-10-02T15:01:23Z" + } + ] + } + ], + "psc_configs": [ + { + "network": "${google_compute_network.producer_net.id}" + } + ], + "redis_configs": { + "maxmemory-policy": "volatile-ttl" + }, + "region": "us-east1", + "replica_count": 1, + "shard_count": 3, + "transit_encryption_mode": "TRANSIT_ENCRYPTION_MODE_DISABLED", + "zone_distribution_config": [ + { + "mode": "MULTI_ZONE" + } + ] + } + references: + psc_configs.network: google_compute_network.producer_net.id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "mynetwork" + } + google_compute_subnetwork.primary_cluster_producer_subnet: |- + { + "ip_cidr_range": "10.0.1.0/29", + "name": "mysubnet-primary-cluster", + "network": "${google_compute_network.producer_net.id}", + "region": "us-east1" + } + google_compute_subnetwork.secondary_cluster_producer_subnet: |- + { + "ip_cidr_range": "10.0.2.0/29", + "name": "mysubnet-secondary-cluster", + "network": "${google_compute_network.producer_net.id}", + "region": "europe-west1" + } + google_network_connectivity_service_connection_policy.primary_cluster_region_scp: |- + { + "description": "Primary cluster service connection policy", + "location": "us-east1", + "name": "mypolicy-primary-cluster", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.primary_cluster_producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore-redis" + } + google_network_connectivity_service_connection_policy.secondary_cluster_region_scp: |- + { + "description": "Secondary cluster service connection policy", + "location": "europe-west1", + "name": "mypolicy-secondary-cluster", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.secondary_cluster_producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore-redis" + } + - name: secondary_cluster + manifest: |- + { + "authorization_mode": "AUTH_MODE_DISABLED", + "cross_cluster_replication_config": [ + { + "cluster_role": "SECONDARY", + "primary_cluster": [ + { + "cluster": "${google_redis_cluster.primary_cluster.id}" + } + ] + } + ], + "deletion_protection_enabled": true, + "depends_on": [ + "${google_network_connectivity_service_connection_policy.secondary_cluster_region_scp}" + ], + "maintenance_policy": [ + { + "weekly_maintenance_window": [ + { + "day": "WEDNESDAY", + "start_time": [ + { + "hours": 1, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ] + } + ], + "name": "my-secondary-cluster", + "node_type": "REDIS_HIGHMEM_MEDIUM", + "persistence_config": [ + { + "mode": "RDB", + "rdb_config": [ + { + "rdb_snapshot_period": "ONE_HOUR", + "rdb_snapshot_start_time": "2024-10-02T15:01:23Z" + } + ] + } + ], + "psc_configs": [ + { + "network": "${google_compute_network.producer_net.id}" + } + ], + "redis_configs": { + "maxmemory-policy": "volatile-ttl" + }, + "region": "europe-west1", + "replica_count": 2, + "shard_count": 3, + "transit_encryption_mode": "TRANSIT_ENCRYPTION_MODE_DISABLED", + "zone_distribution_config": [ + { + "mode": "MULTI_ZONE" + } + ] + } + references: + cross_cluster_replication_config.primary_cluster.cluster: google_redis_cluster.primary_cluster.id + psc_configs.network: google_compute_network.producer_net.id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "mynetwork" + } + google_compute_subnetwork.primary_cluster_producer_subnet: |- + { + "ip_cidr_range": "10.0.1.0/29", + "name": "mysubnet-primary-cluster", + "network": "${google_compute_network.producer_net.id}", + "region": "us-east1" + } + google_compute_subnetwork.secondary_cluster_producer_subnet: |- + { + "ip_cidr_range": "10.0.2.0/29", + "name": "mysubnet-secondary-cluster", + "network": "${google_compute_network.producer_net.id}", + "region": "europe-west1" + } + google_network_connectivity_service_connection_policy.primary_cluster_region_scp: |- + { + "description": "Primary cluster service connection policy", + "location": "us-east1", + "name": "mypolicy-primary-cluster", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.primary_cluster_producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore-redis" + } + google_network_connectivity_service_connection_policy.secondary_cluster_region_scp: |- + { + "description": "Secondary cluster service connection policy", + "location": "europe-west1", + "name": "mypolicy-secondary-cluster", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.secondary_cluster_producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore-redis" + } + - name: cluster-rdb + manifest: |- + { + "authorization_mode": "AUTH_MODE_DISABLED", + "deletion_protection_enabled": true, + "depends_on": [ + "${google_network_connectivity_service_connection_policy.default}" + ], + "maintenance_policy": [ + { + "weekly_maintenance_window": [ + { + "day": "MONDAY", + "start_time": [ + { + "hours": 1, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ] + } + ], + "name": "rdb-cluster", + "node_type": "REDIS_SHARED_CORE_NANO", + "persistence_config": [ + { + "mode": "RDB", + "rdb_config": [ + { + "rdb_snapshot_period": "ONE_HOUR", + "rdb_snapshot_start_time": "2024-10-02T15:01:23Z" + } + ] + } + ], + "psc_configs": [ + { + "network": "${google_compute_network.producer_net.id}" + } + ], + "redis_configs": { + "maxmemory-policy": "volatile-ttl" + }, + "region": "us-central1", + "replica_count": 0, + "shard_count": 3, + "transit_encryption_mode": "TRANSIT_ENCRYPTION_MODE_DISABLED", + "zone_distribution_config": [ + { + "mode": "MULTI_ZONE" + } + ] + } + references: + psc_configs.network: google_compute_network.producer_net.id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "mynetwork" + } + google_compute_subnetwork.producer_subnet: |- + { + "ip_cidr_range": "10.0.0.248/29", + "name": "mysubnet", + "network": "${google_compute_network.producer_net.id}", + "region": "us-central1" + } + google_network_connectivity_service_connection_policy.default: |- + { + "description": "my basic service connection policy", + "location": "us-central1", + "name": "mypolicy", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore-redis" + } + - name: cluster-aof + manifest: |- + { + "authorization_mode": "AUTH_MODE_DISABLED", + "deletion_protection_enabled": true, + "depends_on": [ + "${google_network_connectivity_service_connection_policy.default}" + ], + "maintenance_policy": [ + { + "weekly_maintenance_window": [ + { + "day": "MONDAY", + "start_time": [ + { + "hours": 1, + "minutes": 0, + "nanos": 0, + "seconds": 0 + } + ] + } + ] + } + ], + "name": "aof-cluster", + "node_type": "REDIS_SHARED_CORE_NANO", + "persistence_config": [ + { + "aof_config": [ + { + "append_fsync": "EVERYSEC" + } + ], + "mode": "AOF" + } + ], + "psc_configs": [ + { + "network": "${google_compute_network.producer_net.id}" + } + ], + "redis_configs": { + "maxmemory-policy": "volatile-ttl" + }, + "region": "us-central1", + "replica_count": 0, + "shard_count": 3, + "transit_encryption_mode": "TRANSIT_ENCRYPTION_MODE_DISABLED", + "zone_distribution_config": [ + { + "mode": "MULTI_ZONE" + } + ] + } + references: + psc_configs.network: google_compute_network.producer_net.id + dependencies: + google_compute_network.producer_net: |- + { + "auto_create_subnetworks": false, + "name": "mynetwork" + } + google_compute_subnetwork.producer_subnet: |- + { + "ip_cidr_range": "10.0.0.248/29", + "name": "mysubnet", + "network": "${google_compute_network.producer_net.id}", + "region": "us-central1" + } + google_network_connectivity_service_connection_policy.default: |- + { + "description": "my basic service connection policy", + "location": "us-central1", + "name": "mypolicy", + "network": "${google_compute_network.producer_net.id}", + "psc_config": [ + { + "subnetworks": [ + "${google_compute_subnetwork.producer_subnet.id}" + ] + } + ], + "service_class": "gcp-memorystore-redis" + } argumentDocs: + APPEND_FSYNC_UNSPECIFIED: ', NO, EVERYSEC, ALWAYS.' + DAY_OF_WEEK_UNSPECIFIED: ', MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY.' + PERSISTENCE_MODE_UNSPECIFIED: ', DISABLED, RDB, AOF.' + SNAPSHOT_PERIOD_UNSPECIFIED: ', ONE_HOUR, SIX_HOURS, TWELVE_HOURS, TWENTY_FOUR_HOURS.' + aof_config.append_fsync: |- + - + (Optional) + Optional. Available fsync modes. create: '- Default is 60 minutes.' create_time: |- - The timestamp associated with the cluster creation request. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + cross_cluster_replication_config: field to the configuration file to match the latest value in the state. + cross_cluster_replication_config.CLUSTER_ROLE_UNSPECIFIED: ': This is an independent cluster that has never participated in cross cluster replication. It allows both reads and writes.' + cross_cluster_replication_config.NONE: ': This is an independent cluster that previously participated in cross cluster replication(either as a PRIMARY or SECONDARY cluster). It allows both reads and writes.' + cross_cluster_replication_config.PRIMARY: ': This cluster serves as the replication source for secondary clusters that are replicating from it. Any data written to it is automatically replicated to its secondary clusters. It allows both reads and writes.' + cross_cluster_replication_config.SECONDARY: |- + : This cluster replicates data from the primary cluster. It allows only reads. + Possible values are: CLUSTER_ROLE_UNSPECIFIED, NONE, PRIMARY, SECONDARY. + cross_cluster_replication_config.cluster_role: from SECONDARY to PRIMARY. + cross_cluster_replication_config.membership: |- + - + (Output) + An output only view of all the member clusters participating in cross cluster replication. This field is populated for all the member clusters irrespective of their cluster role. + Structure is documented below. + cross_cluster_replication_config.primary_cluster: field. + cross_cluster_replication_config.secondary_clusters: list with the new secondaries. The new secondaries are the current primary and other secondary clusters(if any). + cross_cluster_replication_config.update_time: |- + - + (Output) + The last time cross cluster replication config was updated. delete: '- Default is 30 minutes.' discovery_endpoints: |- - @@ -127071,14 +144018,88 @@ resources: is created and accessed from. Structure is documented below. id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/clusters/{{name}}' + maintenance_policy.create_time: |- + - + (Output) + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + maintenance_policy.update_time: |- + - + (Output) + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + maintenance_policy.weekly_maintenance_window: |- + - + (Optional) + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + Structure is documented below. + maintenance_schedule: |- + - + Upcoming maintenance schedule. + Structure is documented below. + maintenance_schedule.end_time: |- + - + (Output) + Output only. The end time of any upcoming scheduled maintenance for this cluster. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + maintenance_schedule.schedule_deadline_time: |- + - + (Output) + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + maintenance_schedule.start_time: |- + - + (Output) + Output only. The start time of any upcoming scheduled maintenance for this cluster. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + membership.primary_cluster: |- + - + (Output) + Details of the primary cluster that is used as the replication source for all the secondary clusters. + Structure is documented below. + membership.secondary_clusters: |- + - + (Output) + List of secondary clusters that are replicating from the primary cluster. + Structure is documented below. name: |- - (Required) Unique name of the resource in this scope including project and location using the form: projects/{projectId}/locations/{locationId}/clusters/{clusterId} + persistence_config.aof_config: |- + - + (Optional) + AOF configuration. This field will be ignored if mode is not AOF. + Structure is documented below. + persistence_config.mode: |- + - + (Optional) + Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used. + persistence_config.rdb_config: |- + - + (Optional) + RDB configuration. This field will be ignored if mode is not RDB. + Structure is documented below. precise_size_gb: |- - Output only. Redis memory precise size in GB for the entire cluster. + primary_cluster.cluster: |- + - + (Optional) + The full resource path of the primary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + primary_cluster.uid: |- + - + (Output) + The unique id of the primary cluster. psc_config.network: |- - (Optional) @@ -127098,6 +144119,22 @@ resources: Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. Default value is AUTH_MODE_DISABLED. Possible values are: AUTH_MODE_UNSPECIFIED, AUTH_MODE_IAM_AUTH, AUTH_MODE_DISABLED. + psc_configs.cross_cluster_replication_config: |- + - + (Optional) + Cross cluster replication config + Structure is documented below. + psc_configs.deletion_protection_enabled: |- + - + (Optional) + Optional. Indicates if the cluster is deletion protected or not. + If the value if set to true, any delete cluster operation will fail. + Default value is true. + psc_configs.maintenance_policy: |- + - + (Optional) + Maintenance policy for a cluster + Structure is documented below. psc_configs.network: |- - (Required) @@ -127110,6 +144147,11 @@ resources: The nodeType for the Redis cluster. If not provided, REDIS_HIGHMEM_MEDIUM will be used as default Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. + psc_configs.persistence_config: |- + - + (Optional) + Persistence config (RDB, AOF) for the cluster. + Structure is documented below. psc_configs.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -127163,6 +144205,24 @@ resources: - (Optional) Output only. The PSC connection id of the forwarding rule connected to the service attachment. + rdb_config.rdb_snapshot_period: |- + - + (Optional) + Optional. Available snapshot periods for scheduling. + rdb_config.rdb_snapshot_start_time: |- + - + (Optional) + The time that the first snapshot was/will be attempted, and to which + future snapshots will be aligned. + If not provided, the current time will be used. + secondary_clusters.cluster: |- + - + (Optional) + The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id} + secondary_clusters.uid: |- + - + (Output) + The unique id of the secondary cluster. shard_count: |- - (Required) @@ -127170,6 +144230,24 @@ resources: size_gb: |- - Output only. Redis memory size in GB for the entire cluster. + start_time.hours: |- + - + (Optional) + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + start_time.minutes: |- + - + (Optional) + Minutes of hour of day. Must be from 0 to 59. + start_time.nanos: |- + - + (Optional) + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + start_time.seconds: |- + - + (Optional) + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. state: |- - The current state of this cluster. Can be CREATING, READY, UPDATING, DELETING and SUSPENDED @@ -127180,7 +144258,7 @@ resources: state_info.update_info: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. state_info.update_info.target_replica_count: |- - @@ -127190,10 +144268,28 @@ resources: - (Optional) Target number of shards for redis cluster. + terraform apply: to apply the change and wait for it to complete. + terraform plan: . This should reveal a diff for the modified setting. The proposed value in the Terraform plan should align with the updated value applied to the primary cluster in the preceding step. uid: |- - System assigned, unique identifier for the cluster. update: '- Default is 120 minutes.' + weekly_maintenance_window.day: |- + - + (Required) + Required. The day of week that maintenance updates occur. + weekly_maintenance_window.duration: |- + - + (Output) + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + weekly_maintenance_window.start_time: |- + - + (Required) + Required. Start time of the window in UTC time. + Structure is documented below. zone_distribution_config.mode: |- - (Optional) @@ -127413,6 +144509,7 @@ resources: Optional. Indicates whether OSS Redis AUTH is enabled for the instance. If set to "true" AUTH is enabled on the instance. Default value is "false" meaning AUTH is disabled. + auth_string: '- AUTH String set on the instance. This field will only be populated if auth_enabled is true.' authorized_network: |- - (Optional) @@ -127730,6 +144827,7 @@ resources: dependencies: google_project.project: |- { + "deletion_policy": "DELETE", "name": "A very important project!", "project_id": "staging-project" } @@ -127981,6 +145079,7 @@ resources: dependencies: google_folder.folder: |- { + "deletion_protection": false, "display_name": "folder-name", "parent": "organizations/123456789" } @@ -128035,6 +145134,7 @@ resources: dependencies: google_folder.folder: |- { + "deletion_protection": false, "display_name": "folder-name", "parent": "organizations/123456789" } @@ -128255,6 +145355,108 @@ resources: The supported operators are: update: '- Default is 20 minutes.' importStatements: [] + google_scc_folder_scc_big_query_export: + subCategory: Security Command Center (SCC) + description: A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + name: google_scc_folder_scc_big_query_export + title: "" + examples: + - name: custom_big_query_export_config + manifest: |- + { + "big_query_export_id": "my-export", + "dataset": "${google_bigquery_dataset.default.id}", + "description": "Cloud Security Command Center Findings Big Query Export Config", + "filter": "state=\"ACTIVE\" AND NOT mute=\"MUTED\"", + "folder": "${google_folder.folder.folder_id}" + } + references: + dataset: google_bigquery_dataset.default.id + folder: google_folder.folder.folder_id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "my_dataset_id", + "default_partition_expiration_ms": null, + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "lifecycle": [ + { + "ignore_changes": [ + "${default_partition_expiration_ms}" + ] + } + ], + "location": "US" + } + google_folder.folder: |- + { + "deletion_protection": false, + "display_name": "folder-name", + "parent": "organizations/123456789" + } + argumentDocs: + big_query_export_id: |- + - + (Required) + This must be unique within the organization. + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the BigQuery export was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + dataset: |- + - + (Required) + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + delete: '- Default is 20 minutes.' + description: |- + - + (Required) + The description of the export (max of 1024 characters). + filter: |- + - + (Required) + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + folder: |- + - + (Required) + The folder where Cloud Security Command Center Big Query Export + Config lives in. + id: '- an identifier for the resource with format folders/{{folder}}/bigQueryExports/{{big_query_export_id}}' + most_recent_editor: |- + - + Email address of the user who last edited the BigQuery export. + name: |- + - + The resource name of this export, in the format + projects/{{project}}/bigQueryExports/{{big_query_export_id}}. + This field is provided in responses, and is ignored when provided in create requests. + principal: |- + - + The service account that needs permission to create table and upload data to the BigQuery dataset. + update: '- Default is 20 minutes.' + update_time: |- + - + The most recent time at which the BigQuery export was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_scc_management_folder_security_health_analytics_custom_module: subCategory: Security Command Center Management (SCC) description: Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. @@ -128293,6 +145495,7 @@ resources: dependencies: google_folder.folder: |- { + "deletion_protection": false, "display_name": "folder-name", "parent": "organizations/123456789" } @@ -128348,6 +145551,7 @@ resources: dependencies: google_folder.folder: |- { + "deletion_protection": false, "display_name": "folder-name", "parent": "organizations/123456789" } @@ -129340,6 +146544,103 @@ resources: Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. importStatements: [] + google_scc_organization_scc_big_query_export: + subCategory: Security Command Center (SCC) + description: A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + name: google_scc_organization_scc_big_query_export + title: "" + examples: + - name: custom_big_query_export_config + manifest: |- + { + "big_query_export_id": "my-export", + "dataset": "${google_bigquery_dataset.default.id}", + "description": "Cloud Security Command Center Findings Big Query Export Config", + "filter": "state=\"ACTIVE\" AND NOT mute=\"MUTED\"", + "name": "my-export", + "organization": "123456789" + } + references: + dataset: google_bigquery_dataset.default.id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "", + "default_partition_expiration_ms": null, + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "lifecycle": [ + { + "ignore_changes": [ + "${default_partition_expiration_ms}" + ] + } + ], + "location": "US" + } + argumentDocs: + big_query_export_id: |- + - + (Required) + This must be unique within the organization. + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + dataset: |- + - + (Optional) + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the notification config (max of 1024 characters). + filter: |- + - + (Optional) + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + id: '- an identifier for the resource with format organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}' + most_recent_editor: |- + - + Email address of the user who last edited the BigQuery export. + This field is set by the server and will be ignored if provided on export creation or update. + name: |- + - + The resource name of this export, in the format + organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}. + This field is provided in responses, and is ignored when provided in create requests. + organization: |- + - + (Required) + The organization whose Cloud Security Command Center the Big Query Export + Config lives in. + principal: |- + - + The service account that needs permission to create table and upload data to the BigQuery dataset. + update: '- Default is 20 minutes.' + update_time: |- + - + The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_scc_project_custom_module: subCategory: Security Command Center (SCC) description: Represents an instance of a Security Health Analytics custom module, including its full module name, display name, enablement state, and last updated time. @@ -129624,6 +146925,101 @@ resources: If it is not provided, the provider project is used. update: '- Default is 20 minutes.' importStatements: [] + google_scc_project_scc_big_query_export: + subCategory: Security Command Center (SCC) + description: A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + name: google_scc_project_scc_big_query_export + title: "" + examples: + - name: custom_big_query_export_config + manifest: |- + { + "big_query_export_id": "my-export", + "dataset": "${google_bigquery_dataset.default.id}", + "description": "Cloud Security Command Center Findings Big Query Export Config", + "filter": "state=\"ACTIVE\" AND NOT mute=\"MUTED\"", + "name": "my-export", + "project": "my-project-name" + } + references: + dataset: google_bigquery_dataset.default.id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "my_dataset_id", + "default_partition_expiration_ms": null, + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "lifecycle": [ + { + "ignore_changes": [ + "${default_partition_expiration_ms}" + ] + } + ], + "location": "US" + } + argumentDocs: + big_query_export_id: |- + - + (Required) + This must be unique within the organization. + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + dataset: |- + - + (Optional) + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the notification config (max of 1024 characters). + filter: |- + - + (Optional) + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + id: '- an identifier for the resource with format projects/{{project}}/bigQueryExports/{{big_query_export_id}}' + most_recent_editor: |- + - + Email address of the user who last edited the BigQuery export. + This field is set by the server and will be ignored if provided on export creation or update. + name: |- + - + The resource name of this export, in the format + projects/{{project}}/bigQueryExports/{{big_query_export_id}}. + This field is provided in responses, and is ignored when provided in create requests. + principal: |- + - + The service account that needs permission to create table and upload data to the BigQuery dataset. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + update_time: |- + - + The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_scc_source: subCategory: Security Command Center (SCC) description: A Cloud Security Command Center's (Cloud SCC) finding source. @@ -129860,6 +147256,116 @@ resources: Location ID of the parent organization. If not provided, 'global' will be used as the default location. update: '- Default is 20 minutes.' importStatements: [] + google_scc_v2_folder_scc_big_query_export: + subCategory: Security Command Center (SCC)v2 API + description: A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + name: google_scc_v2_folder_scc_big_query_export + title: "" + examples: + - name: custom_big_query_export_config + manifest: |- + { + "big_query_export_id": "my-export", + "dataset": "${google_bigquery_dataset.default.id}", + "description": "Cloud Security Command Center Findings Big Query Export Config", + "filter": "state=\"ACTIVE\" AND NOT mute=\"MUTED\"", + "folder": "${google_folder.folder.folder_id}", + "location": "global" + } + references: + dataset: google_bigquery_dataset.default.id + folder: google_folder.folder.folder_id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "my_dataset_id", + "default_partition_expiration_ms": null, + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "lifecycle": [ + { + "ignore_changes": [ + "${default_partition_expiration_ms}" + ] + } + ], + "location": "US" + } + google_folder.folder: |- + { + "deletion_protection": false, + "display_name": "folder-name", + "parent": "organizations/123456789" + } + argumentDocs: + big_query_export_id: |- + - + (Required) + This must be unique within the organization. It must consist of only lowercase letters, + numbers, and hyphens, must start with a letter, must end with either a letter or a number, + and must be 63 characters or less. + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + dataset: |- + - + (Optional) + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the notification config (max of 1024 characters). + filter: |- + - + (Optional) + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + folder: |- + - + (Required) + The folder where Cloud Security Command Center Big Query Export + Config lives in. + id: '- an identifier for the resource with format folders/{{folder}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}' + location: |- + - + (Optional) + The BigQuery export configuration is stored in this location. If not provided, Use global as default. + most_recent_editor: |- + - + Email address of the user who last edited the BigQuery export. + This field is set by the server and will be ignored if provided on export creation or update. + name: |- + - + The resource name of this export, in the format + folders/{{folder}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}. + This field is provided in responses, and is ignored when provided in create requests. + principal: |- + - + The service account that needs permission to create table and upload data to the BigQuery dataset. + update: '- Default is 20 minutes.' + update_time: |- + - + The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_scc_v2_organization_mute_config: subCategory: Security Command Center (SCC)v2 API description: Mute Findings is a volume management feature in Security Command Center that lets you manually or programmatically hide irrelevant findings, and create filters to automatically silence existing and future findings based on criteria you specify. @@ -130011,6 +147517,109 @@ resources: location Id is provided by organization. If not provided, Use global as default. update: '- Default is 20 minutes.' importStatements: [] + google_scc_v2_organization_scc_big_query_export: + subCategory: Security Command Center (SCC)v2 API + description: A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + name: google_scc_v2_organization_scc_big_query_export + title: "" + examples: + - name: custom_big_query_export_config + manifest: |- + { + "big_query_export_id": "my-export", + "dataset": "${google_bigquery_dataset.default.id}", + "description": "Cloud Security Command Center Findings Big Query Export Config", + "filter": "state=\"ACTIVE\" AND NOT mute=\"MUTED\"", + "location": "global", + "name": "my-export", + "organization": "123456789" + } + references: + dataset: google_bigquery_dataset.default.id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "", + "default_partition_expiration_ms": null, + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "lifecycle": [ + { + "ignore_changes": [ + "${default_partition_expiration_ms}" + ] + } + ], + "location": "US" + } + argumentDocs: + big_query_export_id: |- + - + (Required) + This must be unique within the organization. + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + dataset: |- + - + (Optional) + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the notification config (max of 1024 characters). + filter: |- + - + (Optional) + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}' + location: |- + - + (Optional) + location Id is provided by organization. If not provided, Use global as default. + most_recent_editor: |- + - + Email address of the user who last edited the BigQuery export. + This field is set by the server and will be ignored if provided on export creation or update. + name: |- + - + (Optional) + The resource name of this export, in the format + organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}. + This field is provided in responses, and is ignored when provided in create requests. + organization: |- + - + (Required) + The organization whose Cloud Security Command Center the Big Query Export + Config lives in. + principal: |- + - + The service account that needs permission to create table and upload data to the BigQuery dataset. + update: '- Default is 20 minutes.' + update_time: |- + - + The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_scc_v2_organization_scc_big_query_exports: subCategory: Security Command Center (SCC)v2 API description: A Cloud Security Command Center (Cloud SCC) Big Query Export Config. @@ -130021,17 +147630,19 @@ resources: manifest: |- { "big_query_export_id": "my-export", - "dataset": "my-dataset", + "dataset": "${google_bigquery_dataset.default.id}", "description": "Cloud Security Command Center Findings Big Query Export Config", "filter": "state=\"ACTIVE\" AND NOT mute=\"MUTED\"", "location": "global", "name": "my-export", "organization": "123456789" } + references: + dataset: google_bigquery_dataset.default.id dependencies: google_bigquery_dataset.default: |- { - "dataset_id": "my_dataset_id", + "dataset_id": "", "default_partition_expiration_ms": null, "default_table_expiration_ms": 3600000, "description": "This is a test description", @@ -130189,7 +147800,7 @@ resources: "filter": "severity = \"HIGH\"", "location": "global", "mute_config_id": "my-config", - "project": "", + "project": "my-project-name", "type": "STATIC" } argumentDocs: @@ -130323,6 +147934,540 @@ resources: "projects/[project_id]/topics/[topic]". update: '- Default is 20 minutes.' importStatements: [] + google_scc_v2_project_scc_big_query_export: + subCategory: Security Command Center (SCC)v2 API + description: A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + name: google_scc_v2_project_scc_big_query_export + title: "" + examples: + - name: custom_big_query_export_config + manifest: |- + { + "big_query_export_id": "my-export", + "dataset": "${google_bigquery_dataset.default.id}", + "description": "Cloud Security Command Center Findings Big Query Export Config", + "filter": "state=\"ACTIVE\" AND NOT mute=\"MUTED\"", + "location": "global", + "name": "my-export", + "project": "my-project-name" + } + references: + dataset: google_bigquery_dataset.default.id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "my_dataset_id", + "default_partition_expiration_ms": null, + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "lifecycle": [ + { + "ignore_changes": [ + "${default_partition_expiration_ms}" + ] + } + ], + "location": "US" + } + argumentDocs: + big_query_export_id: |- + - + (Required) + This must be unique within the organization. + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + dataset: |- + - + (Optional) + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the notification config (max of 1024 characters). + filter: |- + - + (Optional) + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}' + location: |- + - + (Optional) + location Id is provided by organization. If not provided, Use global as default. + most_recent_editor: |- + - + Email address of the user who last edited the BigQuery export. + This field is set by the server and will be ignored if provided on export creation or update. + name: |- + - + The resource name of this export, in the format + projects/{{project}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}. + This field is provided in responses, and is ignored when provided in create requests. + principal: |- + - + The service account that needs permission to create table and upload data to the BigQuery dataset. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + update_time: |- + - + The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] + google_secret_manager_regional_secret: + subCategory: Secret Manager + description: A Regional Secret is a logical secret whose value and versions can be created and accessed within a region only. + name: google_secret_manager_regional_secret + title: "" + examples: + - name: regional-secret-basic + manifest: |- + { + "annotations": { + "key1": "value1", + "key2": "value2", + "key3": "value3" + }, + "labels": { + "label": "my-label" + }, + "location": "us-central1", + "secret_id": "tf-reg-secret" + } + - name: regional-secret-with-cmek + manifest: |- + { + "customer_managed_encryption": [ + { + "kms_key_name": "kms-key" + } + ], + "depends_on": [ + "${google_kms_crypto_key_iam_member.kms-secret-binding}" + ], + "location": "us-central1", + "secret_id": "tf-reg-secret" + } + dependencies: + google_kms_crypto_key_iam_member.kms-secret-binding: |- + { + "crypto_key_id": "kms-key", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + - name: regional-secret-with-rotation + manifest: |- + { + "depends_on": [ + "${google_pubsub_topic_iam_member.secrets_manager_access}" + ], + "location": "us-central1", + "rotation": [ + { + "next_rotation_time": "2045-11-30T00:00:00Z", + "rotation_period": "3600s" + } + ], + "secret_id": "tf-reg-secret", + "topics": [ + { + "name": "${google_pubsub_topic.topic.id}" + } + ] + } + references: + topics.name: google_pubsub_topic.topic.id + dependencies: + google_pubsub_topic.topic: |- + { + "name": "tf-topic" + } + google_pubsub_topic_iam_member.secrets_manager_access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com", + "role": "roles/pubsub.publisher", + "topic": "${google_pubsub_topic.topic.name}" + } + - name: regional-secret-with-ttl + manifest: |- + { + "annotations": { + "key1": "value1", + "key2": "value2", + "key3": "value3" + }, + "labels": { + "label": "my-label" + }, + "location": "us-central1", + "secret_id": "tf-reg-secret", + "ttl": "36000s" + } + - name: regional-secret-with-expire-time + manifest: |- + { + "annotations": { + "key1": "value1", + "key2": "value2", + "key3": "value3" + }, + "expire_time": "2055-11-30T00:00:00Z", + "labels": { + "label": "my-label" + }, + "location": "us-central1", + "secret_id": "tf-reg-secret" + } + - name: regional-secret-with-version-destroy-ttl + manifest: |- + { + "annotations": { + "key1": "value1", + "key2": "value2", + "key3": "value3" + }, + "labels": { + "label": "my-label" + }, + "location": "us-central1", + "secret_id": "tf-reg-secret", + "version_destroy_ttl": "86400s" + } + argumentDocs: + annotations: |- + - + (Optional) + Custom metadata about the regional secret. + Annotations are distinct from various forms of labels. Annotations exist to allow + client tools to store their own state information without requiring a database. + Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + symbols. + The total size of annotation keys and values must be less than 16KiB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the regional secret was created. + customer_managed_encryption: |- + - + (Optional) + The customer-managed encryption configuration of the regional secret. + Structure is documented below. + customer_managed_encryption.kms_key_name: |- + - + (Required) + The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. + delete: '- Default is 20 minutes.' + effective_annotations: for all of the annotations present on the resource. + effective_labels: for all of the labels present on the resource. + expire_time: |- + - + (Optional) + Timestamp in UTC when the regional secret is scheduled to expire. This is always provided on + output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". Only one of expire_time or ttl can be provided. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}' + labels: |- + - + (Optional) + The labels assigned to this regional secret. + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, + and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}-]{0,62} + Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, + and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}-]{0,63} + No more than 64 labels can be assigned to a given resource. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + location: |- + - + (Required) + The location of the regional secret. eg us-central1 + name: |- + - + The resource name of the regional secret. Format: + projects/{{project}}/locations/{{location}}/secrets/{{secret_id}} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + rotation: |- + - + (Optional) + The rotation time and period for a regional secret. At next_rotation_time, Secret Manager + will send a Pub/Sub notification to the topics configured on the Secret. topics must be + set to configure rotation. + Structure is documented below. + rotation.next_rotation_time: |- + - + (Optional) + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + rotation.rotation_period: |- + - + (Optional) + The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) + and at most 3153600000s (100 years). If rotationPeriod is set, next_rotation_time must + be set. next_rotation_time will be advanced by this period when the service + automatically sends rotation notifications. + secret_id: |- + - + (Required) + This must be unique within the project. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + topics: |- + - + (Optional) + A list of up to 10 Pub/Sub topics to which messages are published when control plane + operations are called on the regional secret or its versions. + Structure is documented below. + topics.name: |- + - + (Required) + The resource name of the Pub/Sub topic that will be published to, in the following format: + projects//topics/. For publication to succeed, the Secret Manager Service + Agent service account must have pubsub.publisher permissions on the topic. + ttl: |- + - + (Optional) + The TTL for the regional secret. A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". Only one of ttl or expire_time can be provided. + update: '- Default is 20 minutes.' + version_aliases: |- + - + (Optional) + Mapping from version alias to version name. + A version alias is a string with a maximum length of 63 characters and can contain + uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + characters. An alias string must start with a letter and cannot be the string + 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + version_destroy_ttl: |- + - + (Optional) + Secret Version TTL after destruction request. + This is a part of the delayed delete feature on Secret Version. + For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + on calling destroy instead the version goes to a disabled state and + the actual destruction happens after this TTL expires. It must be atleast 24h. + importStatements: [] + google_secret_manager_regional_secret_iam_policy: + subCategory: Secret Manager + description: Collection of resources to manage IAM policy for Secret Manager RegionalSecret + name: google_secret_manager_regional_secret_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_secret_manager_regional_secret.regional-secret-basic.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_secret_manager_regional_secret.regional-secret-basic.project}", + "secret_id": "${google_secret_manager_regional_secret.regional-secret-basic.secret_id}" + } + references: + location: google_secret_manager_regional_secret.regional-secret-basic.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_secret_manager_regional_secret.regional-secret-basic.project + secret_id: google_secret_manager_regional_secret.regional-secret-basic.secret_id + - name: policy + manifest: |- + { + "location": "${google_secret_manager_regional_secret.regional-secret-basic.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_secret_manager_regional_secret.regional-secret-basic.project}", + "secret_id": "${google_secret_manager_regional_secret.regional-secret-basic.secret_id}" + } + references: + location: google_secret_manager_regional_secret.regional-secret-basic.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_secret_manager_regional_secret.regional-secret-basic.project + secret_id: google_secret_manager_regional_secret.regional-secret-basic.secret_id + argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_secret_manager_regional_secret_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the regionalsecret are preserved.' + google_secret_manager_regional_secret_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the regionalsecret are preserved.' + google_secret_manager_regional_secret_iam_policy: ': Authoritative. Sets the IAM policy for the regionalsecret and replaces any existing policy already attached.' + location: |- + - (Optional) The location of the regional secret. eg us-central1 + Used to find the parent resource to bind the IAM policy to. If not specified, + the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no + location is specified, it is taken from the provider configuration. + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_secret_manager_regional_secret_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_secret_manager_regional_secret_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_secret_manager_regional_secret_version: + subCategory: Secret Manager + description: A regional secret version resource. + name: google_secret_manager_regional_secret_version + title: "" + examples: + - name: regional_secret_version_basic + manifest: |- + { + "secret": "${google_secret_manager_regional_secret.secret-basic.id}", + "secret_data": "secret-data" + } + references: + secret: google_secret_manager_regional_secret.secret-basic.id + dependencies: + google_secret_manager_regional_secret.secret-basic: |- + { + "location": "us-central1", + "secret_id": "secret-version" + } + - name: regional_secret_version_base64 + manifest: |- + { + "is_secret_data_base64": true, + "secret": "${google_secret_manager_regional_secret.secret-basic.id}", + "secret_data": "${filebase64(\"secret-data.pfx\")}" + } + references: + secret: google_secret_manager_regional_secret.secret-basic.id + dependencies: + google_secret_manager_regional_secret.secret-basic: |- + { + "location": "us-central1", + "secret_id": "secret-version" + } + - name: regional_secret_version_disabled + manifest: |- + { + "enabled": false, + "secret": "${google_secret_manager_regional_secret.secret-basic.id}", + "secret_data": "secret-data" + } + references: + secret: google_secret_manager_regional_secret.secret-basic.id + dependencies: + google_secret_manager_regional_secret.secret-basic: |- + { + "location": "us-central1", + "secret_id": "secret-version" + } + - name: regional_secret_version_deletion_policy + manifest: |- + { + "deletion_policy": "ABANDON", + "secret": "${google_secret_manager_regional_secret.secret-basic.id}", + "secret_data": "secret-data" + } + references: + secret: google_secret_manager_regional_secret.secret-basic.id + dependencies: + google_secret_manager_regional_secret.secret-basic: |- + { + "location": "us-central1", + "secret_id": "secret-version" + } + - name: regional_secret_version_deletion_policy + manifest: |- + { + "deletion_policy": "DISABLE", + "secret": "${google_secret_manager_regional_secret.secret-basic.id}", + "secret_data": "secret-data" + } + references: + secret: google_secret_manager_regional_secret.secret-basic.id + dependencies: + google_secret_manager_regional_secret.secret-basic: |- + { + "location": "us-central1", + "secret_id": "secret-version" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + The time at which the regional secret version was created. + customer_managed_encryption: |- + - + The customer-managed encryption configuration of the regional secret. + Structure is documented below. + customer_managed_encryption.kms_key_version_name: |- + - + (Output) + The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. + delete: '- Default is 20 minutes.' + deletion_policy: |- + - (Optional) The deletion policy for the regional secret version. Setting ABANDON allows the resource + to be abandoned rather than deleted. Setting DISABLE allows the resource to be + disabled rather than deleted. Default is DELETE. Possible values are: + destroy_time: |- + - + The time at which the regional secret version was destroyed. Only present if state is DESTROYED. + enabled: |- + - + (Optional) + The current state of the regional secret version. + id: '- an identifier for the resource with format {{name}}' + is_secret_data_base64: '- (Optional) If set to ''true'', the secret data is expected to be base64-encoded string and would be sent as is.' + location: |- + - + Location of Secret Manager regional secret resource. + name: |- + - + The resource name of the regional secret version. Format: + projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}} + secret: |- + - + (Required) + Secret Manager regional secret resource. + secret_data: |- + - + (Required) + The secret data. Must be no larger than 64KiB. + Note: This property is sensitive and will not be displayed in the plan. + update: '- Default is 20 minutes.' + version: |- + - + The version of the Regional Secret. + importStatements: [] google_secret_manager_secret: subCategory: Secret Manager description: A Secret is a logical secret whose value and versions can be accessed. @@ -130772,6 +148917,150 @@ resources: - The version of the Secret. importStatements: [] + google_secure_source_manager_branch_rule: + subCategory: Secure Source Manager + description: BranchRule is the protection rule to enforce pre-defined rules on designated branches within a repository. + name: google_secure_source_manager_branch_rule + title: "" + examples: + - name: basic + manifest: |- + { + "branch_rule_id": "my-basic-branchrule", + "include_pattern": "main", + "location": "${google_secure_source_manager_repository.repository.location}", + "repository_id": "${google_secure_source_manager_repository.repository.repository_id}" + } + references: + location: google_secure_source_manager_repository.repository.location + repository_id: google_secure_source_manager_repository.repository.repository_id + dependencies: + google_secure_source_manager_instance.instance: |- + { + "instance_id": "my-basic-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "us-central1" + } + google_secure_source_manager_repository.repository: |- + { + "instance": "${google_secure_source_manager_instance.instance.name}", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "${google_secure_source_manager_instance.instance.location}", + "repository_id": "my-basic-repository" + } + - name: default + manifest: |- + { + "allow_stale_reviews": false, + "branch_rule_id": "my-initial-branchrule", + "disabled": false, + "include_pattern": "test", + "location": "${google_secure_source_manager_repository.repository.location}", + "minimum_approvals_count": 2, + "minimum_reviews_count": 2, + "repository_id": "${google_secure_source_manager_repository.repository.repository_id}", + "require_comments_resolved": true, + "require_linear_history": true, + "require_pull_request": true + } + references: + location: google_secure_source_manager_repository.repository.location + repository_id: google_secure_source_manager_repository.repository.repository_id + dependencies: + google_secure_source_manager_instance.instance: |- + { + "instance_id": "my-initial-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "us-central1" + } + google_secure_source_manager_repository.repository: |- + { + "instance": "${google_secure_source_manager_instance.instance.name}", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "${google_secure_source_manager_instance.instance.location}", + "repository_id": "my-initial-repository" + } + argumentDocs: + allow_stale_reviews: |- + - + (Optional) + Determines if allow stale reviews or approvals before merging to the branch. + branch_rule_id: |- + - + (Required) + The ID for the BranchRule. + create: '- Default is 20 minutes.' + create_time: |- + - + Time the BranchRule was created in UTC. + delete: '- Default is 20 minutes.' + disabled: |- + - + (Optional) + Determines if the branch rule is disabled or not. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}/branchRules/{{branch_rule_id}}' + include_pattern: |- + - + (Required) + The BranchRule matches branches based on the specified regular expression. Use .* to match all branches. + location: |- + - + (Required) + The location for the Repository. + minimum_approvals_count: |- + - + (Optional) + The minimum number of approvals required for the branch rule to be matched. + minimum_reviews_count: |- + - + (Optional) + The minimum number of reviews required for the branch rule to be matched. + name: |- + - + The resource name for the BranchRule. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + repository_id: |- + - + (Required) + The ID for the Repository. + require_comments_resolved: |- + - + (Optional) + Determines if require comments resolved before merging to the branch. + require_linear_history: |- + - + (Optional) + Determines if require linear history before merging to the branch. + require_pull_request: |- + - + (Optional) + Determines if the branch rule requires a pull request or not. + uid: |- + - + Unique identifier of the BranchRule. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the BranchRule was updated in UTC. + importStatements: [] google_secure_source_manager_instance: subCategory: Secure Source Manager description: Instances are deployed to an available Google Cloud region and are accessible via their web interface. @@ -130785,6 +149074,11 @@ resources: "labels": { "foo": "bar" }, + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1" } - name: default @@ -130794,28 +149088,21 @@ resources: "${google_kms_crypto_key_iam_member.crypto_key_binding}" ], "instance_id": "my-instance", - "kms_key": "${google_kms_crypto_key.crypto_key.id}", + "kms_key": "my-key", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1" } - references: - kms_key: google_kms_crypto_key.crypto_key.id dependencies: - google_kms_crypto_key.crypto_key: |- - { - "key_ring": "${google_kms_key_ring.key_ring.id}", - "name": "my-key" - } google_kms_crypto_key_iam_member.crypto_key_binding: |- { - "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", + "crypto_key_id": "my-key", "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com", "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } - google_kms_key_ring.key_ring: |- - { - "location": "us-central1", - "name": "my-keyring" - } - name: default manifest: |- { @@ -130824,6 +149111,11 @@ resources: "${time_sleep.wait_120_seconds}" ], "instance_id": "my-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1", "private_config": [ { @@ -130922,6 +149214,11 @@ resources: "${time_sleep.wait_120_seconds}" ], "instance_id": "my-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1", "private_config": [ { @@ -131131,6 +149428,11 @@ resources: "${time_sleep.wait_120_seconds}" ], "instance_id": "my-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1", "private_config": [ { @@ -131296,6 +149598,22 @@ resources: "${google_privateca_ca_pool_iam_binding.ca_pool_binding}" ] } + - name: default + manifest: |- + { + "instance_id": "my-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], + "location": "us-central1", + "workforce_identity_federation_config": [ + { + "enabled": true + } + ] + } argumentDocs: create: '- Default is 60 minutes.' create_time: |- @@ -131381,6 +149699,16 @@ resources: update_time: |- - Time the Instance was updated in UTC. + workforce_identity_federation_config: |- + - + (Optional) + Configuration for Workforce Identity Federation to support third party identity provider. + If unset, defaults to the Google OIDC IdP. + Structure is documented below. + workforce_identity_federation_config.enabled: |- + - + (Required) + 'Whether Workforce Identity Federation is enabled.' importStatements: [] google_secure_source_manager_instance_iam_policy: subCategory: Secure Source Manager @@ -131438,6 +149766,11 @@ resources: manifest: |- { "instance": "${google_secure_source_manager_instance.instance.name}", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1", "repository_id": "my-repository" } @@ -131447,6 +149780,11 @@ resources: google_secure_source_manager_instance.instance: |- { "instance_id": "my-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1" } - name: default @@ -131464,6 +149802,11 @@ resources: } ], "instance": "${google_secure_source_manager_instance.instance.name}", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1", "repository_id": "my-repository" } @@ -131473,6 +149816,11 @@ resources: google_secure_source_manager_instance.instance: |- { "instance_id": "my-instance", + "lifecycle": [ + { + "prevent_destroy": "true" + } + ], "location": "us-central1" } argumentDocs: @@ -132744,7 +151092,7 @@ resources: importStatements: [] google_service_networking_vpc_service_controls: subCategory: Service Networking - description: Manages the VPC Service Controls configuration for a service networking connection + description: 'Manages the VPC Service Controls configuration for a service networking connection When enabled, Google Cloud makes the following route configuration changes in the service producer VPC network:' name: google_service_networking_vpc_service_controls title: "" examples: @@ -132829,6 +151177,7 @@ resources: dependencies: google_project.my_project: |- { + "deletion_policy": "DELETE", "name": "tf-test-project", "org_id": "123456789", "project_id": "quota", @@ -132854,6 +151203,7 @@ resources: dependencies: google_project.my_project: |- { + "deletion_policy": "DELETE", "name": "tf-test-project", "org_id": "123456789", "project_id": "quota", @@ -132879,6 +151229,7 @@ resources: dependencies: google_project.my_project: |- { + "deletion_policy": "DELETE", "name": "tf-test-project", "org_id": "123456789", "project_id": "quota", @@ -132923,6 +151274,130 @@ resources: The service that the metrics belong to, e.g. compute.googleapis.com. update: '- Default is 20 minutes.' importStatements: [] + google_site_verification_owner: + subCategory: Site Verification + description: Manages additional owners on verified web resources. + name: google_site_verification_owner + title: "" + examples: + - name: example + manifest: |- + { + "email": "user@example.com", + "web_resource_id": "${google_site_verification_web_resource.example.id}" + } + references: + web_resource_id: google_site_verification_web_resource.example.id + dependencies: + google_site_verification_web_resource.example: |- + { + "site": [ + { + "identifier": "${data.google_site_verification_token.token.identifier}", + "type": "${data.google_site_verification_token.token.type}" + } + ], + "verification_method": "${data.google_site_verification_token.token.verification_method}" + } + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "example-storage-bucket" + } + google_storage_bucket_object.object: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": "google-site-verification: ${data.google_site_verification_token.token.token}", + "name": "${data.google_site_verification_token.token.token}" + } + google_storage_object_access_control.public_rule: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "entity": "allUsers", + "object": "${google_storage_bucket_object.object.name}", + "role": "READER" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + email: |- + - + (Required) + The email of the user to be added as an owner. + web_resource_id: |- + - + (Required) + The id of of the web resource to which the owner will be added, in the form webResource/, + such as webResource/https://www.example.com/ + importStatements: [] + google_site_verification_web_resource: + subCategory: Site Verification + description: A web resource is a website or domain with verified ownership. + name: google_site_verification_web_resource + title: "" + examples: + - name: example + manifest: |- + { + "depends_on": [ + "${google_dns_record_set.example}" + ], + "site": [ + { + "identifier": "${data.google_site_verification_token.token.identifier}", + "type": "${data.google_site_verification_token.token.type}" + } + ], + "verification_method": "${data.google_site_verification_token.token.verification_method}" + } + references: + site.identifier: data.google_site_verification_token.token.identifier + site.type: data.google_site_verification_token.token.type + verification_method: data.google_site_verification_token.token.verification_method + dependencies: + google_dns_record_set.example: |- + { + "managed_zone": "example.com", + "name": "www.example.com.", + "rrdatas": [ + "${data.google_site_verification_token.token.token}" + ], + "ttl": 86400, + "type": "TXT" + } + argumentDocs: + create: '- Default is 60 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format webResource/{{web_resource_id}}' + owners: |- + - + The email addresses of all direct, verified owners of this exact property. Indirect owners — + for example verified owners of the containing domain—are not included in this list. + site: |- + - + (Required) + Container for the address and type of a site for which a verification token will be verified. + Structure is documented below. + site.identifier: |- + - + (Required) + The site identifier. If the type is set to SITE, the identifier is a URL. If the type is + set to INET_DOMAIN, the identifier is a domain name. + site.type: |- + - + (Required) + The type of resource to be verified. + Possible values are: INET_DOMAIN, SITE. + verification_method: |- + - + (Required) + The verification method for the Site Verification system to use to verify + this site or domain. + Possible values are: ANALYTICS, DNS_CNAME, DNS_TXT, FILE, META, TAG_MANAGER. + web_resource_id: |- + - + The string used to identify this web resource. + importStatements: [] google_sourcerepo_repository: subCategory: Cloud Source Repositories description: A repository (or repo) is a Git repository storing versioned source content. @@ -132962,6 +151437,7 @@ resources: argumentDocs: PROTOBUF: ', JSON.' create: '- Default is 20 minutes.' + create_ignore_already_exists: '- (Optional) If set to true, skip repository creation if a repository with the same name already exists.' delete: '- Default is 20 minutes.' id: '- an identifier for the resource with format projects/{{project}}/repos/{{name}}' name: |- @@ -133035,6 +151511,157 @@ resources: google_sourcerepo_repository_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] + google_spanner_backup_schedule: + subCategory: Cloud Spanner + description: A backup schedule for a Cloud Spanner Database. + name: google_spanner_backup_schedule + title: "" + examples: + - name: full-backup + manifest: |- + { + "database": "${google_spanner_database.database.name}", + "full_backup_spec": [ + {} + ], + "instance": "${google_spanner_instance.main.name}", + "name": "backup-schedule-id", + "retention_duration": "31620000s", + "spec": [ + { + "cron_spec": [ + { + "text": "0 12 * * *" + } + ] + } + ] + } + references: + database: google_spanner_database.database.name + instance: google_spanner_instance.main.name + dependencies: + google_spanner_database.database: |- + { + "ddl": [ + "CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1)", + "CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2)" + ], + "deletion_protection": true, + "instance": "${google_spanner_instance.main.name}", + "name": "database-id", + "version_retention_period": "3d" + } + google_spanner_instance.main: |- + { + "config": "regional-europe-west1", + "display_name": "main-instance", + "name": "instance-id", + "num_nodes": 1 + } + - name: incremental-backup + manifest: |- + { + "database": "${google_spanner_database.database.name}", + "incremental_backup_spec": [ + {} + ], + "instance": "${google_spanner_instance.main.name}", + "name": "backup-schedule-id", + "retention_duration": "31620000s", + "spec": [ + { + "cron_spec": [ + { + "text": "0 12 * * *" + } + ] + } + ] + } + references: + database: google_spanner_database.database.name + instance: google_spanner_instance.main.name + dependencies: + google_spanner_database.database: |- + { + "ddl": [ + "CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1)", + "CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2)" + ], + "deletion_protection": true, + "instance": "${google_spanner_instance.main.name}", + "name": "database-id", + "version_retention_period": "3d" + } + google_spanner_instance.main: |- + { + "config": "regional-europe-west1", + "display_name": "main-instance", + "edition": "ENTERPRISE", + "name": "instance-id", + "num_nodes": 1 + } + argumentDocs: + create: '- Default is 20 minutes.' + database: |- + - + (Required) + The database to create the backup schedule on. + delete: '- Default is 20 minutes.' + full_backup_spec: |- + - + (Optional) + The schedule creates only full backups.. + id: '- an identifier for the resource with format projects/{{project}}/instances/{{instance}}/databases/{{database}}/backupSchedules/{{name}}' + incremental_backup_spec: |- + - + (Optional) + The schedule creates incremental backup chains. + instance: |- + - + (Required) + The instance to create the database on. + name: |- + - + (Optional) + A unique identifier for the backup schedule, which cannot be changed after + the backup schedule is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9]. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + retention_duration: |- + - + (Required) + At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'. + You can set this to a value up to 366 days. + spec: |- + - + (Optional) + Defines specifications of the backup schedule. + Structure is documented below. + spec.cron_spec: |- + - + (Optional) + Cron style schedule specification.. + Structure is documented below. + spec.cron_spec.text: |- + - + (Optional) + Textual representation of the crontab. User can customize the + backup frequency and the backup version time using the cron + expression. The version time must be in UTC timzeone. + The backup will contain an externally consistent copy of the + database at the version time. Allowed frequencies are 12 hour, 1 day, + 1 week and 1 month. Examples of valid cron specifications: + 0 2/12 * * * : every 12 hours at (2, 14) hours past midnight in UTC. + 0 2,14 * * * : every 12 hours at (2,14) hours past midnight in UTC. + 0 2 * * * : once a day at 2 past midnight in UTC. + 0 2 * * 0 : once a week every Sunday at 2 past midnight in UTC. + 0 2 8 * * : once a month on 8th day at 2 past midnight in UTC. + update: '- Default is 20 minutes.' + importStatements: [] google_spanner_database: subCategory: Cloud Spanner description: A Cloud Spanner Database which is hosted on a Spanner instance. @@ -133102,9 +151729,14 @@ resources: Structure is documented below. encryption_config.kms_key_name: |- - - (Required) + (Optional) Fully qualified name of the KMS key to use to encrypt this database. This key must exist in the same location as the Spanner Database. + encryption_config.kms_key_names: |- + - + (Optional) + Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist + in the same locations as the Spanner Database. id: '- an identifier for the resource with format {{instance}}/{{name}}' instance: |- - @@ -133113,8 +151745,8 @@ resources: name: |- - (Required) - A unique identifier for the database, which cannot be changed after - the instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9]. + A unique identifier for the database, which cannot be changed after the + instance is created. Values are of the form [a-z][-_a-z0-9]*[a-z0-9]. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -133194,6 +151826,7 @@ resources: "config": "regional-us-central1", "default_backup_schedule_type": "AUTOMATIC", "display_name": "Test Spanner Instance", + "edition": "STANDARD", "labels": { "foo": "bar" }, @@ -133245,6 +151878,16 @@ resources: "num_nodes": 2 } argumentDocs: + asymmetric_autoscaling_options.overrides: |- + - + (Required) + A nested object resource. + Structure is documented below. + asymmetric_autoscaling_options.replica_selection: |- + - + (Required) + A nested object resource. + Structure is documented below. autoscaling_config: |- - (Optional) @@ -133253,6 +151896,11 @@ resources: OUTPUT_ONLY fields and reflect the current compute capacity allocated to the instance. Structure is documented below. + autoscaling_config.asymmetric_autoscaling_options: |- + - + (Optional) + Asymmetric autoscaling options for specific replicas. + Structure is documented below. autoscaling_config.autoscaling_limits: |- - (Optional) @@ -133325,6 +151973,11 @@ resources: (Required) The descriptive name for this instance as it appears in UIs. Must be unique per project and between 4 and 30 characters in length. + edition: |- + - + (Optional) + The edition selected for this instance. Different editions provide different capabilities at different price points. + Possible values are: EDITION_UNSPECIFIED, STANDARD, ENTERPRISE, ENTERPRISE_PLUS. effective_labels: for all of the labels present on the resource. force_destroy: |- - (Optional) When deleting a spanner instance, this boolean option will delete all backups of this instance. @@ -133347,6 +152000,19 @@ resources: (Optional) The number of nodes allocated to this instance. Exactly one of either node_count or processing_units must be present in terraform. + overrides.autoscaling_limits: |- + - + (Required) + A nested object resource. + Structure is documented below. + overrides.autoscaling_limits.max_nodes: |- + - + (Required) + The maximum number of nodes for this specific replica. + overrides.autoscaling_limits.min_nodes: |- + - + (Required) + The minimum number of nodes for this specific replica. processing_units: |- - (Optional) @@ -133355,6 +152021,10 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + replica_selection.location: |- + - + (Required) + The location of the replica to apply asymmetric autoscaling options. state: |- - Instance status: CREATING or READY. @@ -133500,7 +152170,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "MYSQL_8_0", - "deletion_protection": "true", + "deletion_protection": true, "name": "my-database-instance", "region": "us-central1", "settings": [ @@ -133522,7 +152192,7 @@ resources: google_sql_database_instance.instance: |- { "database_version": "POSTGRES_14", - "deletion_protection": "true", + "deletion_protection": true, "name": "my-database-instance", "region": "us-central1", "settings": [ @@ -133764,8 +152434,44 @@ resources: } ] } + - name: main + manifest: |- + { + "database_version": "MYSQL_8_0", + "name": "psc-enabled-main-instance", + "settings": [ + { + "availability_type": "REGIONAL", + "backup_configuration": [ + { + "binary_log_enabled": true, + "enabled": true + } + ], + "ip_configuration": [ + { + "ipv4_enabled": false, + "psc_config": [ + { + "allowed_consumer_projects": [ + "allowed-consumer-project-name" + ], + "psc_auto_connections": [ + { + "consumer_network": "network-name", + "consumer_service_project_id": "project-id" + } + ], + "psc_enabled": true + } + ] + } + ], + "tier": "db-f1-micro" + } + ] + } argumentDocs: - ALLOW_UNENCRYPTED_AND_ENCRYPTED: when require_ssl=false and ENCRYPTED_ONLY otherwise. OUTGOING: address is the source address of connections originating from the instance, if supported. PRIMARY: address is an address that can accept incoming connections. PRIVATE: 'address is an address for an instance which has been configured to use private networking see: Private IP.' @@ -133786,9 +152492,9 @@ resources: database_version: |- - (Required) The MySQL, PostgreSQL or SQL Server version to use. Supported values include MYSQL_5_6, - MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, - POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, - SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. + MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6,POSTGRES_10, POSTGRES_11, + POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, SQLSERVER_2019_WEB. Database Version Policies @@ -133799,7 +152505,7 @@ resources: When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the instance will fail. When the field is set to false, deleting the instance is allowed. - dsn_name: '- The DNS name of the instance. See Connect to an instance using Private Service Connect for more details.' + dns_name: '- The DNS name of the instance. See Connect to an instance using Private Service Connect for more details.' encryption_key_name: |- - (Optional) The full path to the encryption key used for the CMEK disk encryption. Setting @@ -133849,10 +152555,11 @@ resources: the provider region will be used instead. replica_configuration: |- - (Optional) The configuration for replication. The - configuration is detailed below. Valid only for MySQL instances. + configuration is detailed below. replica_configuration.ca_certificate: |- - (Optional) PEM representation of the trusted CA's x509 certificate. + replica_configuration.cascadable_replica: '- (Optional) Specifies if the replica is a cascadable replica. If true, instance must be in different region from primary.' replica_configuration.client_certificate: |- - (Optional) PEM representation of the replica's x509 certificate. @@ -133864,7 +152571,8 @@ resources: between connect retries. MySQL's default is 60 seconds. replica_configuration.dump_file_path: |- - (Optional) Path to a SQL file in GCS from which replica - instances are created. Format is gs://bucket/filename. + instances are created. Format is gs://bucket/filename. Note, if the master + instance is a source representation instance this field must be present. replica_configuration.failover_target: |- - (Optional) Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. @@ -133880,6 +152588,7 @@ resources: replica_configuration.verify_server_certificate: |- - (Optional) True if the master's common name value is checked during the SSL handshake. + replica_names: '- (Optional, Computed) List of replica names. Can be updated.' restore_backup_context: |- - (optional) The context needed to restore the database to a backup run. This field will cause Terraform to trigger the database to restore from the backup run indicated. The configuration is detailed below. @@ -133935,7 +152644,7 @@ resources: configuration starts. settings.backup_configuration.transaction_log_retention_days: '- (Optional) The number of days of transaction logs we retain for point in time restore, from 1-7. For PostgreSQL Enterprise Plus instances, the number of days of retained transaction logs can be set from 1 to 35.' settings.collation: '- (Optional) The name of server instance collation.' - settings.connector_enforcement: '- (Optional) Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.' + settings.connector_enforcement: '- (Optional) Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be REQUIRED or NOT_REQUIRED. If enabled, all the direct connections are rejected.' settings.data_cache_config.data_cache_enabled: '- (Optional) Whether data cache is enabled for the instance. Defaults to false. Can be used with MYSQL and PostgreSQL only.' settings.deletion_protection_enabled: . settings.deny_maintenance_period.end_date: '- (Required) "deny maintenance period" end date. If the year of the end date is empty, the year of the start date also must be empty. In this case, it means the no maintenance interval recurs every year. The date is in format yyyy-m-dd (the month is without leading zeros)i.e., 2020-1-01, or 2020-11-01, or mm-dd, i.e., 11-01' @@ -133955,6 +152664,8 @@ resources: settings.insights_config.record_client_address: '- True if Query Insights will record client address when enabled.' settings.ip_configuration.allocated_ip_range: '- (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z?.' settings.ip_configuration.allowed_consumer_projects: '- (Optional) List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).' + settings.ip_configuration.consumer_network: '- "The consumer network of this consumer endpoint. This must be a resource path that includes both the host project and the network name. For example, projects/project1/global/networks/network1. The consumer host project of this network might be different from the consumer service project."' + settings.ip_configuration.consumer_service_project_id: '- (Optional) The project ID of consumer service project of this consumer endpoint.' settings.ip_configuration.enable_private_path_for_google_cloud_services: '- (Optional) Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.' settings.ip_configuration.expiration_time: |- - (Optional) The RFC 3339 @@ -133970,10 +152681,11 @@ resources: Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set. + settings.ip_configuration.psc_config.psc_auto_connections: subblock - (Optional) A comma-separated list of networks or a comma-separated list of network-project pairs. Each project in this list is represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be created automatically for the specified networks. settings.ip_configuration.psc_enabled: '- (Optional) Whether PSC connectivity is enabled for this instance.' - settings.ip_configuration.require_ssl: '- (Optional, Deprecated) Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode. It will be fully deprecated in a future major release. For now, please use ssl_mode with a compatible require_ssl value instead.' - settings.ip_configuration.server_ca_mode: '- (Optional) Specify how the server certificate''s Certificate Authority is hosted. Supported value is GOOGLE_MANAGED_INTERNAL_CA.' - settings.ip_configuration.ssl_mode: '- (Optional) Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcement options compared to require_ssl. To change this field, also set the correspoding value in require_ssl.' + settings.ip_configuration.server_ca_mode: '- (Optional) Specify how the server certificate''s Certificate Authority is hosted. Supported values are GOOGLE_MANAGED_INTERNAL_CA and GOOGLE_MANAGED_CAS_CA.' + settings.ip_configuration.server_ca_pool: '- (Optional) The resource name of the server CA pool for an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode.' + settings.ip_configuration.ssl_mode: '- (Optional) Specify how SSL connection should be enforced in DB connections. Supported values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY, and TRUSTED_CLIENT_CERTIFICATE_REQUIRED (not supported for SQL Server). See API reference doc for details.' settings.ip_configuration.value: |- - (Required) A CIDR notation IPv4 or IPv6 address that is allowed to access this instance. Must be set even if other two attributes are not for @@ -134007,7 +152719,7 @@ resources: settings.version: |- - Used to make sure changes to the settings block are atomic. - ssl_mode: field. + terraform plan: outputs "0 to add, 0 to destroy" update: '- Default is 90 minutes.' importStatements: [] google_sql_source_representation_instance: @@ -134198,7 +152910,7 @@ resources: { "database_flags": [ { - "name": "cloudsql_iam_authentication", + "name": "cloudsql.iam_authentication", "value": "on" } ], @@ -134228,7 +152940,7 @@ resources: { "database_flags": [ { - "name": "cloudsql_iam_authentication", + "name": "cloudsql.iam_authentication", "value": "on" } ], @@ -134305,9 +153017,10 @@ resources: type: |- - (Optional) The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags - include "BUILT_IN", "CLOUD_IAM_USER", and "CLOUD_IAM_SERVICE_ACCOUNT" for both - Postgres and MySQL. - MySQL also includes "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT". + include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", + "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for + Postgres + and MySQL. update: '- Default is 10 minutes.' importStatements: [] google_storage_bucket: @@ -134414,13 +153127,23 @@ resources: "name": "no-public-access-bucket", "public_access_prevention": "enforced" } + - name: auto-expire + manifest: |- + { + "force_destroy": true, + "hierarchical_namespace": { + "enabled": true + }, + "location": "US", + "name": "hns-enabled-bucket" + } argumentDocs: action.storage_class: '- (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' action.type: '- The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.' autoclass: '- (Optional) The bucket''s Autoclass configuration. Structure is documented below.' autoclass.enabled: '- (Required) While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object''s access pattern.' autoclass.terminal_storage_class: '- (Optional) The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE.' - condition.age: '- (Optional) Minimum age of an object in days to satisfy this condition. If not supplied alongside another condition and without setting no_age to true, a default age of 0 will be set.' + condition.age: '- (Optional) Minimum age of an object in days to satisfy this condition. Note To set 0 value of age, send_age_if_zero should be set true otherwise 0 value of age field will be ignored.' condition.created_before: '- (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when an object is created before midnight of the specified date in UTC.' condition.custom_time_before: '- (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.' condition.days_since_custom_time: "- (Optional)\tDays since the date set in the customTime metadata for the object. This condition is satisfied when the current date and time is at least the specified number of days after the customTime. Due to a current bug you are unable to set this value to 0 within Terraform. When set to 0 it will be ignored, and your state will treat it as though you supplied no days_since_custom_time condition." @@ -134428,10 +153151,9 @@ resources: condition.matches_prefix: '- (Optional) One or more matching name prefixes to satisfy this condition.' condition.matches_storage_class: '- (Optional) Storage Class of objects to satisfy this condition. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, DURABLE_REDUCED_AVAILABILITY.' condition.matches_suffix: '- (Optional) One or more matching name suffixes to satisfy this condition.' - condition.no_age: '- (Optional, Deprecated) While set true, age value will be omitted from requests. This prevents a default age of 0 from being applied, and if you do not have an age value set, setting this to true is strongly recommended. When unset and other conditions are set to zero values, this can result in a rule that applies your action to all files in the bucket. no_age is deprecated and will be removed in a future major release. Use send_age_if_zero instead.' condition.noncurrent_time_before: '- (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent. Due to a current bug you are unable to set this value to 0 within Terraform. When set to 0 it will be ignored, and your state will treat it as though you supplied no noncurrent_time_before condition.' condition.num_newer_versions: '- (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition. Due to a current bug you are unable to set this value to 0 within Terraform. When set to 0 it will be ignored and your state will treat it as though you supplied no num_newer_versions condition.' - condition.send_age_if_zero: '- (Optional, Default: true) While set true, age value will be sent in the request even for zero value of the field. This field is only useful and required for setting 0 value to the age field. It can be used alone or together with age attribute. NOTE age attibute with 0 value will be ommitted from the API request if send_age_if_zero field is having false value.' + condition.send_age_if_zero: '- (Optional) While set true, age value will be sent in the request even for zero value of the field. This field is only useful and required for setting 0 value to the age field. It can be used alone or together with age attribute. NOTE age attibute with 0 value will be ommitted from the API request if send_age_if_zero field is having false value.' condition.send_days_since_custom_time_if_zero: '- (Optional) While set true, days_since_custom_time value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the days_since_custom_time field. It can be used alone or together with days_since_custom_time.' condition.send_days_since_noncurrent_time_if_zero: '- (Optional) While set true, days_since_noncurrent_time value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the days_since_noncurrent_time field. It can be used alone or together with days_since_noncurrent_time.' condition.send_num_newer_versions_if_zero: '- (Optional) While set true, num_newer_versions value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the num_newer_versions field. It can be used alone or together with num_newer_versions.' @@ -134455,6 +153177,8 @@ resources: - (Optional, Default: false) When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run. + hierarchical_namespace: '- (Optional, ForceNew) The bucket''s hierarchical namespace policy, which defines the bucket capability to handle folders in logical structure. Structure is documented below. To use this configuration, uniform_bucket_level_access must be enabled on bucket.' + hierarchical_namespace.enabled: '- (Required) Enables hierarchical namespace for the bucket.' labels: '- (Optional) A map of key/value label pairs to assign to the bucket.' lifecycle_rule: '- (Optional) The bucket''s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.' lifecycle_rule.action: '- (Required) The Lifecycle Rule''s action configuration. A single block of this type is supported. Structure is documented below.' @@ -134792,6 +153516,78 @@ resources: See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list. importStatements: [] + google_storage_folder: + subCategory: Cloud Storage + description: A Google Cloud Storage Folder. + name: google_storage_folder + title: "" + examples: + - name: folder + manifest: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "name": "parent-folder/" + } + references: + bucket: google_storage_bucket.bucket.name + dependencies: + google_storage_bucket.bucket: |- + { + "hierarchical_namespace": [ + { + "enabled": true + } + ], + "location": "EU", + "name": "my-bucket", + "uniform_bucket_level_access": true + } + - name: subfolder + manifest: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "name": "${google_storage_folder.folder.name}subfolder/" + } + references: + bucket: google_storage_bucket.bucket.name + dependencies: + google_storage_bucket.bucket: |- + { + "hierarchical_namespace": [ + { + "enabled": true + } + ], + "location": "EU", + "name": "my-bucket", + "uniform_bucket_level_access": true + } + argumentDocs: + bucket: |- + - + (Required) + The name of the bucket that contains the folder. + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp at which this folder was created. + delete: '- Default is 20 minutes.' + force_destroy: '- (Optional) If set to true, items within folder if any will be force destroyed.' + id: '- an identifier for the resource with format {{bucket}}/{{name}}' + metageneration: |- + - + The metadata generation of the folder. + name: |- + - + (Required) + The name of the folder expressed as a path. Must include + trailing '/'. For example, example_dir/example_dir2/, example@#/, a-b/d-f/. + self_link: '- The URI of the created resource.' + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp at which this folder was most recently updated. + importStatements: [] google_storage_hmac_key: subCategory: Cloud Storage description: The hmacKeys resource represents an HMAC key within Cloud Storage. @@ -135005,7 +153801,7 @@ resources: object_metadata_report_options.storage_filters: |- - (Optional) - A nested object resource + A nested object resource. Structure is documented below. start_date.day: |- - @@ -135514,6 +154310,7 @@ resources: gcs_data_sink.path: '- (Optional) Root path to transfer objects. Must be an empty string or full path name that ends with a ''/''. This field is treated as an object prefix. As such, it should generally not begin with a ''/''.' gcs_data_source.bucket_name: '- (Required) Google Cloud Storage bucket name.' gcs_data_source.path: '- (Optional) Root path to transfer objects. Must be an empty string or full path name that ends with a ''/''. This field is treated as an object prefix. As such, it should generally not begin with a ''/''.' + hdfs_data_source.path: '- (Required) Root directory path to the filesystem.' http_data_source.list_url: '- (Required) The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.' last_modification_time: '- When the Transfer Job was last modified.' name: '- (Optional) The name of the Transfer Job. This name must start with "transferJobs/" prefix and end with a letter or a number, and should be no more than 128 characters ( transferJobs/^(?!OPI)[A-Za-z0-9-._~]*[A-Za-z0-9]$ ). For transfers involving PosixFilesystem, this name must start with transferJobs/OPI specifically ( transferJobs/OPI^[A-Za-z0-9-._~]*[A-Za-z0-9]$ ). For all other transfer types, this name must not start with transferJobs/OPI. Default the provider will assign a random unique name with transferJobs/{{name}} format, where name is a numeric value.' @@ -135534,6 +154331,11 @@ resources: project: |- - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used. + replication_spec: '- (Optional) Replication specification. Structure documented below. User should not configure schedule, event_stream with this argument. One of transfer_spec, or replication_spec must be specified.' + replication_spec.gcs_data_sink: '- (Optional) A Google Cloud Storage data sink. Structure documented below.' + replication_spec.gcs_data_source: '- (Optional) A Google Cloud Storage data source. Structure documented below.' + replication_spec.object_conditions: '- (Optional) Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects'' last_modification_time do not exclude objects in a data sink. Structure documented below.' + replication_spec.transfer_options: '- (Optional) Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects'' last_modification_time are ignored and do not exclude objects in a data source or a data sink. Structure documented below.' schedule: '- (Optional) Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run. Structure documented below. Either schedule or event_stream must be set.' schedule.repeat_interval: '- (Optional) Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s".' schedule.schedule_end_date: '- (Optional) The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once. Structure documented below.' @@ -135553,11 +154355,12 @@ resources: delete_objects_from_source_after_transfer are mutually exclusive. transfer_options.overwrite_objects_already_existing_in_sink: '- (Optional) Whether overwriting objects that already exist in the sink is allowed.' transfer_options.overwrite_when: '- (Optional) When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwrite_objects_already_existing_in_sink. Possible values: ALWAYS, DIFFERENT, NEVER.' - transfer_spec: '- (Required) Transfer specification. Structure documented below.' + transfer_spec: '- (Optional) Transfer specification. Structure documented below. One of transfer_spec, or replication_spec can be specified.' transfer_spec.aws_s3_data_source: '- (Optional) An AWS S3 data source. Structure documented below.' transfer_spec.azure_blob_storage_data_source: '- (Optional) An Azure Blob Storage data source. Structure documented below.' transfer_spec.gcs_data_sink: '- (Optional) A Google Cloud Storage data sink. Structure documented below.' transfer_spec.gcs_data_source: '- (Optional) A Google Cloud Storage data source. Structure documented below.' + transfer_spec.hdfs_data_source: '- (Optional) An HDFS data source. Structure documented below.' transfer_spec.http_data_source: '- (Optional) A HTTP URL data source. Structure documented below.' transfer_spec.object_conditions: '- (Optional) Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects'' last_modification_time do not exclude objects in a data sink. Structure documented below.' transfer_spec.posix_data_sink: '- (Optional) A POSIX data sink. Structure documented below.' @@ -135577,8 +154380,10 @@ resources: { "location": "us-central1", "parent": "//run.googleapis.com/projects/${data.google_project.project.number}/locations/${google_cloud_run_service.default.location}/services/${google_cloud_run_service.default.name}", - "tag_value": "tagValues/${google_tags_tag_value.value.name}" + "tag_value": "${google_tags_tag_value.value.id}" } + references: + tag_value: google_tags_tag_value.value.id dependencies: google_project.project: |- { @@ -135595,7 +154400,7 @@ resources: google_tags_tag_value.value: |- { "description": "For valuename resources.", - "parent": "tagKeys/${google_tags_tag_key.key.name}", + "parent": "${google_tags_tag_key.key.id}", "short_name": "valuename" } - name: binding @@ -135603,8 +154408,10 @@ resources: { "location": "us-central1-a", "parent": "//compute.googleapis.com/projects/${google_project.project.number}/zones/us-central1-a/instances/${google_compute_instance.instance.instance_id}", - "tag_value": "tagValues/${google_tags_tag_value.value.name}" + "tag_value": "${google_tags_tag_value.value.id}" } + references: + tag_value: google_tags_tag_value.value.id dependencies: google_project.project: |- { @@ -135621,7 +154428,7 @@ resources: google_tags_tag_value.value: |- { "description": "For valuename resources.", - "parent": "tagKeys/${google_tags_tag_key.key.name}", + "parent": "${google_tags_tag_key.key.id}", "short_name": "valuename" } argumentDocs: @@ -135654,11 +154461,14 @@ resources: manifest: |- { "parent": "//cloudresourcemanager.googleapis.com/projects/${google_project.project.number}", - "tag_value": "tagValues/${google_tags_tag_value.value.name}" + "tag_value": "${google_tags_tag_value.value.id}" } + references: + tag_value: google_tags_tag_value.value.id dependencies: google_project.project: |- { + "deletion_policy": "DELETE", "name": "project_id", "org_id": "123456789", "project_id": "project_id" @@ -135672,7 +154482,7 @@ resources: google_tags_tag_value.value: |- { "description": "For valuename resources.", - "parent": "tagKeys/${google_tags_tag_key.key.name}", + "parent": "${google_tags_tag_key.key.id}", "short_name": "valuename" } argumentDocs: @@ -135741,7 +154551,7 @@ resources: - (Required) Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). update: '- Default is 20 minutes.' update_time: |- - @@ -135790,9 +154600,11 @@ resources: manifest: |- { "description": "For valuename resources.", - "parent": "tagKeys/${google_tags_tag_key.key.name}", + "parent": "${google_tags_tag_key.key.id}", "short_name": "valuename" } + references: + parent: google_tags_tag_key.key.id dependencies: google_tags_tag_key.key: |- { @@ -135826,7 +154638,7 @@ resources: - (Required) Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + The short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes ("), backslashes (\), and forward slashes (/). update: '- Default is 20 minutes.' update_time: |- - @@ -136021,6 +154833,90 @@ resources: (Optional) The GCP location for the TPU. If it is not provided, the provider zone is used. importStatements: [] + google_tpu_v2_queued_resource: + subCategory: Cloud TPU v2 + description: A Cloud TPU Queued Resource. + name: google_tpu_v2_queued_resource + title: "" + examples: + - name: qr + manifest: |- + { + "name": "test-qr", + "project": "my-project-name", + "provider": "${google-beta}", + "tpu": [ + { + "node_spec": [ + { + "node": [ + { + "accelerator_type": "v2-8", + "description": "Text description of the TPU.", + "runtime_version": "tpu-vm-tf-2.13.0" + } + ], + "node_id": "test-tpu", + "parent": "projects/my-project-name/locations/us-central1-c" + } + ] + } + ], + "zone": "us-central1-c" + } + references: + provider: google-beta + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{zone}}/queuedResources/{{name}}' + name: |- + - + (Required) + The immutable name of the Queued Resource. + node.accelerator_type: |- + - + (Optional) + TPU accelerator type for the TPU. If not specified, this defaults to 'v2-8'. + node.description: |- + - + (Optional) + Text description of the TPU. + node.runtime_version: |- + - + (Required) + Runtime version for the TPU. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + tpu: |- + - + (Optional) + Defines a TPU resource. + Structure is documented below. + tpu.node_spec: |- + - + (Optional) + The TPU node(s) being requested. + Structure is documented below. + tpu.node_spec.node: |- + - + (Required) + The node. + Structure is documented below. + tpu.node_spec.node_id: |- + - + (Optional) + Unqualified node identifier used to identify the node in the project once provisioned. + tpu.node_spec.parent: |- + - + (Required) + The parent resource name. + zone: |- + - + (Optional) + The GCP location for the Queued Resource. If it is not provided, the provider zone is used. + importStatements: [] google_tpu_v2_vm: subCategory: Cloud TPU v2 description: A Cloud TPU VM instance. @@ -136069,6 +154965,7 @@ resources: "can_ip_forward": true, "enable_external_ips": true, "network": "${google_compute_network.network.id}", + "queue_count": 32, "subnetwork": "${google_compute_subnetwork.subnet.id}" } ], @@ -136154,8 +155051,7 @@ resources: accelerator_config.type: |- - (Required) - Type of TPU. - Possible values are: V2, V3, V4, V5P. + Type of TPU. Please select one of the allowed types: https://cloud.google.com/tpu/docs/reference/rest/v2/AcceleratorConfig#Type accelerator_type: |- - (Optional) @@ -136246,16 +155142,46 @@ resources: - (Optional) The name of the network for the TPU node. It must be a preexisting Google Compute Engine - network. If both network and subnetwork are specified, the given subnetwork must belong - to the given network. If network is not specified, it will be looked up from the - subnetwork if one is provided, or otherwise use "default". + network. If none is provided, "default" will be used. + network_config.queue_count: |- + - + (Optional) + Specifies networking queue count for TPU VM instance's network interface. network_config.subnetwork: |- - (Optional) The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - must belong to the given network. If subnetwork is not specified, the subnetwork with the - same name as the network will be used. + Engine subnetwork. If none is provided, "default" will be used. + network_configs: |- + - + (Optional) + Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. + network_configs.can_ip_forward: |- + - + (Optional) + Allows the TPU node to send and receive packets with non-matching destination or source + IPs. This is required if you plan to use the TPU workers to forward routes. + network_configs.enable_external_ips: |- + - + (Optional) + Indicates that external IP addresses would be associated with the TPU workers. If set to + false, the specified subnetwork or network should have Private Google Access enabled. + network_configs.network: |- + - + (Optional) + The name of the network for the TPU node. It must be a preexisting Google Compute Engine + network. If none is provided, "default" will be used. + network_configs.queue_count: |- + - + (Optional) + Specifies networking queue count for TPU VM instance's network interface. + network_configs.subnetwork: |- + - + (Optional) + The name of the subnetwork for the TPU node. It must be a preexisting Google Compute + Engine subnetwork. If none is provided, "default" will be used. network_endpoints: |- - The network endpoints where TPU workers can be accessed and sent work. It is recommended that @@ -136358,6 +155284,2278 @@ resources: (Optional) The GCP location for the TPU. If it is not provided, the provider zone is used. importStatements: [] + google_transcoder_job: + subCategory: Transcoder + description: Transcoding Job Resource + name: google_transcoder_job + title: "" + examples: + - name: default + manifest: |- + { + "labels": { + "label": "key" + }, + "location": "us-central1", + "template_id": "${google_transcoder_job_template.default.name}" + } + references: + template_id: google_transcoder_job_template.default.name + dependencies: + google_storage_bucket.default: |- + { + "force_destroy": true, + "location": "US", + "name": "transcoder-job", + "public_access_prevention": "enforced", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.example_mp4: |- + { + "bucket": "${google_storage_bucket.default.name}", + "name": "example.mp4", + "source": "./test-fixtures/example.mp4" + } + google_transcoder_job_template.default: |- + { + "config": [ + { + "edit_list": [ + { + "inputs": [ + "input0" + ], + "key": "atom0", + "start_time_offset": "0s" + } + ], + "elementary_streams": [ + { + "key": "video-stream0", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 360, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 495000, + "vbv_size_bits": 550000, + "width_pixels": 640 + } + ] + } + ] + }, + { + "key": "video-stream1", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 720, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 2250000, + "vbv_size_bits": 2500000, + "width_pixels": 1280 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 64000, + "channel_count": 2, + "channel_layout": [ + "fl", + "fr" + ], + "codec": "aac", + "sample_rate_hertz": 48000 + } + ], + "key": "audio-stream0" + } + ], + "inputs": [ + { + "key": "input0", + "uri": "gs://${google_storage_bucket.default.name}/${google_storage_bucket_object.example_mp4.name}" + } + ], + "mux_streams": [ + { + "container": "mp4", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "sd.mp4", + "key": "sd" + }, + { + "container": "mp4", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "hd.mp4", + "key": "hd" + } + ], + "output": [ + { + "uri": "gs://${google_storage_bucket.default.name}/outputs/" + } + ] + } + ], + "job_template_id": "example-job-template", + "labels": { + "label": "key" + }, + "location": "us-central1" + } + - name: default + manifest: |- + { + "config": [ + { + "ad_breaks": [ + { + "start_time_offset": "3.500s" + } + ], + "edit_list": [ + { + "inputs": [ + "input0" + ], + "key": "atom0", + "start_time_offset": "0s" + } + ], + "elementary_streams": [ + { + "key": "video-stream0", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 360, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 495000, + "vbv_size_bits": 550000, + "width_pixels": 640 + } + ] + } + ] + }, + { + "key": "video-stream1", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 720, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 2250000, + "vbv_size_bits": 2500000, + "width_pixels": 1280 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 64000, + "channel_count": 2, + "channel_layout": [ + "fl", + "fr" + ], + "codec": "aac", + "sample_rate_hertz": 48000 + } + ], + "key": "audio-stream0" + } + ], + "inputs": [ + { + "key": "input0", + "uri": "gs://${google_storage_bucket.default.name}/${google_storage_bucket_object.example_mp4.name}" + } + ], + "mux_streams": [ + { + "container": "mp4", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "sd.mp4", + "key": "sd" + }, + { + "container": "mp4", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "hd.mp4", + "key": "hd" + } + ], + "output": [ + { + "uri": "gs://${google_storage_bucket.default.name}/outputs/" + } + ], + "pubsub_destination": [ + { + "topic": "${google_pubsub_topic.transcoder_notifications.id}" + } + ] + } + ], + "labels": { + "label": "key" + }, + "location": "us-central1" + } + references: + config.pubsub_destination.topic: google_pubsub_topic.transcoder_notifications.id + dependencies: + google_pubsub_topic.transcoder_notifications: |- + { + "name": "transcoder-notifications" + } + google_storage_bucket.default: |- + { + "force_destroy": true, + "location": "US", + "name": "transcoder-job", + "public_access_prevention": "enforced", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.example_mp4: |- + { + "bucket": "${google_storage_bucket.default.name}", + "name": "example.mp4", + "source": "./test-fixtures/example.mp4" + } + - name: default + manifest: |- + { + "config": [ + { + "elementary_streams": [ + { + "key": "es_video", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 1000000, + "frame_rate": 60, + "height_pixels": 600, + "profile": "main", + "width_pixels": 800 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 160000, + "channel_count": 2, + "codec": "aac" + } + ], + "key": "es_audio" + } + ], + "encryptions": [ + { + "aes128": [ + {} + ], + "drm_systems": [ + { + "clearkey": [ + {} + ] + } + ], + "id": "aes-128", + "secret_manager_key_source": [ + { + "secret_version": "${google_secret_manager_secret_version.encryption_key.name}" + } + ] + }, + { + "drm_systems": [ + { + "widevine": [ + {} + ] + } + ], + "id": "cenc", + "mpeg_cenc": [ + { + "scheme": "cenc" + } + ], + "secret_manager_key_source": [ + { + "secret_version": "${google_secret_manager_secret_version.encryption_key.name}" + } + ] + }, + { + "drm_systems": [ + { + "widevine": [ + {} + ] + } + ], + "id": "cbcs", + "mpeg_cenc": [ + { + "scheme": "cbcs" + } + ], + "secret_manager_key_source": [ + { + "secret_version": "${google_secret_manager_secret_version.encryption_key.name}" + } + ] + } + ], + "inputs": [ + { + "key": "input0", + "uri": "gs://${google_storage_bucket.default.name}/${google_storage_bucket_object.example_mp4.name}" + } + ], + "manifests": [ + { + "file_name": "manifest_aes128.m3u8", + "mux_streams": [ + "ts_aes128" + ], + "type": "HLS" + }, + { + "file_name": "manifest_cenc.mpd", + "mux_streams": [ + "fmp4_cenc_video", + "fmp4_cenc_audio" + ], + "type": "DASH" + }, + { + "file_name": "manifest_cbcs.mpd", + "mux_streams": [ + "fmp4_cbcs_video", + "fmp4_cbcs_audio" + ], + "type": "DASH" + } + ], + "mux_streams": [ + { + "container": "ts", + "elementary_streams": [ + "es_video", + "es_audio" + ], + "encryption_id": "aes-128", + "key": "ts_aes128", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_video" + ], + "encryption_id": "cenc", + "key": "fmp4_cenc_video", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_audio" + ], + "encryption_id": "cenc", + "key": "fmp4_cenc_audio", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_video" + ], + "encryption_id": "cbcs", + "key": "fmp4_cbcs_video", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_audio" + ], + "encryption_id": "cbcs", + "key": "fmp4_cbcs_audio", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + } + ], + "output": [ + { + "uri": "gs://${google_storage_bucket.default.name}/outputs/" + } + ] + } + ], + "labels": { + "label": "key" + }, + "location": "us-central1", + "provider": "${google-beta}" + } + references: + config.encryptions.secret_manager_key_source.secret_version: google_secret_manager_secret_version.encryption_key.name + provider: google-beta + dependencies: + google_project_service_identity.transcoder: |- + { + "project": "${data.google_project.project.project_id}", + "provider": "${google-beta}", + "service": "transcoder.googleapis.com" + } + google_secret_manager_secret.encryption_key: |- + { + "provider": "${google-beta}", + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "transcoder-encryption-key" + } + google_secret_manager_secret_iam_member.transcoder_encryption_key_accessor: |- + { + "member": "serviceAccount:${google_project_service_identity.transcoder.email}", + "project": "${google_secret_manager_secret.encryption_key.project}", + "provider": "${google-beta}", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.encryption_key.secret_id}" + } + google_secret_manager_secret_version.encryption_key: |- + { + "provider": "${google-beta}", + "secret": "${google_secret_manager_secret.encryption_key.name}", + "secret_data": "4A67F2C1B8E93A4F6D3E7890A1BC23DF" + } + google_storage_bucket.default: |- + { + "force_destroy": true, + "location": "US", + "name": "transcoder-job", + "provider": "${google-beta}", + "public_access_prevention": "enforced", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.example_mp4: |- + { + "bucket": "${google_storage_bucket.default.name}", + "name": "example.mp4", + "provider": "${google-beta}", + "source": "./test-fixtures/example.mp4" + } + - name: default + manifest: |- + { + "config": [ + { + "ad_breaks": [ + { + "start_time_offset": "3.500s" + } + ], + "edit_list": [ + { + "inputs": [ + "input0" + ], + "key": "atom0", + "start_time_offset": "0s" + } + ], + "elementary_streams": [ + { + "key": "video-stream0", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 360, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 495000, + "vbv_size_bits": 550000, + "width_pixels": 640 + } + ] + } + ] + }, + { + "key": "video-stream1", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 720, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 2250000, + "vbv_size_bits": 2500000, + "width_pixels": 1280 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 64000, + "channel_count": 2, + "channel_layout": [ + "fl", + "fr" + ], + "codec": "aac", + "sample_rate_hertz": 48000 + } + ], + "key": "audio-stream0" + } + ], + "inputs": [ + { + "key": "input0", + "uri": "gs://${google_storage_bucket.default.name}/${google_storage_bucket_object.example_mp4.name}" + } + ], + "mux_streams": [ + { + "container": "mp4", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "sd.mp4", + "key": "sd" + }, + { + "container": "mp4", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "hd.mp4", + "key": "hd" + } + ], + "output": [ + { + "uri": "gs://${google_storage_bucket.default.name}/outputs/" + } + ], + "overlays": [ + { + "animations": [ + { + "animation_fade": [ + { + "end_time_offset": "3.500s", + "fade_type": "FADE_IN", + "start_time_offset": "1.500s", + "xy": [ + { + "x": 1, + "y": 0.5 + } + ] + } + ] + } + ], + "image": [ + { + "uri": "gs://${google_storage_bucket.default.name}/${google_storage_bucket_object.overlay_png.name}" + } + ] + } + ] + } + ], + "labels": { + "label": "key" + }, + "location": "us-central1" + } + dependencies: + google_storage_bucket.default: |- + { + "force_destroy": true, + "location": "US", + "name": "transcoder-job", + "public_access_prevention": "enforced", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.example_mp4: |- + { + "bucket": "${google_storage_bucket.default.name}", + "name": "example.mp4", + "source": "./test-fixtures/example.mp4" + } + google_storage_bucket_object.overlay_png: |- + { + "bucket": "${google_storage_bucket.default.name}", + "name": "overlay.png", + "source": "./test-fixtures/overlay.png" + } + - name: default + manifest: |- + { + "config": [ + { + "ad_breaks": [ + { + "start_time_offset": "3.500s" + } + ], + "edit_list": [ + { + "inputs": [ + "input0" + ], + "key": "atom0", + "start_time_offset": "0s" + } + ], + "elementary_streams": [ + { + "key": "video-stream0", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 360, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 495000, + "vbv_size_bits": 550000, + "width_pixels": 640 + } + ] + } + ] + }, + { + "key": "video-stream1", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 720, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 2250000, + "vbv_size_bits": 2500000, + "width_pixels": 1280 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 64000, + "channel_count": 2, + "channel_layout": [ + "fl", + "fr" + ], + "codec": "aac", + "sample_rate_hertz": 48000 + } + ], + "key": "audio-stream0" + } + ], + "inputs": [ + { + "key": "input0", + "uri": "gs://${google_storage_bucket.default.name}/${google_storage_bucket_object.example_mp4.name}" + } + ], + "manifests": [ + { + "file_name": "manifest.m3u8", + "mux_streams": [ + "media-sd", + "media-hd" + ], + "type": "HLS" + }, + { + "file_name": "manifest.mpd", + "mux_streams": [ + "video-only-sd", + "video-only-hd", + "audio-only" + ], + "type": "DASH" + } + ], + "mux_streams": [ + { + "container": "mp4", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "sd.mp4", + "key": "sd" + }, + { + "container": "mp4", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "hd.mp4", + "key": "hd" + }, + { + "container": "ts", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "media-sd.ts", + "key": "media-sd" + }, + { + "container": "ts", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "media-hd.ts", + "key": "media-hd" + }, + { + "container": "fmp4", + "elementary_streams": [ + "video-stream0" + ], + "file_name": "video-only-sd.m4s", + "key": "video-only-sd" + }, + { + "container": "fmp4", + "elementary_streams": [ + "video-stream1" + ], + "file_name": "video-only-hd.m4s", + "key": "video-only-hd" + }, + { + "container": "fmp4", + "elementary_streams": [ + "audio-stream0" + ], + "file_name": "audio-only.m4s", + "key": "audio-only" + } + ], + "output": [ + { + "uri": "gs://${google_storage_bucket.default.name}/outputs/" + } + ] + } + ], + "labels": { + "label": "key" + }, + "location": "us-central1" + } + dependencies: + google_storage_bucket.default: |- + { + "force_destroy": true, + "location": "US", + "name": "transcoder-job", + "public_access_prevention": "enforced", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.example_mp4: |- + { + "bucket": "${google_storage_bucket.default.name}", + "name": "example.mp4", + "source": "./test-fixtures/example.mp4" + } + argumentDocs: + FADE_IN: ': Fade the overlay object into view.' + FADE_OUT: |- + : Fade the overlay object out of view. + Possible values are: FADE_TYPE_UNSPECIFIED, FADE_IN, FADE_OUT. + FADE_TYPE_UNSPECIFIED: ': The fade type is not specified.' + ad_breaks.start_time_offset: |- + - + (Optional) + Start time in seconds for the ad break, relative to the output file timeline + animations.animation_fade: |- + - + (Optional) + Display overlay object with fade animation. + Structure is documented below. + animations.animation_fade.end_time_offset: |- + - + (Optional) + The time to end the fade animation, in seconds. + animations.animation_fade.fade_type: |- + - + (Required) + Required. Type of fade animation: FADE_IN or FADE_OUT. + The possible values are: + animations.animation_fade.start_time_offset: |- + - + (Optional) + The time to start the fade animation, in seconds. + animations.animation_fade.xy: |- + - + (Optional) + Normalized coordinates based on output video resolution. + Structure is documented below. + audio_stream.bitrate_bps: |- + - + (Required) + Audio bitrate in bits per second. + audio_stream.channel_count: |- + - + (Optional) + Number of audio channels. The default is 2. + audio_stream.channel_layout: |- + - + (Optional) + A list of channel names specifying layout of the audio channels. The default is ["fl", "fr"]. + audio_stream.codec: |- + - + (Optional) + The codec for this audio stream. The default is aac. + audio_stream.sample_rate_hertz: |- + - + (Optional) + The audio sample rate in Hertz. The default is 48000. + config: |- + - + (Optional) + The configuration for this template. + Structure is documented below. + config.ad_breaks: |- + - + (Optional) + Ad break. + Structure is documented below. + config.edit_list: |- + - + (Optional) + List of input assets stored in Cloud Storage. + Structure is documented below. + config.elementary_streams: |- + - + (Optional) + List of input assets stored in Cloud Storage. + Structure is documented below. + config.encryptions: |- + - + (Optional) + List of encryption configurations for the content. + Structure is documented below. + config.inputs: |- + - + (Optional) + List of input assets stored in Cloud Storage. + Structure is documented below. + config.manifests: |- + - + (Optional) + Manifest configuration. + Structure is documented below. + config.mux_streams: |- + - + (Optional) + Multiplexing settings for output stream. + Structure is documented below. + config.output: |- + - + (Optional) + Location of output file(s) in a Cloud Storage bucket. + Structure is documented below. + config.overlays: |- + - + (Optional) + List of overlays on the output video, in descending Z-order. + Structure is documented below. + config.pubsub_destination: |- + - + (Optional) + Pub/Sub destination. + Structure is documented below. + create: '- Default is 20 minutes.' + create_time: |- + - + The time the job was created. + delete: '- Default is 20 minutes.' + drm_systems.clearkey: |- + - + (Optional) + Clearkey configuration. + drm_systems.fairplay: |- + - + (Optional) + Fairplay configuration. + drm_systems.playready: |- + - + (Optional) + Playready configuration. + drm_systems.widevine: |- + - + (Optional) + Widevine configuration. + edit_list.inputs: |- + - + (Optional) + List of values identifying files that should be used in this atom. + edit_list.key: |- + - + (Optional) + A unique key for this atom. + edit_list.start_time_offset: |- + - + (Optional) + Start time in seconds for the atom, relative to the input file timeline. The default is 0s. + effective_labels: for all of the labels present on the resource. + elementary_streams.audio_stream: |- + - + (Optional) + Encoding of an audio stream. + Structure is documented below. + elementary_streams.key: |- + - + (Optional) + A unique key for this atom. + elementary_streams.video_stream: |- + - + (Optional) + Encoding of a video stream. + Structure is documented below. + encryptions.aes128: |- + - + (Optional) + Configuration for AES-128 encryption. + encryptions.drm_systems: |- + - + (Optional) + DRM system(s) to use; at least one must be specified. If a DRM system is omitted, it is considered disabled. + Structure is documented below. + encryptions.id: |- + - + (Required) + Identifier for this set of encryption options. + encryptions.mpeg_cenc: |- + - + (Optional) + Configuration for MPEG Common Encryption (MPEG-CENC). + Structure is documented below. + encryptions.sample_aes: |- + - + (Optional) + Configuration for SAMPLE-AES encryption. + encryptions.secret_manager_key_source: |- + - + (Optional) + Configuration for secrets stored in Google Secret Manager. + Structure is documented below. + end_time: |- + - + The time the transcoding finished. + id: '- an identifier for the resource with format {{name}}' + image.uri: |- + - + (Required) + URI of the image in Cloud Storage. For example, gs://bucket/inputs/image.png. + inputs.key: |- + - + (Optional) + A unique key for this input. Must be specified when using advanced mapping and edit lists. + inputs.uri: |- + - + (Optional) + URI of the media. Input files must be at least 5 seconds in duration and stored in Cloud Storage (for example, gs://bucket/inputs/file.mp4). + If empty, the value is populated from Job.input_uri. + labels: |- + - + (Optional) + The labels associated with this job. You can use these to organize and group your jobs. + location: |- + - + (Required) + The location of the transcoding job resource. + manifests.file_name: |- + - + (Optional) + The name of the generated file. The default is manifest. + manifests.mux_streams: |- + - + (Optional) + List of user supplied MuxStream.key values that should appear in this manifest. + manifests.type: |- + - + (Required) + Type of the manifest. + Possible values are: MANIFEST_TYPE_UNSPECIFIED, HLS, DASH. + mpeg_cenc.scheme: |- + - + (Required) + Specify the encryption scheme. + mux_streams.container: |- + - + (Optional) + The container format. The default is mp4. + mux_streams.elementary_streams: |- + - + (Optional) + List of ElementaryStream.key values multiplexed in this stream. + mux_streams.encryption_id: |- + - + (Optional) + Identifier of the encryption configuration to use. + mux_streams.file_name: |- + - + (Optional) + The name of the generated file. + mux_streams.key: |- + - + (Optional) + A unique key for this multiplexed stream. + mux_streams.segment_settings: |- + - + (Optional) + Segment settings for ts, fmp4 and vtt. + Structure is documented below. + name: |- + - + The resource name of the job. + output.uri: |- + - + (Optional) + URI for the output file(s). For example, gs://my-bucket/outputs/. + overlays.animations: |- + - + (Optional) + List of animations. The list should be chronological, without any time overlap. + Structure is documented below. + overlays.image: |- + - + (Optional) + Image overlay. + Structure is documented below. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + pubsub_destination.topic: |- + - + (Optional) + The name of the Pub/Sub topic to publish job completion notification to. For example: projects/{project}/topics/{topic}. + secret_manager_key_source.secret_version: |- + - + (Required) + The name of the Secret Version containing the encryption key in the following format: projects/{project}/secrets/{secret_id}/versions/{version_number}. + segment_settings.segment_duration: |- + - + (Optional) + Duration of the segments in seconds. The default is 6.0s. + start_time: |- + - + The time the transcoding started. + state: |- + - + The current state of the job. + template_id: |- + - + (Optional) + Specify the templateId to use for populating Job.config. + The default is preset/web-hd, which is the only supported preset. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + video_stream.h264: |- + - + (Optional) + H264 codec settings + Structure is documented below. + video_stream.h264.bitrate_bps: |- + - + (Required) + The video bitrate in bits per second. + video_stream.h264.crf_level: |- + - + (Optional) + Target CRF level. The default is 21. + video_stream.h264.entropy_coder: |- + - + (Optional) + The entropy coder to use. The default is cabac. + video_stream.h264.frame_rate: |- + - + (Required) + The target video frame rate in frames per second (FPS). + video_stream.h264.gop_duration: |- + - + (Optional) + Select the GOP size based on the specified duration. The default is 3s. + video_stream.h264.height_pixels: |- + - + (Optional) + The height of the video in pixels. + video_stream.h264.hlg: |- + - + (Optional) + HLG color format setting for H264. + video_stream.h264.pixel_format: |- + - + (Optional) + Pixel format to use. The default is yuv420p. + video_stream.h264.preset: |- + - + (Optional) + Enforces the specified codec preset. The default is veryfast. + video_stream.h264.profile: |- + - + (Optional) + Enforces the specified codec profile. + video_stream.h264.rate_control_mode: |- + - + (Optional) + Specify the mode. The default is vbr. + video_stream.h264.sdr: |- + - + (Optional) + SDR color format setting for H264. + video_stream.h264.vbv_fullness_bits: |- + - + (Optional) + Initial fullness of the Video Buffering Verifier (VBV) buffer in bits. + video_stream.h264.vbv_size_bits: |- + - + (Optional) + Size of the Video Buffering Verifier (VBV) buffer in bits. + video_stream.h264.width_pixels: |- + - + (Optional) + The width of the video in pixels. + xy.x: |- + - + (Optional) + Normalized x coordinate. + xy.y: |- + - + (Optional) + Normalized y coordinate. + importStatements: [] + google_transcoder_job_template: + subCategory: Transcoder + description: Transcoding Job Template Resource + name: google_transcoder_job_template + title: "" + examples: + - name: default + manifest: |- + { + "config": [ + { + "ad_breaks": [ + { + "start_time_offset": "3.500s" + } + ], + "edit_list": [ + { + "inputs": [ + "input0" + ], + "key": "atom0", + "start_time_offset": "0s" + } + ], + "elementary_streams": [ + { + "key": "video-stream0", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 360, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 495000, + "vbv_size_bits": 550000, + "width_pixels": 640 + } + ] + } + ] + }, + { + "key": "video-stream1", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 720, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 2250000, + "vbv_size_bits": 2500000, + "width_pixels": 1280 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 64000, + "channel_count": 2, + "channel_layout": [ + "fl", + "fr" + ], + "codec": "aac", + "sample_rate_hertz": 48000 + } + ], + "key": "audio-stream0" + } + ], + "inputs": [ + { + "key": "input0" + } + ], + "mux_streams": [ + { + "container": "mp4", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "sd.mp4", + "key": "sd" + }, + { + "container": "mp4", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "hd.mp4", + "key": "hd" + } + ] + } + ], + "job_template_id": "example-job-template", + "labels": { + "label": "key" + }, + "location": "us-central1" + } + - name: default + manifest: |- + { + "config": [ + { + "ad_breaks": [ + { + "start_time_offset": "3.500s" + } + ], + "edit_list": [ + { + "inputs": [ + "input0" + ], + "key": "atom0", + "start_time_offset": "0s" + } + ], + "elementary_streams": [ + { + "key": "video-stream0", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 360, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 495000, + "vbv_size_bits": 550000, + "width_pixels": 640 + } + ] + } + ] + }, + { + "key": "video-stream1", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 720, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 2250000, + "vbv_size_bits": 2500000, + "width_pixels": 1280 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 64000, + "channel_count": 2, + "channel_layout": [ + "fl", + "fr" + ], + "codec": "aac", + "sample_rate_hertz": 48000 + } + ], + "key": "audio-stream0" + } + ], + "inputs": [ + { + "key": "input0", + "uri": "gs://example/example.mp4" + } + ], + "mux_streams": [ + { + "container": "mp4", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "sd.mp4", + "key": "sd" + }, + { + "container": "mp4", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "hd.mp4", + "key": "hd" + } + ], + "output": [ + { + "uri": "gs://example/outputs/" + } + ], + "overlays": [ + { + "animations": [ + { + "animation_fade": [ + { + "end_time_offset": "3.500s", + "fade_type": "FADE_IN", + "start_time_offset": "1.500s", + "xy": [ + { + "x": 1, + "y": 0.5 + } + ] + } + ] + } + ], + "image": [ + { + "uri": "gs://example/overlay.png" + } + ] + } + ] + } + ], + "job_template_id": "example-job-template", + "labels": { + "label": "key" + }, + "location": "us-central1" + } + - name: default + manifest: |- + { + "config": [ + { + "elementary_streams": [ + { + "key": "es_video", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 1000000, + "frame_rate": 60, + "height_pixels": 600, + "profile": "main", + "width_pixels": 800 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 160000, + "channel_count": 2, + "codec": "aac" + } + ], + "key": "es_audio" + } + ], + "encryptions": [ + { + "aes128": [ + {} + ], + "drm_systems": [ + { + "clearkey": [ + {} + ] + } + ], + "id": "aes-128", + "secret_manager_key_source": [ + { + "secret_version": "${google_secret_manager_secret_version.encryption_key.name}" + } + ] + }, + { + "drm_systems": [ + { + "widevine": [ + {} + ] + } + ], + "id": "cenc", + "mpeg_cenc": [ + { + "scheme": "cenc" + } + ], + "secret_manager_key_source": [ + { + "secret_version": "${google_secret_manager_secret_version.encryption_key.name}" + } + ] + }, + { + "drm_systems": [ + { + "widevine": [ + {} + ] + } + ], + "id": "cbcs", + "mpeg_cenc": [ + { + "scheme": "cbcs" + } + ], + "secret_manager_key_source": [ + { + "secret_version": "${google_secret_manager_secret_version.encryption_key.name}" + } + ] + } + ], + "manifests": [ + { + "file_name": "manifest_aes128.m3u8", + "mux_streams": [ + "ts_aes128" + ], + "type": "HLS" + }, + { + "file_name": "manifest_cenc.mpd", + "mux_streams": [ + "fmp4_cenc_video", + "fmp4_cenc_audio" + ], + "type": "DASH" + }, + { + "file_name": "manifest_cbcs.mpd", + "mux_streams": [ + "fmp4_cbcs_video", + "fmp4_cbcs_audio" + ], + "type": "DASH" + } + ], + "mux_streams": [ + { + "container": "ts", + "elementary_streams": [ + "es_video", + "es_audio" + ], + "encryption_id": "aes-128", + "key": "ts_aes128", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_video" + ], + "encryption_id": "cenc", + "key": "fmp4_cenc_video", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_audio" + ], + "encryption_id": "cenc", + "key": "fmp4_cenc_audio", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_video" + ], + "encryption_id": "cbcs", + "key": "fmp4_cbcs_video", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + }, + { + "container": "fmp4", + "elementary_streams": [ + "es_audio" + ], + "encryption_id": "cbcs", + "key": "fmp4_cbcs_audio", + "segment_settings": [ + { + "segment_duration": "6s" + } + ] + } + ] + } + ], + "job_template_id": "example-job-template", + "labels": { + "label": "key" + }, + "location": "us-central1" + } + references: + config.encryptions.secret_manager_key_source.secret_version: google_secret_manager_secret_version.encryption_key.name + dependencies: + google_secret_manager_secret.encryption_key: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "transcoder-encryption-key" + } + google_secret_manager_secret_version.encryption_key: |- + { + "secret": "${google_secret_manager_secret.encryption_key.name}", + "secret_data": "4A67F2C1B8E93A4F6D3E7890A1BC23DF" + } + - name: default + manifest: |- + { + "config": [ + { + "ad_breaks": [ + { + "start_time_offset": "3.500s" + } + ], + "edit_list": [ + { + "inputs": [ + "input0" + ], + "key": "atom0", + "start_time_offset": "0s" + } + ], + "elementary_streams": [ + { + "key": "video-stream0", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 360, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 495000, + "vbv_size_bits": 550000, + "width_pixels": 640 + } + ] + } + ] + }, + { + "key": "video-stream1", + "video_stream": [ + { + "h264": [ + { + "bitrate_bps": 550000, + "crf_level": 21, + "entropy_coder": "cabac", + "frame_rate": 60, + "gop_duration": "3s", + "height_pixels": 720, + "pixel_format": "yuv420p", + "preset": "veryfast", + "profile": "high", + "rate_control_mode": "vbr", + "vbv_fullness_bits": 2250000, + "vbv_size_bits": 2500000, + "width_pixels": 1280 + } + ] + } + ] + }, + { + "audio_stream": [ + { + "bitrate_bps": 64000, + "channel_count": 2, + "channel_layout": [ + "fl", + "fr" + ], + "codec": "aac", + "sample_rate_hertz": 48000 + } + ], + "key": "audio-stream0" + } + ], + "inputs": [ + { + "key": "input0", + "uri": "gs://example/example.mp4" + } + ], + "mux_streams": [ + { + "container": "mp4", + "elementary_streams": [ + "video-stream0", + "audio-stream0" + ], + "file_name": "sd.mp4", + "key": "sd" + }, + { + "container": "mp4", + "elementary_streams": [ + "video-stream1", + "audio-stream0" + ], + "file_name": "hd.mp4", + "key": "hd" + } + ], + "output": [ + { + "uri": "gs://example/outputs/" + } + ], + "pubsub_destination": [ + { + "topic": "${google_pubsub_topic.transcoder_notifications.id}" + } + ] + } + ], + "job_template_id": "example-job-template", + "labels": { + "label": "key" + }, + "location": "us-central1" + } + references: + config.pubsub_destination.topic: google_pubsub_topic.transcoder_notifications.id + dependencies: + google_pubsub_topic.transcoder_notifications: |- + { + "name": "transcoder-notifications" + } + argumentDocs: + FADE_IN: ': Fade the overlay object into view.' + FADE_OUT: |- + : Fade the overlay object out of view. + Possible values are: FADE_TYPE_UNSPECIFIED, FADE_IN, FADE_OUT. + FADE_TYPE_UNSPECIFIED: ': The fade type is not specified.' + ad_breaks.start_time_offset: |- + - + (Optional) + Start time in seconds for the ad break, relative to the output file timeline + animations.animation_fade: |- + - + (Optional) + Display overlay object with fade animation. + Structure is documented below. + animations.animation_fade.end_time_offset: |- + - + (Optional) + The time to end the fade animation, in seconds. + animations.animation_fade.fade_type: |- + - + (Required) + Required. Type of fade animation: FADE_IN or FADE_OUT. + The possible values are: + animations.animation_fade.start_time_offset: |- + - + (Optional) + The time to start the fade animation, in seconds. + animations.animation_fade.xy: |- + - + (Optional) + Normalized coordinates based on output video resolution. + Structure is documented below. + audio_stream.bitrate_bps: |- + - + (Required) + Audio bitrate in bits per second. + audio_stream.channel_count: |- + - + (Optional) + Number of audio channels. The default is 2. + audio_stream.channel_layout: |- + - + (Optional) + A list of channel names specifying layout of the audio channels. The default is ["fl", "fr"]. + audio_stream.codec: |- + - + (Optional) + The codec for this audio stream. The default is aac. + audio_stream.sample_rate_hertz: |- + - + (Optional) + The audio sample rate in Hertz. The default is 48000. + config: |- + - + (Optional) + The configuration for this template. + Structure is documented below. + config.ad_breaks: |- + - + (Optional) + Ad break. + Structure is documented below. + config.edit_list: |- + - + (Optional) + List of input assets stored in Cloud Storage. + Structure is documented below. + config.elementary_streams: |- + - + (Optional) + List of input assets stored in Cloud Storage. + Structure is documented below. + config.encryptions: |- + - + (Optional) + List of encryption configurations for the content. + Structure is documented below. + config.inputs: |- + - + (Optional) + List of input assets stored in Cloud Storage. + Structure is documented below. + config.manifests: |- + - + (Optional) + Manifest configuration. + Structure is documented below. + config.mux_streams: |- + - + (Optional) + Multiplexing settings for output stream. + Structure is documented below. + config.output: |- + - + (Optional) + Location of output file(s) in a Cloud Storage bucket. + Structure is documented below. + config.overlays: |- + - + (Optional) + List of overlays on the output video, in descending Z-order. + Structure is documented below. + config.pubsub_destination: |- + - + (Optional) + Pub/Sub destination. + Structure is documented below. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + drm_systems.clearkey: |- + - + (Optional) + Clearkey configuration. + drm_systems.fairplay: |- + - + (Optional) + Fairplay configuration. + drm_systems.playready: |- + - + (Optional) + Playready configuration. + drm_systems.widevine: |- + - + (Optional) + Widevine configuration. + edit_list.inputs: |- + - + (Optional) + List of values identifying files that should be used in this atom. + edit_list.key: |- + - + (Optional) + A unique key for this atom. + edit_list.start_time_offset: |- + - + (Optional) + Start time in seconds for the atom, relative to the input file timeline. The default is 0s. + effective_labels: for all of the labels present on the resource. + elementary_streams.audio_stream: |- + - + (Optional) + Encoding of an audio stream. + Structure is documented below. + elementary_streams.key: |- + - + (Optional) + A unique key for this atom. + elementary_streams.video_stream: |- + - + (Optional) + Encoding of a video stream. + Structure is documented below. + encryptions.aes128: |- + - + (Optional) + Configuration for AES-128 encryption. + encryptions.drm_systems: |- + - + (Optional) + DRM system(s) to use; at least one must be specified. If a DRM system is omitted, it is considered disabled. + Structure is documented below. + encryptions.id: |- + - + (Required) + Identifier for this set of encryption options. + encryptions.mpeg_cenc: |- + - + (Optional) + Configuration for MPEG Common Encryption (MPEG-CENC). + Structure is documented below. + encryptions.sample_aes: |- + - + (Optional) + Configuration for SAMPLE-AES encryption. + encryptions.secret_manager_key_source: |- + - + (Optional) + Configuration for secrets stored in Google Secret Manager. + Structure is documented below. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/jobTemplates/{{job_template_id}}' + image.uri: |- + - + (Required) + URI of the image in Cloud Storage. For example, gs://bucket/inputs/image.png. + inputs.key: |- + - + (Optional) + A unique key for this input. Must be specified when using advanced mapping and edit lists. + inputs.uri: |- + - + (Optional) + URI of the media. Input files must be at least 5 seconds in duration and stored in Cloud Storage (for example, gs://bucket/inputs/file.mp4). + If empty, the value is populated from Job.input_uri. + job_template_id: |- + - + (Required) + ID to use for the Transcoding job template. + labels: |- + - + (Optional) + The labels associated with this job template. You can use these to organize and group your job templates. + location: |- + - + (Required) + The location of the transcoding job template resource. + manifests.file_name: |- + - + (Optional) + The name of the generated file. The default is manifest. + manifests.mux_streams: |- + - + (Optional) + List of user supplied MuxStream.key values that should appear in this manifest. + manifests.type: |- + - + (Required) + Type of the manifest. + Possible values are: MANIFEST_TYPE_UNSPECIFIED, HLS, DASH. + mpeg_cenc.scheme: |- + - + (Required) + Specify the encryption scheme. + mux_streams.container: |- + - + (Optional) + The container format. The default is mp4. + mux_streams.elementary_streams: |- + - + (Optional) + List of ElementaryStream.key values multiplexed in this stream. + mux_streams.encryption_id: |- + - + (Optional) + Identifier of the encryption configuration to use. + mux_streams.file_name: |- + - + (Optional) + The name of the generated file. + mux_streams.key: |- + - + (Optional) + A unique key for this multiplexed stream. + mux_streams.segment_settings: |- + - + (Optional) + Segment settings for ts, fmp4 and vtt. + Structure is documented below. + name: |- + - + The resource name of the job template. + output.uri: |- + - + (Optional) + URI for the output file(s). For example, gs://my-bucket/outputs/. + overlays.animations: |- + - + (Optional) + List of animations. The list should be chronological, without any time overlap. + Structure is documented below. + overlays.image: |- + - + (Optional) + Image overlay. + Structure is documented below. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + pubsub_destination.topic: |- + - + (Optional) + The name of the Pub/Sub topic to publish job completion notification to. For example: projects/{project}/topics/{topic}. + secret_manager_key_source.secret_version: |- + - + (Required) + The name of the Secret Version containing the encryption key in the following format: projects/{project}/secrets/{secret_id}/versions/{version_number}. + segment_settings.segment_duration: |- + - + (Optional) + Duration of the segments in seconds. The default is 6.0s. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + video_stream.h264: |- + - + (Optional) + H264 codec settings + Structure is documented below. + video_stream.h264.bitrate_bps: |- + - + (Required) + The video bitrate in bits per second. + video_stream.h264.crf_level: |- + - + (Optional) + Target CRF level. The default is 21. + video_stream.h264.entropy_coder: |- + - + (Optional) + The entropy coder to use. The default is cabac. + video_stream.h264.frame_rate: |- + - + (Required) + The target video frame rate in frames per second (FPS). + video_stream.h264.gop_duration: |- + - + (Optional) + Select the GOP size based on the specified duration. The default is 3s. + video_stream.h264.height_pixels: |- + - + (Optional) + The height of the video in pixels. + video_stream.h264.hlg: |- + - + (Optional) + HLG color format setting for H264. + video_stream.h264.pixel_format: |- + - + (Optional) + Pixel format to use. The default is yuv420p. + video_stream.h264.preset: |- + - + (Optional) + Enforces the specified codec preset. The default is veryfast. + video_stream.h264.profile: |- + - + (Optional) + Enforces the specified codec profile. + video_stream.h264.rate_control_mode: |- + - + (Optional) + Specify the mode. The default is vbr. + video_stream.h264.sdr: |- + - + (Optional) + SDR color format setting for H264. + video_stream.h264.vbv_fullness_bits: |- + - + (Optional) + Initial fullness of the Video Buffering Verifier (VBV) buffer in bits. + video_stream.h264.vbv_size_bits: |- + - + (Optional) + Size of the Video Buffering Verifier (VBV) buffer in bits. + video_stream.h264.width_pixels: |- + - + (Optional) + The width of the video in pixels. + xy.x: |- + - + (Optional) + Normalized x coordinate. + xy.y: |- + - + (Optional) + Normalized y coordinate. + importStatements: [] google_vertex_ai_dataset: subCategory: Vertex AI description: A collection of DataItems and Annotations on them. @@ -136443,7 +157641,7 @@ resources: "machine_spec": [ { "accelerator_count": 1, - "accelerator_type": "NVIDIA_TESLA_K80", + "accelerator_type": "NVIDIA_TESLA_P4", "machine_type": "n1-standard-4" } ], @@ -136541,9 +157739,29 @@ resources: "location": "us-central1", "name": "endpoint-name", "network": "projects/${data.google_project.project.number}/global/networks/${google_compute_network.vertex_network.name}", - "region": "us-central1" + "predict_request_response_logging_config": [ + { + "bigquery_destination": [ + { + "output_uri": "bq://${data.google_project.project.project_id}.${google_bigquery_dataset.bq_dataset.dataset_id}.request_response_logging" + } + ], + "enabled": true, + "sampling_rate": 0.1 + } + ], + "region": "us-central1", + "traffic_split": "${jsonencode({\n \"12345\" = 100\n })}" } dependencies: + google_bigquery_dataset.bq_dataset: |- + { + "dataset_id": "some_dataset", + "delete_contents_on_destroy": true, + "description": "This is a dataset that requests are logged to", + "friendly_name": "logging dataset", + "location": "US" + } google_compute_global_address.vertex_range: |- { "address_type": "INTERNAL", @@ -136570,6 +157788,40 @@ resources: ], "service": "servicenetworking.googleapis.com" } + - name: endpoint + manifest: |- + { + "description": "A sample vertex endpoint", + "display_name": "sample-endpoint", + "labels": { + "label-one": "value-one" + }, + "location": "us-central1", + "name": "endpoint-name", + "private_service_connect_config": [ + { + "enable_private_service_connect": true, + "enable_secure_private_service_connect": false, + "project_allowlist": [ + "${data.google_project.project.project_id}" + ] + } + ], + "region": "us-central1" + } + - name: endpoint + manifest: |- + { + "dedicated_endpoint_enabled": true, + "description": "A sample vertex endpoint", + "display_name": "sample-endpoint", + "labels": { + "label-one": "value-one" + }, + "location": "us-central1", + "name": "endpoint-name", + "region": "us-central1" + } argumentDocs: automatic_resources.max_replica_count: |- - @@ -136587,10 +157839,21 @@ resources: - (Output) The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided. + bigquery_destination.output_uri: |- + - + (Optional) + BigQuery URI to a project or table, up to 2000 characters long. When only the project is specified, the Dataset and Table is created. When the full table reference is specified, the Dataset must exist and table must not exist. Accepted forms: - BigQuery path. For example: bq://projectId or bq://projectId.bqDatasetId or bq://projectId.bqDatasetId.bqTableId. create: '- Default is 20 minutes.' create_time: |- - Output only. Timestamp when this Endpoint was created. + dedicated_endpoint_dns: |- + - + Output only. DNS of the dedicated endpoint. Will only be populated if dedicatedEndpointEnabled is true. Format: https://{endpointId}.{region}-{projectNumber}.prediction.vertexai.goog. + dedicated_endpoint_enabled: |- + - + (Optional) + If true, the endpoint will be exposed through a dedicated DNS [Endpoint.dedicated_endpoint_dns]. Your request to the dedicated DNS will be isolated from other users' traffic and will have better performance and reliability. Note: Once you enabled dedicated endpoint, you won't be able to send request to the shared DNS {region}-aiplatform.googleapis.com. The limitation will be removed soon. dedicated_resources.autoscaling_metric_specs: |- - (Output) @@ -136721,7 +157984,25 @@ resources: network: |- - (Optional) - The full name of the Google Compute Engine network to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. Format: projects/{project}/global/networks/{network}. Where {project} is a project number, as in 12345, and {network} is network name. + The full name of the Google Compute Engine network to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. Format: projects/{project}/global/networks/{network}. Where {project} is a project number, as in 12345, and {network} is network name. Only one of the fields, network or privateServiceConnectConfig, can be set. + predict_request_response_logging_config: |- + - + (Optional) + Configures the request-response logging for online prediction. + Structure is documented below. + predict_request_response_logging_config.bigquery_destination: |- + - + (Optional) + BigQuery table for logging. If only given a project, a new dataset will be created with name logging__ where will be made BigQuery-dataset-name compatible (e.g. most special characters will become underscores). If no table name is given, a new table will be created with name request_response_logging + Structure is documented below. + predict_request_response_logging_config.enabled: |- + - + (Optional) + If logging is enabled or not. + predict_request_response_logging_config.sampling_rate: |- + - + (Optional) + Percentage of requests to be logged, expressed as a fraction in range(0,1] private_endpoints.explain_http_uri: |- - (Output) @@ -136738,6 +158019,23 @@ resources: - (Output) Output only. The name of the service attachment resource. Populated if private service connect is enabled. + private_service_connect_config: |- + - + (Optional) + Configuration for private service connect. network and privateServiceConnectConfig are mutually exclusive. + Structure is documented below. + private_service_connect_config.enable_private_service_connect: |- + - + (Required) + Required. If true, expose the IndexEndpoint via private service connect. + private_service_connect_config.enable_secure_private_service_connect: |- + - + (Optional) + If set to true, enable secure private service connect with IAM authorization. Otherwise, private service connect will be done without authorization. Note latency will be slightly increased if authorization is enabled. + private_service_connect_config.project_allowlist: |- + - + (Optional) + A list of Projects from which the forwarding rule will target the service attachment. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -136749,6 +158047,15 @@ resources: - The combination of labels configured directly on the resource and default labels configured on the provider. + traffic_split: |- + - + (Optional) + A map from a DeployedModel's id to the percentage of this Endpoint's traffic that should be forwarded to that DeployedModel. + If a DeployedModel's id is not listed in this map, then it receives no traffic. + The traffic percentage values must add up to 100, or map must be empty if the Endpoint is to not accept any traffic at a moment. See + the deployModel example and + documentation for more information. + ~> Note: To set the map to empty, set "{}", apply, and then remove the field from your config. update: '- Default is 20 minutes.' update_time: |- - @@ -137414,6 +158721,7 @@ resources: google_project.project: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "tf-test", "org_id": "123456789", "project_id": "tf-test" @@ -138488,7 +159796,7 @@ resources: Structure is documented below. metadata.contents_delta_uri: |- - - (Required) + (Optional) Allows inserting, updating or deleting the contents of the Matching Engine Index. The string must be a valid Cloud Storage directory path. If this field is set when calling IndexService.UpdateIndex, then no other @@ -138584,14 +159892,14 @@ resources: { "enable_private_service_connect": true, "project_allowlist": [ - "${data.google_project.project.number}" + "${data.google_project.project.name}" ] } ], "region": "us-central1" } references: - private_service_connect_config.project_allowlist: data.google_project.project.number + private_service_connect_config.project_allowlist: data.google_project.project.name - name: index_endpoint manifest: |- { @@ -139223,6 +160531,38 @@ resources: - name: vmw-ext-cluster manifest: |- { + "autoscaling_settings": [ + { + "autoscaling_policies": [ + { + "autoscale_policy_id": "autoscaling-policy", + "consumed_memory_thresholds": [ + { + "scale_in": 20, + "scale_out": 75 + } + ], + "cpu_thresholds": [ + { + "scale_in": 15, + "scale_out": 80 + } + ], + "node_type_id": "standard-72", + "scale_out_size": 1, + "storage_thresholds": [ + { + "scale_in": 20, + "scale_out": 80 + } + ] + } + ], + "cool_down_period": "1800s", + "max_cluster_node_count": 8, + "min_cluster_node_count": 3 + } + ], "name": "ext-cluster", "node_type_configs": [ { @@ -139268,6 +160608,76 @@ resources: ] } argumentDocs: + autoscaling_policies.autoscale_policy_id: '- (Required) The identifier for this object. Format specified above.' + autoscaling_policies.consumed_memory_thresholds: |- + - + (Optional) + Utilization thresholds pertaining to amount of consumed memory. + Structure is documented below. + autoscaling_policies.cpu_thresholds: |- + - + (Optional) + Utilization thresholds pertaining to CPU utilization. + Structure is documented below. + autoscaling_policies.node_type_id: |- + - + (Required) + The canonical identifier of the node type to add or remove. + autoscaling_policies.scale_out_size: |- + - + (Required) + Number of nodes to add to a cluster during a scale-out operation. + Must be divisible by 2 for stretched clusters. + autoscaling_policies.storage_thresholds: |- + - + (Optional) + Utilization thresholds pertaining to amount of consumed storage. + Structure is documented below. + autoscaling_settings: |- + - + (Optional) + Configuration of the autoscaling applied to this cluster + Structure is documented below. + autoscaling_settings.autoscaling_policies: |- + - + (Required) + The map with autoscaling policies applied to the cluster. + The key is the identifier of the policy. + It must meet the following requirements: + autoscaling_settings.cool_down_period: |- + - + (Optional) + The minimum duration between consecutive autoscale operations. + It starts once addition or removal of nodes is fully completed. + Minimum cool down period is 30m. + Cool down period must be in whole minutes (for example, 30m, 31m, 50m). + Mandatory for successful addition of autoscaling settings in cluster. + autoscaling_settings.max_cluster_node_count: |- + - + (Optional) + Maximum number of nodes of any type in a cluster. + Mandatory for successful addition of autoscaling settings in cluster. + autoscaling_settings.min_cluster_node_count: |- + - + (Optional) + Minimum number of nodes of any type in a cluster. + Mandatory for successful addition of autoscaling settings in cluster. + consumed_memory_thresholds.scale_in: |- + - + (Required) + The utilization triggering the scale-in operation in percent. + consumed_memory_thresholds.scale_out: |- + - + (Required) + The utilization triggering the scale-out operation in percent. + cpu_thresholds.scale_in: |- + - + (Required) + The utilization triggering the scale-in operation in percent. + cpu_thresholds.scale_out: |- + - + (Required) + The utilization triggering the scale-out operation in percent. create: '- Default is 210 minutes.' delete: '- Default is 150 minutes.' id: '- an identifier for the resource with format {{parent}}/clusters/{{name}}' @@ -139306,6 +160716,14 @@ resources: state: |- - State of the Cluster. + storage_thresholds.scale_in: |- + - + (Required) + The utilization triggering the scale-in operation in percent. + storage_thresholds.scale_out: |- + - + (Required) + The utilization triggering the scale-out operation in percent. uid: |- - System-generated unique identifier for the resource. @@ -139646,6 +161064,7 @@ resources: google_project.acceptance: |- { "billing_account": "000000-0000000-0000000-000000", + "deletion_policy": "DELETE", "name": "vmw-proj", "org_id": "123456789", "project_id": "vmw-proj" @@ -140023,6 +161442,38 @@ resources: "location": "us-west1-a", "management_cluster": [ { + "autoscaling_settings": [ + { + "autoscaling_policies": [ + { + "autoscale_policy_id": "autoscaling-policy", + "consumed_memory_thresholds": [ + { + "scale_in": 20, + "scale_out": 75 + } + ], + "cpu_thresholds": [ + { + "scale_in": 15, + "scale_out": 80 + } + ], + "node_type_id": "standard-72", + "scale_out_size": 1, + "storage_thresholds": [ + { + "scale_in": 20, + "scale_out": 80 + } + ] + } + ], + "cool_down_period": "1800s", + "max_cluster_node_count": 8, + "min_cluster_node_count": 3 + } + ], "cluster_id": "sample-mgmt-cluster", "node_type_configs": [ { @@ -140054,6 +161505,71 @@ resources: "type": "STANDARD" } argumentDocs: + autoscaling_policies.autoscale_policy_id: '- (Required) The identifier for this object. Format specified above.' + autoscaling_policies.consumed_memory_thresholds: |- + - + (Optional) + Utilization thresholds pertaining to amount of consumed memory. + Structure is documented below. + autoscaling_policies.cpu_thresholds: |- + - + (Optional) + Utilization thresholds pertaining to CPU utilization. + Structure is documented below. + autoscaling_policies.node_type_id: |- + - + (Required) + The canonical identifier of the node type to add or remove. + autoscaling_policies.scale_out_size: |- + - + (Required) + Number of nodes to add to a cluster during a scale-out operation. + Must be divisible by 2 for stretched clusters. + autoscaling_policies.storage_thresholds: |- + - + (Optional) + Utilization thresholds pertaining to amount of consumed storage. + Structure is documented below. + autoscaling_settings.autoscaling_policies: |- + - + (Required) + The map with autoscaling policies applied to the cluster. + The key is the identifier of the policy. + It must meet the following requirements: + autoscaling_settings.cool_down_period: |- + - + (Optional) + The minimum duration between consecutive autoscale operations. + It starts once addition or removal of nodes is fully completed. + Minimum cool down period is 30m. + Cool down period must be in whole minutes (for example, 30m, 31m, 50m). + Mandatory for successful addition of autoscaling settings in cluster. + autoscaling_settings.max_cluster_node_count: |- + - + (Optional) + Maximum number of nodes of any type in a cluster. + Mandatory for successful addition of autoscaling settings in cluster. + autoscaling_settings.min_cluster_node_count: |- + - + (Optional) + Minimum number of nodes of any type in a cluster. + Mandatory for successful addition of autoscaling settings in cluster. + consumed_memory_thresholds.scale_in: |- + - + (Required) + The utilization triggering the scale-in operation in percent. + consumed_memory_thresholds.scale_out: |- + - + (Required) + The utilization triggering the scale-out operation in percent. + cpu_thresholds.scale_in: |- + - + (Required) + The utilization triggering the scale-in operation in percent. + cpu_thresholds.scale_out: |- + - + (Required) + The utilization triggering the scale-out operation in percent. create: '- Default is 240 minutes.' delete: '- Default is 150 minutes.' hcx: |- @@ -140087,6 +161603,12 @@ resources: (Required) The management cluster for this private cloud. This used for creating and managing the default cluster. Structure is documented below. + management_cluster.autoscaling_settings: |- + - + (Optional) + Configuration of the autoscaling applied to this cluster + Private cloud must have a minimum of 3 nodes to add autoscale settings + Structure is documented below. management_cluster.cluster_id: |- - (Required) @@ -140171,28 +161693,36 @@ resources: state: |- - State of the resource. New values may be added to this enum when appropriate. - stretched_cluster_config.deletion_delay_hours: '- (Optional) The number of hours to delay this request. You can set this value to an hour between 0 to 8, where setting it to 0 starts the deletion request immediately. If no value is set, a default value is set at the API Level.' - stretched_cluster_config.description: |- + storage_thresholds.deletion_delay_hours: '- (Optional) The number of hours to delay this request. You can set this value to an hour between 0 to 8, where setting it to 0 starts the deletion request immediately. If no value is set, a default value is set at the API Level.' + storage_thresholds.description: |- - (Optional) User-provided description for this private cloud. + storage_thresholds.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + storage_thresholds.scale_in: |- + - + (Required) + The utilization triggering the scale-in operation in percent. + storage_thresholds.scale_out: |- + - + (Required) + The utilization triggering the scale-out operation in percent. + storage_thresholds.send_deletion_delay_hours_if_zero: '- (Optional) While set true, deletion_delay_hours value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the deletion_delay_hours field. It can be used both alone and together with deletion_delay_hours.' + storage_thresholds.type: |- + - + (Optional) + Initial type of the private cloud. + Possible values are: STANDARD, TIME_LIMITED, STRETCHED. stretched_cluster_config.preferred_location: |- - (Optional) Zone that will remain operational when connection between the two zones is lost. - stretched_cluster_config.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. stretched_cluster_config.secondary_location: |- - (Optional) Additional zone for a higher level of availability and load balancing. - stretched_cluster_config.send_deletion_delay_hours_if_zero: '- (Optional) While set true, deletion_delay_hours value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the deletion_delay_hours field. It can be used both alone and together with deletion_delay_hours.' - stretched_cluster_config.type: |- - - - (Optional) - Initial type of the private cloud. - Possible values are: STANDARD, TIME_LIMITED, STRETCHED. uid: |- - System-generated unique identifier for the resource. @@ -140340,6 +161870,8 @@ resources: manifest: |- { "ip_cidr_range": "10.8.0.0/28", + "max_instances": 3, + "min_instances": 2, "name": "vpc-con", "network": "default" } @@ -140347,6 +161879,8 @@ resources: manifest: |- { "machine_type": "e2-standard-4", + "max_instances": 3, + "min_instances": 2, "name": "vpc-con", "subnet": [ { @@ -140389,8 +161923,7 @@ resources: (Optional) Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by - min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of - max_throughput is discouraged in favor of max_instances. + min_throughput. Only one of max_throughput and max_instances can be specified. The use of max_throughput is discouraged in favor of max_instances. min_instances: |- - (Optional) @@ -140400,8 +161933,8 @@ resources: - (Optional) Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. - Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and - min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. + Only one of min_throughput and min_instances can be specified. The use of min_throughput is discouraged in favor of min_instances. name: |- - (Required) @@ -140672,7 +162205,7 @@ resources: - (Optional) The tag of the container image. If not specified, this defaults to the latest tag. - create: '- Default is 10 minutes.' + create: '- Default is 20 minutes.' create_time: |- - An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ. @@ -140800,7 +162333,9 @@ resources: (Optional) 'Optional. Input only. The owner of this instance after creation. Format: alias@example.com Currently supports one owner only. If not specified, all of - the service account users of your VM instance''s service account can use the instance.' + the service account users of your VM instance''s service account can use the instance. + If specified, sets the access mode to Single user. For more details, see + https://cloud.google.com/vertex-ai/docs/workbench/instances/manage-access-jupyterlab' labels: |- - (Optional) @@ -140992,6 +162527,7 @@ resources: manifest: |- { "call_log_level": "LOG_ERRORS_ONLY", + "deletion_protection": false, "description": "Magic", "labels": { "env": "test" @@ -141030,6 +162566,13 @@ resources: The KMS key used to encrypt workflow and execution data. Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} delete: '- Default is 20 minutes.' + deletion_protection: |- + - (Optional) Whether Terraform will be prevented from destroying the workflow. Defaults to true. + When aterraform destroy or terraform apply would delete the workflow, + the command will fail if this field is not set to false in Terraform state. + When the field is set to true or unset in Terraform state, a terraform apply + or terraform destroy that would delete the workflow will fail. + When the field is set to false, deleting the workflow is allowed. description: |- - (Optional) @@ -141210,6 +162753,11 @@ resources: project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + source_workstation: |- + - + (Optional) + Full resource name of the source workstation from which the workstation's persistent + directories will be cloned from during creation. state: |- - Current state of the workstation. @@ -141503,7 +163051,7 @@ resources: "disable_ssh": false, "machine_type": "e2-standard-4", "vm_tags": { - "tagKeys/${google_tags_tag_key.tag_key1.name}": "tagValues/${google_tags_tag_value.tag_value1.name}" + "${(google_tags_tag_key.tag_key1.id)}": "${google_tags_tag_value.tag_value1.id}" } } ] @@ -141514,6 +163062,7 @@ resources: "label": "key" }, "location": "us-central1", + "max_usable_workstations": 1, "provider": "${google-beta}", "replica_zones": [ "us-central1-a", @@ -141549,7 +163098,7 @@ resources: } google_tags_tag_value.tag_value1: |- { - "parent": "tagKeys/${google_tags_tag_key.tag_key1.name}", + "parent": "${google_tags_tag_key.tag_key1.id}", "provider": "${google-beta}", "short_name": "valuename" } @@ -142027,6 +163576,71 @@ resources: "subnetwork": "${google_compute_subnetwork.default.id}", "workstation_cluster_id": "workstation-cluster" } + - name: default + manifest: |- + { + "allowed_ports": [ + { + "first": 80, + "last": 80 + }, + { + "first": 22, + "last": 22 + }, + { + "first": 1024, + "last": 65535 + } + ], + "host": [ + { + "gce_instance": [ + { + "boot_disk_size_gb": 35, + "disable_public_ip_addresses": true, + "machine_type": "e2-standard-4" + } + ] + } + ], + "location": "us-central1", + "provider": "${google-beta}", + "workstation_cluster_id": "${google_workstations_workstation_cluster.default.workstation_cluster_id}", + "workstation_config_id": "workstation-config" + } + references: + provider: google-beta + workstation_cluster_id: google_workstations_workstation_cluster.default.workstation_cluster_id + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "workstation-cluster", + "provider": "${google-beta}" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.0.0.0/24", + "name": "workstation-cluster", + "network": "${google_compute_network.default.name}", + "provider": "${google-beta}", + "region": "us-central1" + } + google_workstations_workstation_cluster.default: |- + { + "annotations": { + "label-one": "value-one" + }, + "labels": { + "label": "key" + }, + "location": "us-central1", + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "subnetwork": "${google_compute_subnetwork.default.id}", + "workstation_cluster_id": "workstation-cluster" + } argumentDocs: accelerators.count: |- - @@ -142036,6 +163650,19 @@ resources: - (Required) Type of accelerator resource to attach to the instance, for example, "nvidia-tesla-p100". + allowed_ports: |- + - + (Optional) + A list of port ranges specifying single ports or ranges of ports that are externally accessible in the workstation. Allowed ports must be one of 22, 80, or within range 1024-65535. If not specified defaults to ports 22, 80, and ports 1024-65535. + Structure is documented below. + allowed_ports.first: |- + - + (Optional) + Starting port number for the current range of ports. Valid ports are 22, 80, and ports within the range 1024-65535. + allowed_ports.last: |- + - + (Optional) + Ending port number for the current range of ports. Valid ports are 22, 80, and ports within the range 1024-65535. annotations: |- - (Optional) @@ -142301,6 +163928,10 @@ resources: - (Required) The location where the workstation cluster config should reside. + max_usable_workstations: |- + - + (Optional) + Maximum number of workstations under this configuration a user can have workstations.workstation.use permission on. Only enforced on CreateWorkstation API calls on the user issuing the API request. name: |- - Full name of this resource. diff --git a/config/schema.json b/config/schema.json index 5205d1313..ebbd00c62 100644 --- a/config/schema.json +++ b/config/schema.json @@ -1 +1 @@ -{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/google":{"provider":{"version":0,"block":{"attributes":{"access_approval_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_context_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_token":{"type":"string","description_kind":"plain","optional":true},"active_directory_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"add_terraform_attribution_label":{"type":"bool","description_kind":"plain","optional":true},"alloydb_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apigee_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apikeys_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"app_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apphub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"artifact_registry_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"assured_workloads_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"beyondcorp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"big_query_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"biglake_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_analytics_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_connection_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_data_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_datapolicy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_reservation_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigtable_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_project":{"type":"string","description_kind":"plain","optional":true},"binary_authorization_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"blockchain_node_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"certificate_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_asset_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_worker_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_functions_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_identity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_ids_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_quotas_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_scheduler_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_tasks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudbuildv2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddeploy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddomains_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudfunctions2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"composer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"compute_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_analysis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_attached_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_aws_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_azure_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"core_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true},"data_catalog_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_fusion_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_loss_prevention_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_pipeline_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"database_migration_service_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataplex_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_metastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastream_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"default_labels":{"type":["map","string"],"description_kind":"plain","optional":true},"deployment_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_cx_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"discovery_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dns_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_warehouse_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgecontainer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgenetwork_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"essential_contacts_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"eventarc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"filestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebase_app_check_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebaserules_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_backup_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkehub_feature_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkeonprem_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"healthcare_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_beta_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_credentials_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_workforce_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iap_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"identity_platform_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account_delegates":{"type":["list","string"],"description_kind":"plain","optional":true},"integration_connectors_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"integrations_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"kms_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"logging_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"looker_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"memcache_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"migration_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"ml_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"monitoring_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"netapp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_connectivity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_security_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_services_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"notebooks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"org_policy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_config_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_login_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privateca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privileged_access_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_ca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_lite_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"recaptcha_enterprise_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"redis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"request_reason":{"type":"string","description_kind":"plain","optional":true},"request_timeout":{"type":"string","description_kind":"plain","optional":true},"resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"resource_manager_v3_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description_kind":"plain","optional":true},"secret_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"secure_source_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"securityposture_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_networking_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_usage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"site_verification_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"source_repo_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"spanner_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"sql_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_insights_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_location_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"terraform_attribution_label_addition_strategy":{"type":"string","description_kind":"plain","optional":true},"tpu_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"universe_domain":{"type":"string","description_kind":"plain","optional":true},"user_project_override":{"type":"bool","description_kind":"plain","optional":true},"vertex_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vmwareengine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vpc_access_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workbench_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workflows_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"zone":{"type":"string","description_kind":"plain","optional":true}},"block_types":{"batching":{"nesting_mode":"list","block":{"attributes":{"enable_batching":{"type":"bool","description_kind":"plain","optional":true},"send_after":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"resource_schemas":{"google_access_context_manager_access_level":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true},"require_verified_chrome_os":{"type":"bool","description":"If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.","description_kind":"plain","optional":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_level_condition":{"version":0,"block":{"attributes":{"access_level":{"type":"string","description":"The name of the Access Level to add this condition to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_levels":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"access_levels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1}},"description":"The desired Access Levels that should replace all existing Access Levels in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the AccessPolicy. Format: '{{policy_id}}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of this AccessPolicy in the Cloud Resource Hierarchy.\nFormat: 'organizations/{{organization_id}}'","description_kind":"plain","required":true},"scopes":{"type":["list","string"],"description":"Folder or project on which this policy is applicable.\nFormat: 'folders/{{folder_id}}' or 'projects/{{project_number}}'","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Does not affect behavior.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_authorized_orgs_desc":{"version":0,"block":{"attributes":{"asset_type":{"type":"string","description":"The type of entities that need to use the authorization relationship during\nevaluation, such as a device. Valid values are \"ASSET_TYPE_DEVICE\" and\n\"ASSET_TYPE_CREDENTIAL_STRENGTH\". Possible values: [\"ASSET_TYPE_DEVICE\", \"ASSET_TYPE_CREDENTIAL_STRENGTH\"]","description_kind":"plain","optional":true},"authorization_direction":{"type":"string","description":"The direction of the authorization relationship between this organization\nand the organizations listed in the \"orgs\" field. The valid values for this\nfield include the following:\n\nAUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic\nin the organizations listed in the 'orgs' field.\n\nAUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the 'orgs'\nfield to evaluate the traffic in this organization.\n\nFor the authorization relationship to take effect, all of the organizations\nmust authorize and specify the appropriate relationship direction. For\nexample, if organization A authorized organization B and C to evaluate its\ntraffic, by specifying \"AUTHORIZATION_DIRECTION_TO\" as the authorization\ndirection, organizations B and C must specify\n\"AUTHORIZATION_DIRECTION_FROM\" as the authorization direction in their\n\"AuthorizedOrgsDesc\" resource. Possible values: [\"AUTHORIZATION_DIRECTION_TO\", \"AUTHORIZATION_DIRECTION_FROM\"]","description_kind":"plain","optional":true},"authorization_type":{"type":"string","description":"A granular control type for authorization levels. Valid value is \"AUTHORIZATION_TYPE_TRUST\". Possible values: [\"AUTHORIZATION_TYPE_TRUST\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the 'AuthorizedOrgsDesc'. Format:\n'accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}'.\nThe 'authorized_orgs_desc' component must begin with a letter, followed by\nalphanumeric characters or '_'.\nAfter you create an 'AuthorizedOrgsDesc', you cannot change its 'name'.","description_kind":"plain","required":true},"orgs":{"type":["list","string"],"description":"The list of organization ids in this AuthorizedOrgsDesc.\nFormat: 'organizations/\u003corg_number\u003e'\nExample: 'organizations/123456'","description_kind":"plain","optional":true},"parent":{"type":"string","description":"Required. Resource name for the access policy which owns this 'AuthorizedOrgsDesc'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_egress_policy":{"version":0,"block":{"attributes":{"egress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_gcp_user_access_binding":{"version":0,"block":{"attributes":{"access_levels":{"type":["list","string"],"description":"Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\"","description_kind":"plain","required":true},"group_key":{"type":"string","description":"Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\"","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","description_kind":"plain","computed":true},"organization_id":{"type":"string","description":"Required. ID of the parent organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects and VPCs are allowed.\nProject format: 'projects/{projectNumber}'\nVPC network format:\n'//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}'.\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_dry_run_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_dry_run_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_dry_run_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects and VPCs are allowed.\nProject format: 'projects/{projectNumber}'\nVPC network format:\n'//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}'.\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeters":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"service_perimeters":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"set","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1}},"description":"The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain":{"version":0,"block":{"attributes":{"admin":{"type":"string","description":"The name of delegated administrator account used to perform Active Directory operations.\nIf not specified, setupadmin will be used.","description_kind":"plain","optional":true},"authorized_networks":{"type":["set","string"],"description":"The full names of the Google Compute Engine networks the domain instance is connected to. The domain is only available on networks listed in authorizedNetworks.\nIf CIDR subnets overlap between networks, domain creation will fail.","description_kind":"plain","optional":true},"domain_name":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions\nof https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"fqdn":{"type":"string","description":"The fully-qualified domain name of the exposed domain used by clients to connect to the service.\nSimilar to what would be chosen for an Active Directory set up on an internal network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels that can contain user-provided metadata\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"locations":{"type":["list","string"],"description":"Locations where domain needs to be provisioned. [regions][compute/docs/regions-zones/]\ne.g. us-west1 or us-east4 Service supports up to 4 locations at once. Each location will use a /26 block.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique name of the domain using the format: 'projects/{project}/locations/global/domains/{domainName}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger.\nRanges must be unique and non-overlapping with existing subnets in authorizedNetworks","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain_trust":{"version":0,"block":{"attributes":{"domain":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions\nof https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selective_authentication":{"type":"bool","description":"Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.","description_kind":"plain","optional":true},"target_dns_ip_addresses":{"type":["set","string"],"description":"The target DNS server IP addresses which can resolve the remote domain involved in the trust.","description_kind":"plain","required":true},"target_domain_name":{"type":"string","description":"The fully qualified target domain name which will be in trust with the current domain.","description_kind":"plain","required":true},"trust_direction":{"type":"string","description":"The trust direction, which decides if the current domain is trusted, trusting, or both. Possible values: [\"INBOUND\", \"OUTBOUND\", \"BIDIRECTIONAL\"]","description_kind":"plain","required":true},"trust_handshake_secret":{"type":"string","description":"The trust secret used for the handshake with the target domain. This will not be stored.","description_kind":"plain","required":true,"sensitive":true},"trust_type":{"type":"string","description":"The type of trust represented by the trust resource. Possible values: [\"FOREST\", \"EXTERNAL\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_backup":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_id":{"type":"string","description":"The ID of the alloydb backup.","description_kind":"plain","required":true},"cluster_name":{"type":"string","description":"The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).","description_kind":"plain","required":true},"cluster_uid":{"type":"string","description":"Output only. The system-generated UID of the cluster which was used to create this resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Delete time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the backup.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Backup.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"expiry_quantity":{"type":["list",["object",{"retention_count":"number","total_retention_count":"number"}]],"description":"Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy.\nOnce the expiry quantity is over retention, the backup is eligible to be garbage collected.","description_kind":"plain","computed":true},"expiry_time":{"type":"string","description":"Output only. The time at which after the backup is eligible to be garbage collected.\nIt is the duration specified by the backup's retention policy, added to the backup's createTime.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb backup. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb backup should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"size_bytes":{"type":"string","description":"Output only. The size of the backup in bytes.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the backup.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The backup type, which suggests the trigger for the backup. Possible values: [\"TYPE_UNSPECIFIED\", \"ON_DEMAND\", \"AUTOMATED\", \"CONTINUOUS\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_source":{"type":["list",["object",{"backup_name":"string"}]],"description":"Cluster created from backup.","description_kind":"plain","computed":true},"cluster_id":{"type":"string","description":"The ID of the alloydb cluster.","description_kind":"plain","required":true},"cluster_type":{"type":"string","description":"The type of cluster. If not set, defaults to PRIMARY. Default value: \"PRIMARY\" Possible values: [\"PRIMARY\", \"SECONDARY\"]","description_kind":"plain","optional":true},"continuous_backup_info":{"type":["list",["object",{"earliest_restorable_time":"string","enabled_time":"string","encryption_info":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"schedule":["list","string"]}]],"description":"ContinuousBackupInfo describes the continuous backup properties of a cluster.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the cluster should be deleted forcefully.\nDeleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster.\nDeleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = \"FORCE\" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb cluster should reside.","description_kind":"plain","required":true},"migration_source":{"type":["list",["object",{"host_port":"string","reference_id":"string","source_type":"string"}]],"description":"Cluster created via DMS migration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster resource.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation).\nSet to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current serving state of the cluster.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"list","block":{"attributes":{"backup_window":{"type":"string","description":"The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"enabled":{"type":"bool","description":"Whether automated backups are enabled.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to backups created using this configuration.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"quantity_based_retention":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of backups to retain.","description_kind":"plain","optional":true}},"description":"Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"time_based_retention":{"nesting_mode":"list","block":{"attributes":{"retention_period":{"type":"string","description":"The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"block_types":{"start_times":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).","description_kind":"plain"},"min_items":1}},"description":"Weekly schedule for the Backup.","description_kind":"plain"},"max_items":1}},"description":"The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.","description_kind":"plain"},"max_items":1},"continuous_backup_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether continuous backup recovery is enabled. If not set, defaults to true.","description_kind":"plain","optional":true},"recovery_window_days":{"type":"number","description":"The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1}},"description":"The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","optional":true}},"description":"Initial user to setup during cluster creation.","description_kind":"plain"},"max_items":1},"maintenance_update_policy":{"nesting_mode":"list","block":{"block_types":{"maintenance_windows":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Preferred windows to perform maintenance. Currently limited to 1.","description_kind":"plain"}}},"description":"MaintenanceUpdatePolicy defines the policy for system updates.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated IP range for the private IP AlloyDB cluster. For example: \"google-managed-services-default\".\nIf set, the instance IPs for this cluster will be created in the allocated range.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: \"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true}},"description":"Metadata related to network configuration.","description_kind":"plain"},"max_items":1},"psc_config":{"nesting_mode":"list","block":{"attributes":{"psc_enabled":{"type":"bool","description":"Create an instance that allows connections from Private Service Connect endpoints to the instance.","description_kind":"plain","optional":true}},"description":"Configuration for Private Service Connect (PSC) for the cluster.","description_kind":"plain"},"max_items":1},"restore_backup_source":{"nesting_mode":"list","block":{"attributes":{"backup_name":{"type":"string","description":"The name of the backup that this cluster is restored from.","description_kind":"plain","required":true}},"description":"The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"restore_continuous_backup_source":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The name of the source cluster that this cluster is restored from.","description_kind":"plain","required":true},"point_in_time":{"type":"string","description":"The point in time that this cluster is restored to, in RFC 3339 format.","description_kind":"plain","required":true}},"description":"The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"secondary_config":{"nesting_mode":"list","block":{"attributes":{"primary_cluster_name":{"type":"string","description":"Name of the primary cluster must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true}},"description":"Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_instance":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"]","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"database_flags":{"type":["map","string"],"description":"Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Instance.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gce_zone":{"type":"string","description":"The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The ID of the alloydb instance.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"The type of the instance.\nIf the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the 'depends_on' meta-data attribute.\nIf the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY.\nExample: {instance_type = google_alloydb_cluster.\u003csecondary_cluster_name\u003e.cluster_type} instead of {instance_type = SECONDARY}\nIf the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead.\nUse deletion_policy = \"FORCE\" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.\nUsers can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. Possible values: [\"PRIMARY\", \"READ_POOL\", \"SECONDARY\"]","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb instance.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance resource.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"The public IP addresses for the Instance. This is available ONLY when\nnetworkConfig.enablePublicIp is set to true. This is the connection\nendpoint for an end-user application.","description_kind":"plain","computed":true},"reconciling":{"type":"bool","description":"Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the alloydb instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"client_connection_config":{"nesting_mode":"list","block":{"attributes":{"require_connectors":{"type":"bool","description":"Configuration to enforce connectors only (ex: AuthProxy) connections to the database.","description_kind":"plain","optional":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ssl_mode":{"type":"string","description":"SSL mode. Specifies client-server SSL/TLS connection behavior. Possible values: [\"ENCRYPTED_ONLY\", \"ALLOW_UNENCRYPTED_AND_ENCRYPTED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"SSL config option for this instance.","description_kind":"plain"},"max_items":1}},"description":"Client connection specific configurations.","description_kind":"plain"},"max_items":1},"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","optional":true,"computed":true}},"description":"Configurations for the machines that host the underlying database engine.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"enable_public_ip":{"type":"bool","description":"Enabling public ip for the instance. If a user wishes to disable this,\nplease also clear the list of the authorized external networks set on\nthe same instance.","description_kind":"plain","optional":true}},"block_types":{"authorized_external_networks":{"nesting_mode":"list","block":{"attributes":{"cidr_range":{"type":"string","description":"CIDR range for one authorized network of the instance.","description_kind":"plain","optional":true}},"description":"A list of external networks authorized to access this instance. This\nfield is only allowed to be set when 'enable_public_ip' is set to\ntrue.","description_kind":"plain"}}},"description":"Instance level network configuration.","description_kind":"plain"},"max_items":1},"psc_instance_config":{"nesting_mode":"list","block":{"attributes":{"allowed_consumer_projects":{"type":["list","string"],"description":"List of consumer projects that are allowed to create PSC endpoints to service-attachments to this instance.\nThese should be specified as project numbers only.","description_kind":"plain","optional":true},"psc_dns_name":{"type":"string","description":"The DNS name of the instance for PSC connectivity.\nName convention: \u003cuid\u003e.\u003cuid\u003e.\u003cregion\u003e.alloydb-psc.goog","description_kind":"plain","computed":true},"service_attachment_link":{"type":"string","description":"The service attachment created when Private Service Connect (PSC) is enabled for the instance.\nThe name of the resource will be in the format of\n'projects/\u003calloydb-tenant-project-number\u003e/regions/\u003cregion-name\u003e/serviceAttachments/\u003cservice-attachment-name\u003e'","description_kind":"plain","computed":true}},"description":"Configuration for Private Service Connect (PSC) for the instance.","description_kind":"plain"},"max_items":1},"query_insights_config":{"nesting_mode":"list","block":{"attributes":{"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.","description_kind":"plain","optional":true},"query_string_length":{"type":"number","description":"Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"Record application tags for an instance. This flag is turned \"on\" by default.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"Record client address for an instance. Client address is PII information. This flag is turned \"on\" by default.","description_kind":"plain","optional":true}},"description":"Configuration for query insights.","description_kind":"plain"},"max_items":1},"read_pool_config":{"nesting_mode":"list","block":{"attributes":{"node_count":{"type":"number","description":"Read capacity, i.e. number of nodes in a read pool instance.","description_kind":"plain","optional":true}},"description":"Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_user":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"database_roles":{"type":["list","string"],"description":"List of database roles this database user has.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Password for this database user.","description_kind":"plain","optional":true},"user_id":{"type":"string","description":"The database role name of the user.","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The type of this user. Possible values: [\"ALLOYDB_BUILT_IN\", \"ALLOYDB_IAM_USER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_addons_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"advanced_api_ops_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"api_security_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"connectors_platform_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"integration_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"monetization_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1}},"description":"Addon configurations of the Apigee organization.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_endpoint_attachment":{"version":0,"block":{"attributes":{"connection_state":{"type":"string","description":"State of the endpoint attachment connection to the service attachment.","description_kind":"plain","computed":true},"endpoint_attachment_id":{"type":"string","description":"ID of the endpoint attachment.","description_kind":"plain","required":true},"host":{"type":"string","description":"Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the endpoint attachment.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Endpoint Attachment in the following format:\norganizations/{organization}/endpointAttachments/{endpointAttachment}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"service_attachment":{"type":"string","description":"Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_keystore":{"version":0,"block":{"attributes":{"aliases":{"type":["list","string"],"description":"Aliases in this keystore.","description_kind":"plain","computed":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created keystore.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_references":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Optional. A human-readable description of this reference.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"refers":{"type":"string","description":"Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup":{"version":0,"block":{"attributes":{"hostnames":{"type":["list","string"],"description":"Hostnames of the environment group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment group.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment group,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup_attachment":{"version":0,"block":{"attributes":{"envgroup_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'.","description_kind":"plain","required":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment":{"version":0,"block":{"attributes":{"api_proxy_type":{"type":"string","description":"Optional. API Proxy type supported by the environment. The type can be set when creating\nthe Environment and cannot be changed. Possible values: [\"API_PROXY_TYPE_UNSPECIFIED\", \"PROGRAMMABLE\", \"CONFIGURABLE\"]","description_kind":"plain","optional":true,"computed":true},"deployment_type":{"type":"string","description":"Optional. Deployment type supported by the environment. The deployment type can be\nset when creating the environment and cannot be changed. When you enable archive\ndeployment, you will be prevented from performing a subset of actions within the\nenvironment, including:\nManaging the deployment of API proxy or shared flow revisions;\nCreating, updating, or deleting resource files;\nCreating, updating, or deleting target servers. Possible values: [\"DEPLOYMENT_TYPE_UNSPECIFIED\", \"PROXY\", \"ARCHIVE\"]","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the environment.","description_kind":"plain","optional":true},"forward_proxy_uri":{"type":"string","description":"Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of \"http\" or \"https\", and the port must be supplied.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"type":{"type":"string","description":"Types that can be selected for an Environment. Each of the types are\nlimited by capability and capacity. Refer to Apigee's public documentation\nto understand about each of these types in details.\nAn Apigee org can support heterogeneous Environments. Possible values: [\"ENVIRONMENT_TYPE_UNSPECIFIED\", \"BASE\", \"INTERMEDIATE\", \"COMPREHENSIVE\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_config":{"nesting_mode":"list","block":{"attributes":{"current_aggregate_node_count":{"type":"string","description":"The current total number of gateway nodes that each environment currently has across\nall instances.","description_kind":"plain","computed":true},"max_node_count":{"type":"string","description":"The maximum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended maximum number of nodes for that gateway.","description_kind":"plain","optional":true},"min_node_count":{"type":"string","description":"The minimum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended minimum number of nodes for that gateway.","description_kind":"plain","optional":true}},"description":"NodeConfig for setting the min/max number of nodes associated with the environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_iam_binding":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_member":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apigee_environment_keyvaluemaps":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. ID of the key value map.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_keyvaluemaps_entries":{"version":0,"block":{"attributes":{"env_keyvaluemap_id":{"type":"string","description":"The Apigee environment keyvalumaps Id associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}/keyvaluemaps/{{keyvaluemap_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. Resource URI that can be used to identify the scope of the key value map entries.","description_kind":"plain","required":true},"value":{"type":"string","description":"Required. Data or payload that is being retrieved and associated with the unique key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_flowhook":{"version":0,"block":{"attributes":{"continue_on_error":{"type":"bool","description":"Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the flow hook.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"flow_hook_point":{"type":"string","description":"Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the environment","description_kind":"plain","required":true},"sharedflow":{"type":"string","description":"Id of the Sharedflow attaching to a flowhook point.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance":{"version":0,"block":{"attributes":{"consumer_accept_list":{"type":["list","string"],"description":"Optional. Customer accept list represents the list of projects (id/number) on customer\nside that can privately connect to the service attachment. It is an optional field\nwhich the customers can provide during the instance creation. By default, the customer\nproject associated with the Apigee organization will be included to the list.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the instance.","description_kind":"plain","optional":true},"disk_encryption_key_name":{"type":"string","description":"Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the instance.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_range":{"type":"string","description":"IP range represents the customer-provided CIDR block of length 22 that will be used for\nthe Apigee instance creation. This optional range, if provided, should be freely\navailable as part of larger named range the customer has allocated to the Service\nNetworking peering. If this is not provided, Apigee will automatically request for any\navailable /22 CIDR block from Service Networking. The customer should use this CIDR block\nfor configuring their firewall needs to allow traffic from Apigee.\nInput format: \"a.b.c.d/22\"","description_kind":"plain","optional":true},"location":{"type":"string","description":"Required. Compute Engine location where the instance resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource ID of the instance.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"peering_cidr_range":{"type":"string","description":"The size of the CIDR block range that will be reserved by the instance. For valid values,\nsee [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"string","description":"Output only. Port number of the exposed Apigee endpoint.","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Output only. Resource name of the service attachment created for the instance in\nthe format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately\nforward traffic to this service attachment using the PSC endpoints.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance_attachment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_key_cert_file":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"cert":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Private Key content, omit if uploading to truststore","description_kind":"plain","optional":true,"sensitive":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"certs_info":{"nesting_mode":"list","block":{"block_types":{"cert_info":{"nesting_mode":"list","block":{"attributes":{"basic_constraints":{"type":"string","description":"X.509 basic constraints extension.","description_kind":"plain","optional":true,"computed":true},"expiry_date":{"type":"string","description":"X.509 notAfter validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"is_valid":{"type":"string","description":"Flag that specifies whether the certificate is valid. \nFlag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"X.509 issuer.","description_kind":"plain","optional":true,"computed":true},"public_key":{"type":"string","description":"Public key component of the X.509 subject public key info.","description_kind":"plain","optional":true,"computed":true},"serial_number":{"type":"string","description":"X.509 serial number.","description_kind":"plain","optional":true,"computed":true},"sig_alg_name":{"type":"string","description":"X.509 signatureAlgorithm.","description_kind":"plain","optional":true,"computed":true},"subject":{"type":"string","description":"X.509 subject.","description_kind":"plain","optional":true,"computed":true},"subject_alternative_names":{"type":["list","string"],"description":"X.509 subject alternative names (SANs) extension.","description_kind":"plain","optional":true,"computed":true},"valid_from":{"type":"string","description":"X.509 notBefore validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"X.509 version.","description_kind":"plain","optional":true,"computed":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Chain of certificates under this alias.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_pkcs12":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"file":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"filehash":{"type":"string","description":"Hash of the pkcs file","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_self_signed_cert":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias for the key/certificate pair. Values must match the regular expression [\\w\\s-.]{1,255}.\nThis must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either\nthis parameter or the JSON body.","description_kind":"plain","required":true},"cert_validity_in_days":{"type":"number","description":"Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.","description_kind":"plain","optional":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The Apigee environment name","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"string","description":"Key size. Default and maximum value is 2048 bits.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"The Apigee keystore name associated in an Apigee environment","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee environment","description_kind":"plain","required":true},"sig_alg":{"type":"string","description":"Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA","description_kind":"plain","required":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"Common name of the organization. Maximum length is 64 characters.","description_kind":"plain","optional":true},"country_code":{"type":"string","description":"Two-letter country code. Example, IN for India, US for United States of America.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address. Max 255 characters.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"City or town name. Maximum length is 128 characters.","description_kind":"plain","optional":true},"org":{"type":"string","description":"Organization name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"org_unit":{"type":"string","description":"Organization team name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State or district name. Maximum length is 128 characters.","description_kind":"plain","optional":true}},"description":"Subject details.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alternative_dns_names":{"nesting_mode":"list","block":{"attributes":{"subject_alternative_name":{"type":"string","description":"Subject Alternative Name","description_kind":"plain","optional":true}},"description":"List of alternative host names. Maximum length is 255 characters for each value.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_nat_address":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The allocated NAT IP address.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource ID of the NAT address.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the NAT IP address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_organization":{"version":0,"block":{"attributes":{"analytics_region":{"type":"string","description":"Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).","description_kind":"plain","optional":true},"api_consumer_data_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting API consumer data.","description_kind":"plain","optional":true},"api_consumer_data_location":{"type":"string","description":"This field is needed only for customers using non-default data residency regions.\nApigee stores some control plane data only in single region.\nThis field determines which single region Apigee should use.","description_kind":"plain","optional":true},"apigee_project_id":{"type":"string","description":"Output only. Project ID of the Apigee Tenant Project.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"Compute Engine network used for Service Networking to be peered with Apigee runtime instances.\nSee [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).\nValid only when 'RuntimeType' is set to CLOUD. The value can be updated only when there are no runtime instances. For example: \"default\".","description_kind":"plain","optional":true},"billing_type":{"type":"string","description":"Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).","description_kind":"plain","optional":true,"computed":true},"ca_certificate":{"type":"string","description":"Output only. Base64-encoded public certificate for the root CA of the Apigee organization.\nValid only when 'RuntimeType' is CLOUD. A base64-encoded string.","description_kind":"plain","computed":true},"control_plane_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting control plane data that is stored in a multi region.\nOnly used for the data residency region \"US\" or \"EU\".","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the Apigee organization.","description_kind":"plain","optional":true},"disable_vpc_peering":{"type":"bool","description":"Flag that specifies whether the VPC Peering through Private Google Access should be\ndisabled between the consumer network and Apigee. Required if an 'authorizedNetwork'\non the consumer project is not provided, in which case the flag should be set to 'true'.\nValid only when 'RuntimeType' is set to CLOUD. The value must be set before the creation\nof any Apigee runtime instance and can be updated only when there are no runtime instances.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Apigee organization.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Name of the Apigee organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID associated with the Apigee organization.","description_kind":"plain","required":true},"retention":{"type":"string","description":"Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType\nis not EVALUATION). It controls how long Organization data will be retained after the initial delete\noperation completes. During this period, the Organization may be restored to its last known state.\nAfter this period, the Organization will no longer be able to be restored. Default value: \"DELETION_RETENTION_UNSPECIFIED\" Possible values: [\"DELETION_RETENTION_UNSPECIFIED\", \"MINIMUM\"]","description_kind":"plain","optional":true},"runtime_database_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.\nUpdate is not allowed after the organization is created.\nIf not specified, a Google-Managed encryption key will be used.\nValid only when 'RuntimeType' is CLOUD. For example: 'projects/foo/locations/us/keyRings/bar/cryptoKeys/baz'.","description_kind":"plain","optional":true},"runtime_type":{"type":"string","description":"Runtime type of the Apigee organization based on the Apigee subscription purchased. Default value: \"CLOUD\" Possible values: [\"CLOUD\", \"HYBRID\"]","description_kind":"plain","optional":true},"subscription_type":{"type":"string","description":"Output only. Subscription type of the Apigee organization.\nValid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"block_types":{"property":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the property.","description_kind":"plain","optional":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Properties defined in the Apigee organization profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow":{"version":0,"block":{"attributes":{"config_bundle":{"type":"string","description":"Path to the config zip bundle","description_kind":"plain","required":true},"detect_md5hash":{"type":"string","description":"A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_revision_id":{"type":"string","description":"The id of the most recently created revision for this shared flow.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded config bundle.","description_kind":"plain","computed":true},"meta_data":{"type":["list",["object",{"created_at":"string","last_modified_at":"string","sub_type":"string"}]],"description":"Metadata describing the shared flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the shared flow.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee instance.","description_kind":"plain","required":true},"revision":{"type":["list","string"],"description":"A list of revisions of this shared flow.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow_deployment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance","description_kind":"plain","required":true},"revision":{"type":"string","description":"Revision of the Sharedflow to be deployed.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com.","description_kind":"plain","optional":true},"sharedflow_id":{"type":"string","description":"Id of the Sharedflow to be deployed.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sync_authorization":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other.\nUsed internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identities":{"type":["list","string"],"description":"Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'.\n\nThe 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com\n\nYou might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.\n\nThe service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts).","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_target_server":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of this TargetServer.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"host":{"type":"string","description":"The host name this target connects to. Value must be a valid hostname as described by RFC-1123.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_enabled":{"type":"bool","description":"Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive.","description_kind":"plain","required":true},"protocol":{"type":"string","description":"Immutable. The protocol used by this TargetServer. Possible values: [\"HTTP\", \"HTTP2\", \"GRPC_TARGET\", \"GRPC\", \"EXTERNAL_CALLOUT\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"s_sl_info":{"nesting_mode":"list","block":{"attributes":{"ciphers":{"type":["list","string"],"description":"The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3.","description_kind":"plain","optional":true},"client_auth_enabled":{"type":"bool","description":"Enables two-way TLS.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables TLS. If false, neither one-way nor two-way TLS will be enabled.","description_kind":"plain","required":true},"ignore_validation_errors":{"type":"bool","description":"If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails.","description_kind":"plain","optional":true},"key_alias":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert.","description_kind":"plain","optional":true},"key_store":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID of the keystore.","description_kind":"plain","optional":true},"protocols":{"type":["list","string"],"description":"The TLS versioins to be used.","description_kind":"plain","optional":true},"trust_store":{"type":"string","description":"The resource ID of the truststore.","description_kind":"plain","optional":true}},"block_types":{"common_name":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The TLS Common Name string of the certificate.","description_kind":"plain","optional":true},"wildcard_match":{"type":"bool","description":"Indicates whether the cert should be matched against as a wildcard cert.","description_kind":"plain","optional":true}},"description":"The TLS Common Name of the certificate.","description_kind":"plain"},"max_items":1}},"description":"Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apikeys_key":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human-readable display name of this API key. Modifiable by user.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_string":{"type":"string","description":"Output only. An encrypted and signed value held by this key. This field can be accessed only through the `GetKeyString` method.","description_kind":"plain","computed":true,"sensitive":true},"name":{"type":"string","description":"The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. Unique id in UUID4 format.","description_kind":"plain","computed":true}},"block_types":{"restrictions":{"nesting_mode":"list","block":{"block_types":{"android_key_restrictions":{"nesting_mode":"list","block":{"block_types":{"allowed_applications":{"nesting_mode":"list","block":{"attributes":{"package_name":{"type":"string","description":"The package name of the application.","description_kind":"plain","required":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter.","description_kind":"plain","required":true}},"description":"A list of Android applications that are allowed to make API calls with this key.","description_kind":"plain"},"min_items":1}},"description":"The Android apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"api_targets":{"nesting_mode":"list","block":{"attributes":{"methods":{"type":["list","string"],"description":"Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.","description_kind":"plain","required":true}},"description":"A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed.","description_kind":"plain"}},"browser_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_referrers":{"type":["list","string"],"description":"A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The HTTP referrers (websites) that are allowed to use the key.","description_kind":"plain"},"max_items":1},"ios_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_bundle_ids":{"type":["list","string"],"description":"A list of bundle IDs that are allowed when making API calls with this key.","description_kind":"plain","required":true}},"description":"The iOS apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"server_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_ips":{"type":["list","string"],"description":"A list of the caller IP addresses that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The IP addresses of callers that are allowed to use the key.","description_kind":"plain"},"max_items":1}},"description":"Key restrictions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"Identifier of the app.","description_kind":"plain","computed":true},"auth_domain":{"type":"string","description":"The domain to authenticate users with when using App Engine's User API.","description_kind":"plain","optional":true,"computed":true},"code_bucket":{"type":"string","description":"The GCS bucket code is being stored in for this app.","description_kind":"plain","computed":true},"database_type":{"type":"string","description_kind":"plain","optional":true,"computed":true},"default_bucket":{"type":"string","description":"The GCS bucket content is being stored in for this app.","description_kind":"plain","computed":true},"default_hostname":{"type":"string","description":"The default hostname for this app.","description_kind":"plain","computed":true},"gcr_domain":{"type":"string","description":"The GCR domain used for storing managed Docker images for this app.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location_id":{"type":"string","description":"The location to serve the app from.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique name of the app.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID to create the application under.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"The serving status of the app.","description_kind":"plain","optional":true,"computed":true},"url_dispatch_rule":{"type":["list",["object",{"domain":"string","path":"string","service":"string"}]],"description":"A list of dispatch rule blocks. Each block has a domain, path, and service field.","description_kind":"plain","computed":true}},"block_types":{"feature_settings":{"nesting_mode":"list","block":{"attributes":{"split_health_checks":{"type":"bool","description_kind":"plain","required":true}},"description":"A block of optional settings to configure specific App Engine features:","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Adapted for use with the app","description_kind":"plain","optional":true},"oauth2_client_id":{"type":"string","description":"OAuth2 client ID to use for the authentication flow.","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"Hex-encoded SHA-256 hash of the client secret.","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application_url_dispatch_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dispatch_rules":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name to match against. The wildcard \"*\" is supported if specified before a period: \"*.\".\nDefaults to matching all domains: \"*\".","description_kind":"plain","optional":true},"path":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true},"service":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true}},"description":"Rules to match an HTTP request and dispatch that request to a service.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_domain_mapping":{"version":0,"block":{"attributes":{"domain_name":{"type":"string","description":"Relative name of the domain serving the application. Example: example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com.","description_kind":"plain","computed":true},"override_strategy":{"type":"string","description":"Whether the domain creation should override any existing mappings for this domain.\nBy default, overrides are rejected. Default value: \"STRICT\" Possible values: [\"STRICT\", \"OVERRIDE\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_records":{"type":["list",["object",{"name":"string","rrdata":"string","type":"string"}]],"description":"The resource records required to configure this domain mapping. These records must be added to the domain's DNS\nconfiguration in order to serve the application via this domain mapping.","description_kind":"plain","computed":true}},"block_types":{"ssl_settings":{"nesting_mode":"list","block":{"attributes":{"certificate_id":{"type":"string","description":"ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will\nremove SSL support.\nBy default, a managed certificate is automatically created for every domain mapping. To omit SSL support\nor to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be\nauthorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource.\nExample: 12345.","description_kind":"plain","optional":true,"computed":true},"pending_managed_certificate_id":{"type":"string","description":"ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new\nmanaged certificate has been successfully provisioned, the previous SSL state will be preserved. Once the\nprovisioning process completes, the 'certificateId' field will reflect the new managed certificate and this\nfield will be left empty. To remove SSL support while there is still a pending managed certificate, clear the\n'certificateId' field with an update request.","description_kind":"plain","computed":true},"ssl_management_type":{"type":"string","description":"SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned.\nIf 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: [\"AUTOMATIC\", \"MANUAL\"]","description_kind":"plain","required":true}},"description":"SSL configuration for this domain. If unconfigured, this domain will not serve with SSL.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_firewall_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to take if this rule matches. Possible values: [\"UNSPECIFIED_ACTION\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional string description of this rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"A positive integer that defines the order of rule evaluation.\nRules with the lowest priority are evaluated first.\n\nA default rule at priority Int32.MaxValue matches all IPv4 and\nIPv6 traffic when no previous rule matches. Only the action of\nthis rule can be modified by the user.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_range":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_flexible_app_version":{"version":0,"block":{"attributes":{"beta_settings":{"type":["map","string"],"description":"Metadata settings that are supplied to this version to enable beta runtime features.","description_kind":"plain","optional":true},"default_expiration":{"type":"string","description":"Duration that static files should be cached by web proxies and browsers.\nOnly applicable if the corresponding StaticFilesHandler does not specify its own expiration time.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application. As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nManualScaling: B1, B2, B4, B8, B4_1G\nDefaults to F1 for AutomaticScaling and B1 for ManualScaling.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"nobuild_files_regex":{"type":"string","description":"Files that match this pattern will not be built into this version. Only applicable for Go runtimes.","description_kind":"plain","optional":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true,"computed":true},"runtime_channel":{"type":"string","description":"The channel of the runtime to use. Only available for some runtimes.","description_kind":"plain","optional":true},"runtime_main_executable_path":{"type":"string","description":"The path or name of the app's main executable.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource. Can contain numbers, letters, and hyphens.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as\ndefault if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value: \"SERVING\" Possible values: [\"SERVING\", \"STOPPED\"]","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens.\nReserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"api_config":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Action to take when users access resources that require authentication. Default value: \"AUTH_FAIL_ACTION_REDIRECT\" Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Level of login required to access this resource. Default value: \"LOGIN_OPTIONAL\" Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"script":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL to serve the endpoint at.","description_kind":"plain","optional":true}},"description":"Serving configuration for Google Cloud Endpoints.","description_kind":"plain"},"max_items":1},"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The time period that the Autoscaler should wait before it starts collecting information from a new instance.\nThis prevents the autoscaler from collecting information when the instance is initializing,\nduring which the collected usage would not be reliable. Default: 120s","description_kind":"plain","optional":true},"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true,"computed":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"max_total_instances":{"type":"number","description":"Maximum number of instances that should be started to handle requests for this version. Default: 20","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"min_total_instances":{"type":"number","description":"Minimum number of running instances that should be maintained for this version. Default: 2","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"aggregation_window_length":{"type":"string","description":"Period of time over which CPU utilization is calculated.","description_kind":"plain","optional":true},"target_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1.","description_kind":"plain","required":true}},"description":"Target scaling by CPU usage.","description_kind":"plain"},"min_items":1,"max_items":1},"disk_utilization":{"nesting_mode":"list","block":{"attributes":{"target_read_bytes_per_second":{"type":"number","description":"Target bytes read per second.","description_kind":"plain","optional":true},"target_read_ops_per_second":{"type":"number","description":"Target ops read per seconds.","description_kind":"plain","optional":true},"target_write_bytes_per_second":{"type":"number","description":"Target bytes written per second.","description_kind":"plain","optional":true},"target_write_ops_per_second":{"type":"number","description":"Target ops written per second.","description_kind":"plain","optional":true}},"description":"Target scaling by disk usage.","description_kind":"plain"},"max_items":1},"network_utilization":{"nesting_mode":"list","block":{"attributes":{"target_received_bytes_per_second":{"type":"number","description":"Target bytes received per second.","description_kind":"plain","optional":true},"target_received_packets_per_second":{"type":"number","description":"Target packets received per second.","description_kind":"plain","optional":true},"target_sent_bytes_per_second":{"type":"number","description":"Target bytes sent per second.","description_kind":"plain","optional":true},"target_sent_packets_per_second":{"type":"number","description":"Target packets sent per second.","description_kind":"plain","optional":true}},"description":"Target scaling by network usage.","description_kind":"plain"},"max_items":1},"request_utilization":{"nesting_mode":"list","block":{"attributes":{"target_concurrent_requests":{"type":"number","description":"Target number of concurrent requests.","description_kind":"plain","optional":true},"target_request_count_per_second":{"type":"string","description":"Target requests per second.","description_kind":"plain","optional":true}},"description":"Target scaling by request utilization.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"cloud_build_options":{"nesting_mode":"list","block":{"attributes":{"app_yaml_path":{"type":"string","description":"Path to the yaml file used in deployment, used to determine runtime configuration details.","description_kind":"plain","required":true},"cloud_build_timeout":{"type":"string","description":"The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly.","description_kind":"plain"},"max_items":1},"container":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest.\nExamples: \"gcr.io/my-project/image:tag\" or \"gcr.io/my-project/image@digest\"","description_kind":"plain","required":true}},"description":"The Docker image for the container that runs the version.","description_kind":"plain"},"max_items":1},"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"endpoints_api_service":{"nesting_mode":"list","block":{"attributes":{"config_id":{"type":"string","description":"Endpoints service configuration ID as specified by the Service Management API. For example \"2016-09-19r1\".\n\nBy default, the rollout strategy for Endpoints is \"FIXED\". This means that Endpoints starts up with a particular configuration ID.\nWhen a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID\nand is required in this case.\n\nEndpoints also has a rollout strategy called \"MANAGED\". When using this, Endpoints fetches the latest configuration and does not need\nthe configuration ID. In this case, configId must be omitted.","description_kind":"plain","optional":true},"disable_trace_sampling":{"type":"bool","description":"Enable or disable trace sampling. By default, this is set to false for enabled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Endpoints service name which is the name of the \"service\" resource in the Service Management API.\nFor example \"myapi.endpoints.myproject.cloud.goog\"","description_kind":"plain","required":true},"rollout_strategy":{"type":"string","description":"Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value: \"FIXED\" Possible values: [\"FIXED\", \"MANAGED\"]","description_kind":"plain","optional":true}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"max_items":1},"flexible_runtime_settings":{"nesting_mode":"list","block":{"attributes":{"operating_system":{"type":"string","description":"Operating System of the application runtime.","description_kind":"plain","optional":true},"runtime_version":{"type":"string","description":"The runtime version of an App Engine flexible application.","description_kind":"plain","optional":true}},"description":"Runtime settings for App Engine flexible environment.","description_kind":"plain"},"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are\nuploaded as static data and are only served to end users; they cannot be read by the application. If enabled,\nuploads are charged against both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".\nDefault is '0s'","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory.\nThe path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files.\nStatic file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"liveness_check":{"nesting_mode":"list","block":{"attributes":{"check_interval":{"type":"string","description":"Interval between health checks.","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"initial_delay":{"type":"string","description":"The initial delay before starting to execute the checks. Default: \"300s\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before considering the VM healthy. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances.","description_kind":"plain"},"min_items":1,"max_items":1},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"forwarded_ports":{"type":["list","string"],"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain","optional":true},"instance_tag":{"type":"string","description":"Tag to apply to the instance during creation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path.","description_kind":"plain","required":true},"session_affinity":{"type":"bool","description":"Enable session affinity.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path.\n\nIf the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range.\nIf the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network.\nIf the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork.\nIf specified, the subnetwork must exist in the same region as the App Engine flexible environment application.","description_kind":"plain","optional":true}},"description":"Extra network settings","description_kind":"plain"},"max_items":1},"readiness_check":{"nesting_mode":"list","block":{"attributes":{"app_start_timeout":{"type":"string","description":"A maximum time limit on application initialization, measured from moment the application successfully\nreplies to a healthcheck until it is ready to serve traffic. Default: \"300s\"","description_kind":"plain","optional":true},"check_interval":{"type":"string","description":"Interval between health checks. Default: \"5s\".","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before removing traffic. Default: 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before receiving traffic. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation.","description_kind":"plain"},"min_items":1,"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"Number of CPU cores needed.","description_kind":"plain","optional":true},"disk_gb":{"type":"number","description":"Disk size (GB) needed.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) needed.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Unique name for the volume.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Volume size in gigabytes.","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"Underlying volume type, e.g. 'tmpfs'.","description_kind":"plain","required":true}},"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain"}}},"description":"Machine resources for a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_app_engine_service_network_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"network_settings":{"nesting_mode":"list","block":{"attributes":{"ingress_traffic_allowed":{"type":"string","description":"The ingress settings for version or service. Default value: \"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\" Possible values: [\"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\", \"INGRESS_TRAFFIC_ALLOWED_ALL\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB\"]","description_kind":"plain","optional":true}},"description":"Ingress settings for this service. Will apply to all versions.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_service_split_traffic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"migrate_traffic":{"type":"bool","description":"If set to true traffic will be migrated to this version.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"split":{"nesting_mode":"list","block":{"attributes":{"allocations":{"type":["map","string"],"description":"Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.","description_kind":"plain","required":true},"shard_by":{"type":"string","description":"Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values: [\"UNSPECIFIED\", \"COOKIE\", \"IP\", \"RANDOM\"]","description_kind":"plain","optional":true}},"description":"Mapping that defines fractional HTTP traffic diversion to different versions within the service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_standard_app_version":{"version":0,"block":{"attributes":{"app_engine_apis":{"type":"bool","description":"Allows App Engine second generation runtimes to access the legacy bundled services.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nBasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8\nDefaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"threadsafe":{"type":"bool","description":"Whether multiple requests can be dispatched to this version at once.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"standard_scheduler_settings":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances to run for this version. Set to zero to disable minInstances configuration.","description_kind":"plain","optional":true},"target_cpu_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true},"target_throughput_utilization":{"type":"number","description":"Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true}},"description":"Scheduler settings for standard environment.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"basic_scaling":{"nesting_mode":"list","block":{"attributes":{"idle_timeout":{"type":"string","description":"Duration of time after the last request that an instance must wait before the instance is shut down.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum number of instances to create for this version. Must be in the range [1.0, 200.0].","description_kind":"plain","required":true}},"description":"Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"min_items":1,"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"min_items":1,"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as\nstatic data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged\nagainst both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"libraries":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the library. Example \"django\".","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of the library to select, or \"latest\".","description_kind":"plain","optional":true}},"description":"Configuration for third-party Python runtime libraries that are required by the application.","description_kind":"plain"}},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"egress_setting":{"type":"string","description":"The egress setting for the connector, controlling what traffic is diverted through it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apphub_application":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Required. The Application identifier.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. User-defined description of an Application.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-defined name for the Application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Application state. \n Possible values:\n STATE_UNSPECIFIED\nCREATING\nACTIVE\nDELETING","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (in UUID4 format) for the 'Application'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"scope":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Required. Scope Type. \n Possible values:\nREGIONAL Possible values: [\"REGIONAL\"]","description_kind":"plain","required":true}},"description":"Scope of an application.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_service":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-defined description of a Service.","description_kind":"plain","optional":true},"discovered_service":{"type":"string","description":"Immutable. The resource name of the original discovered service.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User-defined name for the Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of a Service. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}/services/{service-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The Service identifier.","description_kind":"plain","required":true},"service_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description":"Properties of an underlying cloud resource that can comprise a Service.","description_kind":"plain","computed":true},"service_reference":{"type":["list",["object",{"uri":"string"}]],"description":"Reference to an underlying networking resource that can comprise a Service.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Service state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (UUID) for the 'Service' in the UUID4\nformat.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_service_project_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"\"Identifier. The resource name of a ServiceProjectAttachment. Format:\\\"projects/{host-project-id}/locations/global/serviceProjectAttachments/{service-project-id}.\\\"\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"\"Immutable. Service project name in the format: \\\"projects/abc\\\"\nor \\\"projects/123\\\". As input, project name with either project id or number\nare accepted. As output, this field will contain project number.\"","description_kind":"plain","optional":true},"service_project_attachment_id":{"type":"string","description":"Required. The service project attachment identifier must contain the project_id of the service project specified in the service_project_attachment.service_project field. Hint: \"projects/{project_id}\"","description_kind":"plain","required":true},"state":{"type":"string","description":"ServiceProjectAttachment state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier (in UUID4 format) for the 'ServiceProjectAttachment'.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_workload":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-defined description of a Workload.","description_kind":"plain","optional":true},"discovered_workload":{"type":"string","description":"Immutable. The resource name of the original discovered workload.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User-defined name for the Workload.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of the Workload. Format:\"projects/{host-project-id}/locations/{location}/applications/{application-id}/workloads/{workload-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Workload state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (UUID) for the 'Workload' in the UUID4 format.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true},"workload_id":{"type":"string","description":"The Workload identifier.","description_kind":"plain","required":true},"workload_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description":"Properties of an underlying compute resource represented by the Workload.","description_kind":"plain","computed":true},"workload_reference":{"type":["list",["object",{"uri":"string"}]],"description":"Reference of an underlying compute resource represented by the Workload.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"cleanup_policies":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Policy action. Possible values: [\"DELETE\", \"KEEP\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"newer_than":{"type":"string","description":"Match versions newer than a duration.","description_kind":"plain","optional":true},"older_than":{"type":"string","description":"Match versions older than a duration.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_prefixes":{"type":["list","string"],"description":"Match versions by tag prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_state":{"type":"string","description":"Match versions by tag status. Default value: \"ANY\" Possible values: [\"TAGGED\", \"UNTAGGED\", \"ANY\"]","description_kind":"plain","optional":true},"version_name_prefixes":{"type":["list","string"],"description":"Match versions by version name prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for matching versions.","description_kind":"plain"},"max_items":1},"most_recent_versions":{"nesting_mode":"list","block":{"attributes":{"keep_count":{"type":"number","description":"Minimum number of versions to keep.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for retaining a minimum number of versions. May only be\nspecified with a Keep action.","description_kind":"plain"},"max_items":1}},"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain"}},"docker_config":{"nesting_mode":"list","block":{"attributes":{"immutable_tags":{"type":"bool","description":"The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.","description_kind":"plain","optional":true}},"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain"},"max_items":1},"maven_config":{"nesting_mode":"list","block":{"attributes":{"allow_snapshot_overwrites":{"type":"bool","description":"The repository with this flag will allow publishing the same\nsnapshot versions.","description_kind":"plain","optional":true},"version_policy":{"type":"string","description":"Version policy defines the versions that the registry will accept. Default value: \"VERSION_POLICY_UNSPECIFIED\" Possible values: [\"VERSION_POLICY_UNSPECIFIED\", \"RELEASE\", \"SNAPSHOT\"]","description_kind":"plain","optional":true}},"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain"},"max_items":1},"remote_repository_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the remote source.","description_kind":"plain","optional":true},"disable_upstream_validation":{"type":"bool","description":"If true, the remote repository upstream and upstream credentials will\nnot be validated.","description_kind":"plain","optional":true}},"block_types":{"apt_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Apt, e.g. '\"debian/dists/buster\"' Possible values: [\"DEBIAN\", \"UBUNTU\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base.","description_kind":"plain","required":true}},"description":"One of the publicly available Apt repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Apt remote repository.","description_kind":"plain"},"max_items":1},"docker_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"DOCKER_HUB\" Possible values: [\"DOCKER_HUB\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://registry-1.docker.io\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Docker remote repository.","description_kind":"plain"},"max_items":1},"maven_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"MAVEN_CENTRAL\" Possible values: [\"MAVEN_CENTRAL\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://repo.maven.apache.org/maven2\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Maven remote repository.","description_kind":"plain"},"max_items":1},"npm_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"NPMJS\" Possible values: [\"NPMJS\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://registry.npmjs.org\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Npm remote repository.","description_kind":"plain"},"max_items":1},"python_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"PYPI\" Possible values: [\"PYPI\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://pypi.io\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Python remote repository.","description_kind":"plain"},"max_items":1},"upstream_credentials":{"nesting_mode":"list","block":{"block_types":{"username_password_credentials":{"nesting_mode":"list","block":{"attributes":{"password_secret_version":{"type":"string","description":"The Secret Manager key version that holds the password to access the\nremote repository. Must be in the format of\n'projects/{project}/secrets/{secret}/versions/{version}'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to access the remote repository.","description_kind":"plain","optional":true}},"description":"Use username and password to access the remote repository.","description_kind":"plain"},"max_items":1}},"description":"The credentials used to access the remote repository.","description_kind":"plain"},"max_items":1},"yum_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Yum. Possible values: [\"CENTOS\", \"CENTOS_DEBUG\", \"CENTOS_VAULT\", \"CENTOS_STREAM\", \"ROCKY\", \"EPEL\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base, e.g. '\"pub/rocky/9/BaseOS/x86_64/os\"'","description_kind":"plain","required":true}},"description":"One of the publicly available Yum repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Yum remote repository.","description_kind":"plain"},"max_items":1}},"description":"Configuration specific for a Remote Repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_repository_config":{"nesting_mode":"list","block":{"block_types":{"upstream_policies":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The user-provided ID of the upstream policy.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"Entries with a greater priority value take precedence in the pull order.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"A reference to the repository resource, for example:\n\"projects/p1/locations/us-central1/repository/repo1\".","description_kind":"plain","optional":true}},"description":"Policies that configure the upstream artifacts distributed by the Virtual\nRepository. Upstream policies cannot be set on a standard repository.","description_kind":"plain"}}},"description":"Configuration specific for a Virtual Repository.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_assured_workloads_workload":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.","description_kind":"plain","optional":true},"compliance_regime":{"type":"string","description":"Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT","description_kind":"plain","required":true},"compliance_status":{"type":["list",["object",{"acknowledged_violation_count":["list","number"],"active_violation_count":["list","number"]}]],"description":"Output only. Count of active Violations in the Workload.","description_kind":"plain","computed":true},"compliant_but_disallowed_services":{"type":["list","string"],"description":"Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Immutable. The Workload creation timestamp.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"ekm_provisioning_response":{"type":["list",["object",{"ekm_provisioning_error_domain":"string","ekm_provisioning_error_mapping":"string","ekm_provisioning_state":"string"}]],"description":"Optional. Represents the Ekm Provisioning State of the given workload.","description_kind":"plain","computed":true},"enable_sovereign_controls":{"type":"bool","description":"Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kaj_enrollment_state":{"type":"string","description":"Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels applied to the workload.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workload.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for the resource","description_kind":"plain","required":true},"partner":{"type":"string","description":"Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN","description_kind":"plain","optional":true},"provisioned_resources_parent":{"type":"string","description":"Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}","description_kind":"plain","optional":true},"resources":{"type":["list",["object",{"resource_id":"number","resource_type":"string"}]],"description":"Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.","description_kind":"plain","computed":true},"saa_enrollment_response":{"type":["list",["object",{"setup_errors":["list","string"],"setup_status":"string"}]],"description":"Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"violation_notifications_enabled":{"type":"bool","description":"Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"kms_settings":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.","description_kind":"plain","required":true},"rotation_period":{"type":"string","description":"Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.","description_kind":"plain","required":true}},"description":"**DEPRECATED** Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.","description_kind":"plain"},"max_items":1},"partner_permissions":{"nesting_mode":"list","block":{"attributes":{"assured_workloads_monitoring":{"type":"bool","description":"Optional. Allow partner to view violation alerts.","description_kind":"plain","optional":true},"data_logs_viewer":{"type":"bool","description":"Allow the partner to view inspectability logs and monitoring violations.","description_kind":"plain","optional":true},"service_access_approver":{"type":"bool","description":"Optional. Allow partner to view access approval logs.","description_kind":"plain","optional":true}},"description":"Optional. Permissions granted to the AW Partner SA account for the customer workload","description_kind":"plain"},"max_items":1},"resource_settings":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"User-assigned resource display name. If not empty it will be used to create a resource with the specified name.","description_kind":"plain","optional":true},"resource_id":{"type":"string","description":"Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER","description_kind":"plain","optional":true}},"description":"Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer\nto https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","optional":true}},"block_types":{"application_endpoint":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Hostname or IP address of the remote application endpoint.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port of the remote application endpoint.","description_kind":"plain","required":true}},"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain"},"min_items":1,"max_items":1},"gateway":{"nesting_mode":"list","block":{"attributes":{"app_gateway":{"type":"string","description":"AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.","description_kind":"plain","required":true},"ingress_port":{"type":"number","description":"Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of hosting used by the gateway. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1\nfor a list of possible values.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description":"Gateway used by the AppConnection.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"principal_info":{"nesting_mode":"list","block":{"block_types":{"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Email address of the service account.","description_kind":"plain","required":true}},"description":"ServiceAccount represents a GCP service account.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_catalog":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the catalog. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the catalog. Only set after the catalog\nis deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this catalog is considered expired. Only set\nafter the catalog is deleted. Only set after the catalog is deleted.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the Catalog should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the Catalog. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last modification time of the catalog. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_database":{"version":0,"block":{"attributes":{"catalog":{"type":"string","description":"The parent catalog.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation time of the database. A timestamp in RFC3339\nUTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the database. Only set after the\ndatabase is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this database is considered expired. Only set\nafter the database is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the database.","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The last modification time of the database. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"location_uri":{"type":"string","description":"Cloud Storage folder URI where the database data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Stores user supplied Hive database parameters. An object containing a\nlist of\"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true}},"description":"Options of a Hive database.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_table":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the table. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"database":{"type":"string","description":"The id of the parent database.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the table. Only set after the\ntable is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The checksum of a table object computed by the server based on the value\nof other fields. It may be sent on update requests to ensure the client\nhas an up-to-date value before proceeding. It is only checked for update\ntable operations.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this table is considered expired. Only set\nafter the table is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The name of the Table. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId}","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type. Possible values: [\"HIVE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last modification time of the table. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"parameters":{"type":["map","string"],"description":"Stores user supplied Hive table parameters. An object containing a\nlist of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"table_type":{"type":"string","description":"Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE.","description_kind":"plain","optional":true}},"block_types":{"storage_descriptor":{"nesting_mode":"list","block":{"attributes":{"input_format":{"type":"string","description":"The fully qualified Java class name of the input format.","description_kind":"plain","optional":true},"location_uri":{"type":"string","description":"Cloud Storage folder URI where the table data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The fully qualified Java class name of the output format.","description_kind":"plain","optional":true}},"description":"Stores physical storage information on the data.","description_kind":"plain"},"max_items":1}},"description":"Options of a Hive table.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the data exchange.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the data exchange.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the data exchange.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_count":{"type":"number","description":"Number of listings contained in the data exchange.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this data exchange.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the data exchange, for example:\n\"projects/myproject/locations/US/dataExchanges/123\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the data exchange.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"Categories of the listing. Up to two categories are allowed.","description_kind":"plain","optional":true},"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (\u0026) and can't start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the listing.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the listing.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description":"The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"location":{"type":"string","description":"The name of the location this data exchange listing.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the listing. e.g. \"projects/myproject/locations/US/dataExchanges/123/listings/456\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the listing.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_access":{"type":"string","description":"Email or URL of the request access of the listing. Subscribers can use this reference to request access.","description_kind":"plain","optional":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset":{"type":"string","description":"Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123","description_kind":"plain","required":true}},"description":"Shared dataset i.e. BigQuery dataset source.","description_kind":"plain"},"min_items":1,"max_items":1},"data_provider":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the data provider.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the data provider.","description_kind":"plain","optional":true}},"description":"Details of the data provider who owns the source data.","description_kind":"plain"},"max_items":1},"publisher":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the listing publisher.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the listing publisher.","description_kind":"plain","optional":true}},"description":"Details of the publisher who owns the listing and who can share the source data.","description_kind":"plain"},"max_items":1},"restricted_export_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, enable restricted export.","description_kind":"plain","optional":true},"restrict_query_result":{"type":"bool","description":"If true, restrict export of query result derived from restricted linked dataset table.","description_kind":"plain","optional":true}},"description":"If set, restricted export configuration will be propagated and enforced on the linked dataset.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_bi_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"LOCATION_DESCRIPTION","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the singleton BI reservation. Reservation names have the form 'projects/{projectId}/locations/{locationId}/biReservation'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"Size of a reservation, in bytes.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The last update timestamp of a reservation.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"preferred_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset in the above project.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The assigned project ID of the project.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"The ID of the table in the above dataset.","description_kind":"plain","optional":true}},"description":"Preferred tables to use BI capacity for.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_capacity_commitment":{"version":0,"block":{"attributes":{"capacity_commitment_id":{"type":"string","description":"The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is\nempty. This field must only contain lower case alphanumeric characters or dashes. The first and last character\ncannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split\nor merged.","description_kind":"plain","optional":true},"commitment_end_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"commitment_start_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true},"enforce_single_admin_project_per_org":{"type":"string","description":"If true, fail the request if another project in the organization has a capacity commitment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123","description_kind":"plain","computed":true},"plan":{"type":"string","description":"Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"renewal_plan":{"type":"string","description":"The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans.","description_kind":"plain","optional":true},"slot_count":{"type":"number","description":"Number of slots in this commitment.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the commitment","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description":"Optional connection id that should be assigned to the created connection.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A descriptive description for the connection","description_kind":"plain","optional":true},"friendly_name":{"type":"string","description":"A descriptive name for the connection","description_kind":"plain","optional":true},"has_credential":{"type":"bool","description":"True if the connection has credential assigned.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key that is used for encryption.\n\nExample: projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key]","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the connection should reside.\nCloud SQL instance must be in the same location as the connection\nwith following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU.\nExamples: US, EU, asia-northeast1, us-central1, europe-west1.\nSpanner Connections same as spanner region\nAWS allowed regions are aws-us-east-1\nAzure allowed regions are azure-eastus2","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the connection in the form of:\n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"block_types":{"access_role":{"nesting_mode":"list","block":{"attributes":{"iam_role_id":{"type":"string","description":"The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection.","description_kind":"plain","required":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role.","description_kind":"plain","computed":true}},"description":"Authentication using Google owned service account to assume into customer's AWS IAM Role.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to Amazon Web Services.","description_kind":"plain"},"max_items":1},"azure":{"nesting_mode":"list","block":{"attributes":{"application":{"type":"string","description":"The name of the Azure Active Directory Application.","description_kind":"plain","computed":true},"client_id":{"type":"string","description":"The client id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"customer_tenant_id":{"type":"string","description":"The id of customer's directory that host the data.","description_kind":"plain","required":true},"federated_application_client_id":{"type":"string","description":"The Azure Application (client) ID where the federated credentials will be hosted.","description_kind":"plain","optional":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"redirect_uri":{"type":"string","description":"The URL user will be redirected to after granting consent during connection setup.","description_kind":"plain","computed":true}},"description":"Container for connection properties specific to Azure.","description_kind":"plain"},"max_items":1},"cloud_resource":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"description":"Container for connection properties for delegation of access to GCP resources.","description_kind":"plain"},"max_items":1},"cloud_spanner":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Cloud Spanner database in the form 'project/instance/database'.","description_kind":"plain","required":true},"database_role":{"type":"string","description":"Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as 'SELECT' and 'INSERT'. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about.","description_kind":"plain","optional":true},"max_parallelism":{"type":"number","description":"Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. 'useParallelism' and 'useDataBoost' must be set when setting max parallelism.","description_kind":"plain","optional":true},"use_data_boost":{"type":"bool","description":"If set, the request will be executed via Spanner independent compute resources. 'use_parallelism' must be set when using data boost.","description_kind":"plain","optional":true},"use_parallelism":{"type":"bool","description":"If parallelism should be used when reading from Cloud Spanner.","description_kind":"plain","optional":true},"use_serverless_analytics":{"type":"bool","description":"If the serverless analytics service should be used to read data from Cloud Spanner. 'useParallelism' must be set when using serverless analytics.","description_kind":"plain","deprecated":true,"optional":true}},"description":"Connection properties specific to Cloud Spanner","description_kind":"plain"},"max_items":1},"cloud_sql":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"Cloud SQL instance ID in the form project:location:instance.","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of the Cloud SQL database. Possible values: [\"DATABASE_TYPE_UNSPECIFIED\", \"POSTGRES\", \"MYSQL\"]","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password for database.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"Username for database.","description_kind":"plain","required":true}},"description":"Cloud SQL properties.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to the Cloud SQL.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"block_types":{"metastore_service_config":{"nesting_mode":"list","block":{"attributes":{"metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId].","description_kind":"plain","optional":true}},"description":"Dataproc Metastore Service configuration for the connection.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name].","description_kind":"plain","optional":true}},"description":"Spark History Server configuration for the connection.","description_kind":"plain"},"max_items":1}},"description":"Container for connection properties to execute stored procedures for Apache Spark. resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection_iam_binding":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_member":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_data_transfer_config":{"version":0,"block":{"attributes":{"data_refresh_window_days":{"type":"number","description":"The number of days to look back to automatically refresh the data.\nFor example, if dataRefreshWindowDays = 10, then every day BigQuery\nreingests data for [today-10, today-1], rather than ingesting data for\njust [today-1]. Only valid if the data source supports the feature.\nSet the value to 0 to use the default value.","description_kind":"plain","optional":true},"data_source_id":{"type":"string","description":"The data source id. Cannot be changed once the transfer config is created.","description_kind":"plain","required":true},"destination_dataset_id":{"type":"string","description":"The BigQuery target dataset id.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"When set to true, no runs are scheduled for a given transfer.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The user specified display name for the transfer config.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the transfer config. Transfer config names have the\nform projects/{projectId}/locations/{location}/transferConfigs/{configId}\nor projects/{projectId}/transferConfigs/{configId},\nwhere configId is usually a uuid, but this is not required.\nThe name is ignored when creating a transfer config.","description_kind":"plain","computed":true},"notification_pubsub_topic":{"type":"string","description":"Pub/Sub topic where notifications will be sent after transfer runs\nassociated with this transfer config finish.","description_kind":"plain","optional":true},"params":{"type":["map","string"],"description":"Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer'\nsection for each data source. For example the parameters for Cloud Storage transfers are listed here:\nhttps://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq\n\n**NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Data transfer schedule. If the data source does not support a custom\nschedule, this should be empty. If it is empty, the default value for\nthe data source will be used. The specified times are in UTC. Examples\nof valid format: 1st,3rd monday of month 15:30, every wed,fri of jan,\njun 13:15, and first sunday of quarter 00:00. See more explanation\nabout the format here:\nhttps://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format\nNOTE: The minimum interval time between recurring transfers depends\non the data source; refer to the documentation for your data source.","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"Service account email. If this field is set, transfer config will\nbe created with this service account credentials. It requires that\nrequesting user calling this API has permissions to act as this service account.","description_kind":"plain","optional":true}},"block_types":{"email_preferences":{"nesting_mode":"list","block":{"attributes":{"enable_failure_email":{"type":"bool","description":"If true, email notifications will be sent on transfer run failures.","description_kind":"plain","required":true}},"description":"Email notifications will be sent according to these preferences to the\nemail address of the user who owns this transfer config.","description_kind":"plain"},"max_items":1},"schedule_options":{"nesting_mode":"list","block":{"attributes":{"disable_auto_scheduling":{"type":"bool","description":"If true, automatic scheduling of data transfer runs for this\nconfiguration will be disabled. The runs can be started on ad-hoc\nbasis using transferConfigs.startManualRuns API. When automatic\nscheduling is disabled, the TransferConfig.schedule field will\nbe ignored.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Defines time to stop scheduling transfer runs. A transfer run cannot be\nscheduled at or after the end time. The end time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Specifies time to start scheduling transfer runs. The first run will be\nscheduled at or after the start time according to a recurrence pattern\ndefined in the schedule string. The start time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true}},"description":"Options customizing the data transfer schedule.","description_kind":"plain"},"max_items":1},"sensitive_params":{"nesting_mode":"list","block":{"attributes":{"secret_access_key":{"type":"string","description":"The Secret Access Key of the AWS account transferring data from.","description_kind":"plain","required":true,"sensitive":true}},"description":"Different parameters are configured primarily using the the 'params' field on this\nresource. This block contains the parameters which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key\nin the 'params' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description":"User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.","description_kind":"plain","required":true},"data_policy_type":{"type":"string","description":"The enrollment level of the service. Possible values: [\"COLUMN_LEVEL_SECURITY_POLICY\", \"DATA_MASKING_POLICY\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location of the data policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description":"Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_masking_policy":{"nesting_mode":"list","block":{"attributes":{"predefined_expression":{"type":"string","description":"The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values: [\"SHA256\", \"ALWAYS_NULL\", \"DEFAULT_MASKING_VALUE\", \"LAST_FOUR_CHARACTERS\", \"FIRST_FOUR_CHARACTERS\", \"EMAIL_MASK\", \"DATE_YEAR_MASK\"]","description_kind":"plain","optional":true},"routine":{"type":"string","description":"The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.","description_kind":"plain","optional":true}},"description":"The data masking policy that specifies the data masking rule to use.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_binding":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_member":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","optional":true,"computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","optional":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","optional":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","optional":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_tags":{"type":["map","string"],"description":"The tags attached to this table. Tag keys are globally unique. Tag key is expected to be\nin the namespaced format, for example \"123456789012/environment\" where 123456789012 is the\nID of the parent organization or project resource for this tag key. Tag value is expected\nto be the short name, for example \"Production\". See [Tag definitions](/iam/docs/tags-access-control#definitions)\nfor more details.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access":{"nesting_mode":"set","block":{"attributes":{"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles\nare supported. Predefined roles that have equivalent basic roles\nare swapped by the API to their basic counterparts. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n* 'projectOwners': Owners of the enclosing project.\n* 'projectReaders': Readers of the enclosing project.\n* 'projectWriters': Writers of the enclosing project.\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain"}},"default_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination\nBigQuery table. The BigQuery Service Account associated with your project requires\naccess to this encryption key.","description_kind":"plain","required":true}},"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain"},"max_items":1},"external_dataset_reference":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"The connection id that is used to access the externalSource.\nFormat: projects/{projectId}/locations/{locationId}/connections/{connectionId}","description_kind":"plain","required":true},"external_source":{"type":"string","description":"External source that backs this dataset.","description_kind":"plain","required":true}},"description":"Information about the external metadata storage where the dataset is defined.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_dataset_access":{"version":0,"block":{"attributes":{"api_updated_member":{"type":"bool","description":"If true, represents that that the iam_member in the config was translated to a different member type by the API, and is stored in state as a different member type","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles are\nsupported. Predefined roles that have equivalent basic roles are\nswapped by the API to their basic counterparts, and will show a diff\npost-create. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n* 'projectOwners': Owners of the enclosing project.\n* 'projectReaders': Readers of the enclosing project.\n* 'projectWriters': Writers of the enclosing project.\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_job":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description":"The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"job_timeout_ms":{"type":"string","description":"Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job.","description_kind":"plain","optional":true},"job_type":{"type":"string","description":"The type of the job.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this job. You can use these to organize and group your jobs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location of the job. The default value is US.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"error_result":["list",["object",{"location":"string","message":"string","reason":"string"}]],"errors":["list",["object",{"location":"string","message":"string","reason":"string"}]],"state":"string"}]],"description":"The status of this job. Examine this value when polling an asynchronous job to see if the job is complete.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"user_email":{"type":"string","description":"Email address of the user who ran the job.","description_kind":"plain","computed":true}},"block_types":{"copy":{"nesting_mode":"list","block":{"attributes":{"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table.","description_kind":"plain"},"max_items":1},"source_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Source tables to copy.","description_kind":"plain"},"min_items":1}},"description":"Copies a table.","description_kind":"plain"},"max_items":1},"extract":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE.\nThe default value is NONE. DEFLATE and SNAPPY are only supported for Avro.","description_kind":"plain","optional":true},"destination_format":{"type":"string","description":"The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models.\nThe default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV.\nThe default value for models is SAVED_MODEL.","description_kind":"plain","optional":true,"computed":true},"destination_uris":{"type":["list","string"],"description":"A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written.","description_kind":"plain","required":true},"field_delimiter":{"type":"string","description":"When extracting data in CSV format, this defines the delimiter to use between fields in the exported data.\nDefault is ','","description_kind":"plain","optional":true,"computed":true},"print_header":{"type":"bool","description":"Whether to print out a header row in the results. Default is true.","description_kind":"plain","optional":true},"use_avro_logical_types":{"type":"bool","description":"Whether to use logical types when extracting to AVRO format.","description_kind":"plain","optional":true}},"block_types":{"source_model":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this model.","description_kind":"plain","required":true},"model_id":{"type":"string","description":"The ID of the model.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this model.","description_kind":"plain","required":true}},"description":"A reference to the model being exported.","description_kind":"plain"},"max_items":1},"source_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"A reference to the table being exported.","description_kind":"plain"},"max_items":1}},"description":"Configures an extract job.","description_kind":"plain"},"max_items":1},"load":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Accept rows that are missing trailing optional columns. The missing values are treated as nulls.\nIf false, records with missing trailing columns are treated as bad records, and if there are too many bad records,\nan invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file.\nThe default value is false.","description_kind":"plain","optional":true},"autodetect":{"type":"bool","description":"Indicates if we should automatically infer the options and schema for CSV and JSON sources.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.\nThe default value is UTF-8. BigQuery decodes the data after the raw, binary data\nhas been split using the values of the quote and fieldDelimiter properties.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character.\nTo use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts\nthe string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the\ndata in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator.\nThe default value is a comma (',').","description_kind":"plain","optional":true,"computed":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema.\nIf true, the extra values are ignored. If false, records with extra columns are treated as bad records,\nand if there are too many bad records, an invalid error is returned in the job result.\nThe default value is false. The sourceFormat property determines what BigQuery treats as an extra value:\nCSV: Trailing columns\nJSON: Named values that don't match any column names","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON.\nFor a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited\nGeoJSON: set to GEOJSON.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value,\nan invalid error is returned in the job result. The default value is 0, which requires that all records are valid.","description_kind":"plain","optional":true},"null_marker":{"type":"string","description":"Specifies a string that represents a null value in a CSV file. For example, if you specify \"\\N\", BigQuery interprets \"\\N\" as a null value\nwhen loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an\nempty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as\nan empty value.","description_kind":"plain","optional":true},"projection_fields":{"type":["list","string"],"description":"If sourceFormat is set to \"DATASTORE_BACKUP\", indicates which entity properties to load into BigQuery from a Cloud Datastore backup.\nProperty names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties.\nIf any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding,\nand then uses the first byte of the encoded string to split the data in its raw, binary state.\nThe default value is a double-quote ('\"'). If your data does not contain quoted sections, set the property value to an empty string.\nIf your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true.","description_kind":"plain","optional":true,"computed":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or\nsupplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators.\nFor normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when loading the data.\nThe default value is 0. This property is useful if you have header rows in the file that should be skipped.\nWhen autodetect is on, the behavior is the following:\nskipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected,\nthe row is read as data. Otherwise data is read starting from the second row.\nskipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row.\nskipLeadingRows = N \u003e 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected,\nrow N is just skipped. Otherwise row N is used to extract column names for the detected schema.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"The format of the data files. For CSV files, specify \"CSV\". For datastore backups, specify \"DATASTORE_BACKUP\".\nFor newline-delimited JSON, specify \"NEWLINE_DELIMITED_JSON\". For Avro, specify \"AVRO\". For parquet, specify \"PARQUET\".\nFor orc, specify \"ORC\". [Beta] For Bigtable, specify \"BIGTABLE\".\nThe default value is CSV.","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"The fully-qualified URIs that point to your data in Google Cloud.\nFor Google Cloud Storage URIs: Each URI can contain one '\\*' wildcard character\nand it must come after the 'bucket' name. Size limits related to load jobs apply\nto external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be\nspecified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table.\nFor Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\\*' wildcard character is not allowed.","description_kind":"plain","required":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table to load the data into.","description_kind":"plain"},"min_items":1,"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Parquet Options for load and make external tables.","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value.","description_kind":"plain","optional":true},"field":{"type":"string","description":"If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field.\nThe field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED.\nA wrapper is used here because an empty string is an invalid value.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error,\nbut in OnePlatform the field will be treated as unset.","description_kind":"plain","required":true}},"description":"Time-based partitioning specification for the destination table.","description_kind":"plain"},"max_items":1}},"description":"Configures a load job.","description_kind":"plain"},"max_items":1},"query":{"nesting_mode":"list","block":{"attributes":{"allow_large_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance.\nRequires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed.\nHowever, you must still set destinationTable when result size exceeds the allowed maximum response size.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"flatten_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results.\nallowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened.","description_kind":"plain","optional":true},"maximum_billing_tier":{"type":"number","description":"Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"maximum_bytes_billed":{"type":"string","description":"Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"parameter_mode":{"type":"string","description":"Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"Specifies a priority for the query. Default value: \"INTERACTIVE\" Possible values: [\"INTERACTIVE\", \"BATCH\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL.\n*NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language)\n('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = \"\"' and 'write_disposition = \"\"'.","description_kind":"plain","required":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the query job.\nSchema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table,\nspecified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema.\nOne or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true.\nIf set to false, the query will use BigQuery's standard SQL.","description_kind":"plain","optional":true},"use_query_cache":{"type":"bool","description":"Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever\ntables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified.\nThe default value is true.","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"default_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset. Can be specified '{{dataset_id}}' if 'project_id' is also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}' if not.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names.","description_kind":"plain"},"max_items":1},"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Describes the table where the query results should be stored.\nThis property must be set for large results that exceed the maximum response size.\nFor queries that produce anonymous (cached) results, this field will be populated by BigQuery.","description_kind":"plain"},"max_items":1},"script_options":{"nesting_mode":"list","block":{"attributes":{"key_result_statement":{"type":"string","description":"Determines which statement in the script represents the \"key result\",\nused to populate the schema and query results of the script job. Possible values: [\"LAST\", \"FIRST_SELECT\"]","description_kind":"plain","optional":true},"statement_byte_budget":{"type":"string","description":"Limit on the number of bytes billed per statement. Exceeding this budget results in an error.","description_kind":"plain","optional":true},"statement_timeout_ms":{"type":"string","description":"Timeout period for each statement in a script.","description_kind":"plain","optional":true}},"description":"Options controlling the execution of scripts.","description_kind":"plain"},"max_items":1},"user_defined_function_resources":{"nesting_mode":"list","block":{"attributes":{"inline_code":{"type":"string","description":"An inline resource that contains code for a user-defined function (UDF).\nProviding a inline code resource is equivalent to providing a URI for a file containing the same code.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"A code resource to load from a Google Cloud Storage URI (gs://bucket/path).","description_kind":"plain","optional":true}},"description":"Describes user-defined function resources used in the query.","description_kind":"plain"}}},"description":"Configures a query job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation":{"version":0,"block":{"attributes":{"concurrency":{"type":"number","description":"Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_idle_slots":{"type":"bool","description":"If false, any query using this reservation will use idle slots from other reservations within\nthe same admin project. If true, a query using this reservation will execute with the slot\ncapacity specified above at most.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"multi_region_auxiliary":{"type":"bool","description":"Applicable only for reservations located within one of the BigQuery multi-regions (US or EU).\nIf set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region.","description_kind":"plain","deprecated":true,"optional":true},"name":{"type":"string","description":"The name of the reservation. This field must only contain alphanumeric characters or dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"slot_capacity":{"type":"number","description":"Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the\nunit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false.","description_kind":"plain","required":true}},"block_types":{"autoscale":{"nesting_mode":"list","block":{"attributes":{"current_slots":{"type":"number","description":"The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots].","description_kind":"plain","computed":true},"max_slots":{"type":"number","description":"Number of slots to be scaled when needed.","description_kind":"plain","optional":true}},"description":"The configuration parameters for the auto scaling feature.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation_assignment":{"version":0,"block":{"attributes":{"assignee":{"type":"string","description":"The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_type":{"type":"string","description":"Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The resource name of the assignment.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reservation":{"type":"string","description":"The reservation for the resource","description_kind":"plain","required":true},"state":{"type":"string","description":"Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active.\nPossible values: STATE_UNSPECIFIED, PENDING, ACTIVE","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_routine":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this routine was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"data_governance_type":{"type":"string","description":"If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask Possible values: [\"DATA_MASKING\"]","description_kind":"plain","optional":true},"dataset_id":{"type":"string","description":"The ID of the dataset containing this routine","description_kind":"plain","required":true},"definition_body":{"type":"string","description":"The body of the routine. For functions, this is the expression in the AS clause.\nIf language=SQL, it is the substring inside (but excluding) the parentheses.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the routine if defined.","description_kind":"plain","optional":true},"determinism_level":{"type":"string","description":"The determinism level of the JavaScript UDF if defined. Possible values: [\"DETERMINISM_LEVEL_UNSPECIFIED\", \"DETERMINISTIC\", \"NOT_DETERMINISTIC\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_libraries":{"type":["list","string"],"description":"Optional. If language = \"JAVASCRIPT\", this field stores the path of the\nimported JAVASCRIPT libraries.","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language of the routine. Possible values: [\"SQL\", \"JAVASCRIPT\", \"PYTHON\", \"JAVA\", \"SCALA\"]","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this routine was modified, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"return_table_type":{"type":"string","description":"Optional. Can be set only if routineType = \"TABLE_VALUED_FUNCTION\".\n\nIf absent, the return table type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the columns in the evaluated table result will\nbe cast to match the column types specificed in return table type, at query time.","description_kind":"plain","optional":true},"return_type":{"type":"string","description":"A JSON schema for the return type. Optional if language = \"SQL\"; required otherwise.\nIf absent, the return type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the evaluated result will be cast to\nthe specified returned type at query time. ~\u003e**NOTE**: Because this field expects a JSON\nstring, any changes to the string will create a diff, even if the JSON itself hasn't\nchanged. If the API returns a different value for the same schema, e.g. it switche\nd the order of values or replaced STRUCT field type with RECORD field type, we currently\ncannot suppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"routine_id":{"type":"string","description":"The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters.","description_kind":"plain","required":true},"routine_type":{"type":"string","description":"The type of routine. Possible values: [\"SCALAR_FUNCTION\", \"PROCEDURE\", \"TABLE_VALUED_FUNCTION\"]","description_kind":"plain","required":true}},"block_types":{"arguments":{"nesting_mode":"list","block":{"attributes":{"argument_kind":{"type":"string","description":"Defaults to FIXED_TYPE. Default value: \"FIXED_TYPE\" Possible values: [\"FIXED_TYPE\", \"ANY_TYPE\"]","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"A JSON schema for the data type. Required unless argumentKind = ANY_TYPE.\n~\u003e**NOTE**: Because this field expects a JSON string, any changes to the string\nwill create a diff, even if the JSON itself hasn't changed. If the API returns\na different value for the same schema, e.g. it switched the order of values\nor replaced STRUCT field type with RECORD field type, we currently cannot\nsuppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"mode":{"type":"string","description":"Specifies whether the argument is input or output. Can be set for procedures only. Possible values: [\"IN\", \"OUT\", \"INOUT\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this argument. Can be absent for function return argument.","description_kind":"plain","optional":true}},"description":"Input/output argument of a function or a stored procedure.","description_kind":"plain"}},"remote_function_options":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"Fully qualified name of the user-provided connection object which holds\nthe authentication information to send requests to the remote service.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Endpoint of the user-provided remote service, e.g.\n'https://us-east1-my_gcf_project.cloudfunctions.net/remote_add'","description_kind":"plain","optional":true},"max_batching_rows":{"type":"string","description":"Max number of rows in each batch sent to the remote service. If absent or if 0,\nBigQuery dynamically decides the number of rows in a batch.","description_kind":"plain","optional":true},"user_defined_context":{"type":["map","string"],"description":"User-defined context as a set of key/value pairs, which will be sent as function\ninvocation context together with batched arguments in the requests to the remote\nservice. The total number of bytes of keys and values must be less than 8KB.\n\nAn object containing a list of \"key\": value pairs. Example:\n'{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote function specific options.","description_kind":"plain"},"max_items":1},"spark_options":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"connection":{"type":"string","description":"Fully qualified name of the user-provided Spark connection object.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"container_image":{"type":"string","description":"Custom container image for the runtime environment.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"jar_uris":{"type":["list","string"],"description":"JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"main_class":{"type":"string","description":"The fully qualified name of a class in jarUris, for example, com.example.wordcount.\nExactly one of mainClass and main_jar_uri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"main_file_uri":{"type":"string","description":"The main file/jar URI of the Spark application.\nExactly one of the definitionBody field and the mainFileUri field must be set for Python.\nExactly one of mainClass and mainFileUri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Configuration properties as a set of key/value pairs, which will be passed on to the Spark application.\nFor more information, see Apache Spark and the procedure option list.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"py_file_uris":{"type":["list","string"],"description":"Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"runtime_version":{"type":"string","description":"Runtime version. If not specified, the default runtime version is used.","description_kind":"plain","optional":true}},"description":"Optional. If language is one of \"PYTHON\", \"JAVA\", \"SCALA\", this field stores the options for spark stored procedure.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_table":{"version":0,"block":{"attributes":{"allow_resource_tags_on_deletion":{"type":"bool","description":"**Deprecated** Whether or not to allow table deletion when there are still resource tags attached.","description_kind":"plain","deprecated":true,"optional":true},"clustering":{"type":["list","string"],"description":"Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order.","description_kind":"plain","optional":true},"creation_time":{"type":"number","description":"The time when this table was created, in milliseconds since the epoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The dataset ID to create the table in. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the instance. When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the table will fail. When the field is set to false, deleting the table is allowed.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The field description.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"expiration_time":{"type":"number","description":"The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed.","description_kind":"plain","optional":true,"computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the table.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this table was last modified, in milliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"max_staleness":{"type":"string","description":"The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of [SQL IntervalValue type](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-types#interval_type).","description_kind":"plain","optional":true},"num_bytes":{"type":"number","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"num_long_term_bytes":{"type":"number","description":"The number of bytes in the table that are considered \"long-term storage\".","description_kind":"plain","computed":true},"num_rows":{"type":"number","description":"The number of rows of data in this table, excluding any data in the streaming buffer.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"resource_tags":{"type":["map","string"],"description":"The tags attached to this table. Tag keys are globally unique. Tag key is expected to be in the namespaced format, for example \"123456789012/environment\" where 123456789012 is the ID of the parent organization or project resource for this tag key. Tag value is expected to be the short name, for example \"Production\".","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the table.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"table_id":{"type":"string","description":"A unique ID for the resource. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Describes the table type.","description_kind":"plain","computed":true}},"block_types":{"encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The self link or full name of a key which should be used to encrypt this table. Note that the default bigquery service account will need to have encrypt/decrypt permissions on this key - you may want to see the google_bigquery_default_service_account datasource and the google_kms_crypto_key_iam_binding resource.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"The self link or full name of the kms key version used to encrypt this table.","description_kind":"plain","computed":true}},"description":"Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user.","description_kind":"plain"},"max_items":1},"external_data_configuration":{"nesting_mode":"list","block":{"attributes":{"autodetect":{"type":"bool","description":"Let BigQuery try to autodetect the schema and format of the table.","description_kind":"plain","required":true},"compression":{"type":"string","description":"The compression type of the data source. Valid values are \"NONE\" or \"GZIP\".","description_kind":"plain","optional":true},"connection_id":{"type":"string","description":"The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form \"{{project}}.{{location}}.{{connection_id}}\" or \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\".","description_kind":"plain","optional":true},"file_set_spec_type":{"type":"string","description":"Specifies how source URIs are interpreted for constructing the file set to load. By default source URIs are expanded against the underlying storage. Other options include specifying manifest files. Only applicable to object storage systems.","description_kind":"plain","optional":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false.","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"Load option to be used together with sourceFormat newline-delimited JSON to indicate that a variant of JSON is being loaded. To load newline-delimited GeoJSON, specify GEOJSON (and sourceFormat must be set to NEWLINE_DELIMITED_JSON).","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when reading data.","description_kind":"plain","optional":true},"metadata_cache_mode":{"type":"string","description":"Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source.","description_kind":"plain","optional":true},"object_metadata":{"type":"string","description":"Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If ObjectMetadata is set, sourceFormat should be omitted.","description_kind":"plain","optional":true},"reference_file_schema_uri":{"type":"string","description":"When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":"Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use \"GOOGLE_SHEETS\" the scopes must include \"googleapis.com/auth/drive.readonly\".","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"A list of the fully-qualified URIs that point to your data in Google Cloud.","description_kind":"plain","required":true}},"block_types":{"avro_options":{"nesting_mode":"list","block":{"attributes":{"use_avro_logical_types":{"type":"bool","description":"If sourceFormat is set to \"AVRO\", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER).","description_kind":"plain","required":true}},"description":"Additional options if source_format is set to \"AVRO\"","description_kind":"plain"},"max_items":1},"bigtable_options":{"nesting_mode":"list","block":{"attributes":{"ignore_unspecified_column_families":{"type":"bool","description":"If field is true, then the column families that are not specified in columnFamilies list are not exposed in the table schema. Otherwise, they are read with BYTES type values. The default value is false.","description_kind":"plain","optional":true},"output_column_families_as_json":{"type":"bool","description":"If field is true, then each column family will be read as a single JSON column. Otherwise they are read as a repeated cell structure containing timestamp/value tuples. The default value is false.","description_kind":"plain","optional":true},"read_rowkey_as_string":{"type":"bool","description":"If field is true, then the rowkey column families will be read and converted to string. Otherwise they are read with BYTES type values and users need to manually cast them with CAST if necessary. The default value is false.","description_kind":"plain","optional":true}},"block_types":{"column_family":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. This can be overridden for a specific column by listing that column in 'columns' and specifying an encoding for it.","description_kind":"plain","optional":true},"family_id":{"type":"string","description":"Identifier of the column family.","description_kind":"plain","optional":true},"only_read_latest":{"type":"bool","description":"If this is set only the latest version of value are exposed for all columns in this column family. This can be overridden for a specific column by listing that column in 'columns' and specifying a different setting for that column.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type to convert the value in cells of this column family. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): \"BYTES\", \"STRING\", \"INTEGER\", \"FLOAT\", \"BOOLEAN\", \"JSON\". Default type is BYTES. This can be overridden for a specific column by listing that column in 'columns' and specifying a type for it.","description_kind":"plain","optional":true}},"block_types":{"column":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. 'encoding' can also be set at the column family level. However, the setting at this level takes precedence if 'encoding' is set at both levels.","description_kind":"plain","optional":true},"field_name":{"type":"string","description":"If the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as the column field name and is used as field name in queries.","description_kind":"plain","optional":true},"only_read_latest":{"type":"bool","description":"If this is set, only the latest version of value in this column are exposed. 'onlyReadLatest' can also be set at the column family level. However, the setting at this level takes precedence if 'onlyReadLatest' is set at both levels.","description_kind":"plain","optional":true},"qualifier_encoded":{"type":"string","description":"Qualifier of the column. Columns in the parent column family that has this exact qualifier are exposed as . field. If the qualifier is valid UTF-8 string, it can be specified in the qualifierString field. Otherwise, a base-64 encoded value must be set to qualifierEncoded. The column field name is the same as the column qualifier. However, if the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as fieldName.","description_kind":"plain","optional":true},"qualifier_string":{"type":"string","description":"Qualifier string.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type to convert the value in cells of this column. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): \"BYTES\", \"STRING\", \"INTEGER\", \"FLOAT\", \"BOOLEAN\", \"JSON\", Default type is \"BYTES\". 'type' can also be set at the column family level. However, the setting at this level takes precedence if 'type' is set at both levels.","description_kind":"plain","optional":true}},"description":"A List of columns that should be exposed as individual fields as opposed to a list of (column name, value) pairs. All columns whose qualifier matches a qualifier in this list can be accessed as Other columns can be accessed as a list through column field","description_kind":"plain"}}},"description":"A list of column families to expose in the table schema along with their types. This list restricts the column families that can be referenced in queries and specifies their value types. You can use this list to do type conversions - see the 'type' field for more details. If you leave this list empty, all column families are present in the table schema and their values are read as BYTES. During a query only the column families referenced in that query are read from Bigtable.","description_kind":"plain"}}},"description":"Additional options if sourceFormat is set to BIGTABLE.","description_kind":"plain"},"max_items":1},"csv_options":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Indicates if BigQuery should accept rows that are missing trailing optional columns.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allow_quoted_newlines property to true. The API-side default is \", specified in Terraform escaped as \\\". Due to limitations with Terraform default values, this value is required to be explicitly set.","description_kind":"plain","required":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when reading the data.","description_kind":"plain","optional":true}},"description":"Additional properties to set if source_format is set to \"CSV\".","description_kind":"plain"},"max_items":1},"google_sheets_options":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: \"sheet_name!top_left_cell_id:bottom_right_cell_id\" For example: \"sheet1!A1:B20","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set.","description_kind":"plain","optional":true}},"description":"Additional options if source_format is set to \"GOOGLE_SHEETS\".","description_kind":"plain"},"max_items":1},"hive_partitioning_options":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"When set, what mode of hive partitioning to use when reading data.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"source_uri_prefix":{"type":"string","description":"When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins.","description_kind":"plain","optional":true}},"description":"When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to JSON.","description_kind":"plain"},"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"Indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to PARQUET.","description_kind":"plain"},"max_items":1}},"description":"Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table.","description_kind":"plain"},"max_items":1},"materialized_view":{"nesting_mode":"list","block":{"attributes":{"allow_non_incremental_definition":{"type":"bool","description":"Allow non incremental materialized view definition. The default value is false.","description_kind":"plain","optional":true},"enable_refresh":{"type":"bool","description":"Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true.","description_kind":"plain","optional":true},"query":{"type":"string","description":"A query whose result is persisted.","description_kind":"plain","required":true},"refresh_interval_ms":{"type":"number","description":"Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000.","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a materialized view.","description_kind":"plain"},"max_items":1},"range_partitioning":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The field used to determine how to create a range-based partition.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"end":{"type":"number","description":"End of the range partitioning, exclusive.","description_kind":"plain","required":true},"interval":{"type":"number","description":"The width of each range within the partition.","description_kind":"plain","required":true},"start":{"type":"number","description":"Start of the range partitioning, inclusive.","description_kind":"plain","required":true}},"description":"Information required to partition based on ranges. Structure is documented below.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If specified, configures range-based partitioning for this table.","description_kind":"plain"},"max_items":1},"table_constraints":{"nesting_mode":"list","block":{"block_types":{"foreign_keys":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Set only if the foreign key constraint is named.","description_kind":"plain","optional":true}},"block_types":{"column_references":{"nesting_mode":"list","block":{"attributes":{"referenced_column":{"type":"string","description":"The column in the primary key that are referenced by the referencingColumn.","description_kind":"plain","required":true},"referencing_column":{"type":"string","description":"The column that composes the foreign key.","description_kind":"plain","required":true}},"description":"The pair of the foreign key column and primary key column.","description_kind":"plain"},"min_items":1,"max_items":1},"referenced_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. Certain operations allow suffixing of the table ID with a partition decorator, such as sample_table$20190123.","description_kind":"plain","required":true}},"description":"The table that holds the primary key and is referenced by this foreign key.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Present only if the table has a foreign key. The foreign key is not enforced.","description_kind":"plain"}},"primary_key":{"nesting_mode":"list","block":{"attributes":{"columns":{"type":["list","string"],"description":"The columns that are composed of the primary key constraint.","description_kind":"plain","required":true}},"description":"Represents a primary key constraint on a table's columns. Present only if the table has a primary key. The primary key is not enforced.","description_kind":"plain"},"max_items":1}},"description":"Defines the primary key and foreign keys.","description_kind":"plain"},"max_items":1},"table_replication_info":{"nesting_mode":"list","block":{"attributes":{"replication_interval_ms":{"type":"number","description":"The interval at which the source materialized view is polled for updates. The default is 300000.","description_kind":"plain","optional":true},"source_dataset_id":{"type":"string","description":"The ID of the source dataset.","description_kind":"plain","required":true},"source_project_id":{"type":"string","description":"The ID of the source project.","description_kind":"plain","required":true},"source_table_id":{"type":"string","description":"The ID of the source materialized view.","description_kind":"plain","required":true}},"description":"Replication info of a table created using \"AS REPLICA\" DDL like: \"CREATE MATERIALIZED VIEW mv1 AS REPLICA OF src_mv\".","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"number","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true,"computed":true},"field":{"type":"string","description":"The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","deprecated":true,"optional":true},"type":{"type":"string","description":"The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively.","description_kind":"plain","required":true}},"description":"If specified, configures time-based partitioning for this table.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"query":{"type":"string","description":"A query that BigQuery executes when the view is referenced.","description_kind":"plain","required":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a view.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_app_profile":{"version":0,"block":{"attributes":{"app_profile_id":{"type":"string","description":"The unique name of the app profile in the form '[_a-zA-Z0-9][-_.a-zA-Z0-9]*'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Long form description of the use case for this app profile.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"If true, ignore safety checks when deleting/updating the app profile.","description_kind":"plain","optional":true},"instance":{"type":"string","description":"The name of the instance to create the app profile within.","description_kind":"plain","optional":true},"multi_cluster_routing_cluster_ids":{"type":["list","string"],"description":"The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible.","description_kind":"plain","optional":true},"multi_cluster_routing_use_any":{"type":"bool","description":"If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available\nin the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes\nconsistency to improve availability.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique name of the requested app profile. Values are of the form 'projects/\u003cproject\u003e/instances/\u003cinstance\u003e/appProfiles/\u003cappProfileId\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_boost_isolation_read_only":{"nesting_mode":"list","block":{"attributes":{"compute_billing_owner":{"type":"string","description":"The Compute Billing Owner for this Data Boost App Profile. Possible values: [\"HOST_PAYS\"]","description_kind":"plain","required":true}},"description":"Specifies that this app profile is intended for read-only usage via the Data Boost feature.","description_kind":"plain"},"max_items":1},"single_cluster_routing":{"nesting_mode":"list","block":{"attributes":{"allow_transactional_writes":{"type":"bool","description":"If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile.\nIt is unsafe to send these requests to the same table/row/column in multiple clusters.","description_kind":"plain","optional":true},"cluster_id":{"type":"string","description":"The cluster to which read/write requests should be routed.","description_kind":"plain","required":true}},"description":"Use a single-cluster routing policy.","description_kind":"plain"},"max_items":1},"standard_isolation":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"string","description":"The priority of requests sent using this app profile. Possible values: [\"PRIORITY_LOW\", \"PRIORITY_MEDIUM\", \"PRIORITY_HIGH\"]","description_kind":"plain","required":true}},"description":"The standard options used for isolating this app profile's traffic from other use cases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_authorized_view":{"version":0,"block":{"attributes":{"deletion_protection":{"type":"string","description":"A field to make the authorized view protected against data loss i.e. when set to PROTECTED, deleting the authorized view, the table containing the authorized view, and the instance containing the authorized view would be prohibited.\nIf not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value. Note this field configs the deletion protection provided by the API in the backend, and should not be confused with Terraform-side deletion protection.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance in which the authorized view belongs.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the authorized view. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table_name":{"type":"string","description":"The name of the Bigtable table in which the authorized view belongs.","description_kind":"plain","required":true}},"block_types":{"subset_view":{"nesting_mode":"list","block":{"attributes":{"row_prefixes":{"type":["set","string"],"description":"Base64-encoded row prefixes to be included in the authorized view. To provide access to all rows, include the empty string as a prefix (\"\").","description_kind":"plain","optional":true}},"block_types":{"family_subsets":{"nesting_mode":"set","block":{"attributes":{"family_name":{"type":"string","description":"Name of the column family to be included in the authorized view.","description_kind":"plain","required":true},"qualifier_prefixes":{"type":["set","string"],"description":"Base64-encoded prefixes for qualifiers of the column family to be included in the authorized view. Every qualifier starting with one of these prefixes is included in the authorized view. To provide access to all qualifiers, include the empty string as a prefix (\"\").","description_kind":"plain","optional":true},"qualifiers":{"type":["set","string"],"description":"Base64-encoded individual exact column qualifiers of the column family to be included in the authorized view.","description_kind":"plain","optional":true}},"description":"Subsets of column families to be included in the authorized view.","description_kind":"plain"}}},"description":"An AuthorizedView permitting access to an explicit subset of a Table.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_gc_policy":{"version":0,"block":{"attributes":{"column_family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true},"deletion_policy":{"type":"string","description":"The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"gc_rules":{"type":"string","description":"Serialized JSON string for garbage collection policy. Conflicts with \"mode\", \"max_age\" and \"max_version\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"Allows ignoring warnings when updating the GC policy. This can be used\n\t\t\t\tto increase the gc policy on replicated clusters. Doing this may make clusters be\n\t\t\t\tinconsistent for a longer period of time, before using this make sure you understand\n\t\t\t\tthe risks listed at https://cloud.google.com/bigtable/docs/garbage-collection#increasing","description_kind":"plain","optional":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"block_types":{"max_age":{"nesting_mode":"list","block":{"attributes":{"days":{"type":"number","description":"Number of days before applying GC policy.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"duration":{"type":"string","description":"Duration before applying GC policy","description_kind":"plain","optional":true,"computed":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.","description_kind":"plain"},"max_items":1},"max_version":{"nesting_mode":"list","block":{"attributes":{"number":{"type":"number","description":"Number of version before applying the GC policy.","description_kind":"plain","required":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance":{"version":1,"block":{"attributes":{"deletion_protection":{"type":"bool","description":" When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the instance will fail. When the field is set to false, deleting the instance is allowed.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable display name of the Bigtable instance. Defaults to the instance name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a BigTable instance, this boolean option will delete all backups within the instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"PRODUCTION\".","description_kind":"plain","deprecated":true,"optional":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name (also called Instance Id in the Cloud Console) of the Cloud Bigtable instance. Must be 6-33 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the cluster","description_kind":"plain","computed":true},"storage_type":{"type":"string","description":"The storage type to use. One of \"SSD\" or \"HDD\". Defaults to \"SSD\".","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"cpu_target":{"type":"number","description":"The target CPU utilization for autoscaling. Value must be between 10 and 80.","description_kind":"plain","required":true},"max_nodes":{"type":"number","description":"The maximum number of nodes for autoscaling.","description_kind":"plain","required":true},"min_nodes":{"type":"number","description":"The minimum number of nodes for autoscaling.","description_kind":"plain","required":true},"storage_target":{"type":"number","description":"The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.","description_kind":"plain","optional":true,"computed":true}},"description":"A list of Autoscaling configurations. Only one element is used and allowed.","description_kind":"plain"},"max_items":1}},"description":"A block of cluster configuration options. This can be specified at least once.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table":{"version":0,"block":{"attributes":{"change_stream_retention":{"type":"string","description":"Duration to retain change stream data for the table. Set to 0 to disable. Must be between 1 and 7 days.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"string","description":"A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the table. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"split_keys":{"type":["list","string"],"description":"A list of predefined keys to split the table on. !\u003e Warning: Modifying the split_keys of an existing table will cause Terraform to delete/recreate the entire google_bigtable_table resource.","description_kind":"plain","optional":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"set","block":{"attributes":{"frequency":{"type":"string","description":"How frequently automated backups should occur.","description_kind":"plain","optional":true,"computed":true},"retention_period":{"type":"string","description":"How long the automated backups should be retained.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines an automated backup policy for a table, specified by Retention Period and Frequency. To disable, set both Retention Period and Frequency to 0.","description_kind":"plain"},"max_items":1},"column_family":{"nesting_mode":"set","block":{"attributes":{"family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true}},"description":"A group of columns within a table which share a common configuration. This can be specified multiple times.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_table_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account_iam_binding":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_member":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_budget":{"version":1,"block":{"attributes":{"billing_account":{"type":"string","description":"ID of the billing account to set a budget on.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User data for display name in UI. Must be \u003c= 60 chars.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the budget. The resource name\nimplies the scope of a budget. Values are of the form\nbillingAccounts/{billingAccountId}/budgets/{budgetId}.","description_kind":"plain","computed":true},"ownership_scope":{"type":"string","description":"The ownership scope of the budget. The ownership scope and users'\nIAM permissions determine who has full access to the budget's data. Possible values: [\"OWNERSHIP_SCOPE_UNSPECIFIED\", \"ALL_USERS\", \"BILLING_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"all_updates_rule":{"nesting_mode":"list","block":{"attributes":{"disable_default_iam_recipients":{"type":"bool","description":"Boolean. When set to true, disables default notifications sent\nwhen a threshold is exceeded. Default recipients are\nthose with Billing Account Administrators and Billing\nAccount Users IAM roles for the target account.","description_kind":"plain","optional":true},"enable_project_level_recipients":{"type":"bool","description":"When set to true, and when the budget has a single project configured,\nnotifications will be sent to project level recipients of that project.\nThis field will be ignored if the budget has multiple or no project configured.\n\nCurrently, project level recipients are the users with Owner role on a cloud project.","description_kind":"plain","optional":true},"monitoring_notification_channels":{"type":["list","string"],"description":"The full resource name of a monitoring notification\nchannel in the form\nprojects/{project_id}/notificationChannels/{channel_id}.\nA maximum of 5 channels are allowed.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of the Cloud Pub/Sub topic where budget related\nmessages will be published, in the form\nprojects/{project_id}/topics/{topic_id}. Updates are sent\nat regular intervals to the topic.","description_kind":"plain","optional":true},"schema_version":{"type":"string","description":"The schema version of the notification. Only \"1.0\" is\naccepted. It represents the JSON schema as defined in\nhttps://cloud.google.com/billing/docs/how-to/budgets#notification_format.","description_kind":"plain","optional":true}},"description":"Defines notifications that are sent on every update to the\nbilling account's spend, regardless of the thresholds defined\nusing threshold rules.","description_kind":"plain"},"max_items":1},"amount":{"nesting_mode":"list","block":{"attributes":{"last_period_amount":{"type":"bool","description":"Configures a budget amount that is automatically set to 100% of\nlast period's spend.\nBoolean. Set value to true to use. Do not set to false, instead\nuse the 'specified_amount' block.","description_kind":"plain","optional":true}},"block_types":{"specified_amount":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The 3-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true,"computed":true},"nanos":{"type":"number","description":"Number of nano (10^-9) units of the amount.\nThe value must be between -999,999,999 and +999,999,999\ninclusive. If units is positive, nanos must be positive or\nzero. If units is zero, nanos can be positive, zero, or\nnegative. If units is negative, nanos must be negative or\nzero. For example $-1.75 is represented as units=-1 and\nnanos=-750,000,000.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode\nis \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"A specified amount to use as the budget. currencyCode is\noptional. If specified, it must match the currency of the\nbilling account. The currencyCode is provided on output.","description_kind":"plain"},"max_items":1}},"description":"The budgeted amount for each usage period.","description_kind":"plain"},"min_items":1,"max_items":1},"budget_filter":{"nesting_mode":"list","block":{"attributes":{"calendar_period":{"type":"string","description":"A CalendarPeriod represents the abstract concept of a recurring time period that has a\ncanonical start. Grammatically, \"the start of the current CalendarPeriod\".\nAll calendar times begin at 12 AM US and Canadian Pacific Time (UTC-8).\n\nExactly one of 'calendar_period', 'custom_period' must be provided. Possible values: [\"MONTH\", \"QUARTER\", \"YEAR\", \"CALENDAR_PERIOD_UNSPECIFIED\"]","description_kind":"plain","optional":true},"credit_types":{"type":["list","string"],"description":"Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS,\nthis is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values.\nIf creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true},"credit_types_treatment":{"type":"string","description":"Specifies how credits should be treated when determining spend\nfor threshold calculations. Default value: \"INCLUDE_ALL_CREDITS\" Possible values: [\"INCLUDE_ALL_CREDITS\", \"EXCLUDE_ALL_CREDITS\", \"INCLUDE_SPECIFIED_CREDITS\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A single label and value pair specifying that usage from only\nthis set of labeled resources should be included in the budget.","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["set","string"],"description":"A set of projects of the form projects/{project_number},\nspecifying that usage from only this set of projects should be\nincluded in the budget. If omitted, the report will include\nall usage for the billing account, regardless of which project\nthe usage occurred on.","description_kind":"plain","optional":true},"resource_ancestors":{"type":["set","string"],"description":"A set of folder and organization names of the form folders/{folderId} or organizations/{organizationId},\nspecifying that usage from only this set of folders and organizations should be included in the budget.\nIf omitted, the budget includes all usage that the billing account pays for. If the folder or organization\ncontains projects that are paid for by a different Cloud Billing account, the budget doesn't apply to those projects.","description_kind":"plain","optional":true},"services":{"type":["list","string"],"description":"A set of services of the form services/{service_id},\nspecifying that usage from only this set of services should be\nincluded in the budget. If omitted, the report will include\nusage for all the services. The service names are available\nthrough the Catalog API:\nhttps://cloud.google.com/billing/v1/how-tos/catalog-api.","description_kind":"plain","optional":true,"computed":true},"subaccounts":{"type":["list","string"],"description":"A set of subaccounts of the form billingAccounts/{account_id},\nspecifying that usage from only this set of subaccounts should\nbe included in the budget. If a subaccount is set to the name of\nthe parent account, usage from the parent account will be included.\nIf the field is omitted, the report will include usage from the parent\naccount and all subaccounts, if they exist.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"Optional. The end date of the time period. Budgets with elapsed end date won't be processed.\nIf unset, specifies to track all usage incurred since the startDate.","description_kind":"plain"},"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"A start date is required. The start date must be after January 1, 2017.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies to track usage from any start date (required) to any end date (optional).\nThis time period is static, it does not recur.\n\nExactly one of 'calendar_period', 'custom_period' must be provided.","description_kind":"plain"},"max_items":1}},"description":"Filters that define which resources are used to compute the actual\nspend against the budget.","description_kind":"plain"},"max_items":1},"threshold_rules":{"nesting_mode":"list","block":{"attributes":{"spend_basis":{"type":"string","description":"The type of basis used to determine if spend has passed\nthe threshold. Default value: \"CURRENT_SPEND\" Possible values: [\"CURRENT_SPEND\", \"FORECASTED_SPEND\"]","description_kind":"plain","optional":true},"threshold_percent":{"type":"number","description":"Send an alert when this threshold is exceeded. This is a\n1.0-based percentage, so 0.5 = 50%. Must be \u003e= 0.","description_kind":"plain","required":true}},"description":"Rules that trigger alerts (notifications of thresholds being\ncrossed) when spend exceeds the specified percentages of the\nbudget.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_project_info":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The ID of the billing account associated with the project, if\nany. Set to empty string to disable billing for the project.\nFor example, '\"012345-567890-ABCDEF\"' or '\"\"'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_subaccount":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"master_billing_account":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment. This field may be updated. The field may be\ndisplayed in chooser dialogs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"attestation_authority_note":{"nesting_mode":"list","block":{"attributes":{"delegation_service_account_email":{"type":"string","description":"This field will contain the service account email address that\nthis Attestor will use as the principal when querying Container\nAnalysis. Attestor administrators must grant this service account\nthe IAM role needed to read attestations from the noteReference in\nContainer Analysis (containeranalysis.notes.occurrences.viewer).\nThis email address is fixed for the lifetime of the Attestor, but\ncallers should not make any other assumptions about the service\naccount email; future versions may use an email based on a\ndifferent naming pattern.","description_kind":"plain","computed":true},"note_reference":{"type":"string","description":"The resource name of a ATTESTATION_AUTHORITY Note, created by the\nuser. If the Note is in a different project from the Attestor, it\nshould be specified in the format 'projects/*/notes/*' (or the legacy\n'providers/*/notes/*'). This field may not be updated.\nAn attestation by this attestor is stored as a Container Analysis\nATTESTATION_AUTHORITY Occurrence that names a container image\nand that links to this Note.","description_kind":"plain","required":true}},"block_types":{"public_keys":{"nesting_mode":"list","block":{"attributes":{"ascii_armored_pgp_public_key":{"type":"string","description":"ASCII-armored representation of a PGP public key, as the\nentire output by the command\n'gpg --export --armor foo@example.com' (either LF or CRLF\nline endings). When using this field, id should be left\nblank. The BinAuthz API handlers will calculate the ID\nand fill it in automatically. BinAuthz computes this ID\nas the OpenPGP RFC4880 V4 fingerprint, represented as\nupper-case hex. If id is provided by the caller, it will\nbe overwritten by the API-calculated ID.","description_kind":"plain","optional":true},"comment":{"type":"string","description":"A descriptive comment. This field may be updated.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The ID of this public key. Signatures verified by BinAuthz\nmust include the ID of the public key that can be used to\nverify them, and that ID must match the contents of this\nfield exactly. Additional restrictions on this field can\nbe imposed based on which public key type is encapsulated.\nSee the documentation on publicKey cases below for details.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pkix_public_key":{"nesting_mode":"list","block":{"attributes":{"public_key_pem":{"type":"string","description":"A PEM-encoded public key, as described in\n'https://tools.ietf.org/html/rfc7468#section-13'","description_kind":"plain","optional":true},"signature_algorithm":{"type":"string","description":"The signature algorithm used to verify a message against\na signature using this key. These signature algorithm must\nmatch the structure and any object identifiers encoded in\npublicKeyPem (i.e. this algorithm must match that of the\npublic key).","description_kind":"plain","optional":true}},"description":"A raw PKIX SubjectPublicKeyInfo format public key.\n\nNOTE: id may be explicitly provided by the caller when using this\ntype of public key, but it MUST be a valid RFC3986 URI. If id is left\nblank, a default one will be computed based on the digest of the DER\nencoding of the public key.","description_kind":"plain"},"max_items":1}},"description":"Public keys that verify attestations signed by this attestor. This\nfield may be updated.\nIf this field is non-empty, one of the specified public keys must\nverify that an attestation was signed by this attestor for the\nimage specified in the admission request.\nIf this field is empty, this attestor always returns that no valid\nattestations exist.","description_kind":"plain"}}},"description":"A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_binding":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_member":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_binary_authorization_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment.","description_kind":"plain","optional":true},"global_policy_evaluation_mode":{"type":"string","description":"Controls the evaluation of a Google-maintained global admission policy\nfor common system-level images. Images not covered by the global\npolicy will be subject to the project admission policy. Possible values: [\"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"admission_whitelist_patterns":{"nesting_mode":"list","block":{"attributes":{"name_pattern":{"type":"string","description":"An image name pattern to whitelist, in the form\n'registry/path/to/image'. This supports a trailing * as a\nwildcard, but this is allowed only in text after the registry/\npart.","description_kind":"plain","required":true}},"description":"A whitelist of image patterns to exclude from admission rules. If an\nimage's name matches a whitelist pattern, the image's admission\nrequests will always be permitted regardless of your admission rules.","description_kind":"plain"}},"cluster_admission_rules":{"nesting_mode":"set","block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Per-cluster admission rules. An admission rule specifies either that\nall container images used in a pod creation request must be attested\nto by one or more attestors, that all pod creations will be allowed,\nor that all pod creations will be denied. There can be at most one\nadmission rule per cluster spec.\n\n\nIdentifier format: '{{location}}.{{clusterId}}'.\nA location is either a compute zone (e.g. 'us-central1-a') or a region\n(e.g. 'us-central1').","description_kind":"plain"}},"default_admission_rule":{"nesting_mode":"list","block":{"attributes":{"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Default admission rule for a cluster without a per-cluster admission\nrule.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_blockchain_node_engine_blockchain_nodes":{"version":0,"block":{"attributes":{"blockchain_node_id":{"type":"string","description":"ID of the requesting object.","description_kind":"plain","required":true},"blockchain_type":{"type":"string","description":"User-provided key-value pairs Possible values: [\"ETHEREUM\"]","description_kind":"plain","optional":true},"connection_info":{"type":["list",["object",{"endpoint_info":["list",["object",{"json_rpc_api_endpoint":"string","websockets_api_endpoint":"string"}]],"service_attachment":"string"}]],"description":"The connection information through which to interact with a blockchain node.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp at which the blockchain node was first created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-provided key-value pairs\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of Blockchain Node being created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The fully qualified name of the blockchain node. e.g. projects/my-project/locations/us-central1/blockchainNodes/my-node.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which the blockchain node was last updated.","description_kind":"plain","computed":true}},"block_types":{"ethereum_details":{"nesting_mode":"list","block":{"attributes":{"additional_endpoints":{"type":["list",["object",{"beacon_api_endpoint":"string","beacon_prometheus_metrics_api_endpoint":"string","execution_client_prometheus_metrics_api_endpoint":"string"}]],"description":"User-provided key-value pairs","description_kind":"plain","computed":true},"api_enable_admin":{"type":"bool","description":"Enables JSON-RPC access to functions in the admin namespace. Defaults to false.","description_kind":"plain","optional":true},"api_enable_debug":{"type":"bool","description":"Enables JSON-RPC access to functions in the debug namespace. Defaults to false.","description_kind":"plain","optional":true},"consensus_client":{"type":"string","description":"The consensus client Possible values: [\"CONSENSUS_CLIENT_UNSPECIFIED\", \"LIGHTHOUSE\"]","description_kind":"plain","optional":true},"execution_client":{"type":"string","description":"The execution client Possible values: [\"EXECUTION_CLIENT_UNSPECIFIED\", \"GETH\", \"ERIGON\"]","description_kind":"plain","optional":true},"network":{"type":"string","description":"The Ethereum environment being accessed. Possible values: [\"MAINNET\", \"TESTNET_GOERLI_PRATER\", \"TESTNET_SEPOLIA\"]","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"The type of Ethereum node. Possible values: [\"LIGHT\", \"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"block_types":{"geth_details":{"nesting_mode":"list","block":{"attributes":{"garbage_collection_mode":{"type":"string","description":"Blockchain garbage collection modes. Only applicable when NodeType is FULL or ARCHIVE. Possible values: [\"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"validator_config":{"nesting_mode":"list","block":{"attributes":{"mev_relay_urls":{"type":["list","string"],"description":"URLs for MEV-relay services to use for block building. When set, a managed MEV-boost service is configured on the beacon client.","description_kind":"plain","optional":true}},"description":"Configuration for validator-related parameters on the beacon client, and for any managed validator client.","description_kind":"plain"},"max_items":1}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Certificate resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate. Certificate names must be unique\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.\nSee https://cloud.google.com/vpc/docs/edge-locations.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nSee https://cloud.google.com/compute/docs/regions-zones","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"authorization_attempt_info":{"type":["list",["object",{"details":"string","domain":"string","failure_reason":"string","state":"string"}]],"description":"Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.","description_kind":"plain","computed":true},"dns_authorizations":{"type":["list","string"],"description":"Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"domains":{"type":["list","string"],"description":"The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution","description_kind":"plain","optional":true},"issuance_config":{"type":"string","description":"The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"provisioning_issue":{"type":["list",["object",{"details":"string","reason":"string"}]],"description":"Information about issues with provisioning this Managed Certificate.","description_kind":"plain","computed":true},"state":{"type":"string","description":"A state of this Managed Certificate.","description_kind":"plain","computed":true}},"description":"Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.","description_kind":"plain"},"max_items":1},"self_managed":{"nesting_mode":"list","block":{"attributes":{"certificate_pem":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true},"pem_certificate":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","optional":true},"pem_private_key":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","optional":true,"sensitive":true},"private_key_pem":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true}},"description":"Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_issuance_config":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a CertificateIssuanceConfig.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description":"Key algorithm to use when generating the private key. Possible values: [\"RSA_2048\", \"ECDSA_P256\"]","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"'Set of label tags associated with the CertificateIssuanceConfig resource.\n An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'.\nExample: \"1814400s\". Valid values are from 21 days (1814400s) to 30 days (2592000s)","description_kind":"plain","required":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate issuance config.\nCertificateIssuanceConfig names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rotation_window_percentage":{"type":"number","description":"It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate.\nMust be a number between 1-99, inclusive.\nYou must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after\nthe certificate has been issued and at least 7 days before it expires.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"certificate_authority_config":{"nesting_mode":"list","block":{"block_types":{"certificate_authority_service_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue a certificate.\nThe CA pool string has a relative resource path following the form\n\"projects/{project}/locations/{location}/caPools/{caPool}\".","description_kind":"plain","required":true}},"description":"Defines a CertificateAuthorityServiceConfig.","description_kind":"plain"},"max_items":1}},"description":"The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map_entry":{"version":0,"block":{"attributes":{"certificates":{"type":["list","string"],"description":"A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map Entry.\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"map":{"type":"string","description":"A map entry that is inputted into the cetrificate map","description_kind":"plain","required":true},"matcher":{"type":"string","description":"A predefined matcher for particular cases, other than SNI selection","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map Entry. Certificate Map Entry\nnames must be unique globally and match pattern\n'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"A serving state of this Certificate Map Entry.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_dns_authorization":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"dns_resource_record":{"type":["list",["object",{"data":"string","name":"string","type":"string"}]],"description":"The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.","description_kind":"plain","computed":true},"domain":{"type":"string","description":"A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the DNS Authorization resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"type of DNS authorization. If unset during the resource creation, FIXED_RECORD will\nbe used for global resources, and PER_PROJECT_RECORD will be used for other locations.\n\nFIXED_RECORD DNS authorization uses DNS-01 validation method\n\nPER_PROJECT_RECORD DNS authorization allows for independent management\nof Google-managed certificates with DNS authorization across multiple\nprojects. Possible values: [\"FIXED_RECORD\", \"PER_PROJECT_RECORD\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_trust_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a trust config.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the trust config.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The trust config location.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the trust config. Trust config names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"allowlisted_certificates":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.","description_kind":"plain","required":true}},"description":"Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as\nthe certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trust_stores":{"nesting_mode":"list","block":{"block_types":{"intermediate_cas":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM intermediate certificate used for building up paths for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"Set of intermediate CA certificates used for the path building phase of chain validation.\nThe field is currently not supported if trust config is used for the workload certificate feature.","description_kind":"plain"}},"trust_anchors":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM root certificate of the PKI used for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"List of Trust Anchors to be used while performing validation against a given TrustStore.","description_kind":"plain"}}},"description":"Set of trust stores to perform validation against.\nThis field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_folder_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder this feed should be created in.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The ID of the folder where this feed has been created. Both [FOLDER_NUMBER]\nand folders/[FOLDER_NUMBER] are accepted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_organization_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The organization this feed should be created in.","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_project_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing. If not specified, the resource's\nproject will be used.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group":{"version":0,"block":{"attributes":{"additional_group_keys":{"type":["list",["object",{"id":"string","namespace":"string"}]],"description":"Additional group keys associated with the Group","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the Group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An extended description to help users determine the purpose of a Group.\nMust not be longer than 4,096 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_group_config":{"type":"string","description":"The initial configuration options for creating a Group.\n\nSee the\n[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)\nfor possible values. Default value: \"EMPTY\" Possible values: [\"INITIAL_GROUP_CONFIG_UNSPECIFIED\", \"WITH_INITIAL_OWNER\", \"EMPTY\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.\n\nGoogle Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.\n\nExisting Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.\n\nDynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.\n\nIdentity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the Group in the format: groups/{group_id}, where group_id\nis the unique ID assigned to the Group.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the Group was last updated.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the Group.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group_membership":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the Membership was created.","description_kind":"plain","computed":true},"group":{"type":"string","description":"The name of the Group to create this membership in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the membership.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the Membership was last updated.","description_kind":"plain","computed":true}},"block_types":{"preferred_member_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the member.","description_kind":"plain"},"max_items":1},"roles":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values: [\"OWNER\", \"MANAGER\", \"MEMBER\"]","description_kind":"plain","required":true}},"block_types":{"expiry_detail":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time at which the MembershipRole will expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.\n\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"The MembershipRole expiry details, only supported for MEMBER role.\nOther roles cannot be accompanied with MEMBER role having expiry.","description_kind":"plain"},"max_items":1}},"description":"The MembershipRoles that apply to the Membership.\nMust not contain duplicate MembershipRoles with the same name.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_ids_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC 3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the endpoint.","description_kind":"plain","optional":true},"endpoint_forwarding_rule":{"type":"string","description":"URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"Internal IP address of the endpoint's network entry point.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like \"src-net\") or the full URL to the network (like \"projects/{project_id}/global/networks/src-net\").","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The minimum alert severity level that is reported by the endpoint. Possible values: [\"INFORMATIONAL\", \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\"]","description_kind":"plain","required":true},"threat_exceptions":{"type":["list","string"],"description":"Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Last update timestamp in RFC 3339 text format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_quotas_quota_preference":{"version":0,"block":{"attributes":{"contact_email":{"type":"string","description":"An email address that can be used for quota related communication between the Google Cloud and the user in case the Google Cloud needs further information to make a decision on whether the user preferred quota can be granted.\n\nThe Google account for the email address must have quota update permission for the project, folder or organization this quota preference is for.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time stamp.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dimensions":{"type":["map","string"],"description":"The dimensions that this quota preference applies to. The key of the map entry is the name of a dimension, such as \"region\", \"zone\", \"network_id\", and the value of the map entry is the dimension value. If a dimension is missing from the map of dimensions, the quota preference applies to all the dimension values except for those that have other quota preferences configured for the specific value.\n\nNOTE: QuotaPreferences can only be applied across all values of \"user\" and \"resource\" dimension. Do not set values for \"user\" or \"resource\" in the dimension map.\n\nExample: '{\"provider\": \"Foo Inc\"}' where \"provider\" is a service specific dimension.","description_kind":"plain","optional":true,"computed":true},"etag":{"type":"string","description":"The current etag of the quota preference. If an etag is provided on update and does not match the current server's etag of the quota preference, the request will be blocked and an ABORTED error will be returned. See https://google.aip.dev/134#etags for more details on etags.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_safety_checks":{"type":"string","description":"The list of quota safety checks to be ignored. Default value: \"QUOTA_SAFETY_CHECK_UNSPECIFIED\" Possible values: [\"QUOTA_SAFETY_CHECK_UNSPECIFIED\", \"QUOTA_DECREASE_BELOW_USAGE\", \"QUOTA_DECREASE_PERCENTAGE_TOO_HIGH\"]","description_kind":"plain","optional":true},"justification":{"type":"string","description":"The reason / justification for this quota preference.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the quota preference. Required except in the CREATE requests.","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The parent of the quota preference. Allowed parents are \"projects/[project-id / number]\" or \"folders/[folder-id / number]\" or \"organizations/[org-id / number]\".","description_kind":"plain","optional":true,"computed":true},"quota_id":{"type":"string","description":"The id of the quota to which the quota preference is applied. A quota id is unique in the service.\nExample: 'CPUS-per-project-region'.","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Is the quota preference pending Google Cloud approval and fulfillment.","description_kind":"plain","computed":true},"service":{"type":"string","description":"The name of the service to which the quota preference is applied.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Update time stamp.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true}},"block_types":{"quota_config":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"The annotations map for clients to store small amounts of arbitrary data. Do not put PII or other sensitive information here. See https://google.aip.dev/128#annotations.\n\nAn object containing a list of \"key: value\" pairs. Example: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"granted_value":{"type":"string","description":"Granted quota value.","description_kind":"plain","computed":true},"preferred_value":{"type":"string","description":"The preferred value. Must be greater than or equal to -1. If set to -1, it means the value is \"unlimited\".","description_kind":"plain","required":true},"request_origin":{"type":"string","description":"The origin of the quota preference request.","description_kind":"plain","computed":true},"state_detail":{"type":"string","description":"Optional details about the state of this quota preference.","description_kind":"plain","computed":true},"trace_id":{"type":"string","description":"The trace id that the Google Cloud uses to provision the requested quota. This trace id may be used by the client to contact Cloud support to track the state of a quota preference request. The trace id is only produced for increase requests and is unique for each request. The quota decrease requests do not have a trace id.","description_kind":"plain","computed":true}},"description":"The preferred quota configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_domain_mapping":{"version":1,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"mapped_route_name":"string","observed_generation":"number","resource_records":["list",["object",{"name":"string","rrdata":"string","type":"string"}]]}]],"description":"The current status of the DomainMapping.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","required":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.\n\nMore info:\nhttps://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.\n\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids","description_kind":"plain","computed":true}},"description":"Metadata associated with this DomainMapping.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"certificate_mode":{"type":"string","description":"The mode of the certificate. Default value: \"AUTOMATIC\" Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true},"force_override":{"type":"bool","description":"If set, the mapping will override any mapping set before this spec was set.\nIt is recommended that the user leaves this empty to receive an error\nwarning about a potential conflict and only set it once the respective UI\nhas given such a warning.","description_kind":"plain","optional":true},"route_name":{"type":"string","description":"The name of the Cloud Run Service that this DomainMapping applies to.\nThe route must exist.","description_kind":"plain","required":true}},"description":"The spec for this DomainMapping.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Service:\n\n- 'run.googleapis.com/binary-authorization-breakglass' sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass).\n- 'run.googleapis.com/binary-authorization' sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization).\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/custom-audiences' sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences)\n that can be used in the audience field of ID token for authenticated requests.\n- 'run.googleapis.com/description' sets a user defined description for the Service.\n- 'run.googleapis.com/ingress' sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress)\n for the Service. For example, '\"run.googleapis.com/ingress\" = \"all\"'.\n- 'run.googleapis.com/launch-stage' sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation)\n when a preview feature is used. For example, '\"run.googleapis.com/launch-stage\": \"BETA\"'\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Revision template:\n\n- 'autoscaling.knative.dev/maxScale' sets the [maximum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run.\n- 'autoscaling.knative.dev/minScale' sets the [minimum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run.\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/cloudsql-instances' sets the [Cloud SQL\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to.\n- 'run.googleapis.com/cpu-throttling' sets whether to throttle the CPU when the container is not actively serving\n requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling.\n- 'run.googleapis.com/encryption-key-shutdown-hours' sets the number of hours to wait before an automatic shutdown\n server after CMEK key revocation is detected.\n- 'run.googleapis.com/encryption-key' sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek)\n reference to encrypt the container with.\n- 'run.googleapis.com/execution-environment' sets the [execution\n environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment)\n where the application will run.\n- 'run.googleapis.com/post-key-revocation-action-type' sets the\n [action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type)\n after CMEK key revocation.\n- 'run.googleapis.com/secrets' sets a list of key-value pairs to set as\n [secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml).\n- 'run.googleapis.com/sessionAffinity' sets whether to enable\n [session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity)\n for connections to the Revision.\n- 'run.googleapis.com/startup-cpu-boost' sets whether to allocate extra CPU to containers on startup.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost.\n- 'run.googleapis.com/vpc-access-connector' sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1)\n for the Revision.\n- 'run.googleapis.com/vpc-access-egress' sets the outbound traffic to send through the VPC connector for this resource.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress.","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number. It will default to the resource's project.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Optional metadata for this Revision, including labels and annotations.\nName will be generated by the Configuration. To set minimum instances\nfor this revision, use the \"autoscaling.knative.dev/minScale\" annotation\nkey. To set maximum instances for this revision, use the\n\"autoscaling.knative.dev/maxScale\" annotation key. To set Cloud SQL\nconnections for the revision, use the \"run.googleapis.com/cloudsql-instances\"\nannotation key.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"container_concurrency":{"type":"number","description":"ContainerConcurrency specifies the maximum allowed in-flight (concurrent)\nrequests per container of the Revision. If not specified or 0, defaults to 80 when\nrequested CPU \u003e= 1 and defaults to 1 when requested CPU \u003c 1.","description_kind":"plain","optional":true,"computed":true},"service_account_name":{"type":"string","description":"Email address of the IAM service account associated with the revision of the\nservice. The service account represents the identity of the running revision,\nand determines what permissions the revision has. If not provided, the revision\nwill use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"serving_state":{"type":"string","description":"ServingState holds a value describing the state the resources\nare in for this Revision.\nIt is expected\nthat the system will manipulate this based on routability and load.","description_kind":"plain","deprecated":true,"computed":true},"timeout_seconds":{"type":"number","description":"TimeoutSeconds holds the max duration the instance is allowed for responding to a request.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint.\nThe docker image's CMD is used if this is not provided.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell.\nThe docker image's ENTRYPOINT is used if this is not provided.","description_kind":"plain","optional":true},"image":{"type":"string","description":"Docker image name. This is most often a reference to a container located\nin the container registry, such as gcr.io/cloudrun/hello","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container","description_kind":"plain","optional":true,"computed":true},"working_dir":{"type":"string","description":"Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.","description_kind":"plain","deprecated":true,"optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Defaults to \"\".","description_kind":"plain","optional":true}},"block_types":{"value_from":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud Secret Manager secret version. Must be 'latest' for the latest\nversion or an integer for a specific version.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form: :projects/{project-id|project-number}/secrets/.\nIf multiple alias definitions are needed, they must be separated by commas.\nThe alias definitions must be set on the run.googleapis.com/secrets annotation.","description_kind":"plain","required":true}},"description":"Selects a key (version) of a secret in Secret Manager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Source for the environment variable's value. Only supports secret_key_ref.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"env_from":{"nesting_mode":"list","block":{"attributes":{"prefix":{"type":"string","description":"An optional identifier to prepend to each key in the ConfigMap.","description_kind":"plain","optional":true}},"block_types":{"config_map_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the ConfigMap must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1},"secret_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the Secret must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"List of sources to populate environment variables in the container.\nAll invalid keys will be reported as an event when the container is starting.\nWhen a key exists in multiple sources, the value associated with the last source will\ntake precedence. Values defined by an Env with a duplicate key will take\nprecedence.","description_kind":"plain","deprecated":true}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 3600.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 3600.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than period_seconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails.","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to \"8080\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" (HTTP/1) and \"h2c\" (HTTP/2 end-to-end). Defaults to \"http1\".","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"Protocol for port. Must be \"TCP\". Defaults to \"TCP\".","description_kind":"plain","optional":true}},"description":"List of open ports in the container.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Limits describes the maximum amount of compute resources allowed.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"requests":{"type":["map","string"],"description":"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is\nexplicitly specified, otherwise to an implementation-defined value.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true}},"description":"Compute Resources required by this container. Used to set values such as max memory","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 240.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 240.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than periodSeconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TcpSocket specifies an action involving a TCP port.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container.\nAll other probes are disabled if a startup probe is provided, until it\nsucceeds. Container will not be added to service endpoints if the probe fails.","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must\nnot contain ':'.","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.\nOnly supports SecretVolumeSources.","description_kind":"plain"}}},"description":"Containers defines the unit of execution for this Revision.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Mode bits to use on created files by default. Must be a value between 0000\nand 0777. Defaults to 0644. Directories within the path are not affected by\nthis setting. This might be in conflict with other options that affect the\nfile mode, like fsGroup, and the result can be other mode bits set.","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret\nis assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form:\n{alias}:projects/{project-id|project-number}/secrets/{secret-name}.\nIf multiple alias definitions are needed, they must be separated by\ncommas.\nThe alias definitions must be set on the run.googleapis.com/secrets\nannotation.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The Cloud Secret Manager secret version.\nCan be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true},"mode":{"type":"number","description":"Mode bits to use on this file, must be a value between 0000 and 0777. If\nnot specified, the volume defaultMode will be used. This might be in\nconflict with other options that affect the file mode, like fsGroup, and\nthe result can be other mode bits set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the\nsecret_name.\nIf specified, the key will be used as the version to fetch from Cloud\nSecret Manager and the path will be the name of the file exposed in the\nvolume. When items are defined, they must specify a key and a path.","description_kind":"plain"}}},"description":"The secret's value will be presented as the content of a file whose\nname is defined in the item path. If no items are defined, the name of\nthe file is the secret_name.","description_kind":"plain"},"max_items":1}},"description":"Volume represents a named volume in a container.","description_kind":"plain"}}},"description":"RevisionSpec holds the desired state of the Revision (from the client).","description_kind":"plain"},"max_items":1}},"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"latest_revision":{"type":"bool","description":"LatestRevision may be optionally provided to indicate that the latest ready\nRevision of the Configuration should be used for this traffic target. When\nprovided LatestRevision must be true if RevisionName is empty; it must be\nfalse when RevisionName is non-empty.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Percent specifies percent of the traffic to this Revision or Configuration.","description_kind":"plain","required":true},"revision_name":{"type":"string","description":"RevisionName of a specific revision to which to send this portion of traffic.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Tag is optionally used to expose a dedicated url for referencing this target exclusively.","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL displays the URL for accessing tagged traffic targets. URL is displayed in status,\nand is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,\nbut may not contain anything else (e.g. basic auth, url path, etc.)","description_kind":"plain","computed":true}},"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 ExecutionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter,\nor break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or\nhttps://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 ExecutionTemplate.","description_kind":"plain","optional":true},"parallelism":{"type":"number","description":"Specifies the maximum desired number of tasks the execution should run at given time. Must be \u003c= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.","description_kind":"plain","optional":true,"computed":true},"task_count":{"type":"number","description":"Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/","description_kind":"plain","optional":true,"computed":true}},"block_types":{"template":{"nesting_mode":"list","block":{"attributes":{"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The execution environment being used to host this Task. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true,"computed":true},"max_retries":{"type":"number","description":"Number of retries allowed per Task, before marking this Task failed.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"timeout":{"type":"string","description":"Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Literal value of the environment variable. Defaults to \"\" and the maximum allowed length is 32768 characters. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the single container that defines the unit of execution for this task.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["list","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run job.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"Describes the task(s) that will be created when executing an execution","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The template used to create executions for this Job.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 RevisionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The sandbox environment to host this Revision. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc.\nFor more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 RevisionTemplate.","description_kind":"plain","optional":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of requests that each serving instance can receive.\nIf not specified or 0, defaults to 80 when requested CPU \u003e= 1 and defaults to 1 when requested CPU \u003c 1.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"session_affinity":{"type":"bool","description":"Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Max allowed time for an instance to respond to a request.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"depends_on":{"type":["list","string"],"description":"Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy.","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and may not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Literal value of the environment variable. Defaults to \"\" and the maximum allowed length is 32768 characters. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","optional":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the exposed port of the container, which\nis the value of container.ports[0].containerPort.","description_kind":"plain","required":true}},"description":"TCPSocketAction describes an action based on opening a socket","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true,"computed":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu_idle":{"type":"bool","description":"Determines whether CPU is only allocated during requests. True by default if the parent 'resources' field is not set. However, if\n'resources' is set, this field must be explicitly set to true to preserve the default behavior.","description_kind":"plain","optional":true},"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"startup_cpu_boost":{"type":"bool","description":"Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.","description_kind":"plain","optional":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the containers that define the unit of execution for this Service.","description_kind":"plain"}},"scaling":{"nesting_mode":"list","block":{"attributes":{"max_instance_count":{"type":"number","description":"Maximum number of serving instances that this resource should have.","description_kind":"plain","optional":true},"min_instance_count":{"type":"number","description":"Minimum number of serving instances that this resource should have.","description_kind":"plain","optional":true}},"description":"Scaling settings for this Revision.","description_kind":"plain"},"max_items":1},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["set","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"GCS Bucket name","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the GCS bucket as read-only","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA.","description_kind":"plain"},"max_items":1},"nfs":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path that is exported by the NFS server.","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the NFS volume as read only","description_kind":"plain","optional":true},"server":{"type":"string","description":"Hostname or IP address of the NFS server","description_kind":"plain","required":true}},"description":"Represents an NFS mount.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","optional":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run service.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"The template used to create revisions for this Service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"percent":{"type":"number","description":"Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"Revision to which to send this portion of traffic, if traffic allocation is by revision.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Indicates a string to be part of the URI to exclusively reference this target.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The allocation type for this traffic target. Possible values: [\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\", \"TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION\"]","description_kind":"plain","optional":true}},"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_scheduler_job":{"version":0,"block":{"attributes":{"attempt_deadline":{"type":"string","description":"The deadline for job attempts. If the request handler does not respond by this deadline then the request is\ncancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in\nexecution logs. Cloud Scheduler will retry the job according to the RetryConfig.\nThe allowed duration for this deadline is:\n* For HTTP targets, between 15 seconds and 30 minutes.\n* For App Engine HTTP targets, between 15 seconds and 24 hours.\n* **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human-readable description for the job.\nThis string must not contain more than 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the job.","description_kind":"plain","required":true},"paused":{"type":"bool","description":"Sets the job to a paused state. Jobs default to being enabled when this property is not set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the scheduler job resides. If it is not provided, Terraform will use the provider default.","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Describes the schedule on which the job will be executed.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the job.","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting schedule.\nThe value of this field must be a time zone name from the tz database.","description_kind":"plain","optional":true}},"block_types":{"app_engine_http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST or PUT.\nIt will result in invalid argument error to set a body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"HTTP request headers.\nThis map contains the header field names and values.\nHeaders can be set when the job is created.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"relative_uri":{"type":"string","description":"The relative URI.\nThe relative URL must begin with \"/\" and must be a valid HTTP relative URL.\nIt can contain a path, query string arguments, and \\# fragments.\nIf the relative URL is empty, then the root path \"/\" will be used.\nNo spaces are allowed, and the maximum length allowed is 2083 characters","description_kind":"plain","required":true}},"block_types":{"app_engine_routing":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"App instance.\nBy default, the job is sent to an instance which is available when the job is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\nBy default, the job is sent to the service which is the default service when the job is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\nBy default, the job is sent to the version which is the default version when the job is attempted.","description_kind":"plain","optional":true}},"description":"App Engine Routing setting for the job.","description_kind":"plain"},"max_items":1}},"description":"App Engine HTTP target.\nIf the job providers a App Engine HTTP target the cron will\nsend a request to the service instance","description_kind":"plain"},"max_items":1},"http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST, PUT, or PATCH.\nIt is an error to set body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"This map contains the header field names and values.\nRepeated headers are not supported, but a header value can contain commas.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The full URI path that the request will be sent to.","description_kind":"plain","required":true}},"block_types":{"oauth_token":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"OAuth scope to be used for generating OAuth access token. If not specified,\n\"https://www.googleapis.com/auth/cloud-platform\" will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OAuth token.\nThis type of authorization should be used when sending requests to a GCP endpoint.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. If not specified,\nthe URI specified in target will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OpenID Connect token.\nThis type of authorization should be used when sending requests to third party endpoints or Cloud Run.","description_kind":"plain"},"max_items":1}},"description":"HTTP target.\nIf the job providers a http_target the cron will\nsend a request to the targeted url","description_kind":"plain"},"max_items":1},"pubsub_target":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Attributes for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.","description_kind":"plain","optional":true},"data":{"type":"string","description":"The message payload for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.\n\n A base64-encoded string.","description_kind":"plain","optional":true},"topic_name":{"type":"string","description":"The full resource name for the Cloud Pub/Sub topic to which\nmessages will be published when a job is delivered. ~\u003e**NOTE:**\nThe topic name must be in the same format as required by PubSub's\nPublishRequest.name, e.g. 'projects/my-project/topics/my-topic'.","description_kind":"plain","required":true}},"description":"Pub/Sub target\nIf the job providers a Pub/Sub target the cron will publish\na message to the provided topic","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_backoff_duration":{"type":"string","description":"The maximum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\nA job's retry interval starts at minBackoffDuration,\nthen doubles maxDoublings times, then increases linearly,\nand finally retries retries at intervals of maxBackoffDuration up to retryCount times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"The time limit for retrying a failed job, measured from time when an execution was first attempted.\nIf specified with retryCount, the job will be retried until both limits are reached.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"min_backoff_duration":{"type":"string","description":"The minimum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"retry_count":{"type":"number","description":"The number of attempts that the system will make to run a\njob using the exponential backoff procedure described by maxDoublings.\nValues greater than 5 and negative values are not allowed.","description_kind":"plain","optional":true,"computed":true}},"description":"By default, if a job does not complete successfully,\nmeaning that an acknowledgement is not received from the handler,\nthen it will be retried with exponential backoff according to the settings","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the queue","description_kind":"plain","required":true},"name":{"type":"string","description":"The queue name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"app_engine_routing_override":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The host that the task is sent to.","description_kind":"plain","computed":true},"instance":{"type":"string","description":"App instance.\n\nBy default, the task is sent to an instance which is available when the task is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\n\nBy default, the task is sent to the service which is the default service when the task is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\n\nBy default, the task is sent to the version which is the default version when the task is attempted.","description_kind":"plain","optional":true}},"description":"Overrides for task-level appEngineRouting. These settings apply only\nto App Engine tasks in this queue","description_kind":"plain"},"max_items":1},"rate_limits":{"nesting_mode":"list","block":{"attributes":{"max_burst_size":{"type":"number","description":"The max burst size.\n\nMax burst size limits how fast tasks in queue are processed when many tasks are\nin the queue and the rate is high. This field allows the queue to have a high\nrate so processing starts shortly after a task is enqueued, but still limits\nresource usage when many tasks are enqueued in a short period of time.","description_kind":"plain","computed":true},"max_concurrent_dispatches":{"type":"number","description":"The maximum number of concurrent tasks that Cloud Tasks allows to\nbe dispatched for this queue. After this threshold has been\nreached, Cloud Tasks stops dispatching tasks until the number of\nconcurrent requests decreases.","description_kind":"plain","optional":true,"computed":true},"max_dispatches_per_second":{"type":"number","description":"The maximum rate at which tasks are dispatched from this queue.\n\nIf unspecified when the queue is created, Cloud Tasks will pick the default.","description_kind":"plain","optional":true,"computed":true}},"description":"Rate limits for task dispatches.\n\nThe queue's actual dispatch rate is the result of:\n\n* Number of tasks in the queue\n* User-specified throttling: rateLimits, retryConfig, and the queue's state.\n* System throttling due to 429 (Too Many Requests) or 503 (Service\n Unavailable) responses from the worker, high error rates, or to\n smooth sudden large traffic spikes.","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_attempts":{"type":"number","description":"Number of attempts per task.\n\nCloud Tasks will attempt the task maxAttempts times (that is, if\nthe first attempt fails, then there will be maxAttempts - 1\nretries). Must be \u003e= -1.\n\nIf unspecified when the queue is created, Cloud Tasks will pick\nthe default.\n\n-1 indicates unlimited attempts.","description_kind":"plain","optional":true,"computed":true},"max_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\n\nA task's retry interval starts at minBackoff, then doubles maxDoublings times,\nthen increases linearly, and finally retries retries at intervals of maxBackoff\nup to maxAttempts times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"If positive, maxRetryDuration specifies the time limit for\nretrying a failed task, measured from when the task was first\nattempted. Once maxRetryDuration time has passed and the task has\nbeen attempted maxAttempts times, no further attempts will be\nmade and the task will be deleted.\n\nIf zero, then the task age is unlimited.","description_kind":"plain","optional":true,"computed":true},"min_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings that determine the retry behavior.","description_kind":"plain"},"max_items":1},"stackdriver_logging_config":{"nesting_mode":"list","block":{"attributes":{"sampling_ratio":{"type":"number","description":"Specifies the fraction of operations to write to Stackdriver Logging.\nThis field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the\ndefault and means that no operations are logged.","description_kind":"plain","required":true}},"description":"Configuration options for writing logs to Stackdriver Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_bitbucket_server_config":{"version":0,"block":{"attributes":{"api_key":{"type":"string","description":"Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true},"config_id":{"type":"string","description":"The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name.","description_kind":"plain","required":true},"host_uri":{"type":"string","description":"Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed.\nIf you need to change it, please create another BitbucketServerConfig.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of this bitbucket server config.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the config.","description_kind":"plain","computed":true},"peered_network":{"type":"string","description":"The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection.\nThis should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty,\nno network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format\nprojects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username of the account Cloud Build will use on Bitbucket Server.","description_kind":"plain","required":true},"webhook_key":{"type":"string","description":"Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config.","description_kind":"plain","computed":true}},"block_types":{"connected_repositories":{"nesting_mode":"set","block":{"attributes":{"project_key":{"type":"string","description":"Identifier for the project storing the repository.","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Identifier for the repository.","description_kind":"plain","required":true}},"description":"Connected Bitbucket Server repositories for this config.","description_kind":"plain"}},"secrets":{"nesting_mode":"list","block":{"attributes":{"admin_access_token_version_name":{"type":"string","description":"The resource name for the admin access token's secret version.","description_kind":"plain","required":true},"read_access_token_version_name":{"type":"string","description":"The resource name for the read access token's secret version.","description_kind":"plain","required":true},"webhook_secret_version_name":{"type":"string","description":"Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true}},"description":"Secret Manager secrets needed by the config.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","optional":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","optional":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","optional":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","computed":true}},"block_types":{"approval_config":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether or not approval is needed. If this is set on a build, it will become pending when run,\nand will need to be explicitly approved to start.","description_kind":"plain","optional":true}},"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain"},"max_items":1},"bitbucket_server_trigger_config":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config_resource":{"type":"string","description":"The Bitbucket server config resource that this trigger config maps to.","description_kind":"plain","required":true},"project_key":{"type":"string","description":"Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is \"TEST\".","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL.\nFor example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo.","description_kind":"plain","required":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Filter to match changes in pull requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the gitRef regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"Filter to match changes in refs like branches, tags.","description_kind":"plain"},"max_items":1}},"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain"},"max_items":1},"build":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\nThe images are pushed using the builder service account's credentials.\nThe digests of the pushed images will be stored in the Build resource's results field.\nIf any of the images fail to be pushed, the build status is marked FAILURE.","description_kind":"plain","optional":true},"logs_bucket":{"type":"string","description":"Google Cloud Storage bucket where logs should be written.\nLogs file names will be of the format ${logsBucket}/log-${build_id}.txt.","description_kind":"plain","optional":true},"queue_ttl":{"type":"string","description":"TTL in queue for this build. If provided and the build is enqueued longer than this value,\nthe build will expire and the build status will be EXPIRED.\nThe TTL starts ticking from createTime.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a Build. These are not docker tags.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Amount of time that this build should be allowed to run, to second granularity.\nIf this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.\nThis timeout must be equal to or greater than the sum of the timeouts for build steps within the build.\nThe expected format is the number of seconds followed by s.\nDefault time is ten minutes (600s).","description_kind":"plain","optional":true}},"block_types":{"artifacts":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\n\nThe images will be pushed using the builder service account's credentials.\n\nThe digests of the pushed images will be stored in the Build resource's results field.\n\nIf any of the images fail to be pushed, the build is marked FAILURE.","description_kind":"plain","optional":true}},"block_types":{"maven_artifacts":{"nesting_mode":"list","block":{"attributes":{"artifact_id":{"type":"string","description":"Maven artifactId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"Maven groupId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY\"\n\nArtifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Maven version value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true}},"description":"A Maven artifact to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"npm_packages":{"nesting_mode":"list","block":{"attributes":{"package_path":{"type":"string","description":"Path to the package.json. e.g. workspace/path/to/package","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY\"\n\nNpm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Npm package to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"objects":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\".\n\nFiles in the workspace matching any path pattern will be uploaded to Cloud Storage with\nthis location as a prefix.","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace.","description_kind":"plain","optional":true},"timing":{"type":["list",["object",{"end_time":"string","start_time":"string"}]],"description":"Output only. Stores timing information for pushing all artifact objects.","description_kind":"plain","computed":true}},"description":"A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.\n\nFiles in the workspace matching specified paths globs will be uploaded to the\nCloud Storage location using the builder service account's credentials.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"},"max_items":1},"python_packages":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY\"\n\nFiles in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}}},"description":"Artifacts produced by the build that should be uploaded upon successful completion of all build steps.","description_kind":"plain"},"max_items":1},"available_secrets":{"nesting_mode":"list","block":{"block_types":{"secret_manager":{"nesting_mode":"list","block":{"attributes":{"env":{"type":"string","description":"Environment variable name to associate with the secret. Secret environment\nvariables must be unique across all of a build's secrets, and must be used\nby at least one build step.","description_kind":"plain","required":true},"version_name":{"type":"string","description":"Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*","description_kind":"plain","required":true}},"description":"Pairs a secret environment variable with a SecretVersion in Secret Manager.","description_kind":"plain"},"min_items":1}},"description":"Secrets and secret environment variables.","description_kind":"plain"},"max_items":1},"options":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Requested disk size for the VM that runs the build. Note that this is NOT \"disk free\";\nsome of the space will be used by the operating system and build utilities.\nAlso note that this is the minimum disk size that will be allocated for the build --\nthe build may run with a larger disk than requested. At present, the maximum disk size\nis 1000GB; builds that request more than the maximum are rejected with an error.","description_kind":"plain","optional":true},"dynamic_substitutions":{"type":"bool","description":"Option to specify whether or not to apply bash style string operations to the substitutions.\n\nNOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file.","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of global environment variable definitions that will exist for all build steps\nin this build. If a variable is defined in both globally and in a build step,\nthe variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"log_streaming_option":{"type":"string","description":"Option to define build log streaming behavior to Google Cloud Storage. Possible values: [\"STREAM_DEFAULT\", \"STREAM_ON\", \"STREAM_OFF\"]","description_kind":"plain","optional":true},"logging":{"type":"string","description":"Option to specify the logging mode, which determines if and where build logs are stored. Possible values: [\"LOGGING_UNSPECIFIED\", \"LEGACY\", \"GCS_ONLY\", \"STACKDRIVER_ONLY\", \"CLOUD_LOGGING_ONLY\", \"NONE\"]","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Compute Engine machine type on which to run the build.","description_kind":"plain","optional":true},"requested_verify_option":{"type":"string","description":"Requested verifiability options. Possible values: [\"NOT_VERIFIED\", \"VERIFIED\"]","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of global environment variables, which are encrypted using a Cloud Key Management\nService crypto key. These values must be specified in the build's Secret. These variables\nwill be available to all build steps in this build.","description_kind":"plain","optional":true},"source_provenance_hash":{"type":["list","string"],"description":"Requested hash for SourceProvenance. Possible values: [\"NONE\", \"SHA256\", \"MD5\"]","description_kind":"plain","optional":true},"substitution_option":{"type":"string","description":"Option to specify behavior when there is an error in the substitution checks.\n\nNOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden\nin the build configuration file. Possible values: [\"MUST_MATCH\", \"ALLOW_LOOSE\"]","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool}\n\nThis field is experimental.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for Docker volumes.\nEach named volume must be used by at least two build steps.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on the same\nbuild step or with certain reserved volume paths.","description_kind":"plain","optional":true}},"description":"Global list of volumes to mount for ALL build steps\n\nEach volume is created as an empty volume prior to starting the build process.\nUpon completion of the build, volumes and their contents are discarded. Global\nvolume names and paths cannot conflict with the volumes defined a build step.\n\nUsing a global volume in a build with only one step is not valid as it is indicative\nof a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"Special options for this build.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Cloud KMS key name to use to decrypt these envs.","description_kind":"plain","required":true},"secret_env":{"type":["map","string"],"description":"Map of environment variable name to its encrypted value.\nSecret environment variables must be unique across all of a build's secrets,\nand must be used by at least one build step. Values can be at most 64 KB in size.\nThere can be at most 100 secret values across all of a build's secrets.","description_kind":"plain","optional":true}},"description":"Secrets to decrypt using Cloud Key Management Service.","description_kind":"plain"}},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\nThis must be a relative path. If a step's dir is specified and is an absolute path,\nthis value is ignored for that step's execution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository.\nIf omitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","required":true},"substitutions":{"type":["map","string"],"description":"Substitutions to use in a triggered build. Should only be used with triggers.run","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Location of the source in a Google Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source.","description_kind":"plain","required":true},"generation":{"type":"string","description":"Google Cloud Storage generation for the object.\nIf the generation is omitted, the latest generation will be used","description_kind":"plain","optional":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.\nThis object must be a gzipped archive file (.tar.gz) containing source to build.","description_kind":"plain","required":true}},"description":"Location of the source in an archive file in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the source files to build.\n\nOne of 'storageSource' or 'repoSource' must be provided.","description_kind":"plain"},"max_items":1},"step":{"nesting_mode":"list","block":{"attributes":{"allow_exit_codes":{"type":["list","number"],"description":"Allow this build step to fail without failing the entire build if and\nonly if the exit code is one of the specified codes.\n\nIf 'allowFailure' is also specified, this field will take precedence.","description_kind":"plain","optional":true},"allow_failure":{"type":"bool","description":"Allow this build step to fail without failing the entire build.\nIf false, the entire build will fail if this step fails. Otherwise, the\nbuild will succeed, but this step will still have a failure status.\nError information will be reported in the 'failureDetail' field.\n\n'allowExitCodes' takes precedence over this field.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"A list of arguments that will be presented to the step when it is started.\n\nIf the image used to run the step's container has an entrypoint, the args\nare used as arguments to that entrypoint. If the image does not define an\nentrypoint, the first element in args is used as the entrypoint, and the\nremainder will be used as arguments.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Working directory to use when running this step's container.\n\nIf this value is a relative path, it is relative to the build's working\ndirectory. If this value is absolute, it may be outside the build's working\ndirectory, in which case the contents of the path may not be persisted\nacross build step executions, unless a 'volume' for that path is specified.\n\nIf the build specifies a 'RepoSource' with 'dir' and a step with a\n'dir',\nwhich specifies an absolute path, the 'RepoSource' 'dir' is ignored\nfor the step's execution.","description_kind":"plain","optional":true},"entrypoint":{"type":"string","description":"Entrypoint to be used instead of the build step image's\ndefault entrypoint.\nIf unset, the image's default entrypoint is used","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of environment variable definitions to be used when\nrunning a step.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable\n\"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"id":{"type":"string","description":"Unique identifier for this build step, used in 'wait_for' to\nreference this build step as a dependency.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the container image that will run this particular build step.\n\nIf the image is available in the host's Docker daemon's cache, it will be\nrun directly. If not, the host will attempt to pull the image first, using\nthe builder service account's credentials if necessary.\n\nThe Docker daemon's cache will already have the latest versions of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders\nfor images and examples).\nThe Docker daemon will also have cached many of the layers for some popular\nimages, like \"ubuntu\", \"debian\", but they will be refreshed at the time\nyou attempt to use them.\n\nIf you built an image in a previous build step, it will be stored in the\nhost's Docker daemon's cache and is available to use as the name for a\nlater build step.","description_kind":"plain","required":true},"script":{"type":"string","description":"A shell script to be executed in the step.\nWhen script is provided, the user cannot specify the entrypoint or args.","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of environment variables which are encrypted using\na Cloud Key\nManagement Service crypto key. These values must be specified in\nthe build's 'Secret'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time limit for executing this build step. If not defined,\nthe step has no\ntime limit and will be allowed to continue to run until either it\ncompletes or the build itself times out.","description_kind":"plain","optional":true},"timing":{"type":"string","description":"Output only. Stores timing information for executing this\nbuild step.","description_kind":"plain","optional":true},"wait_for":{"type":["list","string"],"description":"The ID(s) of the step(s) that this build step depends on.\n\nThis build step will not start until all the build steps in 'wait_for'\nhave completed successfully. If 'wait_for' is empty, this build step\nwill start when all previous build steps in the 'Build.Steps' list\nhave completed successfully.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for\nDocker volumes. Each named volume must be used by at least two build steps.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on\nthe same build step or with certain reserved volume paths.","description_kind":"plain","required":true}},"description":"List of volumes to mount into the build step.\n\nEach volume is created as an empty volume prior to execution of the\nbuild step. Upon completion of the build, volumes and their contents\nare discarded.\n\nUsing a named volume in only one step is not valid as it is\nindicative of a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"The operations to be performed on the workspace.","description_kind":"plain"},"min_items":1}},"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain"},"max_items":1},"git_file_source":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the file, with the repo root as the root of the path.","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.\nIf unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true},"revision":{"type":"string","description":"The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the\nfilename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions\nIf unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo (optional). If unspecified, the repo from which the trigger\ninvocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true}},"description":"The file source describing the local or remote Build template.","description_kind":"plain"},"max_items":1},"github":{"nesting_mode":"list","block":{"attributes":{"enterprise_config_resource_name":{"type":"string","description":"The resource name of the github enterprise config that should be applied to this installation.\nFor example: \"projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}\"","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the repository. For example: The name for\nhttps://github.com/googlecloudplatform/cloud-builders is \"cloud-builders\".","description_kind":"plain","optional":true},"owner":{"type":"string","description":"Owner of the repository. For example: The owner for\nhttps://github.com/googlecloudplatform/cloud-builders is \"googlecloudplatform\".","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Whether to block builds on a \"/gcbrun\" comment from a repository owner or collaborator. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1}},"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain"},"max_items":1},"pubsub_config":{"nesting_mode":"list","block":{"attributes":{"service_account_email":{"type":"string","description":"Service account that will make the push request.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true},"subscription":{"type":"string","description":"Output only. Name of the subscription.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The name of the topic from which this subscription is receiving messages.","description_kind":"plain","required":true}},"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"repository_event_config":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The resource name of the Repo API resource.","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment '/gcbrun'. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching Pull Requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching git pushes.","description_kind":"plain"},"max_items":1}},"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain"},"max_items":1},"source_to_build":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"The branch or tag to use. Must start with \"refs/\" (required).","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The qualified resource name of the Repo API repository.\nEither uri or repository can be specified and is required.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo.","description_kind":"plain","optional":true}},"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_template":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\n\nThis must be a relative path. If a step's dir is specified and\nis an absolute path, this value is ignored for that step's\nexecution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If\nomitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true,"computed":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository. If omitted, the name \"default\" is assumed.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true}},"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"webhook_config":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"Resource name for the secret required as a URL parameter.","description_kind":"plain","required":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true}},"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuild_worker_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User specified annotations. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the request to create the `WorkerPool` was received.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Time at which the request to delete the `WorkerPool` was received.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-specified, human-readable name for the `WorkerPool`. If provided, this value must be 1-63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"User-defined name of the `WorkerPool`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. `WorkerPool` state. Possible values: STATE_UNSPECIFIED, PENDING, APPROVED, REJECTED, CANCELLED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A unique identifier for the `WorkerPool`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the request to update the `WorkerPool` was received.","description_kind":"plain","computed":true}},"block_types":{"network_config":{"nesting_mode":"list","block":{"attributes":{"peered_network":{"type":"string","description":"Required. Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See [Understanding network configuration options](https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)","description_kind":"plain","required":true},"peered_network_ip_range":{"type":"string","description":"Optional. Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.","description_kind":"plain","optional":true}},"description":"Network configuration for the `WorkerPool`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Size of the disk attached to the worker, in GB. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If `0` is specified, Cloud Build will use a standard disk size.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of a worker, such as `n1-standard-1`. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use `n1-standard-1`.","description_kind":"plain","optional":true},"no_external_ip":{"type":"bool","description":"If true, workers are created without any public address, which prevents network egress to public IPs.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration to be used for a creating workers in the `WorkerPool`.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"installation_state":{"type":["list",["object",{"action_uri":"string","message":"string","stage":"string"}]],"description":"Output only. Installation state of the Connection.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the connection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the background.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"bitbucket_cloud_config":{"nesting_mode":"list","block":{"attributes":{"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"workspace":{"type":"string","description":"The Bitbucket Cloud Workspace ID to be connected to Google Cloud Platform.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. An access token with the 'webhook', 'repository', 'repository:admin' and 'pullrequest' scope access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate these credentials.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. An access token with the 'repository' access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate the credentials.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for connections to Bitbucket Cloud.","description_kind":"plain"},"max_items":1},"bitbucket_data_center_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the Bitbucket Data Center host this connection is for.","description_kind":"plain","required":true},"server_version":{"type":"string","description":"Output only. Version of the Bitbucket Data Center running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to the Bitbucket Data Center.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A http access token with the 'REPO_ADMIN' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A http access token with the 'REPO_READ' access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a Bitbucket Data Center. This should only be set if the Bitbucket Data Center is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the Bitbucket Data Center will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to Bitbucket Data Center.","description_kind":"plain"},"max_items":1},"github_config":{"nesting_mode":"list","block":{"attributes":{"app_installation_id":{"type":"number","description":"GitHub App installation id.","description_kind":"plain","optional":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"oauth_token_secret_version":{"type":"string","description":"A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to github.com.","description_kind":"plain"},"max_items":1},"github_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"app_id":{"type":"number","description":"Id of the GitHub App created from the manifest.","description_kind":"plain","optional":true},"app_installation_id":{"type":"number","description":"ID of the installation of the GitHub App.","description_kind":"plain","optional":true},"app_slug":{"type":"string","description":"The URL-friendly name of the GitHub App.","description_kind":"plain","optional":true},"host_uri":{"type":"string","description":"Required. The URI of the GitHub Enterprise host this connection is for.","description_kind":"plain","required":true},"private_key_secret_version":{"type":"string","description":"SecretManager resource containing the private key of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitHub Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"SecretManager resource containing the webhook secret of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true}},"block_types":{"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitHub Enterprise.","description_kind":"plain"},"max_items":1},"gitlab_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.","description_kind":"plain","optional":true,"computed":true},"server_version":{"type":"string","description":"Output only. Version of the GitLab Enterprise server running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitLab Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the 'api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the minimum 'read_api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to gitlab.com or an instance of GitLab Enterprise.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_repository":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the repository.","description_kind":"plain","required":true},"parent_connection":{"type":"string","description":"The connection for the resource","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remote_uri":{"type":"string","description":"Required. Git Clone HTTPS URI.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_automation":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. Annotations must meet the following constraints: * Annotations are key/value pairs. * Valid annotation keys have two segments: an optional prefix and name, separated by a slash ('/'). * The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character ('[a-z0-9A-Z]') with dashes ('-'), underscores ('_'), dots ('.'), and alphanumerics between. * The prefix is optional. If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots('.'), not longer than 253 characters in total, followed by a slash ('/'). See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set for more details.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"delivery_pipeline":{"type":"string","description":"The delivery_pipeline for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the 'Automation'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The weak etag of the 'Automation' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 63 characters.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'Automation'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Required. Email address of the user-managed IAM service account that creates Cloud Deploy release and rollout resources.","description_kind":"plain","required":true},"suspended":{"type":"bool","description":"Optional. When Suspended, automation is deactivated from execution.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the 'Automation'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"block_types":{"advance_rollout_rule":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"source_phases":{"type":["list","string"],"description":"Optional. Proceeds only after phase name matched any one in the list. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: '^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$'.","description_kind":"plain","optional":true},"wait":{"type":"string","description":"Optional. How long to wait after a rollout is finished.","description_kind":"plain","optional":true}},"description":"Optional. The 'AdvanceRolloutRule' will automatically advance a successful Rollout.","description_kind":"plain"},"max_items":1},"promote_release_rule":{"nesting_mode":"list","block":{"attributes":{"destination_phase":{"type":"string","description":"Optional. The starting phase of the rollout created by this operation. Default to the first phase.","description_kind":"plain","optional":true},"destination_target_id":{"type":"string","description":"Optional. The ID of the stage in the pipeline to which this 'Release' is deploying. If unspecified, default it to the next stage in the promotion flow. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine if the target is one of the stages in the promotion sequence defined in the pipeline. * \"@next\", the next target in the promotion sequence.","description_kind":"plain","optional":true},"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"wait":{"type":"string","description":"Optional. How long the release need to be paused until being promoted to the next target.","description_kind":"plain","optional":true}},"description":"Optional. 'PromoteReleaseRule' will automatically promote a release from the current target to a specified target.","description_kind":"plain"},"max_items":1}},"description":"Required. List of Automation rules associated with the Automation resource. Must have at least one rule and limited to 250 rules per Delivery Pipeline. Note: the order of the rules here is not the same as the order of execution.","description_kind":"plain"},"min_items":1},"selector":{"nesting_mode":"list","block":{"block_types":{"targets":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"ID of the 'Target'. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine which target is being referred to * \"*\", all targets in a location.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Target labels.","description_kind":"plain","optional":true,"computed":true}},"description":"Contains attributes about a target.","description_kind":"plain"},"min_items":1}},"description":"Required. Selected resources to which the automation will be applied.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time at which the 'CustomTargetType' was created.","description_kind":"plain","computed":true},"custom_target_type_id":{"type":"string","description":"Resource id of the 'CustomTargetType'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the 'CustomTargetType'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The weak etag of the 'CustomTargetType' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the source.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'CustomTargetType'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Unique identifier of the 'CustomTargetType'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time at which the 'CustomTargetType' was updated.","description_kind":"plain","computed":true}},"block_types":{"custom_actions":{"nesting_mode":"list","block":{"attributes":{"deploy_action":{"type":"string","description":"The Skaffold custom action responsible for deploy operations.","description_kind":"plain","required":true},"render_action":{"type":"string","description":"The Skaffold custom action responsible for render operations. If not provided then Cloud Deploy will perform the render operations via 'skaffold render'.","description_kind":"plain","optional":true}},"block_types":{"include_skaffold_modules":{"nesting_mode":"list","block":{"attributes":{"configs":{"type":["list","string"],"description":"The Skaffold Config modules to use from the specified source.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the repository root to the Skaffold file.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"Git ref the package should be cloned from.","description_kind":"plain","optional":true},"repo":{"type":"string","description":"Git repository the package should be cloned from.","description_kind":"plain","required":true}},"description":"Remote git repository containing the Skaffold Config modules.","description_kind":"plain"},"max_items":1},"google_cloud_build_repo":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the repository root to the Skaffold file.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"Branch or tag to use when cloning the repository.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Cloud Build 2nd gen repository in the format of 'projects/\u003cproject\u003e/locations/\u003clocation\u003e/connections/\u003cconnection\u003e/repositories/\u003crepository\u003e'.","description_kind":"plain","required":true}},"description":"Cloud Build 2nd gen repository containing the Skaffold Config modules.","description_kind":"plain"},"max_items":1},"google_cloud_storage":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the source to the Skaffold file.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Cloud Storage source paths to copy recursively. For example, providing 'gs://my-bucket/dir/configs/*' will result in Skaffold copying all files within the 'dir/configs' directory in the bucket 'my-bucket'.","description_kind":"plain","required":true}},"description":"Cloud Storage bucket containing Skaffold Config modules.","description_kind":"plain"},"max_items":1}},"description":"List of Skaffold modules Cloud Deploy will include in the Skaffold Config as required before performing diagnose.","description_kind":"plain"}}},"description":"Configures render and deploy for the 'CustomTargetType' using Skaffold custom actions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"condition":{"type":["list",["object",{"pipeline_ready_condition":["list",["object",{"status":"bool","update_time":"string"}]],"targets_present_condition":["list",["object",{"missing_targets":["list","string"],"status":"bool","update_time":"string"}]],"targets_type_condition":["list",["object",{"error_details":"string","status":"bool"}]]}]],"description":"Output only. Information around the state of the Delivery Pipeline.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Time at which the pipeline was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the `DeliveryPipeline`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `DeliveryPipeline`. Format is `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"suspended":{"type":"bool","description":"When suspended, no new releases or rollouts can be created, but in-progress ones will complete.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `DeliveryPipeline`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the pipeline was updated.","description_kind":"plain","computed":true}},"block_types":{"serial_pipeline":{"nesting_mode":"list","block":{"block_types":{"stages":{"nesting_mode":"list","block":{"attributes":{"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this stage's `Target`.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"The target_id to which this stage points. This field refers exclusively to the last segment of a target name. For example, this field would just be `my-target` (rather than `projects/project/locations/location/targets/my-target`). The location of the `Target` is inferred to be the same as the location of the `DeliveryPipeline` that contains this `Stage`.","description_kind":"plain","optional":true}},"block_types":{"deploy_parameters":{"nesting_mode":"list","block":{"attributes":{"match_target_labels":{"type":["map","string"],"description":"Optional. Deploy parameters are applied to targets with match labels. If unspecified, deploy parameters are applied to all targets (including child targets of a multi-target).","description_kind":"plain","optional":true},"values":{"type":["map","string"],"description":"Required. Values are deploy parameters in key-value pairs.","description_kind":"plain","required":true}},"description":"Optional. The deploy parameters to use for the target in this stage.","description_kind":"plain"}},"strategy":{"nesting_mode":"list","block":{"block_types":{"canary":{"nesting_mode":"list","block":{"block_types":{"canary_deployment":{"nesting_mode":"list","block":{"attributes":{"percentages":{"type":["list","number"],"description":"Required. The percentage based deployments that will occur as a part of a `Rollout`. List is expected in ascending order and each integer n is 0 \u003c= n \u003c 100.","description_kind":"plain","required":true},"verify":{"type":"bool","description":"Whether to run verify tests after each percentage deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of the last phase. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of the first phase. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Configures the progressive based deployment for a Target.","description_kind":"plain"},"max_items":1},"custom_canary_deployment":{"nesting_mode":"list","block":{"block_types":{"phase_configs":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"Required. Percentage deployment for the phase.","description_kind":"plain","required":true},"phase_id":{"type":"string","description":"Required. The ID to assign to the `Rollout` phase. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`.","description_kind":"plain","required":true},"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this phase. These are in addition to the profiles list specified in the `DeliveryPipeline` stage.","description_kind":"plain","optional":true},"verify":{"type":"bool","description":"Whether to run verify tests after the deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of this phase. If this is not configured, postdeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of this phase. If this is not configured, predeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1}},"description":"Required. Configuration for each phase in the canary deployment in the order executed.","description_kind":"plain"},"min_items":1}},"description":"Configures the progressive based deployment for a Target, but allows customizing at the phase level where a phase represents each of the percentage deployments.","description_kind":"plain"},"max_items":1},"runtime_config":{"nesting_mode":"list","block":{"block_types":{"cloud_run":{"nesting_mode":"list","block":{"attributes":{"automatic_traffic_control":{"type":"bool","description":"Whether Cloud Deploy should update the traffic stanza in a Cloud Run Service on the user's behalf to facilitate traffic splitting. This is required to be true for CanaryDeployments, but optional for CustomCanaryDeployments.","description_kind":"plain","optional":true},"canary_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the canary revision while the canary phase is in progress.","description_kind":"plain","optional":true},"prior_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the prior revision while the canary phase is in progress.","description_kind":"plain","optional":true},"stable_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the final stable revision when the stable phase is applied.","description_kind":"plain","optional":true}},"description":"Cloud Run runtime configuration.","description_kind":"plain"},"max_items":1},"kubernetes":{"nesting_mode":"list","block":{"block_types":{"gateway_service_mesh":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified HTTPRoute and Service.","description_kind":"plain","required":true},"http_route":{"type":"string","description":"Required. Name of the Gateway API HTTPRoute.","description_kind":"plain","required":true},"pod_selector_label":{"type":"string","description":"Optional. The label to use when selecting Pods for the Deployment and Service resources. This label must already be present in both resources.","description_kind":"plain","optional":true},"route_update_wait_time":{"type":"string","description":"Optional. The time to wait for route updates to propagate. The maximum configurable time is 3 hours, in seconds format. If unspecified, there is no wait time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true},"stable_cutback_duration":{"type":"string","description":"Optional. The amount of time to migrate traffic back from the canary Service to the original Service during the stable phase deployment. If specified, must be between 15s and 3600s. If unspecified, there is no cutback time.","description_kind":"plain","optional":true}},"description":"Kubernetes Gateway API service mesh configuration.","description_kind":"plain"},"max_items":1},"service_networking":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified Service.","description_kind":"plain","required":true},"disable_pod_overprovisioning":{"type":"bool","description":"Optional. Whether to disable Pod overprovisioning. If Pod overprovisioning is disabled then Cloud Deploy will limit the number of total Pods used for the deployment strategy to the number of Pods the Deployment has on the cluster.","description_kind":"plain","optional":true},"pod_selector_label":{"type":"string","description":"Optional. The label to use when selecting Pods for the Deployment resource. This label must already be present in the Deployment.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true}},"description":"Kubernetes Service networking configuration.","description_kind":"plain"},"max_items":1}},"description":"Kubernetes runtime configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Runtime specific configurations for the deployment strategy. The runtime configuration is used to determine how Cloud Deploy will split traffic to enable a progressive deployment.","description_kind":"plain"},"max_items":1}},"description":"Canary deployment strategy provides progressive percentage based deployments to a Target.","description_kind":"plain"},"max_items":1},"standard":{"nesting_mode":"list","block":{"attributes":{"verify":{"type":"bool","description":"Whether to verify a deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Standard deployment strategy executes a single deploy and allows verifying the deployment.","description_kind":"plain"},"max_items":1}},"description":"Optional. The strategy to use for a `Rollout` to this stage.","description_kind":"plain"},"max_items":1}},"description":"Each stage specifies configuration for a `Target`. The ordering of this list defines the promotion flow.","description_kind":"plain"}}},"description":"SerialPipeline defines a sequential set of stages for a `DeliveryPipeline`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the `Target` was created.","description_kind":"plain","computed":true},"deploy_parameters":{"type":["map","string"],"description":"Optional. The deploy parameters to use for this target.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Optional. Description of the `Target`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `Target`. Format is `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"require_approval":{"type":"bool","description":"Optional. Whether or not the `Target` requires approval.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"Output only. Resource id of the `Target`.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `Target`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the `Target` was updated.","description_kind":"plain","computed":true}},"block_types":{"anthos_cluster":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is `projects/{project}/locations/{location}/memberships/{membership_name}`.","description_kind":"plain","optional":true}},"description":"Information specifying an Anthos Cluster.","description_kind":"plain"},"max_items":1},"custom_target":{"nesting_mode":"list","block":{"attributes":{"custom_target_type":{"type":"string","description":"Required. The name of the CustomTargetType. Format must be `projects/{project}/locations/{location}/customTargetTypes/{custom_target_type}`.","description_kind":"plain","required":true}},"description":"Optional. Information specifying a Custom Target.","description_kind":"plain"},"max_items":1},"execution_configs":{"nesting_mode":"list","block":{"attributes":{"artifact_storage":{"type":"string","description":"Optional. Cloud Storage location in which to store execution outputs. This can either be a bucket (\"gs://my-bucket\") or a path within a bucket (\"gs://my-bucket/my-dir\"). If unspecified, a default bucket located in the same region will be used.","description_kind":"plain","optional":true,"computed":true},"execution_timeout":{"type":"string","description":"Optional. Execution timeout for a Cloud Build Execution. This must be between 10m and 24h in seconds format. If unspecified, a default timeout of 1h is used.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. Google service account to use for execution. If unspecified, the project execution service account (-compute@developer.gserviceaccount.com) is used.","description_kind":"plain","optional":true,"computed":true},"usages":{"type":["list","string"],"description":"Required. Usages when this configuration should be applied.","description_kind":"plain","required":true},"verbose":{"type":"bool","description":"Optional. If true, additional logging will be enabled when running builds in this execution environment.","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Optional. The resource name of the `WorkerPool`, with the format `projects/{project}/locations/{location}/workerPools/{worker_pool}`. If this optional field is unspecified, the default Cloud Build pool will be used.","description_kind":"plain","optional":true}},"description":"Configurations for all execution that relates to this `Target`. Each `ExecutionEnvironmentUsage` value may only be used in a single configuration; using the same value multiple times is an error. When one or more configurations are specified, they must include the `RENDER` and `DEPLOY` `ExecutionEnvironmentUsage` values. When no configurations are specified, execution will use the default specified in `DefaultPool`.","description_kind":"plain"}},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}.","description_kind":"plain","optional":true},"internal_ip":{"type":"bool","description":"Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).","description_kind":"plain","optional":true},"proxy_url":{"type":"string","description":"Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server.","description_kind":"plain","optional":true}},"description":"Information specifying a GKE Cluster.","description_kind":"plain"},"max_items":1},"multi_target":{"nesting_mode":"list","block":{"attributes":{"target_ids":{"type":["list","string"],"description":"Required. The target_ids of this multiTarget.","description_kind":"plain","required":true}},"description":"Information specifying a multiTarget.","description_kind":"plain"},"max_items":1},"run":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Required. The location where the Cloud Run Service should be located. Format is `projects/{project}/locations/{location}`.","description_kind":"plain","required":true}},"description":"Information specifying a Cloud Run deployment target.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_target_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddomains_registration":{"version":0,"block":{"attributes":{"contact_notices":{"type":["list","string"],"description":"The list of contact notices that the caller acknowledges. Possible value is PUBLIC_CONTACT_DATA_ACKNOWLEDGEMENT","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"domain_name":{"type":"string","description":"Required. The domain name. Unicode domain names must be expressed in Punycode format.","description_kind":"plain","required":true},"domain_notices":{"type":["list","string"],"description":"The list of domain notices that you acknowledge. Possible value is HSTS_PRELOADED","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issues":{"type":["list","string"],"description":"Output only. The set of issues with the Registration that require attention.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the Registration.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the Registration resource, in the format projects/*/locations/*/registrations/\u003cdomain_name\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"register_failure_reason":{"type":"string","description":"Output only. The reason the domain registration failed. Only set for domains in REGISTRATION_FAILED state.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the Registration.","description_kind":"plain","computed":true},"supported_privacy":{"type":["list","string"],"description":"Output only. Set of options for the contactSettings.privacy field that this Registration supports.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"contact_settings":{"nesting_mode":"list","block":{"attributes":{"privacy":{"type":"string","description":"Required. Privacy setting for the contacts associated with the Registration.\nValues are PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, and REDACTED_CONTACT_DATA","description_kind":"plain","required":true}},"block_types":{"admin_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"registrant_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"technical_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Settings for contact information linked to the Registration.","description_kind":"plain"},"min_items":1,"max_items":1},"dns_settings":{"nesting_mode":"list","block":{"block_types":{"custom_dns":{"nesting_mode":"list","block":{"attributes":{"name_servers":{"type":["list","string"],"description":"Required. A list of name servers that store the DNS zone for this domain. Each name server is a domain\nname, with Unicode domain names expressed in Punycode format.","description_kind":"plain","required":true}},"block_types":{"ds_records":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm used to generate the referenced DNSKEY.","description_kind":"plain","optional":true},"digest":{"type":"string","description":"The digest generated from the referenced DNSKEY.","description_kind":"plain","optional":true},"digest_type":{"type":"string","description":"The hash function used to generate the digest of the referenced DNSKEY.","description_kind":"plain","optional":true},"key_tag":{"type":"number","description":"The key tag of the record. Must be set in range 0 -- 65535.","description_kind":"plain","optional":true}},"description":"The list of DS records for this domain, which are used to enable DNSSEC. The domain's DNS provider can provide\nthe values to set here. If this field is empty, DNSSEC is disabled.","description_kind":"plain"}}},"description":"Configuration for an arbitrary DNS provider.","description_kind":"plain"},"max_items":1},"glue_records":{"nesting_mode":"list","block":{"attributes":{"host_name":{"type":"string","description":"Required. Domain name of the host in Punycode format.","description_kind":"plain","required":true},"ipv4_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true},"ipv6_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true}},"description":"The list of glue records for this Registration. Commonly empty.","description_kind":"plain"}}},"description":"Settings controlling the DNS configuration of the Registration.","description_kind":"plain"},"max_items":1},"management_settings":{"nesting_mode":"list","block":{"attributes":{"preferred_renewal_method":{"type":"string","description":"The desired renewal method for this Registration. The actual renewalMethod is automatically updated to reflect this choice.\nIf unset or equal to RENEWAL_METHOD_UNSPECIFIED, the actual renewalMethod is treated as if it were set to AUTOMATIC_RENEWAL.\nYou cannot use RENEWAL_DISABLED during resource creation, and you can update the renewal status only when the Registration\nresource has state ACTIVE or SUSPENDED.\n\nWhen preferredRenewalMethod is set to AUTOMATIC_RENEWAL, the actual renewalMethod can be set to RENEWAL_DISABLED in case of\nproblems with the billing account or reported domain abuse. In such cases, check the issues field on the Registration. After\nthe problem is resolved, the renewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","optional":true,"computed":true},"renewal_method":{"type":"string","description":"Output only. The actual renewal method for this Registration. When preferredRenewalMethod is set to AUTOMATIC_RENEWAL,\nthe actual renewalMethod can be equal to RENEWAL_DISABLED—for example, when there are problems with the billing account\nor reported domain abuse. In such cases, check the issues field on the Registration. After the problem is resolved, the\nrenewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","computed":true},"transfer_lock_state":{"type":"string","description":"Controls whether the domain can be transferred to another registrar. Values are UNLOCKED or LOCKED.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings for management of the Registration, including renewal, billing, and transfer","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"yearly_price":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The three-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode is \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from\nregistrations.retrieveRegisterParameters or registrations.searchDomains calls.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"block_types":{"build_config":{"nesting_mode":"list","block":{"attributes":{"build":{"type":"string","description":"The Cloud Build name of the latest successful\ndeployment of the function.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key.","description_kind":"plain","optional":true,"computed":true},"entry_point":{"type":"string","description":"The name of the function (as defined in source code) that will be executed.\nDefaults to the resource name suffix, if not specified. For backward\ncompatibility, if function with given name is not found, then the system\nwill try to use function named \"function\". For Node.js this is name of a\nfunction exported by the module specified in source_location.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"User-provided build-time environment variables for the function.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which to run the function. Required when deploying a new\nfunction, optional when updating an existing function.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The fully-qualified name of the service account to be used for building the container.","description_kind":"plain","optional":true,"computed":true},"worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true}},"block_types":{"automatic_update_policy":{"nesting_mode":"list","block":{"description":"Security patches are applied automatically to the runtime without requiring\nthe function to be redeployed.","description_kind":"plain"},"max_items":1},"on_deploy_update_policy":{"nesting_mode":"list","block":{"attributes":{"runtime_version":{"type":"string","description":"The runtime version which was used during latest function deployment.","description_kind":"plain","computed":true}},"description":"Security patches are only applied when a function is redeployed.","description_kind":"plain"},"max_items":1},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does\nNOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If omitted, the\nproject ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in a Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source","description_kind":"plain","optional":true},"generation":{"type":"number","description":"Google Cloud Storage generation for the object. If the generation\nis omitted, the latest generation will be used.","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the function source code.","description_kind":"plain"},"max_items":1}},"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain"},"max_items":1},"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"Required. The type of event to observe.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of a Pub/Sub topic in the same project that will be used\nas the transport topic for the event delivery.","description_kind":"plain","optional":true,"computed":true},"retry_policy":{"type":"string","description":"Describes the retry policy in case of function's execution failure.\nRetried execution is charged as any other execution. Possible values: [\"RETRY_POLICY_UNSPECIFIED\", \"RETRY_POLICY_DO_NOT_RETRY\", \"RETRY_POLICY_RETRY\"]","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Optional. The email of the trigger's service account. The service account\nmust have permission to invoke Cloud Run services. If empty, defaults to the\nCompute Engine default service account: {project_number}-compute@developer.gserviceaccount.com.","description_kind":"plain","optional":true,"computed":true},"trigger":{"type":"string","description":"Output only. The resource name of the Eventarc trigger.","description_kind":"plain","computed":true},"trigger_region":{"type":"string","description":"The region that the trigger will be in. The trigger will only receive\nevents originating in this region. It can be the same\nregion as the function, a different region or multi-region, or the global\nregion. If not provided, defaults to the same region as the function.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_filters":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"'Required. The name of a CloudEvents attribute.\nCurrently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes.\nDo not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of\nthe filter. If not specified, only events that have an exact key-value\npair specified in the filter are matched.\nThe only allowed value is 'match-path-pattern'.\n[See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute.\nIf the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value.","description_kind":"plain","required":true}},"description":"Criteria used to filter events.","description_kind":"plain"}}},"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain"},"max_items":1},"service_config":{"nesting_mode":"list","block":{"attributes":{"all_traffic_on_latest_revision":{"type":"bool","description":"Whether 100% of traffic is routed to the latest revision. Defaults to true.","description_kind":"plain","optional":true},"available_cpu":{"type":"string","description":"The number of CPUs used in a single container instance. Default value is calculated from available memory.","description_kind":"plain","optional":true,"computed":true},"available_memory":{"type":"string","description":"The amount of memory available for a function.\nDefaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is\nsupplied the value is interpreted as bytes.","description_kind":"plain","optional":true,"computed":true},"environment_variables":{"type":["map","string"],"description":"Environment variables that shall be available during function execution.","description_kind":"plain","optional":true,"computed":true},"gcf_uri":{"type":"string","description":"URIs of the Service deployed","description_kind":"plain","computed":true},"ingress_settings":{"type":"string","description":"Available ingress settings. Defaults to \"ALLOW_ALL\" if unspecified. Default value: \"ALLOW_ALL\" Possible values: [\"ALLOW_ALL\", \"ALLOW_INTERNAL_ONLY\", \"ALLOW_INTERNAL_AND_GCLB\"]","description_kind":"plain","optional":true},"max_instance_count":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true,"computed":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.","description_kind":"plain","optional":true,"computed":true},"min_instance_count":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Name of the service associated with a Function.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"The email of the service account for this function.","description_kind":"plain","optional":true,"computed":true},"timeout_seconds":{"type":"number","description":"The function execution timeout. Execution is considered failed and\ncan be terminated if the function is not completed at the end of the\ntimeout period. Defaults to 60 seconds.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the Service deployed.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The Serverless VPC Access connector that this cloud function can connect to.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"Available egress settings. Possible values: [\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\", \"PRIVATE_RANGES_ONLY\", \"ALL_TRAFFIC\"]","description_kind":"plain","optional":true}},"block_types":{"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration.","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.'","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}}},"description":"Describes the Service being deployed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","optional":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","optional":true},"build_service_account":{"type":"string","description":"The fully-qualified name of the service account to be used for the build step of deploying this function","description_kind":"plain","optional":true,"computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","optional":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.","description_kind":"plain","optional":true,"computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","optional":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true,"computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","optional":true,"computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","optional":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","optional":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","optional":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"The type of event to observe. For example: \"google.storage.object.finalize\". See the documentation on calling Cloud Functions for a full reference of accepted triggers.","description_kind":"plain","required":true},"resource":{"type":"string","description":"The name or partial URI of the resource from which to observe events. For example, \"myBucket\" or \"projects/my-project/topics/my-topic\"","description_kind":"plain","required":true}},"block_types":{"failure_policy":{"nesting_mode":"list","block":{"attributes":{"retry":{"type":"bool","description":"Whether the function should be retried on failure. Defaults to false.","description_kind":"plain","required":true}},"description":"Specifies policy for failed executions","description_kind":"plain"},"max_items":1}},"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain"},"max_items":1},"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mount_path as \"/etc/secrets\" would mount the secret value files under the \"/etc/secrets\" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: \"/etc/secrets\" Restricted mount paths: \"/cloudsql\", \"/dev/log\", \"/pod\", \"/proc\", \"/var/log\".","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as \"/etc/secrets\" and path as \"/secret_foo\" would mount the secret value file at \"/etc/secrets/secret_foo\".","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is preferable to use \"latest\" version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the \"latest\" version of the secret will be made available in a file named after the secret under the mount point.","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}},"source_repository":{"nesting_mode":"list","block":{"attributes":{"deployed_url":{"type":"string","description":"The URL pointing to the hosted repository where the function was defined at the time of deployment.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The URL pointing to the hosted repository where the function is defined.","description_kind":"plain","required":true}},"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"airflow_uri":{"type":"string","description":"The URI of the Apache Airflow Web UI hosted within this environment.","description_kind":"plain","computed":true},"dag_gcs_prefix":{"type":"string","description":"The Cloud Storage prefix of the DAGs for this environment. Although Cloud Storage objects reside in a flat namespace, a hierarchical file tree can be simulated using '/'-delimited object name prefixes. DAG objects for this environment reside in a simulated directory with this prefix.","description_kind":"plain","computed":true},"environment_size":{"type":"string","description":"The size of the Cloud Composer environment. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"gke_cluster":{"type":"string","description":"The Kubernetes Engine cluster used to run this environment.","description_kind":"plain","computed":true},"node_count":{"type":"number","description":"The number of nodes in the Kubernetes Engine cluster that will be used to run this environment. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"resilience_mode":{"type":"string","description":"Whether high resilience is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.1.15-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_retention_config":{"nesting_mode":"list","block":{"block_types":{"task_logs_retention_config":{"nesting_mode":"list","block":{"attributes":{"storage_mode":{"type":"string","description":"Whether logs in cloud logging only is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4 and newer.","description_kind":"plain","optional":true}},"description":"Optional. The configuration setting for Task Logs.","description_kind":"plain"},"min_items":1}},"description":"The configuration setting for Airflow data retention mechanism. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4. or newer","description_kind":"plain"},"max_items":1},"database_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. If not specified, db-n1-standard-2 will be used.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. Cloud SQL database preferred zone.","description_kind":"plain","optional":true}},"description":"The configuration of Cloud SQL instance that is used by the Apache Airflow software. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Optional. Customer-managed Encryption Key available through Google's Key Management Service. Cannot be updated.","description_kind":"plain","required":true}},"description":"The encryption options for the Composer environment and its dependencies.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"Maintenance window end time. It is used only to calculate the duration of the maintenance window. The value for end-time must be in the future, relative to 'start_time'.","description_kind":"plain","required":true},"recurrence":{"type":"string","description":"Maintenance window recurrence. Format is a subset of RFC-5545 (https://tools.ietf.org/html/rfc5545) 'RRULE'. The only allowed values for 'FREQ' field are 'FREQ=DAILY' and 'FREQ=WEEKLY;BYDAY=...'. Example values: 'FREQ=WEEKLY;BYDAY=TU,WE', 'FREQ=DAILY'.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Start time of the first recurrence of the maintenance window.","description_kind":"plain","required":true}},"description":"The configuration for Cloud Composer maintenance window.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not master authorized networks is enabled.","description_kind":"plain","required":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"cidr_block must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"display_name is a field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"cidr_blocks define up to 50 external networks that could access Kubernetes master through HTTPS.","description_kind":"plain"}}},"description":"Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The disk size in GB used for node VMs. Minimum size is 20GB. If unspecified, defaults to 100GB. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"enable_ip_masq_agent":{"type":"bool","description":"Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent","description_kind":"plain","optional":true,"computed":true},"ip_allocation_policy":{"type":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"description":"Configuration for controlling how IPs are allocated in the GKE cluster. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. The network must belong to the environment's project. If unspecified, the \"default\" network ID in the environment's project is used. If a Custom Subnet Network is provided, subnetwork must also be provided.","description_kind":"plain","optional":true,"computed":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all node VMs. Cannot be updated. If empty, defaults to [\"https://www.googleapis.com/auth/cloud-platform\"]. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the \"default\" Compute Engine service account is used. Cannot be updated. If given, note that the service account must have roles/composer.worker for any GCP resources created under the Cloud Composer Environment.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The Compute Engine subnetwork to be used for machine communications, specified as a self-link, relative resource name (e.g. \"projects/{project}/regions/{region}/subnetworks/{subnetwork}\"), or by name. If subnetwork is provided, network must also be provided and the subnetwork must belong to the enclosing environment's project and region.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to all node VMs. Tags are used to identify valid sources or targets for network firewalls. Each tag within the list must comply with RFC1035. Cannot be updated.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine zone in which to deploy the VMs running the Apache Airflow software, specified as the zone name or relative resource name (e.g. \"projects/{project}/zones/{zone}\"). Must belong to the enclosing environment's project and region. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Kubernetes Engine cluster.","description_kind":"plain"},"max_items":1},"private_environment_config":{"nesting_mode":"list","block":{"attributes":{"cloud_composer_connection_subnetwork":{"type":"string","description":"When specified, the environment will use Private Service Connect instead of VPC peerings to connect to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP address from this subnetwork. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_composer_network_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for Cloud Composer Network in tenant project will be reserved. Needs to be disjoint from private_cluster_config.master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_sql_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"connection_type":{"type":"string","description":"Mode of internal communication within the Composer environment. Must be one of \"VPC_PEERING\" or \"PRIVATE_SERVICE_CONNECT\".","description_kind":"plain","optional":true,"computed":true},"enable_private_endpoint":{"type":"bool","description":"If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true},"enable_privately_used_public_ips":{"type":"bool","description":"When enabled, IPs from public (non-RFC1918) ranges can be used for ip_allocation_policy.cluster_ipv4_cidr_block and ip_allocation_policy.service_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.","description_kind":"plain","optional":true,"computed":true},"web_server_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Private IP Cloud Composer environment.","description_kind":"plain"},"max_items":1},"recovery_config":{"nesting_mode":"list","block":{"block_types":{"scheduled_snapshots_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket.","description_kind":"plain","required":true},"snapshot_creation_schedule":{"type":"string","description":"Snapshot schedule, in the unix-cron format.","description_kind":"plain","optional":true},"snapshot_location":{"type":"string","description":"the URI of a bucket folder where to save the snapshot.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"A time zone for the schedule. This value is a time offset and does not take into account daylight saving time changes. Valid values are from UTC-12 to UTC+12. Examples: UTC, UTC-01, UTC+03.","description_kind":"plain","optional":true}},"description":"The configuration settings for scheduled snapshots.","description_kind":"plain"},"max_items":1}},"description":"The recovery configuration settings for the Cloud Composer environment","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"airflow_config_overrides":{"type":["map","string"],"description":"Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example \"core-dags_are_paused_at_creation\". Section names must not contain hyphens (\"-\"), opening square brackets (\"[\"), or closing square brackets (\"]\"). The property name must not be empty and cannot contain \"=\" or \";\". Section and property names cannot contain characters: \".\" Apache Airflow configuration property names must be written in snake_case. Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are blacklisted, and cannot be overridden.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+), and they cannot match any of the following reserved names: AIRFLOW_HOME C_FORCE_ROOT CONTAINER_NAME DAGS_FOLDER GCP_PROJECT GCS_BUCKET GKE_CLUSTER_NAME SQL_DATABASE SQL_INSTANCE SQL_PASSWORD SQL_PROJECT SQL_REGION SQL_USER.","description_kind":"plain","optional":true},"image_version":{"type":"string","description":"The version of the software running in the environment. This encapsulates both the version of Cloud Composer functionality and the version of Apache Airflow. It must match the regular expression composer-([0-9]+(\\.[0-9]+\\.[0-9]+(-preview\\.[0-9]+)?)?|latest)-airflow-([0-9]+(\\.[0-9]+(\\.[0-9]+)?)?). The Cloud Composer portion of the image version is a full semantic version, or an alias in the form of major version number or 'latest'. The Apache Airflow portion of the image version is a full semantic version that points to one of the supported Apache Airflow versions, or an alias in the form of only major or major.minor versions specified. See documentation for more details and version list.","description_kind":"plain","optional":true,"computed":true},"pypi_packages":{"type":["map","string"],"description":"Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. \"numpy\"). Values are the lowercase extras and version specifier (e.g. \"==1.12.0\", \"[devel,gcp_api]\", \"[devel]\u003e=1.8.2, \u003c1.9.2\"). To specify a package without pinning it to a version specifier, use the empty string as the value.","description_kind":"plain","optional":true},"python_version":{"type":"string","description":"The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '2'. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3.","description_kind":"plain","optional":true,"computed":true},"scheduler_count":{"type":"number","description":"The number of schedulers for Airflow. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-2.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration settings for software inside the environment.","description_kind":"plain"},"max_items":1},"web_server_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or composer-n1-webserver-8. If not specified, composer-n1-webserver-2 will be used. Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values.","description_kind":"plain","required":true}},"description":"The configuration settings for the Airflow web server App Engine instance. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"web_server_network_access_control":{"nesting_mode":"list","block":{"block_types":{"allowed_ip_range":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of this ip range.","description_kind":"plain","optional":true},"value":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to. Examples: 192.168.1.1 or 192.168.0.0/16 or 2001:db8::/32 or 2001:0db8:0000:0042:0000:8a2e:0370:7334. IP range prefixes should be properly truncated. For example, 1.2.3.4/24 should be truncated to 1.2.3.0/24. Similarly, for IPv6, 2001:db8::1/32 should be truncated to 2001:db8::/32.","description_kind":"plain","required":true}},"description":"A collection of allowed IP ranges with descriptions.","description_kind":"plain"}}},"description":"Network-level access control policy for the Airflow web server.","description_kind":"plain"},"max_items":1},"workloads_config":{"nesting_mode":"list","block":{"block_types":{"scheduler":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of schedulers.","description_kind":"plain","optional":true,"computed":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow scheduler replica","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow schedulers.","description_kind":"plain"},"max_items":1},"triggerer":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of triggerers.","description_kind":"plain","required":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true}},"description":"Configuration for resources used by Airflow triggerers.","description_kind":"plain"},"max_items":1},"web_server":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow web server.","description_kind":"plain"},"max_items":1},"worker":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"max_count":{"type":"number","description":"Maximum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"min_count":{"type":"number","description":"Minimum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow workers.","description_kind":"plain"},"max_items":1}},"description":"The workloads configuration settings for the GKE cluster associated with the Cloud Composer environment. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain"},"max_items":1}},"description":"Configuration parameters for this environment.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Optional. Name of an existing Cloud Storage bucket to be used by the environment.","description_kind":"plain","required":true}},"description":"Configuration options for storage used by Composer environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The static external IP address represented by this resource.\nThe IP address must be inside the specified subnetwork,\nif any. Set by the API if undefined.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of address to reserve.\nNote: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: \"EXTERNAL\" Possible values: [\"INTERNAL\", \"EXTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"ipv6_endpoint_type":{"type":"string","description":"The endpoint type of this address, which should be VM or NETLB. This is\nused for deciding which type of endpoint this address can be used after\nthe external IPv6 address reservation. Possible values: [\"VM\", \"NETLB\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this address. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the address. This field\ncan only be used with INTERNAL type with the VPC_PEERING and\nIPSEC_INTERCONNECT purposes.","description_kind":"plain","optional":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this address. If this field is not\nspecified, it is assumed to be PREMIUM.\nThis argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"prefix_length":{"type":"number","description":"The prefix length if the resource represents an IP range.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of this resource, which can be one of the following values.\n\n* GCE_ENDPOINT for addresses that are used by VM instances, alias IP\nranges, load balancers, and similar resources.\n\n* SHARED_LOADBALANCER_VIP for an address that can be used by multiple\ninternal load balancers.\n\n* VPC_PEERING for addresses that are reserved for VPC peer networks.\n\n* IPSEC_INTERCONNECT for addresses created from a private IP range that\nare reserved for a VLAN attachment in an HA VPN over Cloud Interconnect\nconfiguration. These addresses are regional resources.\n\n* PRIVATE_SERVICE_CONNECT for a private network address that is used to\nconfigure Private Service Connect. Only global internal addresses can use\nthis purpose.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The URL of the subnetwork in which to reserve the address. If an IP\naddress is specified, it must be within the subnetwork's IP range.\nThis field can only be used with INTERNAL type with\nGCE_ENDPOINT/DNS_RESOLVER purposes.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"The URLs of the resources that are using this address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_attached_disk":{"version":0,"block":{"attributes":{"device_name":{"type":"string","description":"Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine.","description_kind":"plain","optional":true,"computed":true},"disk":{"type":"string","description":"name or self_link of the disk that will be attached.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"name or self_link of the compute instance that the disk will be attached to. If the self_link is provided then zone and project are extracted from the self link. If only the name is used then zone and project must be defined as properties on the resource or provider.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project that the referenced compute instance is a part of. If instance is referenced by its self_link the project defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone that the referenced compute instance is located within. If instance is referenced by its self_link the zone defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true},"zone":{"type":"string","description":"URL of the zone where the instance group resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","required":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"request_coalescing":{"type":"bool","description":"If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.","description_kind":"plain","optional":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request will\nbe considered fresh. After this time period,\nthe response will be revalidated before being served.\nWhen serving responses to signed URL requests,\nCloud CDN will internally behave as though\nall responses from this backend had a \"Cache-Control: public,\nmax-age=[TTL]\" header, regardless of any existing Cache-Control\nheader. The actual headers served in responses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","optional":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"},"max_items":5},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys.\nDefault parameters are always included. '\u0026' and '=' will\nbe percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket_signed_url_key":{"version":0,"block":{"attributes":{"backend_bucket":{"type":"string","description":"The backend bucket this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","optional":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_lb_policy":{"type":"string","description":"URL to networkservices.ServiceLbPolicy resource.\nCan only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.","description_kind":"plain","optional":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"The backend service timeout has a different meaning depending on the type of load balancer.\nFor more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices).\nThe default is 30 seconds.\nThe full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nFor global HTTP(S) or TCP/SSL load balancing, the default is\nUTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))\nand CONNECTION (for TCP/SSL).\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes.\n\nFrom version 6.0.0 default value will be UTILIZATION to match default GCP value. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\nDefault value is 1, which means the group will serve up to 100%\nof its configured capacity (depending on balancingMode). A\nsetting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either\nmaxConnections or maxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. For RATE mode, either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].","description_kind":"plain","optional":true,"computed":true}},"description":"The set of backends that serve this BackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","required":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.\nThe cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"}},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"locality_lb_policies":{"nesting_mode":"list","block":{"block_types":{"custom_policy":{"nesting_mode":"list","block":{"attributes":{"data":{"type":"string","description":"An optional, arbitrary JSON object with configuration data, understood\nby a locally installed custom policy implementation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifies the custom policy.\n\nThe value should match the type the custom implementation is registered\nwith on the gRPC clients. It should follow protocol buffer\nmessage naming conventions and include the full path (e.g.\nmyorg.CustomLbPolicy). The maximum length is 256 characters.\n\nNote that specifying the same custom policy more than once for a\nbackend is not a valid configuration and will be rejected.","description_kind":"plain","required":true}},"description":"The configuration for a custom policy implemented by the user and\ndeployed with the client.","description_kind":"plain"},"max_items":1},"policy":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a locality load balancer policy to be used. The value\nshould be one of the predefined ones as supported by localityLbPolicy,\nalthough at the moment only ROUND_ROBIN is supported.\n\nThis field should only be populated when the customPolicy field is not\nused.\n\nNote that specifying the same policy more than once for a backend is\nnot a valid configuration and will be rejected.\n\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\"]","description_kind":"plain","required":true}},"description":"The configuration for a built-in load balancing policy.","description_kind":"plain"},"max_items":1}},"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.\n\nFrom version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value.\nDefault values are enforce by GCP without providing them.","description_kind":"plain"},"max_items":1},"security_settings":{"nesting_mode":"list","block":{"attributes":{"client_tls_policy":{"type":"string","description":"ClientTlsPolicy is a resource that specifies how a client should authenticate\nconnections to backends of a service. This resource itself does not affect\nconfiguration unless it is attached to a backend service resource.","description_kind":"plain","optional":true},"subject_alt_names":{"type":["list","string"],"description":"A list of alternate names to verify the subject identity in the certificate.\nIf specified, the client will verify that the server certificate's subject\nalt name matches one of the specified values.","description_kind":"plain","optional":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key":{"type":"string","description":"The access key used for s3 bucket authentication.\nRequired for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.","description_kind":"plain","optional":true,"sensitive":true},"access_key_id":{"type":"string","description":"The identifier of an access key used for s3 bucket authentication.","description_kind":"plain","optional":true},"access_key_version":{"type":"string","description":"The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.","description_kind":"plain","optional":true},"origin_region":{"type":"string","description":"The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin.\nFor example, \"us-east-1\" for AWS or \"us-ashburn-1\" for OCI.","description_kind":"plain","optional":true}},"description":"The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication.\nAllowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.","description_kind":"plain"},"max_items":1}},"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service_signed_url_key":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"The backend service this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"access_mode":{"type":"string","description":"The accessMode of the disk.\nFor example:\n* READ_WRITE_SINGLE\n* READ_WRITE_MANY\n* READ_ONLY_SINGLE","description_kind":"plain","optional":true,"computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"The URL of the storage pool in which the new disk is created.\nFor example:\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/storagePools/{storagePool}\n* /projects/{project}/zones/{zone}/storagePools/{storagePool}","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"rsa_encrypted_key":{"type":"string","description":"Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit\ncustomer-supplied encryption key to either encrypt or decrypt\nthis resource. You can provide either the rawKey or the rsaEncryptedKey.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options.","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_async_replication":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"primary_disk":{"type":"string","description":"Primary disk for asynchronous replication.","description_kind":"plain","required":true}},"block_types":{"secondary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Secondary disk for asynchronous replication.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output-only. Status of replication on the secondary disk.","description_kind":"plain","computed":true}},"description":"Secondary disk for asynchronous replication.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_external_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for the external VPN gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redundancy_type":{"type":"string","description":"Indicates the redundancy type of this external VPN gateway Possible values: [\"FOUR_IPS_REDUNDANCY\", \"SINGLE_IP_INTERNALLY_REDUNDANT\", \"TWO_IPS_REDUNDANCY\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"interface":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID for this interface. Allowed values are based on the redundancy type\nof this external VPN gateway\n* '0 - SINGLE_IP_INTERNALLY_REDUNDANT'\n* '0, 1 - TWO_IPS_REDUNDANCY'\n* '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IP address of the interface in the external VPN gateway.\nOnly IPv4 is supported. This IP address can be either from\nyour on-premise gateway or another Cloud provider's VPN gateway,\nit cannot be an IP address from Google Compute Engine.","description_kind":"plain","optional":true}},"description":"A list of interfaces on this external VPN gateway.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall":{"version":1,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"destination_ranges":{"type":["set","string"],"description":"If destination ranges are specified, the firewall will apply only to\ntraffic that has destination IP address in these ranges. These ranges\nmust be expressed in CIDR format. IPv4 or IPv6 ranges are supported.","description_kind":"plain","optional":true,"computed":true},"direction":{"type":"string","description":"Direction of traffic to which this firewall applies; default is\nINGRESS. Note: For INGRESS traffic, one of 'source_ranges',\n'source_tags' or 'source_service_accounts' is required. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","optional":true,"computed":true},"disabled":{"type":"bool","description":"Denotes whether the firewall rule is disabled, i.e not applied to the\nnetwork it is associated with. When set to true, the firewall rule is\nnot enforced and the network behaves as if it did not exist. If this\nis unspecified, the firewall rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the network to attach this firewall to.","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority for this rule. This is an integer between 0 and 65535, both\ninclusive. When not specified, the value assumed is 1000. Relative\npriorities determine precedence of conflicting rules. Lower value of\npriority implies higher precedence (eg, a rule with priority 0 has\nhigher precedence than a rule with priority 1). DENY rules take\nprecedence over ALLOW rules having equal priority.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ranges":{"type":["set","string"],"description":"If source ranges are specified, the firewall will apply only to\ntraffic that has source IP address in these ranges. These ranges must\nbe expressed in CIDR format. One or both of sourceRanges and\nsourceTags may be set. If both properties are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP that belongs to a tag listed in the sourceTags property. The\nconnection does not need to match both properties for the firewall to\napply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of\n'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_service_accounts":{"type":["set","string"],"description":"If source service accounts are specified, the firewall will apply only\nto traffic originating from an instance with a service account in this\nlist. Source service accounts cannot be used to control traffic to an\ninstance's external IP address because service accounts are associated\nwith an instance, not an IP address. sourceRanges can be set at the\nsame time as sourceServiceAccounts. If both are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP belongs to an instance with service account listed in\nsourceServiceAccount. The connection does not need to match both\nproperties for the firewall to apply. sourceServiceAccounts cannot be\nused at the same time as sourceTags or targetTags. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_tags":{"type":["set","string"],"description":"If source tags are specified, the firewall will apply only to traffic\nwith source IP that belongs to a tag listed in source tags. Source\ntags cannot be used to control traffic to an instance's external IP\naddress. Because tags are associated with an instance, not an IP\naddress. One or both of sourceRanges and sourceTags may be set. If\nboth properties are set, the firewall will apply to traffic that has\nsource IP address within sourceRanges OR the source IP that belongs to\na tag listed in the sourceTags property. The connection does not need\nto match both properties for the firewall to apply. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["set","string"],"description":"A list of service accounts indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\ntargetServiceAccounts cannot be used at the same time as targetTags or\nsourceTags. If neither targetServiceAccounts nor targetTags are\nspecified, the firewall rule applies to all instances on the specified\nnetwork.","description_kind":"plain","optional":true},"target_tags":{"type":["set","string"],"description":"A list of instance tags indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\nIf no targetTags are specified, the firewall rule applies to all\ninstances on the specified network.","description_kind":"plain","optional":true}},"block_types":{"allow":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of ALLOW rules specified by this firewall. Each rule\nspecifies a protocol and port-range tuple that describes a permitted\nconnection.","description_kind":"plain"}},"deny":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of DENY rules specified by this firewall. Each rule specifies\na protocol and port-range tuple that describes a denied connection.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"This field denotes whether to include or exclude metadata for firewall logs. Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\"]","description_kind":"plain","required":true}},"description":"This field denotes the logging options for a particular firewall rule.\nIf defined, logging is enabled, and logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the firewall policy.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true},"short_name":{"type":"string","description":"User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\", \"goto_next\" and \"apply_security_profile_group\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"security_profile_group":{"type":"string","description":"A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.","description_kind":"plain","optional":true},"target_resources":{"type":["list","string"],"description":"A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true},"tls_inspect":{"type":"bool","description":"Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","optional":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","optional":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","optional":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","optional":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rule_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true,"computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true,"computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service Directory service to register the forwarding rule under.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The IP address or beginning of the address range represented by this\nresource. This can be supplied as an input to reserve a specific\naddress or omitted to allow GCP to choose a valid one for you.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of the address to reserve.\n\n* EXTERNAL indicates public/external single IP address.\n* INTERNAL indicates internal IP ranges belonging to some network. Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this address. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the IP range. The IP range\nmust be in RFC1918 space. The network cannot be deleted if there are\nany reserved IP ranges referring to it.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true},"prefix_length":{"type":"number","description":"The prefix length of the IP range. If not present, it means the\naddress field is a single IP address.\n\nThis field is not applicable to addresses with addressType=INTERNAL\nwhen purpose=PRIVATE_SERVICE_CONNECT","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. Possible values include:\n\n* VPC_PEERING - for peer networks\n\n* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of\nfilterLabels contribute towards the overall metadataFilter match.\n\nMATCH_ANY - At least one of the filterLabels must have a matching\nlabel in the provided metadata.\nMATCH_ALL - All filterLabels must have matching labels in the\nprovided metadata. Possible values: [\"MATCH_ANY\", \"MATCH_ALL\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the metadata label. The length must be between\n1 and 1024 characters, inclusive.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that the label must match. The value has a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the\nprovided metadata based on filterMatchCriteria\n\nThis list must not be empty and can have at the most 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service_directory_region":{"type":"string","description":"[Optional] Service Directory region to register this global forwarding rule under.\nDefault to \"us-central1\". Only used for PSC for Google APIs. All PSC for\nGoogle APIs Forwarding Rules on the same network should use the same Service\nDirectory region.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"global_network_endpoint_group":{"type":"string","description":"The global network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of the external endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Possible values: [\"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_ip_version":{"type":"string","description":"The IP family of the gateway IPs for the HA-VPN gateway interfaces. If not specified, IPV4 will be used. Default value: \"IPV4\" Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\", \"IPV6_ONLY\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpn_interfaces":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID of this VPN gateway interface.","description_kind":"plain","optional":true},"interconnect_attachment":{"type":"string","description":"URL of the interconnect attachment resource. When the value\nof this field is present, the VPN Gateway will be used for\nIPsec-encrypted Cloud Interconnect; all Egress or Ingress\ntraffic for this VPN Gateway interface will go through the\nspecified interconnect attachment resource.\n\nNot currently available publicly.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The external IP address for this VPN gateway interface.","description_kind":"plain","computed":true}},"description":"A list of interfaces on this VPN gateway.","description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_regions":{"type":["list","string"],"description":"The list of cloud regions from which health checks are performed. If\nany regions are specified, then exactly 3 regions should be specified.\nThe region names must be valid names of Google Cloud regions. This can\nonly be set for global health check. If this list is non-empty, then\nthere are restrictions on what other health check fields are supported\nand what other resources can use this health check:\n\n* SSL, HTTP2, and GRPC protocols are not supported.\n\n* The TCP request field is not supported.\n\n* The proxyHeader field for HTTP, HTTPS, and TCP is not supported.\n\n* The checkIntervalSec field must be at least 30.\n\n* The health check cannot be used with BackendService nor with managed\ninstance group auto-healing.","description_kind":"plain","optional":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n - Empty serviceName means the overall status of all services at the backend.\n - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_http_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTP health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_https_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTPS health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description":"Size of the image tar.gz archive stored in Google Cloud Storage (in\nbytes).","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the image when restored onto a persistent disk (in GB).","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"family":{"type":"string","description":"The name of the image family to which this image belongs. You can\ncreate disks by specifying an image family instead of a specific\nimage name. The image family always returns its latest image that is\nnot deprecated. The name of the image family must comply with\nRFC1035.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Image.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk to create this image based on.\nYou must provide either this property or the\nrawDisk.source property but not both to create an image.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"URL of the source image used to create this image. In order to create an image, you must provide the full or partial\nURL of one of the following:\n\n* The selfLink URL\n* This property\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"URL of the source snapshot used to create this image.\n\nIn order to create an image, you must provide the full or partial URL of one of the following:\n\n* The selfLink URL\n* This property\n* The sourceImage URL\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the image\n(regional or multi-regional).\nReference link: https://cloud.google.com/compute/docs/reference/rest/v1/images","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\", \"SEV_LIVE_MIGRATABLE_V2\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable images.","description_kind":"plain"}},"image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud\nKMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service\naccount is used.","description_kind":"plain","optional":true}},"description":"Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must\nprovide the same key if you use the image later (e.g. to create a\ndisk from the image)","description_kind":"plain"},"max_items":1},"raw_disk":{"nesting_mode":"list","block":{"attributes":{"container_type":{"type":"string","description":"The format used to encode and transmit the block device, which\nshould be TAR. This is just a container and transmission format\nand not a runtime format. Provided by the client when the disk\nimage is created. Default value: \"TAR\" Possible values: [\"TAR\"]","description_kind":"plain","optional":true},"sha1":{"type":"string","description":"An optional SHA1 checksum of the disk image before unpackaging.\nThis is provided by the client when the disk image is created.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The full Google Cloud Storage URL where disk storage is stored\nYou must provide either this property or the sourceDisk property\nbut not both.","description_kind":"plain","required":true}},"description":"The parameters of the raw disk image.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"attached_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","required":true}},"description":"List of disks attached to the instance","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"The URL of the storage pool in which the new disk is created","description_kind":"plain","optional":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"min_items":1,"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tThe confidential computing technology the instance uses.\n\t\t\t\t\t\t\t\tSEV is an AMD feature. TDX is an Intel feature. One of the following\n\t\t\t\t\t\t\t\tvalues is required: SEV, SEV_SNP, TDX. If SEV_SNP, min_cpu_platform =\n\t\t\t\t\t\t\t\t\"AMD Milan\" is currently required. TDX is only available in beta.","description_kind":"plain","optional":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release","description_kind":"plain","optional":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that is be 1:1 mapped to the instance's network ip.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance. One of PREMIUM or STANDARD.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.","description_kind":"plain","optional":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"},"min_items":1},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"scratch_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME.","description_kind":"plain","required":true},"size":{"type":"number","description":"The size of the disk in gigabytes. One of 375 or 3000.","description_kind":"plain","optional":true}},"description":"The scratch disks attached to the instance.","description_kind":"plain"}},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes.","description_kind":"plain","required":true}},"description":"The service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_from_template":{"version":0,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true,"computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","optional":true,"computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true,"computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true,"computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true,"computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","optional":true,"computed":true},"source_instance_template":{"type":"string","description":"Name or self link of an instance template to create the instance based on.","description_kind":"plain","required":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true,"computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true,"computed":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true,"computed":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true,"computed":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"The URL of the storage pool in which the new disk is created","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tThe confidential computing technology the instance uses.\n\t\t\t\t\t\t\t\tSEV is an AMD feature. TDX is an Intel feature. One of the following\n\t\t\t\t\t\t\t\tvalues is required: SEV, SEV_SNP, TDX. If SEV_SNP, min_cpu_platform =\n\t\t\t\t\t\t\t\t\"AMD Milan\" is currently required. TDX is only available in beta.","description_kind":"plain","optional":true,"computed":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release","description_kind":"plain","optional":true,"computed":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"access_config":{"type":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain","optional":true,"computed":true},"alias_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"description":"An array of alias IP ranges for this network interface.","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true,"computed":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true,"computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true,"computed":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true,"computed":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true,"computed":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true,"computed":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true,"computed":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description":"An optional textual description of the instance group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"The list of instances in the group, in self_link format. When adding instances they must all be in the same network and zone as the instance group.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance group. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network the instance group is in. If this is different from the network where the instances are in, the creation fails. Defaults to the network where the instances are in (if neither network nor instances is specified, this field will be blank).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The number of instances in the group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that this instance group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"named_port":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name which the port will be mapped to.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number to map the name to.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"default_action_on_failure":{"type":"string","description":"Default behavior for all instance or health check failures.","description_kind":"plain","optional":true},"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"max_surge_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer. Conflicts with max_surge_percent. Both cannot be 0","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_instance_group_membership":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"An instance being added to the InstanceGroup","description_kind":"plain","required":true},"instance_group":{"type":"string","description":"Represents an Instance Group resource name that the instance belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the instance group resides.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_named_port":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the instance group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for this named port. The name must be 1-63 characters\nlong, and comply with RFC1035.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number, which can be a value between 1 and 65535.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone of the instance group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_settings":{"version":0,"block":{"attributes":{"fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"items":{"type":["map","string"],"description":"A metadata key/value items map. The total size of all keys and values must be less than 512KB","description_kind":"plain","optional":true}},"description":"The metadata key/value pairs assigned to all the instances in the corresponding scope.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description":"A special URI of the created resource that uniquely identifies this instance template.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tThe confidential computing technology the instance uses.\n\t\t\t\t\t\t\t\tSEV is an AMD feature. TDX is an Intel feature. One of the following\n\t\t\t\t\t\t\t\tvalues is required: SEV, SEV_SNP, TDX. If SEV_SNP, min_cpu_platform =\n\t\t\t\t\t\t\t\t\"AMD Milan\" is currently required. TDX is only available in beta.","description_kind":"plain","optional":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release.","description_kind":"plain","optional":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Administrative status of the interconnect. When this is set to true, the Interconnect is\nfunctional and can carry traffic. When set to false, no packets can be carried over the\ninterconnect and no BGP routes are exchanged over it. By default, the status is set to true.","description_kind":"plain","optional":true},"available_features":{"type":["list","string"],"description":"interconnects.list of features available for this Interconnect connection. Can take the value:\nMACSEC. If present then the Interconnect connection is provisioned on MACsec capable hardware\nports. If not present then the Interconnect connection is provisioned on non-MACsec capable\nports and MACsec isn't supported and enabling MACsec fails).","description_kind":"plain","computed":true},"circuit_infos":{"type":["list",["object",{"customer_demarc_id":"string","google_circuit_id":"string","google_demarc_id":"string"}]],"description":"A list of CircuitInfo objects, that describe the individual circuits in this LAG.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_name":{"type":"string","description":"Customer name, to put in the Letter of Authorization as the party authorized to request a\ncrossconnect.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expected_outages":{"type":["list",["object",{"affected_circuits":["list","string"],"description":"string","end_time":"string","issue_type":"string","name":"string","source":"string","start_time":"string","state":"string"}]],"description":"A list of outages expected for this Interconnect.","description_kind":"plain","computed":true},"google_ip_address":{"type":"string","description":"IP address configured on the Google side of the Interconnect link.\nThis can be used only for ping tests.","description_kind":"plain","computed":true},"google_reference_id":{"type":"string","description":"Google reference ID to be used when raising support tickets with Google or otherwise to debug\nbackend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachments":{"type":["list","string"],"description":"A list of the URLs of all InterconnectAttachments configured to use this Interconnect.","description_kind":"plain","computed":true},"interconnect_type":{"type":"string","description":"Type of interconnect. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED.\nCan take one of the following values:\n - PARTNER: A partner-managed interconnection shared between customers though a partner.\n - DEDICATED: A dedicated physical interconnection with the customer. Possible values: [\"DEDICATED\", \"PARTNER\", \"IT_PRIVATE\"]","description_kind":"plain","required":true},"label_fingerprint":{"type":"string","description":"A fingerprint for the labels being applied to this Interconnect, which is essentially a hash\nof the labels set used for optimistic locking. The fingerprint is initially generated by\nCompute Engine and changes after every request to modify or update labels.\nYou must always provide an up-to-date fingerprint hash in order to update or change labels,\notherwise the request will fail with error 412 conditionNotMet.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for this resource. These can only be added or modified by the setLabels\nmethod. Each label key/value pair must comply with RFC1035. Label values may be empty.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"link_type":{"type":"string","description":"Type of link requested. Note that this field indicates the speed of each of the links in the\nbundle, not the speed of the entire bundle. Can take one of the following values:\n - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics.\n - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. Possible values: [\"LINK_TYPE_ETHERNET_10G_LR\", \"LINK_TYPE_ETHERNET_100G_LR\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"URL of the InterconnectLocation object that represents where this connection is to be provisioned.","description_kind":"plain","required":true},"macsec_enabled":{"type":"bool","description":"Enable or disable MACsec on this Interconnect connection.\nMACsec enablement fails if the MACsec object is not specified.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The name must be\n1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must be a dash,\nlowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"noc_contact_email":{"type":"string","description":"Email address to contact the customer NOC for operations and maintenance notifications\nregarding this Interconnect. If specified, this will be used for notifications in addition to\nall other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications.\nThis field is required for users who sign up for Cloud Interconnect using workforce identity\nfederation.","description_kind":"plain","optional":true},"operational_status":{"type":"string","description":"The current status of this Interconnect's functionality, which can take one of the following:\n - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may\n be provisioned on this Interconnect.\n - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be\n provisioned on this Interconnect.\n - OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No\n attachments may be provisioned or updated on this Interconnect.","description_kind":"plain","computed":true},"peer_ip_address":{"type":"string","description":"IP address configured on the customer side of the Interconnect link.\nThe customer should configure this IP address during turnup when prompted by Google NOC.\nThis can be used only for ping tests.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_link_count":{"type":"number","description":"Number of links actually provisioned in this interconnect.","description_kind":"plain","computed":true},"remote_location":{"type":"string","description":"Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside\nof Google's network that the interconnect is connected to.","description_kind":"plain","optional":true},"requested_features":{"type":["list","string"],"description":"interconnects.list of features requested for this Interconnect connection. Options: MACSEC (\nIf specified then the connection is created on MACsec capable hardware ports. If not\nspecified, the default value is false, which allocates non-MACsec capable ports first if\navailable). Possible values: [\"MACSEC\"]","description_kind":"plain","optional":true},"requested_link_count":{"type":"number","description":"Target number of physical links in the link bundle, as requested by the customer.","description_kind":"plain","required":true},"satisfies_pzs":{"type":"bool","description":"Reserved for future use.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of Interconnect functionality, which can take one of the following values:\n - ACTIVE: The Interconnect is valid, turned up and ready to use.\n Attachments may be provisioned on this Interconnect.\n - UNPROVISIONED: The Interconnect has not completed turnup. No attachments may b\n provisioned on this Interconnect.\n - UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may\n be provisioned or updated on this Interconnect.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"macsec":{"nesting_mode":"list","block":{"block_types":{"pre_shared_keys":{"nesting_mode":"list","block":{"attributes":{"fail_open":{"type":"bool","description":"If set to true, the Interconnect connection is configured with a should-secure\nMACsec security policy, that allows the Google router to fallback to cleartext\ntraffic if the MKA session cannot be established. By default, the Interconnect\nconnection is configured with a must-secure security policy that drops all traffic\nif the MKA session cannot be established with your router.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A name for this pre-shared key. The name must be 1-63 characters long, and\n comply with RFC1035. Specifically, the name must be 1-63 characters long and match\n the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\n must be a lowercase letter, and all following characters must be a dash, lowercase\n letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"A RFC3339 timestamp on or after which the key is valid. startTime can be in the\nfuture. If the keychain has a single key, startTime can be omitted. If the keychain\nhas multiple keys, startTime is mandatory for each key. The start times of keys must\nbe in increasing order. The start times of two consecutive keys must be at least 6\nhours apart.","description_kind":"plain","optional":true}},"description":"A keychain placeholder describing a set of named key objects along with their\nstart times. A MACsec CKN/CAK is generated for each key in the key chain.\nGoogle router automatically picks the key with the most recent startTime when establishing\nor re-establishing a MACsec secure link.","description_kind":"plain"},"min_items":1}},"description":"Configuration that enables Media Access Control security (MACsec) on the Cloud\nInterconnect connection between Google and your on-premises router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect_attachment":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Whether the VLAN attachment is enabled or disabled. When using\nPARTNER type this will Pre-Activate the interconnect attachment","description_kind":"plain","optional":true},"bandwidth":{"type":"string","description":"Provisioned bandwidth capacity for the interconnect attachment.\nFor attachments of type DEDICATED, the user can set the bandwidth.\nFor attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth.\nOutput only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,\nDefaults to BPS_10G Possible values: [\"BPS_50M\", \"BPS_100M\", \"BPS_200M\", \"BPS_300M\", \"BPS_400M\", \"BPS_500M\", \"BPS_1G\", \"BPS_2G\", \"BPS_5G\", \"BPS_10G\", \"BPS_20G\", \"BPS_50G\"]","description_kind":"plain","optional":true,"computed":true},"candidate_subnets":{"type":["list","string"],"description":"Up to 16 candidate prefixes that can be used to restrict the allocation\nof cloudRouterIpAddress and customerRouterIpAddress for this attachment.\nAll prefixes must be within link-local address space (169.254.0.0/16)\nand must be /29 or shorter (/28, /27, etc). Google will attempt to select\nan unused /29 from the supplied candidate prefix(es). The request will\nfail if all possible /29s are in use on Google's edge. If not supplied,\nGoogle will randomly select an unused /29 from all of link-local space.","description_kind":"plain","optional":true},"cloud_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"cloud_router_ipv6_address":{"type":"string","description":"IPv6 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"customer_router_ipv6_address":{"type":"string","description":"IPv6 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_availability_domain":{"type":"string","description":"Desired availability domain for the attachment. Only available for type\nPARTNER, at creation time. For improved reliability, customers should\nconfigure a pair of attachments with one per availability domain. The\nselected availability domain will be provided to the Partner via the\npairing key so that the provisioned circuit will lie in the specified\ndomain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.","description_kind":"plain","optional":true,"computed":true},"encryption":{"type":"string","description":"Indicates the user-supplied encryption option of this interconnect\nattachment. Can only be specified at attachment creation for PARTNER or\nDEDICATED attachments.\n* NONE - This is the default value, which means that the VLAN attachment\ncarries unencrypted traffic. VMs are able to send traffic to, or receive\ntraffic from, such a VLAN attachment.\n* IPSEC - The VLAN attachment carries only encrypted traffic that is\nencrypted by an IPsec device, such as an HA VPN gateway or third-party\nIPsec VPN. VMs cannot directly send traffic to, or receive traffic from,\nsuch a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN\nattachment must be created with this option. Default value: \"NONE\" Possible values: [\"NONE\", \"IPSEC\"]","description_kind":"plain","optional":true},"google_reference_id":{"type":"string","description":"Google reference ID, to be used when raising support tickets with\nGoogle or otherwise to debug backend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect":{"type":"string","description":"URL of the underlying Interconnect object that this attachment's\ntraffic will traverse through. Required if type is DEDICATED, must not\nbe set if type is PARTNER.","description_kind":"plain","optional":true},"ipsec_internal_addresses":{"type":["list","string"],"description":"URL of addresses that have been reserved for the interconnect attachment,\nUsed only for interconnect attachment that has the encryption option as\nIPSEC.\nThe addresses must be RFC 1918 IP address ranges. When creating HA VPN\ngateway over the interconnect attachment, if the attachment is configured\nto use an RFC 1918 IP address, then the VPN gateway's IP address will be\nallocated from the IP address range specified here.\nFor example, if the HA VPN gateway's interface 0 is paired to this\ninterconnect attachment, then an RFC 1918 IP address for the VPN gateway\ninterface 0 will be allocated from the IP address specified for this\ninterconnect attachment.\nIf this field is not specified for interconnect attachment that has\nencryption option as IPSEC, later on when creating HA VPN gateway on this\ninterconnect attachment, the HA VPN gateway's IP address will be\nallocated from regional external IP address pool.","description_kind":"plain","optional":true},"mtu":{"type":"string","description":"Maximum Transmission Unit (MTU), in bytes, of packets passing through\nthis interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a\nlowercase letter, and all following characters must be a dash, lowercase\nletter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"pairing_key":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. The opaque\nidentifier of an PARTNER attachment used to initiate provisioning with\na selected partner. Of the form \"XXXXX/region/domain\"","description_kind":"plain","computed":true},"partner_asn":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. Optional\nBGP ASN for the router that should be supplied by a layer 3 Partner if\nthey configured BGP on behalf of the customer.","description_kind":"plain","computed":true},"private_interconnect_info":{"type":["list",["object",{"tag8021q":"number"}]],"description":"Information specific to an InterconnectAttachment. This property\nis populated if the interconnect that this is attached to is of type DEDICATED.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the regional interconnect attachment resides.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of the cloud router to be used for dynamic routing. This router must be in\nthe same region as this InterconnectAttachment. The InterconnectAttachment will\nautomatically connect the Interconnect to the network \u0026 region within which the\nCloud Router is configured.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this interconnect attachment to identify whether the IPv6\nfeature is enabled or not. If not specified, IPV4_ONLY will be used.\nThis field can be both set at interconnect attachments creation and update\ninterconnect attachment operations. Possible values: [\"IPV4_IPV6\", \"IPV4_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"[Output Only] The current state of this attachment's functionality.","description_kind":"plain","computed":true},"subnet_length":{"type":"number","description":"Length of the IPv4 subnet mask. Allowed values: 29 (default), 30. The default value is 29,\nexcept for Cross-Cloud Interconnect connections that use an InterconnectRemoteLocation with a\nconstraints.subnetLengthRange.min equal to 30. For example, connections that use an Azure\nremote location fall into this category. In these cases, the default value is 30, and\nrequesting 29 returns an error. Where both 29 and 30 are allowed, 29 is preferred, because it\ngives Google Cloud Support more debugging visibility.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of InterconnectAttachment you wish to create. Defaults to\nDEDICATED. Possible values: [\"DEDICATED\", \"PARTNER\", \"PARTNER_PROVIDER\"]","description_kind":"plain","optional":true,"computed":true},"vlan_tag8021q":{"type":"number","description":"The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When\nusing PARTNER type this will be managed upstream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_managed_ssl_certificate":{"version":0,"block":{"attributes":{"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","optional":true,"computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subject_alternative_names":{"type":["list","string"],"description":"Domains associated with the certificate via Subject Alternative Name.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Enum field whose value is always 'MANAGED' - used to signal to the API\nwhich type this is. Default value: \"MANAGED\" Possible values: [\"MANAGED\"]","description_kind":"plain","optional":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"domains":{"type":["list","string"],"description":"Domains for which a managed SSL certificate will be valid. Currently,\nthere can be up to 100 domains in this list.","description_kind":"plain","required":true}},"description":"Properties relevant to a managed certificate. These will be used if the\ncertificate is managed (as indicated by a value of 'MANAGED' in 'type').","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"auto_create_subnetworks":{"type":"bool","description":"When set to 'true', the network is created in \"auto subnet mode\" and\nit will create a subnet for each region automatically across the\n'10.128.0.0/9' address range.\n\nWhen set to 'false', the network is created in \"custom subnet mode\" so\nthe user can explicitly connect subnetwork resources.","description_kind":"plain","optional":true},"delete_default_routes_on_create":{"type":"bool","description":"If set to 'true', default routes ('0.0.0.0/0') will be deleted\nimmediately after network creation. Defaults to 'false'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. The resource must be\nrecreated to modify this field.","description_kind":"plain","optional":true},"enable_ula_internal_ipv6":{"type":"bool","description":"Enable ULA internal ipv6 on this network. Enabling this feature will assign\na /48 from google defined ULA prefix fd20::/20.","description_kind":"plain","optional":true},"gateway_ipv4":{"type":"string","description":"The gateway address for default routing out of the network. This value\nis selected by GCP.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description":"When enabling ula internal ipv6, caller optionally can specify the /48 range\nthey want from the google defined ULA prefix fd20::/20. The input must be a\nvalid /48 ULA IPv6 address and must be within the fd20::/20. Operation will\nfail if the speficied /48 is already in used by another resource.\nIf the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field.","description_kind":"plain","optional":true,"computed":true},"mtu":{"type":"number","description":"Maximum Transmission Unit in bytes. The default value is 1460 bytes.\nThe minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames).\nNote that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs\nwith varying MTUs.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_enforcement_order":{"type":"string","description":"Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: \"AFTER_CLASSIC_FIREWALL\" Possible values: [\"BEFORE_CLASSIC_FIREWALL\", \"AFTER_CLASSIC_FIREWALL\"]","description_kind":"plain","optional":true},"numeric_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_mode":{"type":"string","description":"The network-wide routing mode to use. If set to 'REGIONAL', this\nnetwork's cloud routers will only advertise routes with subnetworks\nof this network in the same region as the router. If set to 'GLOBAL',\nthis network's cloud routers will advertise routes with all\nsubnetworks of this network, across regions. Possible values: [\"REGIONAL\", \"GLOBAL\"]","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_attachment":{"version":0,"block":{"attributes":{"connection_endpoints":{"type":["list",["object",{"ip_address":"string","project_id_or_num":"string","secondary_ip_cidr_ranges":"string","status":"string","subnetwork":"string"}]],"description":"An array of connections for all the producers connected to this network attachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules. Possible values: [\"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\", \"INVALID\"]","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.","description_kind":"plain","computed":true},"id":{"type":"string","description":"The unique identifier for the resource type. The server generates this identifier.","description_kind":"plain","computed":true},"kind":{"type":"string","description":"Type of the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network which the Network Attachment belongs to. Practically it is inferred by fetching the network of the first subnetwork associated.\nBecause it is required that all the subnetworks must be from the same network, it is assured that the Network Attachment belongs to the same network as all the subnetworks.","description_kind":"plain","computed":true},"producer_accept_lists":{"type":["list","string"],"description":"Projects that are allowed to connect to this network attachment. The project can be specified using its id or number.","description_kind":"plain","optional":true},"producer_reject_lists":{"type":["list","string"],"description":"Projects that are not allowed to connect to this network attachment. The project can be specified using its id or number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the network attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource's resource id.","description_kind":"plain","computed":true},"subnetworks":{"type":["list","string"],"description":"An array of URLs where each entry is the URL of a subnet provided by the service consumer to use for endpoints in the producers that connect to this network attachment.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone of network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoints":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group these endpoints are part of.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_endpoints":{"nesting_mode":"set","block":{"attributes":{"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone as the network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true}},"description":"The network endpoints to be added to the enclosing network endpoint group\n(NEG). Each endpoint specifies an IP address and port, along with\nadditional information depending on the NEG type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\", \"goto_next\" and \"apply_security_profile_group\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"security_profile_group":{"type":"string","description":"A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true},"tls_inspect":{"type":"bool","description":"Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","optional":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","optional":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","required":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering_routes_config":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to import the custom routes to the peer network.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the primary network for the peering.","description_kind":"plain","required":true},"peering":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_group":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_size":{"type":"number","description":"The initial number of nodes in the node group. One of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain","optional":true},"maintenance_policy":{"type":"string","description":"Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_template":{"type":"string","description":"The URL of the node template to which this node group belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"The total number of nodes in the node group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where this node group is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Maximum size of the node group. Set to a value less than or equal\nto 100 and greater than or equal to min-nodes.","description_kind":"plain","optional":true,"computed":true},"min_nodes":{"type":"number","description":"Minimum size of the node group. Must be less\nthan or equal to max-nodes. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The autoscaling mode. Set to one of the following:\n - OFF: Disables the autoscaler.\n - ON: Enables scaling in and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out.\n You must use this mode if your node groups are configured to\n restart their hosted VMs on minimal servers. Possible values: [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"]","description_kind":"plain","optional":true,"computed":true}},"description":"If you use sole-tenant nodes for your workloads, you can use the node\ngroup autoscaler to automatically manage the sizes of your node groups.\n\nOne of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"start_time":{"type":"string","description":"instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"contains properties for the timeframe of maintenance","description_kind":"plain"},"max_items":1},"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Node group sharing type. Possible values: [\"ORGANIZATION\", \"SPECIFIC_PROJECTS\", \"LOCAL\"]","description_kind":"plain","required":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number should be the same as the key of this project config in the project map.","description_kind":"plain","required":true}},"description":"A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"Share settings for the node group.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_template":{"version":0,"block":{"attributes":{"cpu_overcommit_type":{"type":"string","description":"CPU overcommit. Default value: \"NONE\" Possible values: [\"ENABLED\", \"NONE\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_affinity_labels":{"type":["map","string"],"description":"Labels to use for node affinity, which will be used in\ninstance scheduling.","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"Node type to use for nodes group that are created from this template.\nOnly one of nodeTypeFlexibility and nodeType can be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where nodes using the node template will be created.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"node_type_flexibility":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"string","description":"Number of virtual CPUs to use.","description_kind":"plain","optional":true},"local_ssd":{"type":"string","description":"Use local SSD","description_kind":"plain","computed":true},"memory":{"type":"string","description":"Physical memory available to the node, defined in MB.","description_kind":"plain","optional":true}},"description":"Flexible properties for the desired node type. Node groups that\nuse this node template will create nodes of a type that matches\nthese properties. Only one of nodeTypeFlexibility and nodeType can\nbe specified.","description_kind":"plain"},"max_items":1},"server_binding":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER',\nnodes using this template will restart on any physical server\nfollowing a maintenance event.\n\nIf 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template\nwill restart on the same physical server following a maintenance\nevent, instead of being live migrated to or restarted on a new\nphysical server. This option may be useful if you are using\nsoftware licenses tied to the underlying server characteristics\nsuch as physical sockets or cores, to avoid the need for\nadditional licenses when maintenance occurs. However, VMs on such\nnodes will experience outages while maintenance is applied. Possible values: [\"RESTART_NODE_ON_ANY_SERVER\", \"RESTART_NODE_ON_MINIMAL_SERVERS\"]","description_kind":"plain","required":true}},"description":"The server binding policy for nodes using this template. Determines\nwhere the nodes should restart following a maintenance event.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_packet_mirroring":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the packet mirroring rule","description_kind":"plain","required":true},"priority":{"type":"number","description":"Since only one rule can be active at a time, priority is\nused to break ties in the case of two rules that apply to\nthe same instances.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"collector_ilb":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the forwarding rule.","description_kind":"plain","required":true}},"description":"The Forwarding Rule resource (of type load_balancing_scheme=INTERNAL)\nthat will be used as collector for mirrored traffic. The\nspecified forwarding rule must have is_mirroring_collector\nset to true.","description_kind":"plain"},"min_items":1,"max_items":1},"filter":{"nesting_mode":"list","block":{"attributes":{"cidr_ranges":{"type":["list","string"],"description":"IP CIDR ranges that apply as a filter on the source (ingress) or\ndestination (egress) IP in the IP header. Only IPv4 is supported.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"Direction of traffic to mirror. Default value: \"BOTH\" Possible values: [\"INGRESS\", \"EGRESS\", \"BOTH\"]","description_kind":"plain","optional":true},"ip_protocols":{"type":["list","string"],"description":"Possible IP protocols including tcp, udp, icmp and esp","description_kind":"plain","optional":true}},"description":"A filter for mirrored traffic. If unset, all traffic is mirrored.","description_kind":"plain"},"max_items":1},"mirrored_resources":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"All instances with these tags will be mirrored.","description_kind":"plain","optional":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the instances where this rule should be active.","description_kind":"plain","required":true}},"description":"All the listed instances will be mirrored. Specify at most 50.","description_kind":"plain"}},"subnetworks":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the subnetwork where this rule should be active.","description_kind":"plain","required":true}},"description":"All instances in one of these subnetworks will be mirrored.","description_kind":"plain"}}},"description":"A means of specifying which resources to mirror.","description_kind":"plain"},"min_items":1,"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The full self_link URL of the network where this rule is active.","description_kind":"plain","required":true}},"description":"Specifies the mirrored VPC network. Only packets in this network\nwill be mirrored. All mirrored VMs should have a NIC in the given\nnetwork. All mirrored subnetworks should belong to the given network.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The instance group manager this instance config is part of.","description_kind":"plain","required":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_cloud_armor_tier":{"version":0,"block":{"attributes":{"cloud_armor_tier":{"type":"string","description":"Managed protection tier to be set. Possible values: [\"CA_STANDARD\", \"CA_ENTERPRISE_PAYGO\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_default_network_tier":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The default network tier to be configured for the project. This field can take the following values: PREMIUM or STANDARD.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"A series of key value pairs.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata_item":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"The metadata key to set.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The value to set for the given metadata key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_advertised_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns_verification_ip":{"type":"string","description":"The IPv4 address to be used for reverse DNS verification.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Output Only. The shared secret to be used for reverse DNS verification.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_delegated_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"is_live_migration":{"type":"bool","description":"If true, the prefix will be live migrated.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"parent_prefix":{"type":"string","description":"The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A region where the prefix will reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A filter string to be used as the filter string for\na Stackdriver Monitoring TimeSeries.list API call.\nThis filter is used to select a specific TimeSeries for\nthe purpose of autoscaling and to determine whether the metric\nis exporting per-instance or per-group data.\n\nYou can only use the AND operator for joining selectors.\nYou can only use direct equality comparison operator (=) without\nany functions for each selector.\nYou can specify the metric in both the filter string and in the\nmetric field. However, if specified in both places, the metric must\nbe identical.\n\nThe monitored resource type determines what kind of values are\nexpected for the metric. If it is a gce_instance, the autoscaler\nexpects the metric to include a separate TimeSeries for each\ninstance in a group. In such a case, you cannot filter on resource\nlabels.\n\nIf the resource type is any other value, the autoscaler expects\nthis metric to contain values that apply to the entire autoscaled\ninstance group and resource label filtering can be performed to\npoint autoscaler at the correct TimeSeries to scale upon.\nThis is called a per-group metric for the purpose of autoscaling.\n\nIf not specified, the type defaults to gce_instance.\n\nYou should provide a filter that is selective enough to pick just\none TimeSeries for the autoscaled group or for each of the instances\n(if you are using gce_instance resource type). If multiple\nTimeSeries are returned upon the query execution, the autoscaler\nwill sum their respective values to obtain its scaling value.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"single_instance_assignment":{"type":"number","description":"If scaling is based on a per-group metric value that represents the\ntotal amount of work to be done or resource usage, set this value to\nan amount assigned for a single instance of the scaled group.\nThe autoscaler will keep the number of instances proportional to the\nvalue of this metric, the metric itself should not change value due\nto group resizing.\n\nFor example, a good metric to use with the target is\n'pubsub.googleapis.com/subscription/num_undelivered_messages'\nor a custom metric exporting the total number of requests coming to\nyour instances.\n\nA bad example would be a metric exporting an average or median\nlatency, since this value can't include a chunk assignable to a\nsingle instance, it could be better used with utilization_target\ninstead.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).\n\nFrom version 6.0.0 ConnectionDrainingTimeoutSec default value will be 300 to match default GCP value.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this RegionBackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to HealthCheck resources for health checking\nthis RegionBackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates what kind of load balancing this regional backend service\nwill be used for. A backend service created for one type of load\nbalancing cannot be used with the other(s). For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"INTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network to which this backend service belongs.\nThis field can only be specified when the load balancing scheme is set to INTERNAL.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"A named port on a backend instance group representing the port for\ncommunication to the backend VMs in that group. Required when the\nloadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED\nand the backends are instance groups. The named port must be defined on each\nbackend instance group. This parameter has no meaning if the backends are NEGs. API sets a\ndefault of \"http\" if not given.\nMust be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this RegionBackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"SSL\", \"TCP\", \"UDP\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created backend service should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"CLIENT_IP_NO_DESTINATION\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"The backend service timeout has a different meaning depending on the type of load balancer.\nFor more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices).\nThe default is 30 seconds.\nThe full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes.\n\nFrom version 6.0.0 default value will be UTILIZATION to match default GCP value. Default value: \"CONNECTION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\n~\u003e**NOTE**: This field cannot be set for\nINTERNAL region backend services (default loadBalancingScheme),\nbut is required for non-INTERNAL backend service. The total\ncapacity_scaler for all backends must be non-zero.\n\nA setting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"failover":{"type":"bool","description":"This field designates whether this is a failover backend. More\nthan one failover backend can be configured for a given RegionBackendService.","description_kind":"plain","optional":true,"computed":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nWhen the 'load_balancing_scheme' is INTERNAL, only instance groups\nare supported.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\nCannot be set for INTERNAL backend services.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. Cannot be set\nfor INTERNAL backend services.\n\nThis is used to calculate the capacity of the group. Can be\nused in either CONNECTION or UTILIZATION balancing modes. For\nCONNECTION mode, either maxConnections or\nmaxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. Cannot be set for INTERNAL backend\nservices.\n\nThis is used to calculate the capacity of the group.\nCan be used in either CONNECTION or UTILIZATION balancing modes.\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group. Cannot be set\nfor INTERNAL backend services.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. Either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].\nCannot be set for INTERNAL backend services.","description_kind":"plain","optional":true}},"description":"The set of backends that serve this RegionBackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the 'load_balancing_scheme' is set to INTERNAL_MANAGED\nand the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing.\nThis field only applies when all of the following are true -\n * 'load_balancing_scheme' is set to INTERNAL_MANAGED\n * 'protocol' is set to HTTP, HTTPS, or HTTP2\n * 'locality_lb_policy' is set to MAGLEV or RING_HASH","description_kind":"plain"},"max_items":1},"failover_policy":{"nesting_mode":"list","block":{"attributes":{"disable_connection_drain_on_failover":{"type":"bool","description":"On failover or failback, this field indicates whether connection drain\nwill be honored. Setting this to true has the following effect: connections\nto the old active pool are not drained. Connections to the new active pool\nuse the timeout of 10 min (currently fixed). Setting to false has the\nfollowing effect: both old and new connections will have a drain timeout\nof 10 min.\nThis can be set to true only if the protocol is TCP.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"drop_traffic_if_unhealthy":{"type":"bool","description":"This option is used only when no healthy VMs are detected in the primary\nand backup instance groups. When set to true, traffic is dropped. When\nset to false, new connections are sent across all VMs in the primary group.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"failover_ratio":{"type":"number","description":"The value of the field must be in [0, 1]. If the ratio of the healthy\nVMs in the primary backend is at or below this number, traffic arriving\nat the load-balanced IP will be directed to the failover backend.\nIn case where 'failoverRatio' is not set or all the VMs in the backup\nbackend are unhealthy, the traffic will be directed back to the primary\nbackend in the \"force\" mode, where traffic will be spread to the healthy\nVMs with the best effort, or to all VMs when no VM is healthy.\nThis field is only used with l4 load balancing.","description_kind":"plain","optional":true}},"description":"Policy for failovers.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the 'load_balancing_scheme' is set\nto INTERNAL_MANAGED and the 'protocol' is set to HTTP, HTTPS, or HTTP2.\n\nFrom version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value.\nDefault values are enforce by GCP without providing them.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_commitment":{"version":0,"block":{"attributes":{"auto_renew":{"type":"bool","description":"Specifies whether to enable automatic renewal for the commitment.\nThe default value is false if not specified.\nIf the field is set to true, the commitment will be automatically renewed for either\none or three years according to the terms of the existing commitment.","description_kind":"plain","optional":true,"computed":true},"category":{"type":"string","description":"The category of the commitment. Category MACHINE specifies commitments composed of\nmachine resources such as VCPU or MEMORY, listed in resources. Category LICENSE\nspecifies commitments composed of software licenses, listed in licenseResources.\nNote that only MACHINE commitments should have a Type specified. Possible values: [\"LICENSE\", \"MACHINE\"]","description_kind":"plain","optional":true,"computed":true},"commitment_id":{"type":"number","description":"Unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"end_timestamp":{"type":"string","description":"Commitment end time in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"plan":{"type":"string","description":"The plan for this commitment, which determines duration and discount rate.\nThe currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years). Possible values: [\"TWELVE_MONTH\", \"THIRTY_SIX_MONTH\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where this commitment may be used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"start_timestamp":{"type":"string","description":"Commitment start time in RFC3339 text format.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Status of the commitment with regards to eventual expiration\n(each commitment has an end date defined).","description_kind":"plain","computed":true},"status_message":{"type":"string","description":"A human-readable explanation of the status.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of commitment, which affects the discount rate and the eligible resources.\nThe type could be one of the following value: 'MEMORY_OPTIMIZED', 'ACCELERATOR_OPTIMIZED',\n'GENERAL_PURPOSE_N1', 'GENERAL_PURPOSE_N2', 'GENERAL_PURPOSE_N2D', 'GENERAL_PURPOSE_E2',\n'GENERAL_PURPOSE_T2D', 'GENERAL_PURPOSE_C3', 'COMPUTE_OPTIMIZED_C2', 'COMPUTE_OPTIMIZED_C2D' and\n'GRAPHICS_OPTIMIZED_G2'","description_kind":"plain","optional":true,"computed":true}},"block_types":{"license_resource":{"nesting_mode":"list","block":{"attributes":{"amount":{"type":"string","description":"The number of licenses purchased.","description_kind":"plain","optional":true},"cores_per_license":{"type":"string","description":"Specifies the core range of the instance for which this license applies.","description_kind":"plain","optional":true},"license":{"type":"string","description":"Any applicable license URI.","description_kind":"plain","required":true}},"description":"The license specification required as part of a license commitment.","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.","description_kind":"plain","optional":true},"amount":{"type":"string","description":"The amount of the resource purchased (in a type-dependent unit,\nsuch as bytes). For vCPUs, this can just be an integer. For memory,\nthis must be provided in MB. Memory must be a multiple of 256 MB,\nwith up to 6.5GB of memory per every vCPU.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of resource for which this commitment applies.\nPossible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.","description_kind":"plain","optional":true}},"description":"A list of commitment amounts for particular resources.\nNote that VCPU and MEMORY resource commitments must occur together.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the regional disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created health check should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTP2, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n\n* Empty serviceName means the overall status of all services at the backend.\n* Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\n\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"distribution_policy_target_shape":{"type":"string","description":"The shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).","description_kind":"plain","optional":true,"computed":true},"distribution_policy_zones":{"type":["set","string"],"description":"The distribution policy for this managed instance group. You can specify one or more values.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the managed instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"default_action_on_failure":{"type":"string","description":"Default behavior for all instance or health check failures.","description_kind":"plain","optional":true},"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"instance_redistribution_type":{"type":"string","description":"The instance redistribution policy for regional managed instance groups. Valid values are: \"PROACTIVE\", \"NONE\". If PROACTIVE (default), the group attempts to maintain an even distribution of VM instances across zones in the region. If NONE, proactive redistribution is disabled.","description_kind":"plain","optional":true},"max_surge_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer. Conflicts with max_surge_percent. Both cannot be 0","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for regional managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tSpecifies which confidential computing technology to use.\n\t\t\t\t\t\t\t\tThis could be one of the following values: SEV, SEV_SNP.\n\t\t\t\t\t\t\t\tIf SEV_SNP, min_cpu_platform = \"AMD Milan\" is currently required.","description_kind":"plain","optional":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release.","description_kind":"plain","optional":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of network endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true},"region_network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","optional":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"GCE_VM_IP_PORTMAP\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true}},"block_types":{"app_engine":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional serving service.\nThe service name must be 1-63 characters long, and comply with RFC1035.\nExample value: \"default\", \"my-service\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and version fields from a request URL.\nURL mask allows for routing to multiple App Engine services without\nhaving to create multiple Network Endpoint Groups and backend services.\n\nFor example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and\n\"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with\nURL mask \"-dot-appname.appspot.com/\". The URL mask will parse\nthem to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional serving version.\nThe version must be 1-63 characters long, and comply with RFC1035.\nExample value: \"v1\", \"v2\".","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_function":{"nesting_mode":"list","block":{"attributes":{"function":{"type":"string","description":"A user-defined name of the Cloud Function.\nThe function name is case-sensitive and must be 1-63 characters long.\nExample value: \"func1\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse function field from a request URL. URL mask allows\nfor routing to multiple Cloud Functions without having to create\nmultiple Network Endpoint Groups and backend services.\n\nFor example, request URLs \"mydomain.com/function1\" and \"mydomain.com/function2\"\ncan be backed by the same Serverless NEG with URL mask \"/\". The URL mask\nwill parse them to { function = \"function1\" } and { function = \"function2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_run":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Cloud Run service is the main resource of Cloud Run.\nThe service must be 1-63 characters long, and comply with RFC1035.\nExample value: \"run-service\".","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Cloud Run tag represents the \"named-revision\" to provide\nadditional fine-grained traffic routing information.\nThe tag must be 1-63 characters long, and comply with RFC1035.\nExample value: \"revision-0010\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and tag fields from a request URL.\nURL mask allows for routing to multiple Run services without having\nto create multiple network endpoint groups and backend services.\n\nFor example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\"\nan be backed by the same Serverless Network Endpoint Group (NEG) with\nURL mask \".domain.com/\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" }\nand { service=\"bar2\", tag=\"foo2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of this resource.","description_kind":"plain","optional":true,"computed":true},"region_network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\", \"goto_next\" and \"apply_security_profile_group\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"security_profile_group":{"type":"string","description":"A fully-qualified URL of a SecurityProfileGroup resource. Example: https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group. It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true},"tls_inspect":{"type":"bool","description":"Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true},"region_instance_group_manager":{"type":"string","description":"The region instance group manager this instance config is part of.","description_kind":"plain","required":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"A list of features enabled when the selected profile is CUSTOM. The\nmethod returns the set of features that can be specified in this\nlist. This field must be empty if the profile is not CUSTOM.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the regional SSL policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nsslCertificates and certificateManagerCertificates can't be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n\nIf you remove this field from your configuration at the same time as\ndeleting or recreating a referenced ServerTlsPolicy resource, you will\nreceive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy\nwithin the ServerTlsPolicy resource to avoid this.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nAt least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates.\nsslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the Region SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the RegionBackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target TCP proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The full or partial URL of the defaultService resource to which traffic is directed if\nnone of the hostRules match. If defaultRouteAction is additionally specified, advanced\nrouting actions like URL Rewrites, etc. take effect prior to sending the request to the\nbackend. However, if defaultService is specified, defaultRouteAction cannot contain any\nweightedBackendServices. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of defaultService,\ndefaultUrlRedirect or defaultRouteAction.weightedBackendService must be set.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the url map should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.\nDefault is false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regualar expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.\nSimilarly requests from clients can be aborted by the load balancer for a percentage of requests.\ntimeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.\nFault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the RegionBackendService resource being mirrored to.\nThe backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.\nServerless NEG backends are not currently supported as a mirrored backend service.","description_kind":"plain","optional":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nThe load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry policy applies.\nValid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable.\n - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams.\n - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504.\n - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts.\n - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409.\n - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled.\n - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded.\n - internal : a retry is attempted if the gRPC status code in the response header is set to internal.\n - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted.\n - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable.","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.\nIf not specified, this field uses the largest timeout among all backend services associated with the route.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.\nThe value must be from 1 to 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.\nThe value must be from 1 to 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, before forwarding the request to the matched service.\nurlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) .\nThe selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy.\nThe value must be from 0 to 1000.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response before sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request before forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add the response before sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for the selected backendService.\nheaderAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.\nheaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.\nAfter a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.\nURL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction.\ndefaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this HostRule. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid\nhostnames, except * will match any string of ([a-z0-9-.]*). In\nthat case, * must be the first character and must be followed in\nthe pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of\nthe URL if the hostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"A reference to a RegionBackendService resource. This will be used if\nnone of the pathRules defined by this PathMatcher is matched by\nthe URL's path portion.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n- 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nfor example: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n- gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n- connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n- retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n- refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n- cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n- deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n- resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n- unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0]\n\n* -3 will match\n* 0 will not match\n* 0.25 will not match\n* -3someString will not match.\n\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n\n* MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n* MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n for example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained. The default value is false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"A reference to expected RegionBackendService resource the given URL should be mapped to.","description_kind":"plain","required":true}},"description":"The list of expected URL mappings. Requests to update this UrlMap will\nsucceed only if all of the test cases pass.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","optional":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"block_types":{"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Type of sharing for this shared-reservation Possible values: [\"LOCAL\", \"SPECIFIC_PROJECTS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number, should be same as the key of this project config in the project map.","description_kind":"plain","optional":true}},"description":"A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"The share setting for reservations.","description_kind":"plain"},"max_items":1},"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of resources that are allocated.","description_kind":"plain","required":true},"in_use_count":{"type":"number","description":"How many instances are in use.","description_kind":"plain","computed":true}},"block_types":{"instance_properties":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The name of the machine type to reserve.","description_kind":"plain","required":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform for the reservation. For example,\n'\"Intel Skylake\"'. See\nthe CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones)\nfor information on available CPU platforms.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"guest_accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the guest accelerator cards exposed to\nthis instance.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The full or partial URL of the accelerator type to\nattach to this instance. For example:\n'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100'\n\nIf you are creating an instance template, specify only the accelerator name.","description_kind":"plain","required":true}},"description":"Guest accelerator type and count.","description_kind":"plain"}},"local_ssds":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The size of the disk in base-2 GB.","description_kind":"plain","required":true},"interface":{"type":"string","description":"The disk interface to use for attaching this disk. Default value: \"SCSI\" Possible values: [\"SCSI\", \"NVME\"]","description_kind":"plain","optional":true}},"description":"The amount of local ssd to reserve with each instance. This\nreserves disks of type 'local-ssd'.","description_kind":"plain"}}},"description":"The instance properties for the reservation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Reservation for instances with specific machine shapes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resize_request":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"The creation timestamp for this resize request in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resize-request.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The name of the managed instance group. The name should conform to RFC1035 or be a resource ID.\nAuthorization requires the following IAM permission on the specified resource instanceGroupManager:\n*compute.instanceGroupManagers.update","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resize_by":{"type":"number","description":"The number of instances to be created by this resize request. The group's target size will be increased by this number.","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output only] Current state of the request.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"error":["list",["object",{"errors":["list",["object",{"code":"string","error_details":["list",["object",{"error_info":["list",["object",{"domain":"string","metadatas":["map","string"],"reason":"string"}]],"help":["list",["object",{"links":["list",["object",{"description":"string","url":"string"}]]}]],"localized_message":["list",["object",{"locale":"string","message":"string"}]],"quota_info":["list",["object",{"dimensions":["map","string"],"future_limit":"number","limit":"number","limit_name":"string","metric_name":"string","rollout_status":"string"}]]}]],"location":"string","message":"string"}]]}]],"last_attempt":["list",["object",{"error":["list",["object",{"errors":["list",["object",{"code":"string","error_details":["list",["object",{"error_info":["list",["object",{"domain":"string","metadatas":["map","string"],"reason":"string"}]],"help":["list",["object",{"links":["list",["object",{"description":"string","url":"string"}]]}]],"localized_message":["list",["object",{"locale":"string","message":"string"}]],"quota_info":["list",["object",{"dimensions":["map","string"],"future_limit":"number","limit":"number","limit_name":"string","metric_name":"string","rollout_status":"string"}]]}]],"location":"string","message":"string"}]]}]]}]]}]],"description":"[Output only] Status of the request.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Name of the compute zone scoping this request. Name should conform to RFC1035.","description_kind":"plain","required":true}},"block_types":{"requested_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","required":true}},"description":"Requested run duration for instances that will be created by this request. At the end of the run duration instance will be deleted.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"disk_consistency_group_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable disk consistency on the resource policy.","description_kind":"plain","required":true}},"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain"},"max_items":1},"group_placement_policy":{"nesting_mode":"list","block":{"attributes":{"availability_domain_count":{"type":"number","description":"The number of availability domains instances will be spread across. If two instances are in different\navailability domain, they will not be put in the same low latency network","description_kind":"plain","optional":true},"collocation":{"type":"string","description":"Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network.\nSpecify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created\nwith a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy\nattached. Possible values: [\"COLLOCATED\"]","description_kind":"plain","optional":true},"vm_count":{"type":"number","description":"Number of VMs in this placement group. Google does not recommend that you use this field\nunless you use a compact policy and you want your policy to work only if it contains this\nexact number of VMs.","description_kind":"plain","optional":true}},"description":"Resource policy for instances used for placement configuration.","description_kind":"plain"},"max_items":1},"instance_schedule_policy":{"nesting_mode":"list","block":{"attributes":{"expiration_time":{"type":"string","description":"The expiration time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The start time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name\nfrom the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","required":true}},"block_types":{"vm_start_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for starting instances.","description_kind":"plain"},"max_items":1},"vm_stop_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for stopping instances.","description_kind":"plain"},"max_items":1}},"description":"Resource policy for scheduling instance operations.","description_kind":"plain"},"max_items":1},"snapshot_schedule_policy":{"nesting_mode":"list","block":{"block_types":{"retention_policy":{"nesting_mode":"list","block":{"attributes":{"max_retention_days":{"type":"number","description":"Maximum age of the snapshot that is allowed to be kept.","description_kind":"plain","required":true},"on_source_disk_delete":{"type":"string","description":"Specifies the behavior to apply to scheduled snapshots when\nthe source disk is deleted. Default value: \"KEEP_AUTO_SNAPSHOTS\" Possible values: [\"KEEP_AUTO_SNAPSHOTS\", \"APPLY_RETENTION_POLICY\"]","description_kind":"plain","optional":true}},"description":"Retention policy applied to snapshots created by this resource policy.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"days_in_cycle":{"type":"number","description":"Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"This must be in UTC format that resolves to one of\n00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example,\nboth 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"The policy will execute every nth day at the specified time.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"hours_in_cycle":{"type":"number","description":"The number of hours between snapshots.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in an hourly format \"HH:MM\",\nwhere HH : [00-23] and MM : [00] GMT. eg: 21:00","description_kind":"plain","required":true}},"description":"The policy will execute every nth hour starting at the specified time.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"block_types":{"day_of_weeks":{"nesting_mode":"set","block":{"attributes":{"day":{"type":"string","description":"The day of the week to create the snapshot. e.g. MONDAY Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.","description_kind":"plain","required":true}},"description":"May contain up to seven (one for each day of the week) snapshot times.","description_kind":"plain"},"min_items":1,"max_items":7}},"description":"Allows specifying a snapshot time for each day of the week.","description_kind":"plain"},"max_items":1}},"description":"Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.","description_kind":"plain"},"min_items":1,"max_items":1},"snapshot_properties":{"nesting_mode":"list","block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and comply\nwith RFC1035.","description_kind":"plain","optional":true},"guest_flush":{"type":"bool","description":"Whether to perform a 'guest aware' snapshot.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key-value pairs.","description_kind":"plain","optional":true},"storage_locations":{"type":["set","string"],"description":"Cloud Storage bucket location to store the auto snapshot\n(regional or multi-regional)","description_kind":"plain","optional":true}},"description":"Properties with which the snapshots are created, such as labels.","description_kind":"plain"},"max_items":1}},"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_route":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"dest_range":{"type":"string","description":"The destination range of outgoing packets that this route applies to.\nOnly IPv4 is supported.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network that this route applies to.","description_kind":"plain","required":true},"next_hop_gateway":{"type":"string","description":"URL to a gateway that should handle matching packets.\nCurrently, you can only specify the internet gateway, using a full or\npartial valid URL:\n* 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway'\n* 'projects/project/global/gateways/default-internet-gateway'\n* 'global/gateways/default-internet-gateway'\n* The string 'default-internet-gateway'.","description_kind":"plain","optional":true},"next_hop_ilb":{"type":"string","description":"The IP address or URL to a forwarding rule of type\nloadBalancingScheme=INTERNAL that should handle matching\npackets.\n\nWith the GA provider you can only specify the forwarding\nrule as a partial or full URL. For example, the following\nare all valid values:\n* 10.128.0.56\n* https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule\n* regions/region/forwardingRules/forwardingRule\n\nWhen the beta provider, you can also specify the IP address\nof a forwarding rule from the same VPC or any peered VPC.\n\nNote that this can only be used when the destinationRange is\na public (non-RFC 1918) IP CIDR range.","description_kind":"plain","optional":true},"next_hop_instance":{"type":"string","description":"URL to an instance that should handle matching packets.\nYou can specify this as a full or partial URL. For example:\n* 'https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance'\n* 'projects/project/zones/zone/instances/instance'\n* 'zones/zone/instances/instance'\n* Just the instance name, with the zone in 'next_hop_instance_zone'.","description_kind":"plain","optional":true},"next_hop_instance_zone":{"type":"string","description":"The zone of the instance specified in next_hop_instance. Omit if next_hop_instance is specified as a URL.","description_kind":"plain","optional":true,"computed":true},"next_hop_ip":{"type":"string","description":"Network IP address of an instance that should handle matching packets.","description_kind":"plain","optional":true,"computed":true},"next_hop_network":{"type":"string","description":"URL to a Network that should handle matching packets.","description_kind":"plain","computed":true},"next_hop_vpn_tunnel":{"type":"string","description":"URL to a VpnTunnel that should handle matching packets.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this route. Priority is used to break ties in cases\nwhere there is more than one matching route of equal prefix length.\n\nIn the case of two routes with equal prefix length, the one with the\nlowest-numbered priority value wins.\n\nDefault value is 1000. Valid range is 0 through 65535.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A list of instance tags to which this route applies.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"bgp":{"nesting_mode":"list","block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement. Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom mode.\nThis field can only be populated if advertiseMode is CUSTOM and\nis advertised to all peers of the router. These groups will be\nadvertised in addition to any specified prefixes. Leave this field\nblank to advertise no custom groups.\n\nThis enum field has the one valid value: ALL_SUBNETS","description_kind":"plain","optional":true},"asn":{"type":"number","description":"Local BGP Autonomous System Number (ASN). Must be an RFC6996\nprivate ASN, either 16-bit or 32-bit. The value will be fixed for\nthis router resource. All VPN tunnels that link to this router\nwill have the same local ASN.","description_kind":"plain","required":true},"identifier_range":{"type":"string","description":"Explicitly specifies a range of valid BGP Identifiers for this Router.\nIt is provided as a link-local IPv4 range (from 169.254.0.0/16), of\nsize at least /30, even if the BGP sessions are over IPv6. It must\nnot overlap with any IPv4 BGP session ranges. Other vendors commonly\ncall this router ID.","description_kind":"plain","optional":true,"computed":true},"keepalive_interval":{"type":"number","description":"The interval in seconds between BGP keepalive messages that are sent\nto the peer. Hold time is three times the interval at which keepalive\nmessages are sent, and the hold time is the maximum number of seconds\nallowed to elapse between successive keepalive messages that BGP\nreceives from a peer.\n\nBGP will use the smaller of either the local hold time value or the\npeer's hold time value as the hold time for the BGP connection\nbetween the two peers. If set, this value must be between 20 and 60.\nThe default is 20.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis CUSTOM and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}}},"description":"BGP information specific to this router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_interface":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachment":{"type":"string","description":"The name or resource link to the VLAN interconnect for this interface. Changing this forces a new interface to be created. Only one of interconnect_attachment, subnetwork or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"ip_range":{"type":"string","description":"The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"IP version of this interface.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the interface, required by GCE. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance. Changing this forces a new interface to be created.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which this interface's router belongs. If it is not provided, the provider project is used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"redundant_interface":{"type":"string","description":"The name of the interface that is redundant to this interface. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the router this interface will be attached to. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"subnetwork":{"type":"string","description":"The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. Changing this forces a new interface to be created. Only one of subnetwork, interconnect_attachment or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"vpn_tunnel":{"type":"string","description":"The name or resource link to the VPN tunnel this interface will be linked to. Changing this forces a new interface to be created. Only one of vpn_tunnel, interconnect_attachment or subnetwork can be specified.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"auto_network_tier":{"type":"string","description":"The network tier to use when automatically reserving NAT IP addresses.\nMust be one of: PREMIUM, STANDARD. If not specified, then the current\nproject-level default tier is used. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","optional":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","optional":true,"computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","optional":true,"computed":true},"endpoint_types":{"type":["list","string"],"description":"Specifies the endpoint Types supported by the NAT Gateway.\nSupported values include:\n 'ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG',\n 'ENDPOINT_TYPE_MANAGED_PROXY_LB'.","description_kind":"plain","optional":true,"computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","optional":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","optional":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","required":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","optional":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","optional":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","optional":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs.","description_kind":"plain","required":true},"filter":{"type":"string","description":"Specifies the desired filtering of logs on this NAT. Possible values: [\"ERRORS_ONLY\", \"TRANSLATIONS_ONLY\", \"ALL\"]","description_kind":"plain","required":true}},"description":"Configuration for logging on NAT","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this rule.","description_kind":"plain","optional":true},"match":{"type":"string","description":"CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.\nIf it evaluates to true, the corresponding action is enforced.\n\nThe following examples are valid match expressions for public NAT:\n\n\"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\"\n\n\"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\"\n\nThe following example is a valid match expression for private NAT:\n\n\"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"","description_kind":"plain","required":true},"rule_number":{"type":"number","description":"An integer uniquely identifying a rule in the list.\nThe rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.","description_kind":"plain","required":true}},"block_types":{"action":{"nesting_mode":"list","block":{"attributes":{"source_nat_active_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources used for this NAT rule.\nThese IP addresses must be valid static external IP addresses assigned to the project.\nThis field is used for public NAT.","description_kind":"plain","optional":true},"source_nat_drain_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained.\nThese IPs must be valid static external IPs that have been assigned to the NAT.\nThese IPs should be used for updating/patching a NAT rule only.\nThis field is used for public NAT.","description_kind":"plain","optional":true}},"description":"The action to be enforced for traffic that matches this rule.","description_kind":"plain"},"max_items":1}},"description":"A list of rules associated with this NAT.","description_kind":"plain"}},"subnetwork":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Self-link of subnetwork to NAT","description_kind":"plain","required":true},"secondary_ip_range_names":{"type":["set","string"],"description":"List of the secondary ranges of the subnetwork that are allowed\nto use NAT. This can be populated only if\n'LIST_OF_SECONDARY_IP_RANGES' is one of the values in\nsourceIpRangesToNat","description_kind":"plain","optional":true},"source_ip_ranges_to_nat":{"type":["set","string"],"description":"List of options for which source IPs in the subnetwork\nshould have NAT enabled. Supported values include:\n'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',\n'PRIMARY_IP_RANGE'.","description_kind":"plain","required":true}},"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_peer":{"version":0,"block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement.\nValid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom\nmode, which currently supports the following option:\n\n* 'ALL_SUBNETS': Advertises all of the router's own VPC subnets.\nThis excludes any routes learned for subnets that use VPC Network\nPeering.\n\n\nNote that this field can only be populated if advertiseMode is 'CUSTOM'\nand overrides the list defined for the router (in the \"bgp\" message).\nThese groups are advertised in addition to any specified prefixes.\nLeave this field blank to advertise no custom groups.","description_kind":"plain","optional":true},"advertised_route_priority":{"type":"number","description":"The priority of routes advertised to this BGP peer.\nWhere there is more than one matching route of maximum\nlength, the routes with the lowest priority value win.","description_kind":"plain","optional":true},"custom_learned_route_priority":{"type":"number","description":"The user-defined custom learned route priority for a BGP session.\nThis value is applied to all custom learned route ranges for the session. You can choose a value\nfrom 0 to 65335. If you don't provide a value, Google Cloud assigns a priority of 100 to the ranges.","description_kind":"plain","optional":true},"enable":{"type":"bool","description":"The status of the BGP peer connection. If set to false, any active session\nwith the peer is terminated and all associated routing information is removed.\nIf set to true, the peer connection can be established with routing information.\nThe default is true.","description_kind":"plain","optional":true},"enable_ipv4":{"type":"bool","description":"Enable IPv4 traffic over BGP Peer. It is enabled by default if the peerIpAddress is version 4.","description_kind":"plain","optional":true,"computed":true},"enable_ipv6":{"type":"bool","description":"Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Name of the interface the BGP peer is associated with.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"IP address of the interface inside Google Cloud Platform.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"ipv4_nexthop_address":{"type":"string","description":"IPv4 address of the interface inside Google Cloud Platform.","description_kind":"plain","optional":true,"computed":true},"ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the interface inside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"management_type":{"type":"string","description":"The resource that configures and manages this BGP peer.\n\n* 'MANAGED_BY_USER' is the default value and can be managed by\nyou or other users\n* 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and\nmanaged by Cloud Interconnect, specifically by an\nInterconnectAttachment of type PARTNER. Google automatically\ncreates, updates, and deletes this type of BGP peer when the\nPARTNER InterconnectAttachment is created, updated,\nor deleted.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of this BGP peer. The name must be 1-63 characters long,\nand comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_asn":{"type":"number","description":"Peer BGP Autonomous System Number (ASN).\nEach BGP interface may use a different value.","description_kind":"plain","required":true},"peer_ip_address":{"type":"string","description":"IP address of the BGP interface outside Google Cloud Platform.\nOnly IPv4 is supported. Required if 'ip_address' is set.","description_kind":"plain","optional":true,"computed":true},"peer_ipv4_nexthop_address":{"type":"string","description":"IPv4 address of the BGP interface outside Google Cloud Platform.","description_kind":"plain","optional":true,"computed":true},"peer_ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the BGP interface outside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and BgpPeer reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this BgpPeer will be configured.","description_kind":"plain","required":true},"router_appliance_instance":{"type":"string","description":"The URI of the VM instance that is used as third-party router appliances\nsuch as Next Gen Firewalls, Virtual Routers, or Router Appliances.\nThe VM instance must be located in zones contained in the same region as\nthis Cloud Router. The VM instance is the peer side of the BGP session.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis 'CUSTOM' and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}},"bfd":{"nesting_mode":"list","block":{"attributes":{"min_receive_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\nreceived from the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the transmit interval of the other router. If set, this value\nmust be between 1000 and 30000.","description_kind":"plain","optional":true},"min_transmit_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\ntransmitted to the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the corresponding receive interval of the other router. If set,\nthis value must be between 1000 and 30000.","description_kind":"plain","optional":true},"multiplier":{"type":"number","description":"The number of consecutive BFD packets that must be missed before\nBFD declares that a peer is unavailable. If set, the value must\nbe a value between 5 and 16.","description_kind":"plain","optional":true},"session_initialization_mode":{"type":"string","description":"The BFD session initialization mode for this BGP peer.\nIf set to 'ACTIVE', the Cloud Router will initiate the BFD session\nfor this BGP peer. If set to 'PASSIVE', the Cloud Router will wait\nfor the peer router to initiate the BFD session for this BGP peer.\nIf set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: [\"ACTIVE\", \"DISABLED\", \"PASSIVE\"]","description_kind":"plain","required":true}},"description":"BFD configuration for the BGP peering.","description_kind":"plain"},"max_items":1},"custom_learned_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"The custom learned route IP address range. Must be a valid CIDR-formatted prefix. If an \nIP address is provided without a subnet mask, it is interpreted as, for IPv4, a /32 singular IP address range, and, for IPv6, /128.","description_kind":"plain"}},"md5_authentication_key":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Value of the key.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"[REQUIRED] Name used to identify the key.\nMust be unique within a router. Must be referenced by exactly one bgpPeer. Must comply with RFC1035.","description_kind":"plain","required":true}},"description":"Present if MD5 authentication is enabled for the peering. Must be the name\nof one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"adaptive_protection_config":{"nesting_mode":"list","block":{"block_types":{"layer_7_ddos_defense_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"If set to true, enables CAAP for L7 DDoS detection.","description_kind":"plain","optional":true},"rule_visibility":{"type":"string","description":"Rule visibility. Supported values include: \"STANDARD\", \"PREMIUM\".","description_kind":"plain","optional":true,"computed":true}},"description":"Layer 7 DDoS Defense Config of this security policy","description_kind":"plain"},"max_items":1}},"description":"Adaptive Protection Config of this security policy.","description_kind":"plain"},"max_items":1},"advanced_options_config":{"nesting_mode":"list","block":{"attributes":{"json_parsing":{"type":"string","description":"JSON body parsing. Supported values include: \"DISABLED\", \"STANDARD\".","description_kind":"plain","optional":true,"computed":true},"log_level":{"type":"string","description":"Logging level. Supported values include: \"NORMAL\", \"VERBOSE\".","description_kind":"plain","optional":true,"computed":true},"user_ip_request_headers":{"type":["set","string"],"description":"An optional list of case-insensitive request header names to use for resolving the callers client IP address.","description_kind":"plain","optional":true}},"block_types":{"json_custom_config":{"nesting_mode":"list","block":{"attributes":{"content_types":{"type":["set","string"],"description":"A list of custom Content-Type header values to apply the JSON parsing.","description_kind":"plain","required":true}},"description":"Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.","description_kind":"plain"},"max_items":1}},"description":"Advanced Options Config of this security policy.","description_kind":"plain"},"max_items":1},"recaptcha_options_config":{"nesting_mode":"list","block":{"attributes":{"redirect_site_key":{"type":"string","description":"A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.","description_kind":"plain","required":true}},"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain"},"max_items":1},"rule":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Action to take when match matches the request.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this rule. Max size is 64.","description_kind":"plain","optional":true},"preview":{"type":"bool","description":"When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_adds":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to set.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value to set the named header to.","description_kind":"plain","optional":true}},"description":"The list of request headers to add or overwrite if they're already present.","description_kind":"plain"},"min_items":1}},"description":"Additional actions that are performed on headers.","description_kind":"plain"},"max_items":1},"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["set","string"],"description":"Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).","description_kind":"plain","required":true}},"description":"The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1},"expr_options":{"nesting_mode":"list","block":{"block_types":{"recaptcha_options":{"nesting_mode":"list","block":{"attributes":{"action_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created","description_kind":"plain","optional":true},"session_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.","description_kind":"plain","optional":true}},"description":"reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.","description_kind":"plain","required":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are \"deny()\" where valid values for status are 403, 404, 429, and 502, and \"redirect\" where the redirect parameters come from exceedRedirectOptions below.","description_kind":"plain","required":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rate limit threshold for this security policy. Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action. Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1}},"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the rule is matched. The following are the valid actions:\n\n* allow: allow access to target.\n\n* deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.\n\n* rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.\n\n* redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.\n\n* throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"preview":{"type":"bool","description":"If set to true, the specified action is not enforced.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list.\nThe priority must be a positive value between 0 and 2147483647.\nRules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The name of the security policy this rule belongs to.","description_kind":"plain","required":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Preconfigured versioned expression. If this field is specified, config must also be specified.\nAvailable preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. Possible values: [\"SRC_IPS_V1\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of srcIpRanges allowed is 10.","description_kind":"plain","optional":true}},"description":"The configuration options available when specifying versionedExpr.\nThis field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1},"expr_options":{"nesting_mode":"list","block":{"block_types":{"recaptcha_options":{"nesting_mode":"list","block":{"attributes":{"action_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.","description_kind":"plain","optional":true},"session_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.","description_kind":"plain","optional":true}},"description":"reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against.\nIf it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"max_items":1},"preconfigured_waf_config":{"nesting_mode":"list","block":{"block_types":{"exclusion":{"nesting_mode":"list","block":{"attributes":{"target_rule_ids":{"type":["list","string"],"description":"A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion.\nIf omitted, it refers to all the rule IDs under the WAF rule set.","description_kind":"plain","optional":true},"target_rule_set":{"type":"string","description":"Target WAF rule set to apply the preconfigured WAF exclusion.","description_kind":"plain","required":true}},"block_types":{"request_cookie":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_header":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request header whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_query_param":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation.\nNote that the parameter can be in the query string or in the POST body.","description_kind":"plain"}},"request_uri":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation.\nWhen specifying this field, the query or fragment part should be excluded.","description_kind":"plain"}}},"description":"An exclusion to apply during preconfigured WAF evaluation.","description_kind":"plain"}}},"description":"Preconfigured WAF configuration to be applied for the rule.\nIf the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.","description_kind":"plain"},"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\".\nIf specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold.\nValid option is \"allow\" only.","description_kind":"plain","optional":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on. Possible values are:\n* ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKey\" is not configured.\n* IP: The source IP address of the request is the key. Each IP has this limit enforced separately.\n* HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.\n* XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.\n* HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.\n* HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.\n* SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.\n* REGION_CODE: The country/region from which the request originates.\n* TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.\n* USER_IP: The IP address of the originating client, which is resolved based on \"userIpRequestHeaders\" configured with the security policy. If there is no \"userIpRequestHeaders\" configuration or an IP address cannot be resolved from it, the key type defaults to IP. Possible values: [\"ALL\", \"IP\", \"HTTP_HEADER\", \"XFF_IP\", \"HTTP_COOKIE\", \"HTTP_PATH\", \"SNI\", \"REGION_CODE\", \"TLS_JA3_FINGERPRINT\", \"USER_IP\"]","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types:\nHTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.\nHTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint.\nValid options are deny(STATUS), where valid values for STATUS are 403, 404, 429, and 502.","description_kind":"plain","optional":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","optional":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","optional":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\".\nIf specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"enforce_on_key_configs":{"nesting_mode":"list","block":{"attributes":{"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types:\nHTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.\nHTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"enforce_on_key_type":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on. Possible values are:\n* ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKeyConfigs\" is not configured.\n* IP: The source IP address of the request is the key. Each IP has this limit enforced separately.\n* HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.\n* XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.\n* HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.\n* HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.\n* SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.\n* REGION_CODE: The country/region from which the request originates.\n* TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.\n* USER_IP: The IP address of the originating client, which is resolved based on \"userIpRequestHeaders\" configured with the security policy. If there is no \"userIpRequestHeaders\" configuration or an IP address cannot be resolved from it, the key type defaults to IP. Possible values: [\"ALL\", \"IP\", \"HTTP_HEADER\", \"XFF_IP\", \"HTTP_COOKIE\", \"HTTP_PATH\", \"SNI\", \"REGION_CODE\", \"TLS_JA3_FINGERPRINT\", \"USER_IP\"]","description_kind":"plain","optional":true}},"description":"If specified, any combination of values of enforceOnKeyType/enforceOnKeyName is treated as the key on which ratelimit threshold/action is enforced.\nYou can specify up to 3 enforceOnKeyConfigs.\nIf enforceOnKeyConfigs is specified, enforceOnKey must not be specified.","description_kind":"plain"}},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","optional":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. This field is only supported in Global Security Policies of type CLOUD_ARMOR.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","optional":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","optional":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"max_items":1}},"description":"Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_service_attachment":{"version":0,"block":{"attributes":{"connected_endpoints":{"type":["list",["object",{"endpoint":"string","status":"string"}]],"description":"An array of the consumer forwarding rules connected to this service\nattachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference to use for this service attachment. Valid\nvalues include \"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\".","description_kind":"plain","required":true},"consumer_reject_lists":{"type":["list","string"],"description":"An array of projects that are not allowed to connect to this service\nattachment.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"domain_names":{"type":["list","string"],"description":"If specified, the domain name will be used during the integration between\nthe PSC connected endpoints and the Cloud DNS. For example, this is a\nvalid domain name: \"p.mycompany.com.\". Current max number of domain names\nsupported is 1.","description_kind":"plain","optional":true},"enable_proxy_protocol":{"type":"bool","description":"If true, enable the proxy protocol which is for supplying client TCP/IP\naddress data in TCP connections that traverse proxies on their way to\ndestination servers.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"nat_subnets":{"type":["list","string"],"description":"An array of subnets that is provided for NAT in this service attachment.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconcile_connections":{"type":"bool","description":"This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints.\n\nIf false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified .\nIf true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the resource resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target_service":{"type":"string","description":"The URL of a service serving the endpoint identified by this service attachment.","description_kind":"plain","required":true}},"block_types":{"consumer_accept_lists":{"nesting_mode":"set","block":{"attributes":{"connection_limit":{"type":"number","description":"The number of consumer forwarding rules the consumer project can\ncreate.","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The network that is allowed to connect to this service attachment.\nOnly one of project_id_or_num and network_url may be set.","description_kind":"plain","optional":true},"project_id_or_num":{"type":"string","description":"A project that is allowed to connect to this service attachment.\nOnly one of project_id_or_num and network_url may be set.","description_kind":"plain","optional":true}},"description":"An array of projects that are allowed to connect to this service\nattachment.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_host_project":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC host project","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_service_project":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host_project":{"type":"string","description":"The ID of a host project to associate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC service project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","required":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain"},"max_items":1},"source_disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource. This field can be set only at resource\ncreation time.","description_kind":"plain","optional":true},"external_ipv6_prefix":{"type":"string","description":"The range of external IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during updates of this resource.","description_kind":"plain","deprecated":true,"computed":true},"gateway_address":{"type":"string","description":"The gateway address for default routes to reach destination addresses\noutside this subnetwork.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description":"The internal IPv6 address range that is assigned to this subnetwork.","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that are owned by this subnetwork.\nProvide this property when you create the subnetwork. For example,\n10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported.","description_kind":"plain","required":true},"ipv6_access_type":{"type":"string","description":"The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation\nor the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet\ncannot enable direct path. Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"ipv6_cidr_range":{"type":"string","description":"The range of internal IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially\ncreating the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this subnet belongs to.\nOnly networks that are in the distributed mode can have subnetworks.","description_kind":"plain","required":true},"private_ip_google_access":{"type":"bool","description":"When enabled, VMs in this subnetwork without external IP addresses can\naccess Google APIs and services by using Private Google Access.","description_kind":"plain","optional":true,"computed":true},"private_ipv6_google_access":{"type":"string","description":"The private IPv6 google access type for the VMs in this subnet.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', 'PRIVATE_SERVICE_CONNECT' or 'PRIVATE_NAT'([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)).\nA subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers.\nA subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers.\nA subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service.\nA subnetwork with purpose set to 'PRIVATE_NAT' is used as source range for Private NAT gateways.\nNote that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers.\nIf unspecified, the purpose defaults to 'PRIVATE_RFC_1918'.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The GCP region for this subnetwork.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The role of subnetwork.\nCurrently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'.\nThe value can be set to 'ACTIVE' or 'BACKUP'.\nAn 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region.\nA 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: [\"ACTIVE\", \"BACKUP\"]","description_kind":"plain","optional":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description":"An array of configurations for secondary IP ranges for VM instances\ncontained in this subnetwork. The primary IP of such VM must belong\nto the primary ipCidrRange of the subnetwork. The alias IPs may belong\nto either primary or secondary ranges.\n\n**Note**: This field uses [attr-as-block mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html) to avoid\nbreaking users during the 0.12 upgrade. To explicitly send a list of zero objects,\nset 'send_secondary_ip_range_if_empty = true'","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"send_secondary_ip_range_if_empty":{"type":"bool","description":"Controls the removal behavior of secondary_ip_range.\nWhen false, removing secondary_ip_range from config will not produce a diff as\nthe provider will default to the API's value.\nWhen true, the provider will treat removing secondary_ip_range as sending an\nempty list of secondary IP ranges to the API.\nDefaults to false.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this subnet to identify whether the IPv6 feature is enabled or not.\nIf not specified IPV4_ONLY will be used. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"aggregation_interval":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nToggles the aggregation interval for collecting flow logs. Increasing the\ninterval time will reduce the amount of generated flow logs for long\nlasting connections. Default is an interval of 5 seconds per connection. Default value: \"INTERVAL_5_SEC\" Possible values: [\"INTERVAL_5_SEC\", \"INTERVAL_30_SEC\", \"INTERVAL_1_MIN\", \"INTERVAL_5_MIN\", \"INTERVAL_10_MIN\", \"INTERVAL_15_MIN\"]","description_kind":"plain","optional":true},"filter_expr":{"type":"string","description":"Export filter used to define which VPC flow logs should be logged, as as CEL expression. See\nhttps://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field.\nThe default value is 'true', which evaluates to include everything.","description_kind":"plain","optional":true},"flow_sampling":{"type":"number","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nThe value of the field must be in [0, 1]. Set the sampling rate of VPC\nflow logs within the subnetwork where 1.0 means all collected logs are\nreported and 0.0 means no logs are reported. Default is 0.5 which means\nhalf of all collected logs are reported.","description_kind":"plain","optional":true},"metadata":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nConfigures whether metadata fields should be added to the reported VPC\nflow logs. Default value: \"INCLUDE_ALL_METADATA\" Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\", \"CUSTOM_METADATA\"]","description_kind":"plain","optional":true},"metadata_fields":{"type":["set","string"],"description":"List of metadata fields that should be added to reported logs.\nCan only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" is set to CUSTOM_METADATA.","description_kind":"plain","optional":true}},"description":"This field denotes the VPC flow logging options for this subnetwork. If\nlogging is enabled, logs are exported to Cloud Logging. Flow logging\nisn't supported if the subnet 'purpose' field is set to subnetwork is\n'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_target_grpc_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in\nthis object. This field is used in optimistic locking. This field\nwill be ignored when inserting a TargetGrpcProxy. An up-to-date\nfingerprint must be provided in order to patch/update the\nTargetGrpcProxy; otherwise, the request will fail with error\n412 conditionNotMet. To see the latest fingerprint, make a get()\nrequest to retrieve the TargetGrpcProxy. A base64-encoded string.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource\nis created. The name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long\nand match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL with id for the resource.","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"URL to the UrlMap resource that defines the mapping from URL to\nthe BackendService. The protocol field in the BackendService\nmust be set to GRPC.","description_kind":"plain","optional":true},"validate_for_proxyless":{"type":"bool","description":"If true, indicates that the BackendServices referenced by\nthe urlMap may be accessed by gRPC applications without using\na sidecar proxy. This will enable configuration checks on urlMap\nand its referenced BackendServices to not allow unsupported features.\nA gRPC application must use \"xds:///\" scheme in the target URI\nof the service it is connecting to. If false, indicates that the\nBackendServices referenced by the urlMap will be accessed by gRPC\napplications via a sidecar proxy. In this case, a gRPC application\nmust not use \"xds:///\" scheme in the target URI of the service\nit is connecting to","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCertificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.\nFor EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.\nFor INTERNAL_MANAGED, use certificate_manager_certificates instead.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"quic_override":{"type":"string","description":"Specifies the QUIC override policy for this resource. This determines\nwhether the load balancer will attempt to negotiate QUIC with clients\nor not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is\nspecified, Google manages whether QUIC is used. Default value: \"NONE\" Possible values: [\"NONE\", \"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates can not be defined together.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"tls_early_data":{"type":"string","description":"Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.\nEarly Data allows a TLS resumption handshake to include the initial application payload\n(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.\nThis applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). Possible values: [\"STRICT\", \"PERMISSIVE\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_instance":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The Compute instance VM handling traffic for this target instance.\nAccepts the instance self-link, relative path\n(e.g. 'projects/project/zones/zone/instances/instance') or name. If\nname is given, the zone will default to the given zone or\nthe provider-default zone and the project will default to the\nprovider-level project.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"nat_policy":{"type":"string","description":"NAT option controlling how IPs are NAT'ed to the instance.\nCurrently only NO_NAT (default value) is supported. Default value: \"NO_NAT\" Possible values: [\"NO_NAT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"zone":{"type":"string","description":"URL of the zone where the target instance resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_pool":{"version":0,"block":{"attributes":{"backup_pool":{"type":"string","description":"URL to the backup target pool. Must also set failover_ratio.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Textual description field.","description_kind":"plain","optional":true},"failover_ratio":{"type":"number","description":"Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set).","description_kind":"plain","optional":true},"health_checks":{"type":["list","string"],"description":"List of zero or one health check name or self_link. Only legacy google_compute_http_health_check is supported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"List of instances in the pool. They can be given as URLs, or in the form of \"zone/name\". Note that the instances need not exist at the time of target pool creation, so there is no need to use the Terraform interpolators to create a dependency on the instances from the target pool.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the resource, required by GCE. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Where the target pool resides. Defaults to project region.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"How to distribute load. Options are \"NONE\" (no affinity). \"CLIENT_IP\" (hash of the source/dest addresses / ports), and \"CLIENT_IP_PROTO\" also includes the protocol (default \"NONE\").","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_ssl_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of SslCertificate resources that are used to authenticate\nconnections between users and the load balancer. At least one\nSSL certificate must be specified.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetSslProxy resource. If not set, the TargetSslProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given rules match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase\nletter, and all following characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions\nlike URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend.\nIf defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService\nis set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained. The default is set to false.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here take effect after\nheaderAction specified under pathMatcher.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid hostnames, except * will\nmatch any string of ([a-z0-9-.]*). In that case, * must be the first character\nand must be followed in the pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of the URL if the\nhostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given paths match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs\nadvanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request\nto the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set.\nConversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. HeaderAction specified here are applied after the\nmatching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket to use if any of the given paths match.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nfor example: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n* unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0] - -3 will match. - 0 will\nnot match. - 0.25 will not match. - -3someString will not match. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n - MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n - MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n for example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction\nis not set, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set\nto false, the URL scheme of the redirected request will remain the same as that\nof the request. This must only be set for UrlMaps used in TargetHttpProxys.\nSetting this true for TargetHttpsProxy is not permitted. Defaults to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. Only one of pathRedirect or prefixRedirect must be\nspecified. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained. Defaults to false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket link that should be matched by this test.","description_kind":"plain","required":true}},"description":"The list of expected URL mapping tests. Request to update this UrlMap will\nsucceed only if all of the test cases pass. You can specify a maximum of 100\ntests per UrlMap.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_tunnel":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"detailed_status":{"type":"string","description":"Detailed status message for the VPN tunnel.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ike_version":{"type":"number","description":"IKE protocol version to use when establishing the VPN tunnel with\npeer VPN gateway.\nAcceptable IKE versions are 1 or 2. Default version is 2.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this VpnTunnel.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"local_traffic_selector":{"type":["set","string"],"description":"Local traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63\ncharacters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\nmust be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_external_gateway":{"type":"string","description":"URL of the peer side external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_external_gateway_interface":{"type":"number","description":"The interface ID of the external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_gcp_gateway":{"type":"string","description":"URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.\nIf provided, the VPN tunnel will automatically use the same vpn_gateway_interface\nID in the peer GCP VPN gateway.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"peer_ip":{"type":"string","description":"IP address of the peer VPN gateway. Only IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.","description_kind":"plain","optional":true,"computed":true},"remote_traffic_selector":{"type":["set","string"],"description":"Remote traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of router resource to be used for dynamic routing.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Shared secret used to set the secure session between the Cloud VPN\ngateway and the peer VPN gateway.","description_kind":"plain","required":true,"sensitive":true},"shared_secret_hash":{"type":"string","description":"Hash of the shared secret.","description_kind":"plain","computed":true},"target_vpn_gateway":{"type":"string","description":"URL of the Target VPN gateway with which this VPN tunnel is\nassociated.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tunnel_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"vpn_gateway":{"type":"string","description":"URL of the VPN gateway with which this VPN tunnel is associated.\nThis must be used if a High Availability VPN gateway resource is created.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"vpn_gateway_interface":{"type":"number","description":"The interface ID of the VPN gateway with which this VPN tunnel is associated.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time this note was created.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"Time of expiration for this note. Leave empty if note does not expire.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The type of analysis this note describes","description_kind":"plain","computed":true},"long_description":{"type":"string","description":"A detailed description of the note","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the note.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"related_note_names":{"type":["set","string"],"description":"Names of other notes related to this note.","description_kind":"plain","optional":true},"short_description":{"type":"string","description":"A one sentence description of the note.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time this note was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation_authority":{"nesting_mode":"list","block":{"block_types":{"hint":{"nesting_mode":"list","block":{"attributes":{"human_readable_name":{"type":"string","description":"The human readable name of this Attestation Authority, for\nexample \"qa\".","description_kind":"plain","required":true}},"description":"This submessage provides human-readable hints about the purpose of\nthe AttestationAuthority. Because the name of a Note acts as its\nresource reference, it is important to disambiguate the canonical\nname of the Note (which might be a UUID for security purposes)\nfrom \"readable\" names more suitable for debug output. Note that\nthese hints should NOT be used to look up AttestationAuthorities\nin security sensitive contexts, such as when looking up\nAttestations to verify.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Note kind that represents a logical attestation \"role\" or \"authority\".\nFor example, an organization might have one AttestationAuthority for\n\"QA\" and one for \"build\". This Note is intended to act strictly as a\ngrouping mechanism for the attached Occurrences (Attestations). This\ngrouping mechanism also provides a security boundary, since IAM ACLs\ngate the ability for a principle to attach an Occurrence to a given\nNote. It also provides a single point of lookup to find all attached\nAttestation Occurrences, even if they don't all live in the same\nproject.","description_kind":"plain"},"min_items":1,"max_items":1},"related_url":{"nesting_mode":"set","block":{"attributes":{"label":{"type":"string","description":"Label to describe usage of the URL","description_kind":"plain","optional":true},"url":{"type":"string","description":"Specific URL associated with the resource.","description_kind":"plain","required":true}},"description":"URLs associated with this note and related metadata.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_analysis_occurrence":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The note kind which explicitly denotes which of the occurrence\ndetails are specified. This field can be used as a filter in list\nrequests.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the occurrence.","description_kind":"plain","computed":true},"note_name":{"type":"string","description":"The analysis note associated with this occurrence, in the form of\nprojects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a\nfilter in list requests.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remediation":{"type":"string","description":"A description of actions that can be taken to remedy the note.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"Required. Immutable. A URI that represents the resource for which\nthe occurrence applies. For example,\nhttps://gcr.io/project/image@sha256:123abc for a Docker image.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation":{"nesting_mode":"list","block":{"attributes":{"serialized_payload":{"type":"string","description":"The serialized payload that is verified by one or\nmore signatures. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"signatures":{"nesting_mode":"set","block":{"attributes":{"public_key_id":{"type":"string","description":"The identifier for the public key that verifies this\nsignature. MUST be an RFC3986 conformant\nURI. * When possible, the key id should be an\nimmutable reference, such as a cryptographic digest.\nExamples of valid values:\n\n* OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr\n for more details on this scheme.\n * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'\n* RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"","description_kind":"plain","required":true},"signature":{"type":"string","description":"The content of the signature, an opaque bytestring.\nThe payload that this signature verifies MUST be\nunambiguously provided with the Signature during\nverification. A wrapper message might provide the\npayload explicitly. Alternatively, a message might\nhave a canonical serialization that can always be\nunambiguously computed to derive the payload.","description_kind":"plain","optional":true}},"description":"One or more signatures over serializedPayload.\nVerifier implementations should consider this attestation\nmessage verified if at least one signature verifies\nserializedPayload. See Signature in common.proto for more\ndetails on signature structure and verification.","description_kind":"plain"},"min_items":1}},"description":"Occurrence that represents a single \"attestation\". The authenticity\nof an attestation can be verified using the attached signature.\nIf the verifier trusts the public key of the signer, then verifying\nthe signature is sufficient to establish trust. In this circumstance,\nthe authority to which this attestation is attached is primarily\nuseful for lookup (how to find this attestation if you already\nknow the authority and artifact to be verified) and intent (for\nwhich authority this attestation was intended to sign.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_attached_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same\nrestrictions as Kubernetes annotations. The total size of all keys and\nvalues combined is limited to 256k. Key can have 2 segments: prefix (optional)\nand name (required), separated by a slash (/). Prefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster_region":{"type":"string","description":"Output only. The region where this cluster runs.\n\nFor EKS clusters, this is an AWS region. For AKS clusters,\nthis is an Azure region.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine what flags to send on delete.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human readable description of this attached cluster. Cannot be longer\nthan 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"distribution":{"type":"string","description":"The Kubernetes distribution of the underlying attached cluster. Supported values:\n\"eks\", \"aks\", \"generic\". The generic distribution provides the ability to register\nor migrate any CNCF conformant cluster.","description_kind":"plain","required":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"errors":{"type":["list",["object",{"message":"string"}]],"description":"A set of errors found in the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_version":{"type":"string","description":"The Kubernetes version of the cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"platform_version":{"type":"string","description":"The platform version for the cluster (e.g. '1.23.0-gke.1').","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the cluster. Possible values:\nSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\nDEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"attributes":{"admin_groups":{"type":["list","string"],"description":"Groups that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the groups. Up to ten admin groups can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true},"admin_users":{"type":["list","string"],"description":"Users that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the users. Up to ten admin users can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Configure Binary Authorization evaluation mode. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization configuration.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this\ncluster. Membership names are formatted as\nprojects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","required":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"logging_config":{"nesting_mode":"list","block":{"block_types":{"component_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"]","description_kind":"plain","optional":true}},"description":"The configuration of the logging components","description_kind":"plain"},"max_items":1}},"description":"Logging configuration.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"managed_prometheus_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Managed Collection.","description_kind":"plain","optional":true}},"description":"Enable Google Cloud Managed Service for Prometheus in the cluster.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration.","description_kind":"plain"},"max_items":1},"oidc_config":{"nesting_mode":"list","block":{"attributes":{"issuer_url":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'","description_kind":"plain","required":true},"jwks":{"type":"string","description":"OIDC verification keys in JWKS format (RFC 7517).","description_kind":"plain","optional":true}},"description":"OIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how GCP services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuer_url' field\nwhile clusters with private issuers need to provide both\n'issuer_url' and 'jwks'.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"block_types":{"kubernetes_secret":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Namespace of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true}},"description":"The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.","description_kind":"plain"},"max_items":1}},"description":"Support for proxy configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM instance pofile to assign to each control plane replica.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"subnet_ids":{"type":["list","string"],"description":"The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of AWS resource tags to propagate to all underlying managed AWS resources. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling .","description_kind":"plain","required":true}},"block_types":{"aws_services_authentication":{"nesting_mode":"list","block":{"attributes":{"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.","description_kind":"plain","required":true},"role_session_name":{"type":"string","description":"Optional. An identifier for the assumed role session. When unspecified, it defaults to `multicloud-service-agent`.","description_kind":"plain","optional":true,"computed":true}},"description":"Authentication configuration for management of AWS resources.","description_kind":"plain"},"min_items":1,"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain"},"min_items":1,"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"per_node_pool_sg_rules_disabled":{"type":"bool","description":"Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.","description_kind":"plain","optional":true},"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"vpc_id":{"type":"string","description":"The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The awsCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The lifecycle state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The subnet where the node pool node run.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version to run on this node pool (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the NodePool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the NodePool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM role assigned to nodes in the pool.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to nodes in this pool. The manager will automatically create security groups with minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. Key/value metadata to assign to each underlying AWS resource. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_metrics_collection":{"nesting_mode":"list","block":{"attributes":{"granularity":{"type":"string","description":"The frequency at which EC2 Auto Scaling sends aggregated data to AWS CloudWatch. The only valid value is \"1Minute\".","description_kind":"plain","required":true},"metrics":{"type":["list","string"],"description":"The metrics to enable. For a list of valid metrics, see https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html. If you specify granularity and don't specify any metrics, all metrics are enabled.","description_kind":"plain","optional":true}},"description":"Optional. Configuration related to CloudWatch metrics collection on the Auto Scaling group of the node pool. When unspecified, metrics collection is disabled.","description_kind":"plain"},"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Template for the root volume provisioned for node pool nodes. Volumes will be provisioned in the availability zone assigned to the node pool subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. The SSH configuration.","description_kind":"plain"},"max_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"The taint effect. Possible values: EFFECT_UNSPECIFIED, NO_SCHEDULE, PREFER_NO_SCHEDULE, NO_EXECUTE","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for the taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for the taint.","description_kind":"plain","required":true}},"description":"Optional. The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_settings":{"nesting_mode":"list","block":{"block_types":{"surge_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Settings for surge update.","description_kind":"plain"},"max_items":1}},"description":"Optional. Update settings control the speed and disruption of the node pool update.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_azure_client":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"Output only. The PEM encoded x509 certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this resource was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the client.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_region":{"type":"string","description":"The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call to list all supported Azure regions within a given Google Cloud region.","description_kind":"plain","required":true},"client":{"type":"string","description":"Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/\u003cproject-number\u003e/locations/\u003cregion\u003e/azureClients/\u003cclient-id\u003e`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"resource_group_id":{"type":"string","description":"The ARM ID of the resource group where the cluster resources are deployed. For example: `/subscriptions/*/resourceGroups/*`","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"azure_services_authentication":{"nesting_mode":"list","block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID for Authentication configuration.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID for Authentication configuration.","description_kind":"plain","required":true}},"description":"Azure authentication configuration for management of Azure resources","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the control plane VMs are deployed. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/default`.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying control plane Azure resources.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAzureServerConfig.","description_kind":"plain","required":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. For available VM sizes, see https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-id\u003e/providers/Microsoft.KeyVault/vaults/\u003ckey-vault-id\u003e/keys/\u003ckey-name\u003e` Encryption will always take the latest version of the key and hence specific version is not supported.","description_kind":"plain","required":true}},"description":"Optional. Configuration related to application-layer secrets encryption.","description_kind":"plain"},"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. When unspecified, it defaults to a 8-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"replica_placements":{"nesting_mode":"list","block":{"attributes":{"azure_availability_zone":{"type":"string","description":"For a given replica, the Azure availability zone where to provision the control plane VM and the ETCD disk.","description_kind":"plain","required":true},"subnet_id":{"type":"string","description":"For a given replica, the ARM ID of the subnet where the control plane VM is deployed. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true}},"description":"Configuration for where to place the control plane replicas. Up to three replica placement instances can be specified. If replica_placements is set, the replica placement instances will be applied to the three control plane replicas as evenly as possible.","description_kind":"plain"}},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. When unspecified, it defaults to 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range of the pods in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All pods in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range for services in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All services in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creating a cluster.","description_kind":"plain","required":true},"virtual_network_id":{"type":"string","description":"The Azure Resource Manager (ARM) ID of the VNet associated with your cluster. All components in the cluster (i.e. control plane and node pools) run on a single VNet. Example: `/subscriptions/*/resourceGroups/*/providers/Microsoft.Network/virtualNetworks/*` This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_availability_zone":{"type":"string","description":"Optional. The Azure availability zone of the nodes in this nodepool. When unspecified, it defaults to `1`.","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"The azureCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently pending changes to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the node pool VMs run. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this node pool.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the node pool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the node pool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying Azure resources for this node pool. This currently only includes Virtual Machine Scale Sets. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. See (/anthos/clusters/docs/azure/reference/supported-vms) for options. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each node pool machine. When unspecified, it defaults to a 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the node pool machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","optional":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","optional":true,"computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","optional":true,"computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"bool","description":"When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the cluster will fail. When the field is set to false, deleting the cluster is allowed.","description_kind":"plain","optional":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","optional":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","optional":true},"enable_cilium_clusterwide_network_policy":{"type":"bool","description":"Whether Cilium cluster-wide network policy is enabled on this cluster.","description_kind":"plain","optional":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","optional":true,"computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","optional":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","optional":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","optional":true},"enable_multi_networking":{"type":"bool","description":"Whether multi-networking is enabled for this cluster.","description_kind":"plain","optional":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","optional":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true,"computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","optional":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","optional":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","optional":true,"computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","optional":true,"computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"cloudrun_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description_kind":"plain","optional":true}},"description":"The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.","description_kind":"plain"},"max_items":1},"config_connector_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The of the Config Connector addon.","description_kind":"plain"},"max_items":1},"dns_cache_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gce_persistent_disk_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.","description_kind":"plain"},"max_items":1},"gcp_filestore_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gcs_fuse_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gke_backup_agent_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"horizontal_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"http_load_balancing":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"network_policy_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.","description_kind":"plain"},"max_items":1},"ray_operator_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"block_types":{"ray_cluster_logging_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"ray_cluster_monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1}},"description":"The status of the Ray Operator addon, which enabled management of Ray AI/ML jobs on GKE. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":3},"stateful_ha_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1}},"description":"The configuration for addons supported by GKE.","description_kind":"plain"},"max_items":1},"authenticator_groups_config":{"nesting_mode":"list","block":{"attributes":{"security_group":{"type":"string","description":"The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.","description_kind":"plain","required":true}},"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Binary Authorization for this cluster.","description_kind":"plain","deprecated":true,"optional":true},"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"cluster_autoscaling":{"nesting_mode":"list","block":{"attributes":{"auto_provisioning_locations":{"type":["list","string"],"description":"The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.","description_kind":"plain","optional":true,"computed":true},"autoscaling_profile":{"type":"string","description":"Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"auto_provisioning_defaults":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The default image type used by NAP once a new node pool is being created.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["list","string"],"description":"Scopes that are used by NAP when creating node pools.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true}},"block_types":{"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.","description_kind":"plain","optional":true,"computed":true},"auto_upgrade":{"type":"bool","description":"Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.","description_kind":"plain","optional":true,"computed":true},"upgrade_options":{"type":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]],"description":"Specifies the Auto Upgrade knobs for the node pool.","description_kind":"plain","computed":true}},"description":"NodeManagement configuration for this NodePool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.","description_kind":"plain","optional":true},"max_unavailable":{"type":"number","description":"The maximum number of nodes that can be simultaneously unavailable during the upgrade process.","description_kind":"plain","optional":true},"strategy":{"type":"string","description":"Update strategy of the node pool.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Standard policy for the blue-green upgrade.","description_kind":"plain"},"max_items":1}},"description":"Settings for blue-green upgrade strategy.","description_kind":"plain"},"max_items":1}},"description":"Specifies the upgrade settings for NAP created node pools","description_kind":"plain"},"max_items":1}},"description":"Contains defaults for a node pool created by NAP.","description_kind":"plain"},"max_items":1},"resource_limits":{"nesting_mode":"list","block":{"attributes":{"maximum":{"type":"number","description":"Maximum amount of the resource in the cluster.","description_kind":"plain","optional":true},"minimum":{"type":"number","description":"Minimum amount of the resource in the cluster.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.","description_kind":"plain","required":true}},"description":"Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.","description_kind":"plain"}}},"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this cluster.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain"},"max_items":1},"cost_management_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.","description_kind":"plain","required":true}},"description":"Cost management configuration for the cluster.","description_kind":"plain"},"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_name":{"type":"string","description":"The key to use to encrypt/decrypt secrets.","description_kind":"plain","optional":true},"state":{"type":"string","description":"ENCRYPTED or DECRYPTED.","description_kind":"plain","required":true}},"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain"},"max_items":1},"default_snat_status":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.","description_kind":"plain","required":true}},"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain"},"max_items":1},"dns_config":{"nesting_mode":"list","block":{"attributes":{"cluster_dns":{"type":"string","description":"Which in-cluster DNS provider should be used.","description_kind":"plain","optional":true},"cluster_dns_domain":{"type":"string","description":"The suffix used for all cluster service records.","description_kind":"plain","optional":true},"cluster_dns_scope":{"type":"string","description":"The scope of access to cluster DNS records.","description_kind":"plain","optional":true}},"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain"},"max_items":1},"enable_k8s_beta_apis":{"nesting_mode":"list","block":{"attributes":{"enabled_apis":{"type":["set","string"],"description":"Enabled Kubernetes Beta APIs.","description_kind":"plain","required":true}},"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Full resource name of the registered fleet membership of the cluster.","description_kind":"plain","computed":true},"membership_id":{"type":"string","description":"Short name of the fleet membership, for example \"member-1\".","description_kind":"plain","computed":true},"membership_location":{"type":"string","description":"Location of the fleet membership, for example \"us-central1\".","description_kind":"plain","computed":true},"pre_registered":{"type":"bool","description":"Whether the cluster has been registered via the fleet API.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The Fleet host project of the cluster.","description_kind":"plain","optional":true}},"description":"Fleet configuration of the cluster.","description_kind":"plain"},"max_items":1},"gateway_api_config":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The Gateway API release channel to use for Gateway API.","description_kind":"plain","required":true}},"description":"Configuration for GKE Gateway API controller.","description_kind":"plain"},"max_items":1},"identity_service_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable the Identity Service component.","description_kind":"plain","optional":true}},"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain"},"max_items":1},"ip_allocation_policy":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_block":{"type":"string","description":"The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"cluster_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"services_ipv4_cidr_block":{"type":"string","description":"The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"services_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set","description_kind":"plain","optional":true}},"block_types":{"additional_pod_ranges_config":{"nesting_mode":"list","block":{"attributes":{"pod_range_names":{"type":["set","string"],"description":"Name for pod secondary ipv4 range which has the actual range defined ahead.","description_kind":"plain","required":true}},"description":"AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for cluster level pod cidr overprovision. Default is disabled=false.","description_kind":"plain"},"max_items":1}},"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain"},"max_items":1},"logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.","description_kind":"plain","required":true}},"description":"Logging configuration for the cluster.","description_kind":"plain"},"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"daily_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description_kind":"plain","computed":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window specified for daily maintenance operations. Specify start_time in RFC3339 format \"HH:MM”, where HH : [00-23] and MM : [00-59] GMT.","description_kind":"plain"},"max_items":1},"maintenance_exclusion":{"nesting_mode":"set","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"exclusion_name":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"block_types":{"exclusion_options":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"The scope of automatic upgrades to restrict in the exclusion window.","description_kind":"plain","required":true}},"description":"Maintenance exclusion related options.","description_kind":"plain"},"max_items":1}},"description":"Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.","description_kind":"plain"},"max_items":20},"recurring_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"recurrence":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window for recurring maintenance operations.","description_kind":"plain"},"max_items":1}},"description":"The maintenance policy to use for the cluster.","description_kind":"plain"},"max_items":1},"master_auth":{"nesting_mode":"list","block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"Base64 encoded private key used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true,"sensitive":true},"cluster_ca_certificate":{"type":"string","description":"Base64 encoded public certificate that is the root of trust for the cluster.","description_kind":"plain","computed":true}},"block_types":{"client_certificate_config":{"nesting_mode":"list","block":{"attributes":{"issue_client_certificate":{"type":"bool","description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain","required":true}},"description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"gcp_public_cidrs_access_enabled":{"type":"bool","description":"Whether Kubernetes master is accessible via Google Compute Engine Public IPs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"External networks that can access the Kubernetes cluster master through HTTPS.","description_kind":"plain"}}},"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain"},"max_items":1},"mesh_certificates":{"nesting_mode":"list","block":{"attributes":{"enable_certificates":{"type":"bool","description":"When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","required":true}},"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_datapath_observability_config":{"nesting_mode":"list","block":{"attributes":{"enable_metrics":{"type":"bool","description":"Whether or not the advanced datapath metrics are enabled.","description_kind":"plain","required":true},"enable_relay":{"type":"bool","description":"Whether or not Relay is enabled.","description_kind":"plain","optional":true},"relay_mode":{"type":"string","description":"Mode used to make Relay available.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"description":"Configuration of Advanced Datapath Observability features.","description_kind":"plain"},"max_items":1},"managed_prometheus":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the managed collection is enabled.","description_kind":"plain","required":true}},"description":"Configuration for Google Cloud Managed Services for Prometheus.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration for the cluster.","description_kind":"plain"},"max_items":1},"network_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether network policy is enabled on the cluster.","description_kind":"plain","required":true},"provider":{"type":"string","description":"The selected network policy provider.","description_kind":"plain","optional":true}},"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether the node should have nested virtualization enabled.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"node_pool":{"nesting_mode":"list","block":{"attributes":{"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"additional_node_network_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Name of the VPC where the additional interface belongs.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional interface belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface","description_kind":"plain"}},"additional_pod_network_configs":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node which use this pod network.","description_kind":"plain","optional":true,"computed":true},"secondary_pod_range":{"type":"string","description":"The name of the secondary range on the subnet which provides IP address for this pod range.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional pod network belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether the node should have nested virtualization enabled.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"queued_provisioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API","description_kind":"plain","required":true}},"description":"Specifies the configuration of queued provisioning","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain"}},"node_pool_auto_config":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"block_types":{"network_tags":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"List of network tags applied to auto-provisioned node pools.","description_kind":"plain","optional":true}},"description":"Collection of Compute Engine network tags that can be applied to a node's underlying VM instance.","description_kind":"plain"},"max_items":1},"node_kubelet_config":{"nesting_mode":"list","block":{"attributes":{"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1}},"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain"},"max_items":1},"node_pool_defaults":{"nesting_mode":"list","block":{"block_types":{"node_config_defaults":{"nesting_mode":"list","block":{"attributes":{"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1}},"description":"Subset of NodeConfig message that has defaults.","description_kind":"plain"},"max_items":1}},"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the notification config is enabled","description_kind":"plain","required":true},"topic":{"type":"string","description":"The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":["list","string"],"description":"Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT","description_kind":"plain","required":true}},"description":"Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent","description_kind":"plain"},"max_items":1}},"description":"Notification config for Cloud Pub/Sub","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain"},"max_items":1},"private_cluster_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_endpoint":{"type":"bool","description":"When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.","description_kind":"plain","optional":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.","description_kind":"plain","optional":true,"computed":true},"peering_name":{"type":"string","description":"The name of the peering between this cluster and the Google owned VPC.","description_kind":"plain","computed":true},"private_endpoint":{"type":"string","description":"The internal IP address of this cluster's master endpoint.","description_kind":"plain","computed":true},"private_endpoint_subnetwork":{"type":"string","description":"Subnetwork in cluster's network where master's endpoint will be provisioned.","description_kind":"plain","optional":true},"public_endpoint":{"type":"string","description":"The external IP address of this cluster's master endpoint.","description_kind":"plain","computed":true}},"block_types":{"master_global_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the cluster master is accessible globally or not.","description_kind":"plain","required":true}},"description":"Controls cluster master global access settings.","description_kind":"plain"},"max_items":1}},"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain"},"max_items":1},"release_channel":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The selected release channel. Accepted values are:\n* UNSPECIFIED: Not set.\n* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.\n* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.\n* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.\n* EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.","description_kind":"plain","required":true}},"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain"},"max_items":1},"resource_usage_export_config":{"nesting_mode":"list","block":{"attributes":{"enable_network_egress_metering":{"type":"bool","description":"Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.","description_kind":"plain","optional":true},"enable_resource_consumption_metering":{"type":"bool","description":"Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of a BigQuery Dataset.","description_kind":"plain","required":true}},"description":"Parameters for using BigQuery as the destination of resource usage export.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.","description_kind":"plain","optional":true,"computed":true},"vulnerability_mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain"},"max_items":1},"service_external_ips_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, services with external ips specified will be allowed.","description_kind":"plain","required":true}},"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vertical_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables vertical pod autoscaling.","description_kind":"plain","required":true}},"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain"},"max_items":1},"workload_identity_config":{"nesting_mode":"list","block":{"attributes":{"workload_pool":{"type":"string","description":"The workload pool to attach all Kubernetes service accounts to.","description_kind":"plain","optional":true}},"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_node_pool":{"version":1,"block":{"attributes":{"cluster":{"type":"string","description":"The cluster to create the node pool for. Cluster must be present in location provided for zonal clusters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) of the cluster.","description_kind":"plain","optional":true,"computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which to create the node pool. If blank, the provider-configured project will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"additional_node_network_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Name of the VPC where the additional interface belongs.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional interface belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface","description_kind":"plain"}},"additional_pod_network_configs":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node which use this pod network.","description_kind":"plain","optional":true,"computed":true},"secondary_pod_range":{"type":"string","description":"The name of the secondary range on the subnet which provides IP address for this pod range.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional pod network belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether the node should have nested virtualization enabled.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"queued_provisioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API","description_kind":"plain","required":true}},"description":"Specifies the configuration of queued provisioning","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_registry":{"version":0,"block":{"attributes":{"bucket_self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_entry":{"version":0,"block":{"attributes":{"bigquery_date_sharded_spec":{"type":["list",["object",{"dataset":"string","shard_count":"number","table_prefix":"string"}]],"description":"Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD.\nContext: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding.","description_kind":"plain","computed":true},"bigquery_table_spec":{"type":["list",["object",{"table_source_type":"string","table_spec":["list",["object",{"grouped_entry":"string"}]],"view_spec":["list",["object",{"view_query":"string"}]]}]],"description":"Specification that applies to a BigQuery table. This is only valid on entries of type TABLE.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Entry description, which can consist of several sentences or paragraphs that describe entry contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display information such as title and description. A short name to identify the entry,\nfor example, \"Analytics Data - Jan 2011\".","description_kind":"plain","optional":true},"entry_group":{"type":"string","description":"The name of the entry group this entry is in.","description_kind":"plain","required":true},"entry_id":{"type":"string","description":"The id of the entry to create.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integrated_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub.","description_kind":"plain","computed":true},"linked_resource":{"type":"string","description":"The resource this metadata entry refers to.\nFor Google Cloud Platform resources, linkedResource is the full name of the resource.\nFor example, the linkedResource for a table resource from BigQuery is:\n//bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId\nOutput only when Entry is of type in the EntryType enum. For entries with userSpecifiedType,\nthis field is optional and defaults to an empty string.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The Data Catalog resource name of the entry in URL format.\nExample: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}.\nNote that this Entry and its child resources may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"schema":{"type":"string","description":"Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema\nattached to it. See\nhttps://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema\nfor what fields this schema can contain.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the entry. Only used for Entries with types in the EntryType enum.\nCurrently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: [\"FILESET\"]","description_kind":"plain","optional":true},"user_specified_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog does not integrate with.\nuserSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers,\nand underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true},"user_specified_type":{"type":"string","description":"Entry type if it does not fit any of the input-allowed values listed in EntryType enum above.\nWhen creating an entry, users should check the enum values first, if nothing matches the entry\nto be created, then provide a custom value, for example \"my_special_type\".\nuserSpecifiedType strings must begin with a letter or underscore and can only contain letters,\nnumbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true}},"block_types":{"gcs_fileset_spec":{"nesting_mode":"list","block":{"attributes":{"file_patterns":{"type":["list","string"],"description":"Patterns to identify a set of files in Google Cloud Storage.\nSee [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames)\nfor more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns:\n\n* gs://bucket_name/dir/*: matches all files within bucket_name/dir directory.\n* gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories.\n* gs://bucket_name/file*: matches files prefixed by file in bucket_name\n* gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name\n* gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name\n* gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name\n* gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b\n* gs://another_bucket/a.txt: matches gs://another_bucket/a.txt","description_kind":"plain","required":true},"sample_gcs_file_specs":{"type":["list",["object",{"file_path":"string","size_bytes":"number"}]],"description":"Sample files contained in this fileset, not all files contained in this fileset are represented here.","description_kind":"plain","computed":true}},"description":"Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Entry group description, which can consist of several sentences or paragraphs that describe entry group contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A short name to identify the entry group, for example, \"analytics data - jan 2011\".","description_kind":"plain","optional":true},"entry_group_id":{"type":"string","description":"The id of the entry group to create. The id must begin with a letter or underscore,\ncontain only English letters, numbers and underscores, and be at most 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"EntryGroup location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag":{"version":0,"block":{"attributes":{"child_policy_tags":{"type":["list","string"],"description":"Resource names of child policy tags of this policy tag.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this policy tag. It must: contain only unicode characters, tabs,\nnewlines, carriage returns and page breaks; and be at most 2000 bytes long when\nencoded in UTF-8. If not set, defaults to an empty description.\nIf not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this policy tag. It must: be unique within the parent\ntaxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;\nnot start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this policy tag, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}\"","description_kind":"plain","computed":true},"parent_policy_tag":{"type":"string","description":"Resource name of this policy tag's parent policy tag.\nIf empty, it means this policy tag is a top level policy tag.\nIf not set, defaults to an empty string.","description_kind":"plain","optional":true},"taxonomy":{"type":"string","description":"Taxonomy the policy tag is associated with","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag":{"version":0,"block":{"attributes":{"column":{"type":"string","description":"Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an\nindividual column based on that schema.\n\nFor attaching a tag to a nested column, use '.' to separate the column names. Example:\n'outer_column.inner_column'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag in URL format. Example:\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id}\nwhere tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to\nall entries in that group.","description_kind":"plain","optional":true},"template":{"type":"string","description":"The resource name of the tag template that this tag uses. Example:\nprojects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}\nThis field cannot be modified after creation.","description_kind":"plain","required":true},"template_displayname":{"type":"string","description":"The display name of the tag template.","description_kind":"plain","computed":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"bool_value":{"type":"bool","description":"Holds the value for a tag field with boolean type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of this field","description_kind":"plain","computed":true},"double_value":{"type":"number","description":"Holds the value for a tag field with double type.","description_kind":"plain","optional":true},"enum_value":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","optional":true},"field_name":{"type":"string","description_kind":"plain","required":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag. For example, a higher value can indicate\na more important field. The value can be negative. Multiple fields can have the same order, and field orders\nwithin a tag do not have to be sequential.","description_kind":"plain","computed":true},"string_value":{"type":"string","description":"Holds the value for a tag field with string type.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"Holds the value for a tag field with timestamp type.","description_kind":"plain","optional":true}},"description":"This maps the ID of a tag field to the value of and additional information about that field.\nValid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name for this template.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Template location region.","description_kind":"plain","optional":true,"computed":true},"tag_template_id":{"type":"string","description":"The id of the tag template to create.","description_kind":"plain","required":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description for this field.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The display name for this field.","description_kind":"plain","optional":true,"computed":true},"field_id":{"type":"string","description_kind":"plain","required":true},"is_required":{"type":"bool","description":"Whether this is a required field. Defaults to false.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}","description_kind":"plain","computed":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag template.\nA higher value indicates a more important field. The value can be negative.\nMultiple fields can have the same order, and field orders within a tag do not have to be sequential.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"type":{"nesting_mode":"list","block":{"attributes":{"primitive_type":{"type":"string","description":"Represents primitive types - string, bool etc.\n Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: [\"DOUBLE\", \"STRING\", \"BOOL\", \"TIMESTAMP\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enum_type":{"nesting_mode":"list","block":{"block_types":{"allowed_values":{"nesting_mode":"set","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","required":true}},"description":"The set of allowed values for this enum. The display names of the\nvalues must be case-insensitively unique within this set. Currently,\nenum values can only be added to the list of allowed values. Deletion\nand renaming of enum values are not supported.\nCan have up to 500 allowed values.","description_kind":"plain"},"min_items":1}},"description":"Represents an enum type.\n Exactly one of 'primitive_type' or 'enum_type' must be set","description_kind":"plain"},"max_items":1}},"description":"The type of value this tag field can contain.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy":{"version":0,"block":{"attributes":{"activated_policy_types":{"type":["list","string"],"description":"A list of policy types that are activated for this taxonomy. If not set,\ndefaults to an empty list. Possible values: [\"POLICY_TYPE_UNSPECIFIED\", \"FINE_GRAINED_ACCESS_CONTROL\"]","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of this taxonomy. It must: contain only unicode characters,\ntabs, newlines, carriage returns and page breaks; and be at most 2000 bytes\nlong when encoded in UTF-8. If not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this taxonomy.\nThe taxonomy display name must be unique within an organization.\nIt must: contain only unicode letters, numbers, underscores, dashes\nand spaces; not start or end with spaces; and be at most 200 bytes\nlong when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this taxonomy, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}\".","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Taxonomy location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance":{"version":0,"block":{"attributes":{"api_endpoint":{"type":"string","description":"Endpoint on which the REST APIs is accessible.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"dataproc_service_account":{"type":"string","description":"User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of the instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name for an instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_rbac":{"type":"bool","description":"Option to enable granular role-based access control.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Option to enable Stackdriver Logging.","description_kind":"plain","optional":true},"enable_stackdriver_monitoring":{"type":"bool","description":"Option to enable Stackdriver Monitoring.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket generated by Data Fusion in the customer project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for instance to use to annotate any related underlying resources,\nsuch as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"options":{"type":["map","string"],"description":"Map of additional options used to configure the behavior of Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"p4_service_account":{"type":"string","description":"P4 service account for the customer project.","description_kind":"plain","computed":true},"private_instance":{"type":"bool","description":"Specifies whether the Data Fusion instance should be private. If set to\ntrue, all Data Fusion nodes will have private IP addresses and will not be\nable to access the public internet.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"service_endpoint":{"type":"string","description":"Endpoint on which the Data Fusion UI and REST APIs are accessible.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this Data Fusion instance.\n- CREATING: Instance is being created\n- RUNNING: Instance is running and ready for requests\n- FAILED: Instance creation failed\n- DELETING: Instance is being deleted\n- UPGRADING: Instance is being upgraded\n- RESTARTING: Instance is being restarted","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of this Data Fusion instance if available.","description_kind":"plain","computed":true},"tenant_project_id":{"type":"string","description":"The name of the tenant project.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Represents the type of Data Fusion instance. Each type is configured with\nthe default settings for processing and memory.\n- BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines\nusing point and click UI. However, there are certain limitations, such as fewer number\nof concurrent pipelines, no support for streaming pipelines, etc.\n- ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features\navailable, such as support for streaming pipelines, higher number of concurrent pipelines, etc.\n- DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but\nwith restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration\npipelines at low cost. Possible values: [\"BASIC\", \"ENTERPRISE\", \"DEVELOPER\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time the instance was last updated in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"version":{"type":"string","description":"Current version of the Data Fusion.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"CDC\", \"HEALTHCARE\", \"CCAI_INSIGHTS\"]","description_kind":"plain","required":true},"state":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true}},"description":"List of accelerators enabled for this CDF instance.\n\nIf accelerators are enabled it is possible a permadiff will be created with the Options field.\nUsers will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes).","description_kind":"plain"}},"crypto_key_config":{"nesting_mode":"list","block":{"attributes":{"key_reference":{"type":"string","description":"The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","required":true}},"description":"The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature.","description_kind":"plain"},"max_items":1},"event_publish_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Option to enable Event Publishing.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}","description_kind":"plain","required":true}},"description":"Option to enable and pass metadata for event publishing.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"connection_type":{"type":"string","description":"Optional. Type of connection for establishing private IP connectivity between the Data Fusion customer project VPC and\nthe corresponding tenant project from a predefined list of available connection modes.\nIf this field is unspecified for a private instance, VPC peering is used. Possible values: [\"VPC_PEERING\", \"PRIVATE_SERVICE_CONNECT_INTERFACES\"]","description_kind":"plain","optional":true},"ip_allocation":{"type":"string","description":"The IP range in CIDR notation to use for the managed Data Fusion instance\nnodes. This range must not overlap with any other ranges used in the Data Fusion instance network.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Name of the network in the project with which the tenant project\nwill be peered for executing pipelines. In case of shared VPC where the network resides in another host\nproject the network should specified in the form of projects/{host-project-id}/global/networks/{network}","description_kind":"plain","optional":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"effective_unreachable_cidr_block":{"type":"string","description":"Output only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC.\nThe size of this block is /25. The format of this field is governed by RFC 4632.","description_kind":"plain","computed":true},"network_attachment":{"type":"string","description":"Optional. The reference to the network attachment used to establish private connectivity.\nIt will be of the form projects/{project-id}/regions/{region}/networkAttachments/{network-attachment-id}.\nThis is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES.","description_kind":"plain","optional":true},"unreachable_cidr_block":{"type":"string","description":"Optional. Input only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC.\nThe size of this block should be at least /25. This range should not overlap with the primary address range of any subnetwork used by the network attachment.\nThis range can be used for other purposes in the consumer VPC as long as there is no requirement for CDF to reach destinations using these addresses.\nIf this value is not provided, the server chooses a non RFC 1918 address range. The format of this field is governed by RFC 4632.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Private Service Connect.\nThis is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES.","description_kind":"plain"},"max_items":1}},"description":"Network configuration options. These are required when a private Data Fusion instance is to be created.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_fusion_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_loss_prevention_deidentify_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"deidentify_config":{"nesting_mode":"list","block":{"block_types":{"image_transformations":{"nesting_mode":"list","block":{"block_types":{"transforms":{"nesting_mode":"list","block":{"block_types":{"all_info_types":{"nesting_mode":"list","block":{"description":"Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes.","description_kind":"plain"},"max_items":1},"all_text":{"nesting_mode":"list","block":{"description":"Apply transformation to all text that doesn't match an infoType.","description_kind":"plain"},"max_items":1},"redaction_color":{"nesting_mode":"list","block":{"attributes":{"blue":{"type":"number","description":"The amount of blue in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"green":{"type":"number","description":"The amount of green in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"red":{"type":"number","description":"The amount of red in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true}},"description":"The color to use when redacting content from an image. If not specified, the default is black.","description_kind":"plain"},"max_items":1},"selected_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"},"min_items":1}},"description":"Apply transformation to the selected infoTypes.","description_kind":"plain"},"max_items":1}},"description":"For determination of how redaction of images should occur.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as an image and redact.","description_kind":"plain"},"max_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"attributes":{"replace_with_info_type_config":{"type":"bool","description":"Replace each matching finding with the name of the info type.","description_kind":"plain","optional":true}},"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character.\nMasking can start from the beginning or end of the string.","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"Range of shift in days. Negative means shift to earlier in time.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends).\nNegative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"An integer value.","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a\nyear by itself or a year and month where the day is not significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Primitive transformation to apply to the infoType.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as free-form text and apply the same free text transformation everywhere","description_kind":"plain"},"max_items":1},"record_transformations":{"nesting_mode":"list","block":{"block_types":{"field_transformations":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against.\nThe 'value' block must only contain one argument. For example when a condition is evaluated against a string-type field, only 'string_value' should be set.\nThis argument is mandatory, except for conditions using the 'EXISTS' operator.","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression.","description_kind":"plain"},"max_items":1}},"description":"Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation.\nExample Use Cases:\n- Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range.\n- Redact a field if the date of birth field is greater than 85.","description_kind":"plain"},"max_items":1},"fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId.\nFieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".","description_kind":"plain"},"min_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"},"min_items":1}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking. Only one of this or 'common_characters_to_ignore' must be specified.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Only one of this or 'characters_to_skip' must be specified. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Only one of this, 'custom_alphabet' or 'radix' must be specified. Possible values: [\"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''. Only one of this, 'common_alphabet' or 'radix' must be specified.","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\]. Only one of this, 'custom_alphabet' or 'common_alphabet' must be specified.","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"replace_with_info_type_config":{"nesting_mode":"list","block":{"description":"Replace each matching finding with the name of the info type.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","required":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the contents of the field as free text, and selectively transform content that matches an InfoType.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a specified value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Transform the record by applying various field transformations.","description_kind":"plain"}},"record_suppressions":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND. Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against. [Mandatory, except for EXISTS tests.]","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression, consisting of an operator and conditions.","description_kind":"plain"},"max_items":1}},"description":"A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.","description_kind":"plain"},"max_items":1}},"description":"Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.","description_kind":"plain"}}},"description":"Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the deidentify template","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_discovery_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation timestamp of a DiscoveryConfig.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Display Name (max 1000 Chars)","description_kind":"plain","optional":true},"errors":{"type":["list",["object",{"details":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"timestamp":"string"}]],"description":"Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_templates":{"type":["list","string"],"description":"Detection logic for profile generation","description_kind":"plain","optional":true},"last_run_time":{"type":"string","description":"Output only. The timestamp of the last time this config was executed","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location to create the discovery config in.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the discovery config in any of the following formats:\n\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Required. A status for this configuration Possible values: [\"RUNNING\", \"PAUSED\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of a DiscoveryConfig.","description_kind":"plain","computed":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"export_data":{"nesting_mode":"list","block":{"block_types":{"profile_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset Id of the table","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table. If omitted, the project ID is inferred from the API call.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"Name of the table","description_kind":"plain","optional":true}},"description":"Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in a new row in BigQuery","description_kind":"plain"},"max_items":1}},"description":"Export data profiles into a provided location","description_kind":"plain"},"max_items":1},"pub_sub_notification":{"nesting_mode":"list","block":{"attributes":{"detail_of_message":{"type":"string","description":"How much data to include in the pub/sub message. Possible values: [\"TABLE_PROFILE\", \"RESOURCE_NAME\"]","description_kind":"plain","optional":true},"event":{"type":"string","description":"The type of event that triggers a Pub/Sub. At most one PubSubNotification per EventType is permitted. Possible values: [\"NEW_PROFILE\", \"CHANGED_PROFILE\", \"SCORE_INCREASED\", \"ERROR_CHANGED\"]","description_kind":"plain","optional":true},"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"pubsub_condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the collection of conditions Possible values: [\"OR\", \"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"minimum_risk_score":{"type":"string","description":"The minimum data risk score that triggers the condition. Possible values: [\"HIGH\", \"MEDIUM_OR_HIGH\"]","description_kind":"plain","optional":true},"minimum_sensitivity_score":{"type":"string","description":"The minimum sensitivity level that triggers the condition. Possible values: [\"HIGH\", \"MEDIUM_OR_HIGH\"]","description_kind":"plain","optional":true}},"description":"Conditions to apply to the expression","description_kind":"plain"}}},"description":"An expression","description_kind":"plain"},"max_items":1}},"description":"Conditions for triggering pubsub","description_kind":"plain"},"max_items":1}},"description":"Publish a message into the Pub/Sub topic.","description_kind":"plain"},"max_items":1}},"description":"Actions to execute at the completion of scanning","description_kind":"plain"}},"org_config":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the cloud DLP API must be enabled.","description_kind":"plain","optional":true}},"block_types":{"location":{"nesting_mode":"list","block":{"attributes":{"folder_id":{"type":"string","description":"The ID for the folder within an organization to scan","description_kind":"plain","optional":true},"organization_id":{"type":"string","description":"The ID of an organization to scan","description_kind":"plain","optional":true}},"description":"The data to scan folder org or project","description_kind":"plain"},"max_items":1}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"targets":{"nesting_mode":"list","block":{"block_types":{"big_query_target":{"nesting_mode":"list","block":{"block_types":{"cadence":{"nesting_mode":"list","block":{"block_types":{"schema_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently profiles may be updated when schemas are modified. Default to monthly Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMN. Possible values: [\"SCHEMA_NEW_COLUMNS\", \"SCHEMA_REMOVED_COLUMNS\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when a schema is modified","description_kind":"plain"},"max_items":1},"table_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently data profiles can be updated when tables are modified. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP Possible values: [\"TABLE_MODIFIED_TIMESTAMP\"]","description_kind":"plain","optional":true}},"description":"Governs when to update profile when a table is modified.","description_kind":"plain"},"max_items":1}},"description":"How often and when to update profiles. New tables that match both the fiter and conditions are scanned as quickly as possible depending on system capacity.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"created_after":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format with nanosecond resolution and upto nine fractional digits.","description_kind":"plain","optional":true},"type_collection":{"type":"string","description":"Restrict discovery to categories of table types. Currently view, materialized view, snapshot and non-biglake external tables are supported. Possible values: [\"BIG_QUERY_COLLECTION_ALL_TYPES\", \"BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES\"]","description_kind":"plain","optional":true}},"block_types":{"or_conditions":{"nesting_mode":"list","block":{"attributes":{"min_age":{"type":"string","description":"Duration format. The minimum age a table must have before Cloud DLP can profile it. Value greater than 1.","description_kind":"plain","optional":true},"min_row_count":{"type":"number","description":"Minimum number of rows that should be present before Cloud DLP profiles as a table.","description_kind":"plain","optional":true}},"description":"At least one of the conditions must be true for a table to be scanned.","description_kind":"plain"},"max_items":1},"types":{"nesting_mode":"list","block":{"attributes":{"types":{"type":["list","string"],"description":"A set of BiqQuery table types Possible values: [\"BIG_QUERY_TABLE_TYPE_TABLE\", \"BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE\"]","description_kind":"plain","optional":true}},"description":"Restrict discovery to specific table type","description_kind":"plain"},"max_items":1}},"description":"In addition to matching the filter, these conditions must be true before a profile is generated","description_kind":"plain"},"max_items":1},"disabled":{"nesting_mode":"list","block":{"description":"Tables that match this filter will not have profiles created.","description_kind":"plain"},"max_items":1},"filter":{"nesting_mode":"list","block":{"block_types":{"other_tables":{"nesting_mode":"list","block":{"description":"Catch-all. This should always be the last filter in the list because anything above it will apply first.","description_kind":"plain"},"max_items":1},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table.","description_kind":"plain","required":true}},"description":"The table to scan. Discovery configurations including this can only include one DiscoveryTarget (the DiscoveryTarget with this TableReference).","description_kind":"plain"},"max_items":1},"tables":{"nesting_mode":"list","block":{"block_types":{"include_regexes":{"nesting_mode":"list","block":{"block_types":{"patterns":{"nesting_mode":"list","block":{"attributes":{"dataset_id_regex":{"type":"string","description":"if unset, this property matches all datasets","description_kind":"plain","optional":true},"project_id_regex":{"type":"string","description":"For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.","description_kind":"plain","optional":true},"table_id_regex":{"type":"string","description":"if unset, this property matches all tables","description_kind":"plain","optional":true}},"description":"A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.","description_kind":"plain"}}},"description":"A collection of regular expressions to match a BQ table against.","description_kind":"plain"},"max_items":1}},"description":"A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config.","description_kind":"plain"},"max_items":1}},"description":"Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table","description_kind":"plain"},"max_items":1}},"description":"BigQuery target for Discovery. The first target to match a table will be the one applied.","description_kind":"plain"},"max_items":1},"cloud_sql_target":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"database_engines":{"type":["list","string"],"description":"Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified. Possible values: [\"ALL_SUPPORTED_DATABASE_ENGINES\", \"MYSQL\", \"POSTGRES\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES]. Possible values: [\"DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES\", \"DATABASE_RESOURCE_TYPE_TABLE\"]","description_kind":"plain","optional":true}},"description":"In addition to matching the filter, these conditions must be true before a profile is generated.","description_kind":"plain"},"max_items":1},"disabled":{"nesting_mode":"list","block":{"description":"Disable profiling for database resources that match this filter.","description_kind":"plain"},"max_items":1},"filter":{"nesting_mode":"list","block":{"block_types":{"collection":{"nesting_mode":"list","block":{"block_types":{"include_regexes":{"nesting_mode":"list","block":{"block_types":{"patterns":{"nesting_mode":"list","block":{"attributes":{"database_regex":{"type":"string","description":"Regex to test the database name against. If empty, all databases match.","description_kind":"plain","optional":true},"database_resource_name_regex":{"type":"string","description":"Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.'","description_kind":"plain","optional":true},"instance_regex":{"type":"string","description":"Regex to test the instance name against. If empty, all instances match.","description_kind":"plain","optional":true},"project_id_regex":{"type":"string","description":"For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.","description_kind":"plain","optional":true}},"description":"A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expressions' length can't exceed 10 KiB.","description_kind":"plain"}}},"description":"A collection of regular expressions to match a database resource against.","description_kind":"plain"},"max_items":1}},"description":"A specific set of database resources for this filter to apply to.","description_kind":"plain"},"max_items":1},"database_resource_reference":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Required. Name of a database within the instance.","description_kind":"plain","required":true},"database_resource":{"type":"string","description":"Required. Name of a database resource, for example, a table within the database.","description_kind":"plain","required":true},"instance":{"type":"string","description":"Required. The instance where this resource is located. For example: Cloud SQL instance ID.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Required. If within a project-level config, then this must match the config's project ID.","description_kind":"plain","required":true}},"description":"The database resource to scan. Targets including this can only include one target (the target with this database resource reference).","description_kind":"plain"},"max_items":1},"others":{"nesting_mode":"list","block":{"description":"Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.","description_kind":"plain"},"max_items":1}},"description":"Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.","description_kind":"plain"},"min_items":1,"max_items":1},"generation_cadence":{"nesting_mode":"list","block":{"attributes":{"refresh_frequency":{"type":"string","description":"Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true}},"block_types":{"schema_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"Frequency to regenerate data profiles when the schema is modified. Defaults to monthly. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The types of schema modifications to consider. Defaults to NEW_COLUMNS. Possible values: [\"NEW_COLUMNS\", \"REMOVED_COLUMNS\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when a schema is modified","description_kind":"plain"},"max_items":1}},"description":"How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.","description_kind":"plain"},"max_items":1}},"description":"Cloud SQL target for Discovery. The first target to match a table will be the one applied.","description_kind":"plain"},"max_items":1},"cloud_storage_target":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"created_after":{"type":"string","description":"File store must have been created after this date. Used to avoid backfilling. A timestamp in RFC3339 UTC \"Zulu\" format with nanosecond resolution and upto nine fractional digits.","description_kind":"plain","optional":true},"min_age":{"type":"string","description":"Duration format. Minimum age a file store must have. If set, the value must be 1 hour or greater.","description_kind":"plain","optional":true}},"block_types":{"cloud_storage_conditions":{"nesting_mode":"list","block":{"attributes":{"included_bucket_attributes":{"type":["list","string"],"description":"Only objects with the specified attributes will be scanned. Defaults to [ALL_SUPPORTED_BUCKETS] if unset. Possible values: [\"ALL_SUPPORTED_BUCKETS\", \"AUTOCLASS_DISABLED\", \"AUTOCLASS_ENABLED\"]","description_kind":"plain","optional":true},"included_object_attributes":{"type":["list","string"],"description":"Only objects with the specified attributes will be scanned. If an object has one of the specified attributes but is inside an excluded bucket, it will not be scanned. Defaults to [ALL_SUPPORTED_OBJECTS]. A profile will be created even if no objects match the included_object_attributes. Possible values: [\"ALL_SUPPORTED_OBJECTS\", \"STANDARD\", \"NEARLINE\", \"COLDLINE\", \"ARCHIVE\", \"REGIONAL\", \"MULTI_REGIONAL\", \"DURABLE_REDUCED_AVAILABILITY\"]","description_kind":"plain","optional":true}},"description":"Cloud Storage conditions.","description_kind":"plain"},"max_items":1}},"description":"In addition to matching the filter, these conditions must be true before a profile is generated.","description_kind":"plain"},"max_items":1},"disabled":{"nesting_mode":"list","block":{"description":"Disable profiling for buckets that match this filter.","description_kind":"plain"},"max_items":1},"filter":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_resource_reference":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to scan.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"If within a project-level config, then this must match the config's project id.","description_kind":"plain","optional":true}},"description":"The bucket to scan. Targets including this can only include one target (the target with this bucket). This enables profiling the contents of a single bucket, while the other options allow for easy profiling of many buckets within a project or an organization.","description_kind":"plain"},"max_items":1},"collection":{"nesting_mode":"list","block":{"block_types":{"include_regexes":{"nesting_mode":"list","block":{"block_types":{"patterns":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_regex":{"nesting_mode":"list","block":{"attributes":{"bucket_name_regex":{"type":"string","description":"Regex to test the bucket name against. If empty, all buckets match. Example: \"marketing2021\" or \"(marketing)\\d{4}\" will both match the bucket gs://marketing2021","description_kind":"plain","optional":true},"project_id_regex":{"type":"string","description":"For organizations, if unset, will match all projects.","description_kind":"plain","optional":true}},"description":"Regex for Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The group of regular expression patterns to match against one or more file stores. Maximum of 100 entries. The sum of all lengths of regular expressions can't exceed 10 KiB.","description_kind":"plain"}}},"description":"A collection of regular expressions to match a file store against.","description_kind":"plain"},"max_items":1}},"description":"A specific set of buckets for this filter to apply to.","description_kind":"plain"},"max_items":1},"others":{"nesting_mode":"list","block":{"description":"Match discovery resources not covered by any other filter.","description_kind":"plain"},"max_items":1}},"description":"The buckets the generation_cadence applies to. The first target with a matching filter will be the one to apply to a bucket.","description_kind":"plain"},"min_items":1,"max_items":1},"generation_cadence":{"nesting_mode":"list","block":{"attributes":{"refresh_frequency":{"type":"string","description":"Data changes in Cloud Storage can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying buckets have changes. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true}},"block_types":{"inspect_template_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently data profiles can be updated when the template is modified. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when the inspection rules defined by the 'InspectTemplate' change. If not set, changing the template will not cause a data profile to update.","description_kind":"plain"},"max_items":1}},"description":"How often and when to update profiles. New buckets that match both the filter and conditions are scanned as quickly as possible depending on system capacity.","description_kind":"plain"},"max_items":1}},"description":"Cloud Storage target for Discovery. The first target to match a bucket will be the one applied.","description_kind":"plain"},"max_items":1},"secrets_target":{"nesting_mode":"list","block":{"description":"Discovery target that looks for credentials and secrets stored in cloud resource metadata and reports them as vulnerabilities to Security Command Center. Only one target of this type is allowed.","description_kind":"plain"},"max_items":1}},"description":"Target to match against for determining what to scan and how frequently","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_inspect_template":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the inspect template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the inspect template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the inspect template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the inspect template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"inspect_config":{"nesting_mode":"list","block":{"attributes":{"content_options":{"type":["list","string"],"description":"List of options defining data content to scan. If empty, text, images, and other content will be included. Possible values: [\"CONTENT_TEXT\", \"CONTENT_IMAGE\"]","description_kind":"plain","optional":true},"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","required":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","required":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","required":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"},"min_items":1},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider.","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider.","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.\nFor tabular data, the context includes the column name.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_job_trigger":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the job trigger.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the job trigger.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_run_time":{"type":"string","description":"The timestamp of the last time this trigger executed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the job trigger. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the trigger, either in the format 'projects/{{project}}'\nor 'projects/{{project}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Whether the trigger is currently active. Default value: \"HEALTHY\" Possible values: [\"PAUSED\", \"HEALTHY\", \"CANCELLED\"]","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The trigger id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+.\nThe maximum length is 100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"inspect_job":{"nesting_mode":"list","block":{"attributes":{"inspect_template_name":{"type":"string","description":"The name of the template to run when this job is triggered.","description_kind":"plain","optional":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"deidentify":{"nesting_mode":"list","block":{"attributes":{"cloud_storage_output":{"type":"string","description":"User settable Cloud Storage bucket and folders to store de-identified files.\n\nThis field must be set for cloud storage deidentification.\n\nThe output Cloud Storage bucket must be different from the input bucket.\n\nDe-identified files will overwrite files in the output path.\n\nForm of: gs://bucket/folder/ or gs://bucket","description_kind":"plain","required":true},"file_types_to_transform":{"type":["list","string"],"description":"List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed.\n\nIf empty, all supported files will be transformed. Supported types may be automatically added over time.\n\nIf a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Possible values: [\"IMAGE\", \"TEXT_FILE\", \"CSV\", \"TSV\"]","description_kind":"plain","optional":true}},"block_types":{"transformation_config":{"nesting_mode":"list","block":{"attributes":{"deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the default de-identify template.","description_kind":"plain","optional":true},"image_redact_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for images.","description_kind":"plain","optional":true},"structured_deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables.","description_kind":"plain","optional":true}},"description":"User specified deidentify templates and configs for structured, unstructured, and image files.","description_kind":"plain"},"max_items":1},"transformation_details_storage_config":{"nesting_mode":"list","block":{"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","optional":true}},"description":"The BigQuery table in which to store the output.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Config for storing transformation details.","description_kind":"plain"},"max_items":1}},"description":"Create a de-identified copy of the requested table or files.","description_kind":"plain"},"max_items":1},"job_notification_emails":{"nesting_mode":"list","block":{"description":"Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.","description_kind":"plain"},"max_items":1},"pub_sub":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to.","description_kind":"plain","required":true}},"description":"Publish a message into a given Pub/Sub topic when the job completes.","description_kind":"plain"},"max_items":1},"publish_findings_to_cloud_data_catalog":{"nesting_mode":"list","block":{"description":"Publish findings of a DlpJob to Data Catalog.","description_kind":"plain"},"max_items":1},"publish_summary_to_cscc":{"nesting_mode":"list","block":{"description":"Publish the result summary of a DlpJob to the Cloud Security Command Center.","description_kind":"plain"},"max_items":1},"publish_to_stackdriver":{"nesting_mode":"list","block":{"description":"Enable Stackdriver metric dlp.googleapis.com/findingCount.","description_kind":"plain"},"max_items":1},"save_findings":{"nesting_mode":"list","block":{"block_types":{"output_config":{"nesting_mode":"list","block":{"attributes":{"output_schema":{"type":"string","description":"Schema used for writing the findings for Inspect jobs. This field is only used for\nInspect and must be unspecified for Risk jobs. Columns are derived from the Finding\nobject. If appending to an existing table, any columns from the predefined schema\nthat are missing will be added. No columns in the existing table will be deleted.\n\nIf unspecified, then all available columns will be used for a new table or an (existing)\ntable with no schema, and no changes will be made to an existing table that has a schema.\nOnly for use with external storage. Possible values: [\"BASIC_COLUMNS\", \"GCS_COLUMNS\", \"DATASTORE_COLUMNS\", \"BIG_QUERY_COLUMNS\", \"ALL_COLUMNS\"]","description_kind":"plain","optional":true}},"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table. If is not set a new one will be generated for you with the following format:\n'dlp_googleapis_yyyy_mm_dd_[dlp_job_id]'. Pacific timezone will be used for generating the date details.","description_kind":"plain","optional":true}},"description":"Information on the location of the target BigQuery Table.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information on where to store output","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk","description_kind":"plain"},"max_items":1}},"description":"Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in [attribute-as-blocks mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html).","description_kind":"plain"}},"inspect_config":{"nesting_mode":"list","block":{"attributes":{"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","optional":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","optional":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","optional":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"}},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"block_types":{"big_query_options":{"nesting_mode":"list","block":{"attributes":{"rows_limit":{"type":"number","description":"Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted.\nIf not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be\nspecified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"rows_limit_percent":{"type":"number","description":"Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of\nrowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either\nrowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them.\nIf TimespanConfig is set, set this to an empty string to avoid using the default value. Default value: \"TOP\" Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"excluded_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field excluded from scanning.","description_kind":"plain","required":true}},"description":"References to fields excluded from scanning.\nThis allows you to skip inspection of entire columns which you know have no findings.","description_kind":"plain"}},"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of a BigQuery field to be returned with the findings.","description_kind":"plain","required":true}},"description":"Specifies the BigQuery fields that will be returned with findings.\nIf not specified, no identifying fields will be returned for findings.","description_kind":"plain"}},"included_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field to which scanning is limited.","description_kind":"plain","required":true}},"description":"Limit scanning only to these fields.","description_kind":"plain"}},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining BigQuery table and row identifiers.","description_kind":"plain"},"max_items":1},"cloud_storage_options":{"nesting_mode":"list","block":{"attributes":{"bytes_limit_per_file":{"type":"number","description":"Max number of bytes to scan from a file. If a scanned file's size is bigger than this value\nthen the rest of the bytes are omitted.","description_kind":"plain","optional":true},"bytes_limit_per_file_percent":{"type":"number","description":"Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"file_types":{"type":["list","string"],"description":"List of file type groups to include in the scan. If empty, all files are scanned and available data\nformat processors are applied. In addition, the binary content of the selected files is always scanned as well.\nImages are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Possible values: [\"BINARY_FILE\", \"TEXT_FILE\", \"IMAGE\", \"WORD\", \"PDF\", \"AVRO\", \"CSV\", \"TSV\", \"POWERPOINT\", \"EXCEL\"]","description_kind":"plain","optional":true},"files_limit_percent":{"type":"number","description":"Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile.\nIf not specified, scanning would start from the top. Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The Cloud Storage url of the file(s) to scan, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard\nin the path is allowed.\n\nIf the url ends in a trailing slash, the bucket or directory represented by the url will be scanned\nnon-recursively (content in sub-directories will not be scanned). This means that 'gs://mybucket/' is\nequivalent to 'gs://mybucket/*', and 'gs://mybucket/directory/' is equivalent to 'gs://mybucket/directory/*'.","description_kind":"plain","optional":true}},"block_types":{"regex_file_set":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The name of a Cloud Storage bucket.","description_kind":"plain","required":true},"exclude_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to exclude. All files in the bucket that match at\nleast one of these regular expressions will be excluded from the scan.","description_kind":"plain","optional":true},"include_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to include. All files in the bucket\nthat match at least one of these regular expressions will be included in the set of files,\nexcept for those that also match an item in excludeRegex. Leaving this field empty will\nmatch all files by default (this is equivalent to including .* in the list)","description_kind":"plain","optional":true}},"description":"The regex-filtered set of files to scan.","description_kind":"plain"},"max_items":1}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a file or a set of files within a Google Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"datastore_options":{"nesting_mode":"list","block":{"block_types":{"kind":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the Datastore kind.","description_kind":"plain","required":true}},"description":"A representation of a Datastore kind.","description_kind":"plain"},"min_items":1,"max_items":1},"partition_id":{"nesting_mode":"list","block":{"attributes":{"namespace_id":{"type":"string","description":"If not empty, the ID of the namespace to which the entities belong.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the project to which the entities belong.","description_kind":"plain","required":true}},"description":"Datastore partition ID. A partition ID identifies a grouping of entities. The grouping\nis always by project and namespace, however the namespace ID may be empty.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a data set within Google Cloud Datastore.","description_kind":"plain"},"max_items":1},"hybrid_options":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A short description of where the data is coming from. Will be stored once in the job. 256 max length.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"To organize findings, these labels will be added to each finding.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nLabel values must be between 0 and 63 characters long and must conform to the regular expression '([a-z]([-a-z0-9]*[a-z0-9])?)?'.\n\nNo more than 10 labels can be associated with a given finding.\n\nExamples:\n* '\"environment\" : \"production\"'\n* '\"pipeline\" : \"etl\"'","description_kind":"plain","optional":true},"required_finding_label_keys":{"type":["list","string"],"description":"These are labels that each inspection request must include within their 'finding_labels' map. Request\nmay contain others, but any missing one of these will be rejected.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nNo more than 10 keys can be required.","description_kind":"plain","optional":true}},"block_types":{"table_options":{"nesting_mode":"list","block":{"block_types":{"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The columns that are the primary keys for table objects included in ContentItem. A copy of this\ncell's value will stored alongside alongside each finding so that the finding can be traced to\nthe specific row it came from. No more than 3 may be provided.","description_kind":"plain"}}},"description":"If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.","description_kind":"plain"},"max_items":1}},"description":"Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.","description_kind":"plain"},"max_items":1},"timespan_config":{"nesting_mode":"list","block":{"attributes":{"enable_auto_population_of_timespan_config":{"type":"bool","description":"When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid\nscanning files that have not been modified since the last time the JobTrigger executed. This will\nbe based on the time of the execution of the last run of the JobTrigger or the timespan endTime\nused in the last run of the JobTrigger.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied.","description_kind":"plain","optional":true}},"block_types":{"timestamp_field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery.\n\nFor BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was\nmodified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp\nfield are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column.\n\nFor Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the\ntimestamp property does not exist or its value is empty or invalid.","description_kind":"plain","required":true}},"description":"Specification of the field containing the timestamp of scanned items.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the timespan of the items to include in scanning","description_kind":"plain"},"max_items":1}},"description":"Information on where to inspect","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Controls what and how to inspect for findings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"triggers":{"nesting_mode":"list","block":{"block_types":{"manual":{"nesting_mode":"list","block":{"description":"For use with hybrid jobs. Jobs must be manually created and finished.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"recurrence_period_duration":{"type":"string","description":"With this option a job is started a regular periodic basis. For example: every day (86400 seconds).\n\nA scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs.\n\nThis value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Schedule for triggered jobs","description_kind":"plain"},"max_items":1}},"description":"What event needs to occur for a new job to be started.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_data_loss_prevention_stored_info_type":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the info type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the info type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the info type. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the info type in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"stored_info_type_id":{"type":"string","description":"The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100\ncharacters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"large_custom_dictionary":{"nesting_mode":"list","block":{"block_types":{"big_query_field":{"nesting_mode":"list","block":{"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Designated field in the BigQuery table.","description_kind":"plain"},"min_items":1,"max_items":1},"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"max_items":1},"cloud_storage_file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The url, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard in the path is allowed.","description_kind":"plain","required":true}},"description":"Set of files containing newline-delimited lists of dictionary phrases.","description_kind":"plain"},"max_items":1},"output_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API.\nIf any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_pipeline_pipeline":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the pipeline was initially created. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the pipeline. It can contain only letters ([A-Za-z]), numbers ([0-9]), hyphens (-), and underscores (_).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_count":{"type":"number","description":"Number of jobs.","description_kind":"plain","computed":true},"last_update_time":{"type":"string","description":"The timestamp when the pipeline was last modified. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"\"The pipeline name. For example': 'projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID.\"\n\"- PROJECT_ID can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see Identifying projects.\"\n\"LOCATION_ID is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling google.cloud.location.Locations.ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in App Engine regions.\"\n\"PIPELINE_ID is the ID of the pipeline. Must be unique for the selected project and location.\"","description_kind":"plain","required":true},"pipeline_sources":{"type":["map","string"],"description":"The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region","description_kind":"plain","optional":true},"scheduler_service_account_email":{"type":"string","description":"Optional. A service account email to be used with the Cloud Scheduler job. If not specified, the default compute engine service account will be used.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pipeline. When the pipeline is created, the state is set to 'PIPELINE_STATE_ACTIVE' by default. State changes can be requested by setting the state to stopping, paused, or resuming. State cannot be changed through pipelines.patch requests.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#state Possible values: [\"STATE_UNSPECIFIED\", \"STATE_RESUMING\", \"STATE_ACTIVE\", \"STATE_STOPPING\", \"STATE_ARCHIVED\", \"STATE_PAUSED\"]","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the pipeline. This field affects the scheduling of the pipeline and the type of metrics to show for the pipeline.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#pipelinetype Possible values: [\"PIPELINE_TYPE_UNSPECIFIED\", \"PIPELINE_TYPE_BATCH\", \"PIPELINE_TYPE_STREAMING\"]","description_kind":"plain","required":true}},"block_types":{"schedule_info":{"nesting_mode":"list","block":{"attributes":{"next_job_time":{"type":"string","description":"When the next Scheduler job is going to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"schedule":{"type":"string","description":"Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Timezone ID. This matches the timezone IDs used by the Cloud Scheduler API. If empty, UTC time is assumed.","description_kind":"plain","optional":true}},"description":"Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#schedulespec","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"workload":{"nesting_mode":"list","block":{"block_types":{"dataflow_flex_template_request":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The regional endpoint to which to direct the request. For example, us-central1, us-west1.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description":"If true, the request is validated but not actually executed. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"launch_parameter":{"nesting_mode":"list","block":{"attributes":{"container_spec_gcs_path":{"type":"string","description":"Cloud Storage path to a file with a JSON-serialized ContainerSpec as content.","description_kind":"plain","optional":true},"job_name":{"type":"string","description":"The job name to use for the created job. For an update job request, the job name should be the same as the existing running job.","description_kind":"plain","required":true},"launch_options":{"type":["map","string"],"description":"Launch options for this Flex Template job. This is a common set of options across languages and templates. This should not be used to pass job parameters.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"'The parameters for the Flex Template. Example: {\"numWorkers\":\"5\"}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mappings":{"type":["map","string"],"description":"'Use this to pass transform name mappings for streaming update jobs. Example: {\"oldTransformName\":\"newTransformName\",...}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"Set this to true if you are sending a request to update a running streaming job. When set, the job name should be the same as the running job.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"flexrs_goal":{"type":"string","description":"Set FlexRS goal for the job. https://cloud.google.com/dataflow/docs/guides/flexrs\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexResourceSchedulingGoal Possible values: [\"FLEXRS_UNSPECIFIED\", \"FLEXRS_SPEED_OPTIMIZED\", \"FLEXRS_COST_OPTIMIZED\"]","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the Flex Template job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexTemplateRuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"Parameter to launch a job from a Flex Template.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplateparameter","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the flex launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplaterequest","description_kind":"plain"},"max_items":1},"dataflow_launch_template_request":{"nesting_mode":"list","block":{"attributes":{"gcs_path":{"type":"string","description":"A Cloud Storage path to the template from which to create the job. Must be a valid Cloud Storage URL, beginning with 'gs://'.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The regional endpoint to which to direct the request.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description_kind":"plain","optional":true}},"block_types":{"launch_parameters":{"nesting_mode":"list","block":{"attributes":{"job_name":{"type":"string","description":"The job name to use for the created job.","description_kind":"plain","required":true},"parameters":{"type":["map","string"],"description":"The runtime parameters to pass to the job.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mapping":{"type":["map","string"],"description":"Map of transform name prefixes of the job to be replaced to the corresponding name prefixes of the new job. Only applicable when updating a pipeline.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"If set, replace the existing pipeline with the name specified by jobName with this pipeline, preserving state.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"bypass_temp_dir_validation":{"type":"bool","description":"Whether to bypass the safety checks for the job's temporary directory. Use with caution.","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true,"computed":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#RuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"The parameters of the template to launch. This should be part of the body of the POST request.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplateparameters","description_kind":"plain"},"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the standard launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplaterequest","description_kind":"plain"},"max_items":1}},"description":"Workload information for creating new jobs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#workload","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_database_migration_service_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The ID of the connection profile.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dbprovider":{"type":"string","description":"The database provider.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The connection profile display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"description":"Output only. The error details in case of state FAILED.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the connection profile should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"alloydb":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"Required. The AlloyDB cluster ID that this connection profile is associated with.","description_kind":"plain","required":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels for the AlloyDB cluster created by DMS.","description_kind":"plain","optional":true},"vpc_network":{"type":"string","description":"Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster.","description_kind":"plain","required":true}},"block_types":{"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates if the initialUser.password field has been set.","description_kind":"plain","computed":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","required":true}},"description":"Required. Input only. Initial user to setup during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"primary_instance_settings":{"nesting_mode":"list","block":{"attributes":{"database_flags":{"type":["map","string"],"description":"Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The database username.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels for the AlloyDB primary instance created by DMS.","description_kind":"plain","optional":true},"private_ip":{"type":"string","description":"Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true}},"block_types":{"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","required":true}},"description":"Configuration for the machines that host the underlying database engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for the cluster's primary instance","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination AlloyDB cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster.","description_kind":"plain"},"max_items":1},"cloudsql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"Output only. The Cloud SQL instance ID that this connection profile is associated with.","description_kind":"plain","computed":true},"private_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's private IP.","description_kind":"plain","computed":true},"public_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's public IP.","description_kind":"plain","computed":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'. Possible values: [\"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true},"auto_storage_increase":{"type":"bool","description":"If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity.\nIf the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB.","description_kind":"plain","optional":true},"cmek_key_name":{"type":"string","description":"The KMS key name used for the csql instance.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The Cloud SQL default instance level collation.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"string","description":"The storage capacity available to the database, in GB. The minimum (and default) size is 10GB.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"The type of storage. Possible values: [\"PD_SSD\", \"PD_HDD\"]","description_kind":"plain","optional":true},"database_flags":{"type":["map","string"],"description":"The database flags passed to the Cloud SQL instance at startup.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The database engine type and version.\nCurrently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the given Cloud SQL instance. Possible values: [\"ENTERPRISE\", \"ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"root_password":{"type":"string","description":"Input only. Initial root password.","description_kind":"plain","optional":true,"sensitive":true},"root_password_set":{"type":"bool","description":"Output only. Indicates If this connection profile root password is stored.","description_kind":"plain","computed":true},"source_id":{"type":"string","description":"The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID","description_kind":"plain","required":true},"storage_auto_resize_limit":{"type":"string","description":"The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances).\nFor more information, see https://cloud.google.com/sql/docs/mysql/instance-settings","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Google Cloud Platform zone where your Cloud SQL datdabse instance is located.","description_kind":"plain","optional":true}},"block_types":{"ip_config":{"nesting_mode":"list","block":{"attributes":{"enable_ipv4":{"type":"bool","description":"Whether the instance should be assigned an IPv4 address or not.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default.\nThis setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP should be enforced or not.","description_kind":"plain","optional":true}},"block_types":{"authorized_networks":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time when this access control entry expires in RFC 3339 format.","description_kind":"plain","optional":true},"label":{"type":"string","description":"A label to identify this entry.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Input only. The time-to-leave of this access control entry.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The allowlisted value for the access control list.","description_kind":"plain","required":true}},"description":"The list of external networks that are allowed to connect to the instance using the IP.","description_kind":"plain"}}},"description":"The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled.","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination Cloud SQL database.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for MySQL databases.","description_kind":"plain"},"max_items":1},"oracle":{"nesting_mode":"list","block":{"attributes":{"database_service":{"type":"string","description":"Required. Database service for the Oracle connection.","description_kind":"plain","required":true},"host":{"type":"string","description":"Required. The IP or hostname of the source Oracle database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source Oracle database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Required. Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"Input only. SSH password. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel, default value is 22.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"Input only. SSH private key. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Required. Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"Required. The resource name (URI) of the private connection.","description_kind":"plain","required":true}},"description":"Configuration for using a private network to communicate with the source database","description_kind":"plain"},"max_items":1},"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"static_service_ip_connectivity":{"nesting_mode":"list","block":{"description":"This object has no nested fields.\n\nStatic IP address connectivity configured on service project.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for Oracle databases.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"network_architecture":{"type":"string","description":"Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for PostgreSQL databases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_database_migration_service_private_connection":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc_name":{"type":"string","description":"Fully qualified name of the VPC that Database Migration Service will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween databasemigrationservice and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataflow_job":{"version":1,"block":{"attributes":{"additional_experiments":{"type":["set","string"],"description":"List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_streaming_engine":{"type":"bool","description":"Indicates if the job should use the streaming engine feature.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_configuration":{"type":"string","description":"The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".","description_kind":"plain","optional":true},"job_id":{"type":"string","description":"The unique ID of this job.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The name for the Cloud KMS key for the job. Key format is: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. NOTE: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique name for the resource, required by Dataflow.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which VMs will be assigned. If it is not provided, \"default\" will be used.","description_kind":"plain","optional":true},"on_delete":{"type":"string","description":"One of \"drain\" or \"cancel\". Specifies behavior of deletion during terraform destroy.","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Key/Value pairs to be passed to the Dataflow job (as used in the template).","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the created job should run.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The Service Account email used to create the job.","description_kind":"plain","optional":true},"skip_wait_on_job_termination":{"type":"bool","description":"If true, treat DRAINING and CANCELLING as terminal job states and do not wait for further changes before removing from terraform state and moving on. WARNING: this will lead to job name conflicts if you do not ensure that the job names are different, e.g. by embedding a release ID or by using a random_id.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The current state of the resource, selected from the JobState enum.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork to which VMs will be assigned. Should be of the form \"regions/REGION/subnetworks/SUBNETWORK\".","description_kind":"plain","optional":true},"temp_gcs_location":{"type":"string","description":"A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data.","description_kind":"plain","required":true},"template_gcs_path":{"type":"string","description":"The Google Cloud Storage path to the Dataflow job template.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"transform_name_mapping":{"type":["map","string"],"description":"Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of this job, selected from the JobType enum.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone in which the created job should run. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_aspect_type":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description":"The aspect type id of the aspect type.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the AspectType was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the AspectType.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the AspectType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where aspect type will be created in.","description_kind":"plain","optional":true},"metadata_template":{"type":"string","description":"MetadataTemplate of the Aspect.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the AspectType, of the form: projects/{project_number}/locations/{location_id}/aspectTypes/{aspect_type_id}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_status":{"type":"string","description":"Denotes the transfer status of the Aspect Type. It is unspecified\nfor Aspect Type created from Dataplex API.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the AspectType. This ID will be different if the AspectType is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the AspectType was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_binding":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_member":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_policy":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the asset was created.","description_kind":"plain","computed":true},"dataplex_zone":{"type":"string","description":"The zone for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the asset.","description_kind":"plain","optional":true},"discovery_status":{"type":["list",["object",{"last_run_duration":"string","last_run_time":"string","message":"string","state":"string","stats":["list",["object",{"data_items":"number","data_size":"number","filesets":"number","tables":"number"}]],"update_time":"string"}]],"description":"Output only. Status of the discovery feature applied to data referenced by this asset.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the asset.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the asset.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"resource_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the resource referenced by this asset.","description_kind":"plain","computed":true},"security_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the security policy applied to resource referenced by this asset.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the asset was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data referenced by this asset. When this spec is left unset, the asset will use the spec set on the parent zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: `projects/{project_number}/buckets/{bucket_id}` `projects/{project_number}/datasets/{dataset_id}`","description_kind":"plain","optional":true},"read_access_mode":{"type":"string","description":"Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resource that is referenced by this asset.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset_iam_binding":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_member":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the scan was created.","description_kind":"plain","computed":true},"data_scan_id":{"type":"string","description":"DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the scan.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job_end_time":"string","latest_job_start_time":"string"}]],"description":"Status of the data scan execution.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the scan. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the data scan should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the DataScan.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of DataScan.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the scan. This ID will be different if the scan is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the scan was last updated.","description_kind":"plain","computed":true}},"block_types":{"data":{"nesting_mode":"list","block":{"attributes":{"entity":{"type":"string","description":"The Dataplex entity that represents the data source(e.g. BigQuery table) for Datascan.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be:\n(Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type \"TABLE\" for DataProfileScan/DataQualityScan.","description_kind":"plain","optional":true}},"description":"The data source for DataScan.","description_kind":"plain"},"min_items":1,"max_items":1},"data_profile_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"exclude_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to exclude from data profile.\nIf specified, the fields will be excluded from data profile, regardless of 'include_fields' value.","description_kind":"plain"},"max_items":1},"include_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to include in data profile.\nIf not specified, all fields at the time of profile scan job execution are included, except for ones listed in 'exclude_fields'.","description_kind":"plain"},"max_items":1},"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataProfileScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1}},"description":"DataProfileScan related setting.","description_kind":"plain"},"max_items":1},"data_quality_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataQualityScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"The unnested column which this rule is evaluated against.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the rule.\nThe maximum length is 1,024 characters.","description_kind":"plain","optional":true},"dimension":{"type":"string","description":"The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are [\"COMPLETENESS\", \"ACCURACY\", \"CONSISTENCY\", \"VALIDITY\", \"UNIQUENESS\", \"INTEGRITY\"]","description_kind":"plain","required":true},"ignore_null":{"type":"bool","description":"Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A mutable name for the rule.\nThe name must contain only letters (a-z, A-Z), numbers (0-9), or hyphens (-).\nThe maximum length is 63 characters.\nMust start with a letter.\nMust end with a number or a letter.","description_kind":"plain","optional":true},"threshold":{"type":"number","description":"The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0).","description_kind":"plain","optional":true}},"block_types":{"non_null_expectation":{"nesting_mode":"list","block":{"description":"ColumnMap rule which evaluates whether each column value is null.","description_kind":"plain"},"max_items":1},"range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"strict_max_enabled":{"type":"bool","description":"Whether each value needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether each value needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnMap rule which evaluates whether each column value lies between a specified range.","description_kind":"plain"},"max_items":1},"regex_expectation":{"nesting_mode":"list","block":{"attributes":{"regex":{"type":"string","description":"A regular expression the column value is expected to match.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value matches a specified regex.","description_kind":"plain"},"max_items":1},"row_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether each row passes the specified condition.","description_kind":"plain"},"max_items":1},"set_expectation":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Expected values for the column value.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value is contained by a specified set.","description_kind":"plain"},"max_items":1},"sql_assertion":{"nesting_mode":"list","block":{"attributes":{"sql_statement":{"type":"string","description":"The SQL statement.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether any row matches invalid state.","description_kind":"plain"},"max_items":1},"statistic_range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"statistic":{"type":"string","description":"column statistics. Possible values: [\"STATISTIC_UNDEFINED\", \"MEAN\", \"MIN\", \"MAX\"]","description_kind":"plain","required":true},"strict_max_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range.","description_kind":"plain"},"max_items":1},"table_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether the provided expression is true.","description_kind":"plain"},"max_items":1},"uniqueness_expectation":{"nesting_mode":"list","block":{"description":"Row-level rule which evaluates whether each column value is unique.","description_kind":"plain"},"max_items":1}},"description":"The list of rules to evaluate against a data source. At least one rule is required.","description_kind":"plain"}}},"description":"DataQualityScan related setting.","description_kind":"plain"},"max_items":1},"execution_spec":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table.","description_kind":"plain","optional":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"block_types":{"on_demand":{"nesting_mode":"list","block":{"description":"The scan runs once via dataScans.run API.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule for running scans periodically. This field is required for Schedule scans.","description_kind":"plain","required":true}},"description":"The scan is scheduled to run periodically.","description_kind":"plain"},"max_items":1}},"description":"Spec related to how often and when a scan should be triggered.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"DataScan execution settings.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_datascan_iam_binding":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_member":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the EntryGroup was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the EntryGroup.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_group_id":{"type":"string","description":"The entry group id of the entry group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the EntryGroup.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where entry group will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the EntryGroup, of the form: projects/{project_number}/locations/{location_id}/entryGroups/{entry_group_id}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_status":{"type":"string","description":"Denotes the transfer status of the Entry Group. It is unspecified\nfor Entry Group created from Dataplex API.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the EntryGroup. This ID will be different if the EntryGroup is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the EntryGroup was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_type":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the EntryType was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the EntryType.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_type_id":{"type":"string","description":"The entry type id of the entry type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the EntryType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where entry type will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the EntryType, of the form: projects/{project_number}/locations/{location_id}/entryTypes/{entry_type_id}","description_kind":"plain","computed":true},"platform":{"type":"string","description":"The platform that Entries of this type belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"system":{"type":"string","description":"The system that Entries of this type belongs to.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type_aliases":{"type":["list","string"],"description":"Indicates the class this Entry Type belongs to, for example, TABLE, DATABASE, MODEL.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System generated globally unique ID for the EntryType. This ID will be different if the EntryType is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the EntryType was last updated.","description_kind":"plain","computed":true}},"block_types":{"required_aspects":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Required aspect type for the entry type.","description_kind":"plain","optional":true}},"description":"AspectInfo for the entry type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_binding":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_member":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_policy":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the lake.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the lake was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the lake.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User-defined labels for the lake.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"metastore_status":{"type":["list",["object",{"endpoint":"string","message":"string","state":"string","update_time":"string"}]],"description":"Output only. Metastore status of the lake.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the lake.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Output only. Service account associated with this lake. This service account must be authorized to access or operate on resources managed by the lake.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the lake was last updated.","description_kind":"plain","computed":true}},"block_types":{"metastore":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional. A relative reference to the Dataproc Metastore (https://cloud.google.com/dataproc-metastore/docs) service associated with the lake: `projects/{project_id}/locations/{location_id}/services/{service_id}`","description_kind":"plain","optional":true}},"description":"Optional. Settings to manage lake and Dataproc Metastore service instance association.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_lake_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the task was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the task.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job":["list",["object",{"end_time":"string","message":"string","name":"string","retry_count":"number","service":"string","service_job":"string","start_time":"string","state":"string","uid":"string"}]],"update_time":"string"}]],"description":"Configuration for the cluster","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the task.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake in which the task will be created in.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the task will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the task, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/ tasks/{name}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the task.","description_kind":"plain","computed":true},"task_id":{"type":"string","description":"The task Id of the task.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the task. This ID will be different if the task is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the task was last updated.","description_kind":"plain","computed":true}},"block_types":{"execution_spec":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["map","string"],"description":"The arguments to pass to the task. The args can use placeholders of the format ${placeholder} as part of key/value string. These will be interpolated before passing the args to the driver. Currently supported placeholders: - ${taskId} - ${job_time} To pass positional args, set the key as TASK_ARGS. The value should be a comma-separated string of all the positional arguments. To use a delimiter other than comma, refer to https://cloud.google.com/sdk/gcloud/reference/topic/escaping. In case of other keys being present in the args, then TASK_ARGS will be passed as the last argument. An object containing a list of 'key': value pairs. Example: { 'name': 'wrench', 'mass': '1.3kg', 'count': '3' }.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The Cloud KMS key to use for encryption, of the form: projects/{project_number}/locations/{locationId}/keyRings/{key-ring-name}/cryptoKeys/{key-name}.","description_kind":"plain","optional":true},"max_job_execution_lifetime":{"type":"string","description":"The maximum duration after which the job execution is expired. A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which jobs are run. By default, the project containing the Lake is used. If a project is provided, the ExecutionSpec.service_account must belong to this project.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Service account to use to execute a task. If not provided, the default Compute service account for the project is used.","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1},"notebook":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"notebook":{"type":"string","description":"Path to input notebook. This can be the Cloud Storage URI of the notebook file or the path to a Notebook Content. The execution args are accessible as environment variables (TASK_key=value).","description_kind":"plain","required":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in jar_file_uris. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The Cloud Storage URI of the jar file that contains the main class. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"python_script_file":{"type":"string","description":"The Gcloud Storage URI of the main Python file to use as the driver. Must be a .py file. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"sql_script":{"type":"string","description":"The query text. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true},"sql_script_file":{"type":"string","description":"A reference to a query file. This can be the Cloud Storage URI of the query file or it can the path to a SqlScript Content. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_spec":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Prevent the task from executing. This does not cancel already running tasks. It is intended to temporarily disable RECURRING tasks.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Number of retry attempts before aborting. Set to zero to never attempt to retry a failed task.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) for running tasks periodically. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: 'CRON_TZ=${IANA_TIME_ZONE}' or 'TZ=${IANA_TIME_ZONE}'. The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, CRON_TZ=America/New_York 1 * * * *, or TZ=America/New_York 1 * * * *. This field is required for RECURRING tasks.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The first run of the task will be after this time. If not specified, the task will run shortly after being submitted if ON_DEMAND and based on the schedule if RECURRING.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Trigger type of the user-specified Task Possible values: [\"ON_DEMAND\", \"RECURRING\"]","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the zone.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the zone was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the zone.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the zone.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the zone. This ID will be different if the zone is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the zone was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data in this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"location_type":{"type":"string","description":"Required. Immutable. The location type of the resources that are allowed to be attached to the assets within this zone. Possible values: LOCATION_TYPE_UNSPECIFIED, SINGLE_REGION, MULTI_REGION","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resources that are referenced by the assets within this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_zone_iam_binding":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_member":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the autoscaling policy should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The \"resource name\" of the autoscaling policy.","description_kind":"plain","computed":true},"policy_id":{"type":"string","description":"The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 50 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"basic_algorithm":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"string","description":"Duration between scaling events. A scaling period starts after the\nupdate operation from the previous event has completed.\n\nBounds: [2m, 1d]. Default: 2m.","description_kind":"plain","optional":true}},"block_types":{"yarn_config":{"nesting_mode":"list","block":{"attributes":{"graceful_decommission_timeout":{"type":"string","description":"Timeout for YARN graceful decommissioning of Node Managers. Specifies the\nduration to wait for jobs to complete before forcefully removing workers\n(and potentially interrupting jobs). Only applicable to downscaling operations.\n\nBounds: [0s, 1d].","description_kind":"plain","required":true},"scale_down_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nremove workers. A scale-down factor of 1 will result in scaling down so that there\nis no available memory remaining after the update (more aggressive scaling).\nA scale-down factor of 0 disables removing workers, which can be beneficial for\nautoscaling a single job.\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_down_min_worker_fraction":{"type":"number","description":"Minimum scale-down threshold as a fraction of total cluster size before scaling occurs.\nFor example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must\nrecommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0\nmeans the autoscaler will scale down on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true},"scale_up_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nadd workers. A scale-up factor of 1.0 will result in scaling up so that there\nis no pending memory remaining after the update (more aggressive scaling).\nA scale-up factor closer to 0 will result in a smaller magnitude of scaling up\n(less aggressive scaling).\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_up_min_worker_fraction":{"type":"number","description":"Minimum scale-up threshold as a fraction of total cluster size before scaling\noccurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler\nmust recommend at least a 2-worker scale-up for the cluster to scale. A threshold of\n0 means the autoscaler will scale up on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true}},"description":"YARN autoscaling configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Basic algorithm for autoscaling.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group. Note that by default, clusters will not use\nsecondary workers. Required for secondary workers if the minimum secondary instances is set.\nBounds: [minInstances, ). Defaults to 0.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for secondary workers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group.","description_kind":"plain","required":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for primary workers.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"graceful_decommission_timeout":{"type":"string","description":"The timeout duration which allows graceful decomissioning when you change the number of worker nodes directly through a terraform apply","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The list of the labels (key/value pairs) configured on the resource and to be applied to instances in the cluster.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the cluster will exist. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the cluster and associated nodes will be created in. Defaults to global.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":" The name of the cloud storage bucket ultimately used to house the staging data for the cluster. If staging_bucket is specified, it will contain this value, otherwise it will be the auto generated name.","description_kind":"plain","computed":true},"staging_bucket":{"type":"string","description":"The Cloud Storage staging bucket used to stage files, such as Hadoop jars, between client machines and the cluster. Note: If you don't explicitly specify a staging_bucket then GCP will auto create / assign one for you. However, you are not guaranteed an auto generated bucket which is solely dedicated to your cluster; it may be shared with other clusters in the same region/zone also choosing to use the auto generation option.","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"The Cloud Storage temp bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. Note: If you don't explicitly specify a temp_bucket then GCP will auto create / assign one for you.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy_uri":{"type":"string","description":"The autoscaling policy used by the cluster.","description_kind":"plain","required":true}},"description":"The autoscaling policy config associated with the cluster.","description_kind":"plain"},"max_items":1},"auxiliary_node_groups":{"nesting_mode":"list","block":{"attributes":{"node_group_id":{"type":"string","description":"A node group ID. Generated if not specified. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of from 3 to 33 characters.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The Node group resource name.","description_kind":"plain","computed":true},"roles":{"type":["list","string"],"description":"Node group roles.","description_kind":"plain","required":true}},"block_types":{"node_group_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of auxiliary node group instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the auxiliary node group. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of auxiliary nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The node group instance group configuration.","description_kind":"plain"},"max_items":1}},"description":"Node group configuration.","description_kind":"plain"},"min_items":1}},"description":"The node group settings.","description_kind":"plain"}},"dataproc_metric_config":{"nesting_mode":"list","block":{"block_types":{"metrics":{"nesting_mode":"list","block":{"attributes":{"metric_overrides":{"type":["set","string"],"description":"Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect.","description_kind":"plain","optional":true},"metric_source":{"type":"string","description":"A source for the collection of Dataproc OSS metrics (see [available OSS metrics] (https://cloud.google.com//dataproc/docs/guides/monitoring#available_oss_metrics)).","description_kind":"plain","required":true}},"description":"Metrics sources to enable.","description_kind":"plain"},"min_items":1}},"description":"The config for Dataproc metrics.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","required":true}},"description":"The Customer managed encryption keys settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"The flag to enable http access to specific ports on the cluster from external sources (aka Component Gateway). Defaults to false.","description_kind":"plain","required":true},"http_ports":{"type":["map","string"],"description":"The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"The config settings for port access on the cluster. Structure defined below.","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. If set to true, all instances in the cluster will only have internal IP addresses. Note: Private Google Access (also known as privateIpGoogleAccess) must be enabled on the subnetwork that the cluster will be launched in.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"A map of the Compute Engine metadata entries to add to all instances","description_kind":"plain","optional":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to the cluster will be part of. Conflicts with subnetwork. If neither is specified, this defaults to the \"default\" network.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account to be used by the Node VMs. If not specified, the \"default\" service account is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs under the service_account specified. These can be either FQDNs, or scope aliases.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork the cluster will be part of. Conflicts with network.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to instances in the cluster. Tags are used to identify valid sources or targets for network firewalls.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP zone where your data is stored and used (i.e. where the master and the worker nodes will be created in). If region is set to 'global' (default) then zone is mandatory, otherwise GCP is able to make use of Auto Zone Placement to determine this automatically for you. Note: This setting additionally determines and restricts which computing resources are available for use with other configs such as cluster_config.master_config.machine_type and cluster_config.worker_config.machine_type.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group_uri":{"type":"string","description":"The URI of a sole-tenant that the cluster will be created on.","description_kind":"plain","required":true}},"description":"Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Type of reservation to consume.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether instances have integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether instances have Secure Boot enabled.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether instances have the vTPM enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster.","description_kind":"plain"},"max_items":1},"initialization_action":{"nesting_mode":"list","block":{"attributes":{"script":{"type":"string","description":"The script to be executed during initialization of the cluster. The script must be a GCS file with a gs:// prefix.","description_kind":"plain","required":true},"timeout_sec":{"type":"number","description":"The maximum duration (in seconds) which script is allowed to take to execute its action. GCP will default to a predetermined computed value if not set (currently 300).","description_kind":"plain","optional":true}},"description":"Commands to execute on each node after config is completed. You can specify multiple versions of these.","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"The time when cluster will be auto-deleted. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"The duration to keep the cluster alive while idling (no jobs running). After this TTL, the cluster will be deleted. Valid range: [10m, 14d].","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Time when the cluster became idle (most recent job finished) and became eligible for deletion due to idleness.","description_kind":"plain","computed":true}},"description":"The settings for auto deletion cluster schedule.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of master nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's master instance.","description_kind":"plain"},"max_items":1},"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service.","description_kind":"plain","required":true}},"description":"Specifies a Metastore configuration.","description_kind":"plain"},"max_items":1},"preemptible_worker_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of preemptible instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"num_instances":{"type":"number","description":"Specifies the number of preemptible nodes to create. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"preemptibility":{"type":"string","description":"Specifies the preemptibility of the secondary nodes. Defaults to PREEMPTIBLE.","description_kind":"plain","optional":true}},"block_types":{"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each preemptible worker node, specified in GB. The smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each preemptible worker node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each preemptible worker node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1},"instance_flexibility_policy":{"nesting_mode":"list","block":{"attributes":{"instance_selection_results":{"type":["list",["object",{"machine_type":"string","vm_count":"number"}]],"description":"A list of instance selection results in the group.","description_kind":"plain","computed":true}},"block_types":{"instance_selection_list":{"nesting_mode":"list","block":{"attributes":{"machine_types":{"type":["list","string"],"description":"Full machine-type names, e.g. \"n1-standard-16\".","description_kind":"plain","optional":true,"computed":true},"rank":{"type":"number","description":"Preference of this instance selection. Lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference.","description_kind":"plain","optional":true,"computed":true}},"description":"List of instance selection options that the group will use when creating new VMs.","description_kind":"plain"}}},"description":"Instance flexibility Policy allowing a mixture of VM shapes and provisioning models.","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the additional (aka preemptible) instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster\nKerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Flag to indicate whether to Kerberize the cluster.","description_kind":"plain","optional":true},"kdc_db_key_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing\nthe password to the user provided keystore. For the self-signed certificate, this password is generated\nby Dataproc","description_kind":"plain","optional":true},"keystore_uri":{"type":"string","description":"The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"kms_key_uri":{"type":"string","description":"The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","required":true},"realm":{"type":"string","description":"The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password_uri":{"type":"string","description":"The cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","required":true},"tgt_lifetime_hours":{"type":"number","description":"The lifetime of the ticket granting ticket, in hours.","description_kind":"plain","optional":true},"truststore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"truststore_uri":{"type":"string","description":"The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true}},"description":"Kerberos related configuration","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Security related configuration.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"The Cloud Dataproc image version to use for the cluster - this controls the sets of software versions installed onto the nodes when you create clusters. If not specified, defaults to the latest version.","description_kind":"plain","optional":true,"computed":true},"optional_components":{"type":["set","string"],"description":"The set of optional components to activate on the cluster.","description_kind":"plain","optional":true},"override_properties":{"type":["map","string"],"description":"A list of override and additional properties (key/value pairs) used to modify various aspects of the common configuration files used when creating a cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A list of the properties used to set the daemon config files. This will include any values supplied by the user via cluster_config.software_config.override_properties","description_kind":"plain","computed":true}},"description":"The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master/worker","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master/worker instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master/worker","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master/worker. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"min_num_instances":{"type":"number","description":"The minimum number of primary worker instances to create.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of worker nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's worker instances.","description_kind":"plain"},"max_items":1}},"description":"Allows you to configure various aspects of the cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_cluster_config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket.","description_kind":"plain","optional":true}},"block_types":{"auxiliary_services_config":{"nesting_mode":"list","block":{"block_types":{"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"The Hive Metastore configuration for this workload.","description_kind":"plain","optional":true}},"description":"The Hive Metastore configuration for this workload.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload.","description_kind":"plain","optional":true}},"description":"The Spark History Server configuration for the workload.","description_kind":"plain"},"max_items":1}},"description":"Auxiliary services configuration for a Cluster.","description_kind":"plain"},"max_items":1},"kubernetes_cluster_config":{"nesting_mode":"list","block":{"attributes":{"kubernetes_namespace":{"type":"string","description":"A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used.","description_kind":"plain","optional":true}},"block_types":{"gke_cluster_config":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_target":{"type":"string","description":"A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","optional":true}},"block_types":{"node_pool_target":{"nesting_mode":"list","block":{"attributes":{"node_pool":{"type":"string","description":"The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{nodePool}'","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"The roles associated with the GKE node pool.","description_kind":"plain","required":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"locations":{"type":["set","string"],"description":"The list of Compute Engine zones where node pool nodes associated with a Dataproc on GKE virtual cluster will be located.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes in the node pool. Must be \u003e= minNodeCount, and must be \u003e 0.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true}},"description":"The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present.","description_kind":"plain"},"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Compute Engine machine type.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as \"Intel Haswell\" or \"Intel Sandy Bridge\".","description_kind":"plain","optional":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances. Preemptible nodes cannot be used in a node pool with the CONTROLLER role or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).","description_kind":"plain","optional":true},"spot":{"type":"bool","description":"Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.","description_kind":"plain","optional":true}},"description":"The node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"Input only. The configuration for the GKE node pool.","description_kind":"plain"},"max_items":1}},"description":"GKE node pools where workloads will be scheduled. At least one node pool must be assigned the DEFAULT GkeNodePoolTarget.Role. If a GkeNodePoolTarget is not specified, Dataproc constructs a DEFAULT GkeNodePoolTarget.","description_kind":"plain"}}},"description":"The configuration for running the Dataproc cluster on GKE.","description_kind":"plain"},"min_items":1,"max_items":1},"kubernetes_software_config":{"nesting_mode":"list","block":{"attributes":{"component_version":{"type":["map","string"],"description":"The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"The properties to set on daemon config files. Property keys are specified in prefix:property format, for example spark:spark.kubernetes.container.image.","description_kind":"plain","optional":true,"computed":true}},"description":"The software configuration for this Dataproc cluster running on Kubernetes.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for running the Dataproc cluster on Kubernetes.","description_kind":"plain"},"max_items":1}},"description":"The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a Dataproc-on-GKE cluster. Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtualClusterConfig must be specified.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_binding":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_member":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job":{"version":0,"block":{"attributes":{"driver_controls_files_uri":{"type":"string","description":"Output-only. If present, the location of miscellaneous control files which may be used as part of job setup and handling. If not present, control files may be placed in the same location as driver_output_uri.","description_kind":"plain","computed":true},"driver_output_resource_uri":{"type":"string","description":"Output-only. A URI pointing to the location of the stdout of the job's driver program","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"By default, you can only delete inactive jobs within Dataproc. Setting this to true, and calling destroy, will ensure that the job is first cancelled before issuing the delete.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the cluster can be found and jobs subsequently run against. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Cloud Dataproc region. This essentially determines which clusters are available for this job to be submitted to. If not specified, defaults to global.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"details":"string","state":"string","state_start_time":"string","substate":"string"}]],"description":"The status of the job.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"hadoop_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of Hadoop job","description_kind":"plain"},"max_items":1},"hive_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Hive command: SET name=\"value\";).","description_kind":"plain","optional":true}},"description":"The config of hive job","description_kind":"plain"},"max_items":1},"pig_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Pig command: name=[value]).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pag job.","description_kind":"plain"},"max_items":1},"placement":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the cluster where the job will be submitted","description_kind":"plain","required":true},"cluster_uuid":{"type":"string","description":"Output-only. A cluster UUID generated by the Cloud Dataproc service when the job is submitted","description_kind":"plain","computed":true}},"description":"The config of job placement.","description_kind":"plain"},"min_items":1,"max_items":1},"presto_config":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Presto client tags to attach to this query.","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The format in which query output will be displayed. See the Presto documentation for supported output formats.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values. Used to set Presto session properties Equivalent to using the --session flag in the Presto CLI.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of presto job","description_kind":"plain"},"max_items":1},"pyspark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pySpark job.","description_kind":"plain"},"max_items":1},"reference":{"nesting_mode":"list","block":{"attributes":{"job_id":{"type":"string","description":"The job ID, which must be unique within the project. The job ID is generated by the server upon job submission or provided by the user as a means to perform retries without creating duplicate jobs","description_kind":"plain","optional":true,"computed":true}},"description":"The reference of the job","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true},"max_failures_total":{"type":"number","description":"Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of the Spark job.","description_kind":"plain"},"max_items":1},"sparksql_config":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Cloud Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET name=\"value\";).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of SparkSql job","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_federation":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore federation.","description_kind":"plain","computed":true},"federation_id":{"type":"string","description":"The ID of the metastore federation. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore federation.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore federation should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore federation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the metastore federation.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore federation, if available.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore federation.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Apache Hive metastore version of the federation. All backend metastore versions must be compatible with the federation version.","description_kind":"plain","required":true}},"block_types":{"backend_metastores":{"nesting_mode":"set","block":{"attributes":{"metastore_type":{"type":"string","description":"The type of the backend metastore. Possible values: [\"METASTORE_TYPE_UNSPECIFIED\", \"DATAPROC_METASTORE\", \"BIGQUERY\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the metastore that is being federated. The formats of the relative resource names for the currently supported metastores are listed below: Dataplex: projects/{projectId}/locations/{location}/lakes/{lake_id} BigQuery: projects/{projectId} Dataproc Metastore: projects/{projectId}/locations/{location}/services/{serviceId}","description_kind":"plain","required":true},"rank":{"type":"string","description_kind":"plain","required":true}},"description":"A map from BackendMetastore rank to BackendMetastores from which the federation service serves metadata at query time. The map key represents the order in which BackendMetastores should be evaluated to resolve database names at query time and should be greater than or equal to zero. A BackendMetastore with a lower number will be evaluated before a BackendMetastore with a higher number.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The fully qualified customer provided Cloud KMS key name to use for customer data encryption.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","required":true}},"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain"},"max_items":1},"hive_metastore_config":{"nesting_mode":"list","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml).\nThe mappings override system defaults (some keys cannot be overridden)","description_kind":"plain","optional":true,"computed":true},"endpoint_protocol":{"type":"string","description":"The protocol to use for the metastore service endpoint. If unspecified, defaults to 'THRIFT'. Default value: \"THRIFT\" Possible values: [\"THRIFT\", \"GRPC\"]","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Hive metastore schema version.","description_kind":"plain","required":true}},"block_types":{"auxiliary_versions":{"nesting_mode":"set","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the auxiliary Hive metastore (configured in hive-site.xml) in addition to the primary version's overrides.\nIf keys are present in both the auxiliary version's overrides and the primary version's overrides, the value from the auxiliary version's overrides takes precedence.","description_kind":"plain","optional":true},"key":{"type":"string","description_kind":"plain","required":true},"version":{"type":"string","description":"The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version.","description_kind":"plain","required":true}},"description":"A mapping of Hive metastore version to the auxiliary version configuration.\nWhen specified, a secondary Hive metastore service is created along with the primary service.\nAll auxiliary versions must be less than the service's primary version.\nThe key is the auxiliary service name and it must match the regular expression a-z?.\nThis means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen.","description_kind":"plain"}},"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"krb5_config_gcs_uri":{"type":"string","description":"A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly.","description_kind":"plain","required":true},"principal":{"type":"string","description":"A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form \"primary/instance@REALM\", but there is no exact format.","description_kind":"plain","required":true}},"block_types":{"keytab":{"nesting_mode":"list","block":{"attributes":{"cloud_secret":{"type":"string","description":"The relative resource name of a Secret Manager secret version, in the following form:\n\n\"projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}\".","description_kind":"plain","required":true}},"description":"A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC).","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information used to configure the Hive metastore service as a service principal in a Kerberos realm.","description_kind":"plain"},"max_items":1}},"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"The day of week, when the window starts. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"hour_of_day":{"type":"number","description":"The hour of day (0-23) when the window starts.","description_kind":"plain","required":true}},"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain"},"max_items":1},"metadata_integration":{"nesting_mode":"list","block":{"block_types":{"data_catalog_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog.","description_kind":"plain","required":true}},"description":"The integration config for the Data Catalog service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"consumers":{"nesting_mode":"list","block":{"attributes":{"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint.\nIt is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network.\nThere must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:\n'projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id}","description_kind":"plain","required":true}},"description":"The consumer-side network configuration for the Dataproc Metastore instance.","description_kind":"plain"},"min_items":1}},"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain"},"max_items":1},"scaling_config":{"nesting_mode":"list","block":{"attributes":{"instance_size":{"type":"string","description":"Metastore instance sizes. Possible values: [\"EXTRA_SMALL\", \"SMALL\", \"MEDIUM\", \"LARGE\", \"EXTRA_LARGE\"]","description_kind":"plain","optional":true},"scaling_factor":{"type":"number","description":"Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0.","description_kind":"plain","optional":true}},"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain"},"max_items":1},"scheduled_backup":{"nesting_mode":"list","block":{"attributes":{"backup_location":{"type":"string","description":"A Cloud Storage URI of a folder, in the format gs://\u003cbucket_name\u003e/\u003cpath_inside_bucket\u003e. A sub-folder \u003cbackup_folder\u003e containing backup files will be stored below it.","description_kind":"plain","required":true},"cron_schedule":{"type":"string","description":"The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron The default is empty: scheduled backup is not enabled. Must be specified to enable scheduled backups.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Defines whether the scheduled backup is enabled. The default value is false.","description_kind":"plain","optional":true,"computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, the default is UTC.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration of scheduled backup for the metastore service.","description_kind":"plain"},"max_items":1},"telemetry_config":{"nesting_mode":"list","block":{"attributes":{"log_format":{"type":"string","description":"The output format of the Dataproc Metastore service's logs. Default value: \"JSON\" Possible values: [\"LEGACY\", \"JSON\"]","description_kind":"plain","optional":true}},"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataproc_workflow_template":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time template was created.","description_kind":"plain","computed":true},"dag_timeout":{"type":"string","description":"Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes (\"600s\") to 24 hours (\"86400s\"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label **keys** must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be empty, but, if present, must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No more than 32 labels can be associated with a template.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workflow template, as described in https://cloud.google.com/apis/design/resource_names. * For `projects.regions.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/regions/{region}/workflowTemplates/{template_id}` * For `projects.locations.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/locations/{location}/workflowTemplates/{template_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time template was last updated.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Output only. The current version of this workflow template.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"jobs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.","description_kind":"plain","optional":true},"prerequisite_step_ids":{"type":["list","string"],"description":"Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.","description_kind":"plain","optional":true},"step_id":{"type":"string","description":"Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.","description_kind":"plain","required":true}},"block_types":{"hadoop_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file containing the main class. Examples: 'gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar' 'hdfs:/tmp/test-samples/custom-wordcount.jar' 'file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar'","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hadoop job.","description_kind":"plain"},"max_items":1},"hive_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains Hive queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hive job.","description_kind":"plain"},"max_items":1},"pig_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains the Pig queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Pig job.","description_kind":"plain"},"max_items":1},"presto_job":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Optional. Presto client tags to attach to this query","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Presto job.","description_kind":"plain"},"max_items":1},"pyspark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a PySpark job.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10.","description_kind":"plain","optional":true},"max_failures_total":{"type":"number","description":"Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240.","description_kind":"plain","optional":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Spark job.","description_kind":"plain"},"max_items":1},"spark_r_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"Required. The HCFS URI of the main R file to use as the driver. Must be a .R file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkR job.","description_kind":"plain"},"max_items":1},"spark_sql_job":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkSql job.","description_kind":"plain"},"max_items":1}},"description":"Required. The Directed Acyclic Graph of Jobs to submit.","description_kind":"plain"},"min_items":1},"parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Brief description of the parameter. Must not exceed 1024 characters.","description_kind":"plain","optional":true},"fields":{"type":["list","string"],"description":"Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter's list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template's cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels['key'] * placement.clusterSelector.clusterLabels['key'] * placement.managedCluster.labels['key'] * placement.clusterSelector.clusterLabels['key'] * jobs['step-id'].labels['key'] * Jobs in the jobs list can be referenced by step-id: * jobs['step-id'].hadoopJob.mainJarFileUri * jobs['step-id'].hiveJob.queryFileUri * jobs['step-id'].pySparkJob.mainPythonFileUri * jobs['step-id'].hadoopJob.jarFileUris[0] * jobs['step-id'].hadoopJob.archiveUris[0] * jobs['step-id'].hadoopJob.fileUris[0] * jobs['step-id'].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs['step-id'].sparkJob.args[0] * Other examples: * jobs['step-id'].hadoopJob.properties['key'] * jobs['step-id'].hadoopJob.args[0] * jobs['step-id'].hiveJob.scriptVariables['key'] * jobs['step-id'].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs['step-id'].sparkJob.args","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters.","description_kind":"plain","required":true}},"block_types":{"validation":{"nesting_mode":"list","block":{"block_types":{"regex":{"nesting_mode":"list","block":{"attributes":{"regexes":{"type":["list","string"],"description":"Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient).","description_kind":"plain","required":true}},"description":"Validation based on regular expressions.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Required. List of allowed values for the parameter.","description_kind":"plain","required":true}},"description":"Validation based on a list of allowed values.","description_kind":"plain"},"max_items":1}},"description":"Optional. Validation rules to be applied to this parameter's value.","description_kind":"plain"},"max_items":1}},"description":"Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.","description_kind":"plain"}},"placement":{"nesting_mode":"list","block":{"block_types":{"cluster_selector":{"nesting_mode":"list","block":{"attributes":{"cluster_labels":{"type":["map","string"],"description":"Required. The cluster labels. Cluster must have all labels to match.","description_kind":"plain","required":true},"zone":{"type":"string","description":"Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted.","description_kind":"plain"},"max_items":1},"managed_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.","description_kind":"plain","optional":true}},"description":"Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"gce_pd_kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","optional":true}},"description":"Optional. Encryption settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.","description_kind":"plain","optional":true},"http_ports":{"type":["map","string"],"description":"Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"Optional. Port/endpoint configuration for this cluster","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).","description_kind":"plain","optional":true},"network":{"type":"string","description":"Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`","description_kind":"plain","optional":true},"private_ipv6_google_access":{"type":"string","description":"Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group":{"type":"string","description":"Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`","description_kind":"plain","required":true}},"description":"Optional. Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION","description_kind":"plain","optional":true},"key":{"type":"string","description":"Optional. Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Optional. Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Optional. Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline.","description_kind":"plain","optional":true}},"description":"Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Optional. The shared Compute Engine config settings for all instances in a cluster.","description_kind":"plain"},"max_items":1},"initialization_actions":{"nesting_mode":"list","block":{"attributes":{"executable_file":{"type":"string","description":"Required. Cloud Storage URI of executable file.","description_kind":"plain","optional":true},"execution_timeout":{"type":"string","description":"Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.","description_kind":"plain","optional":true}},"description":"Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"auto_delete_ttl":{"type":"string","description":"Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","computed":true}},"description":"Optional. Lifecycle setting for the cluster.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for the master instance in a cluster.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for additional worker instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.","description_kind":"plain","optional":true},"kdc_db_key":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"keystore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"Optional. The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","optional":true},"realm":{"type":"string","description":"Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","optional":true},"tgt_lifetime_hours":{"type":"number","description":"Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.","description_kind":"plain","optional":true},"truststore":{"type":"string","description":"Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"truststore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true}},"description":"Optional. Kerberos related configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Security settings for the cluster.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.","description_kind":"plain","optional":true},"optional_components":{"type":["list","string"],"description":"Optional. The set of components to activate on the cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).","description_kind":"plain","optional":true}},"description":"Optional. The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for worker instances in a cluster.","description_kind":"plain"},"max_items":1}},"description":"Required. The cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A cluster that is managed by the workflow.","description_kind":"plain"},"max_items":1}},"description":"Required. WorkflowTemplate scheduling information.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastore_index":{"version":0,"block":{"attributes":{"ancestor":{"type":"string","description":"Policy for including ancestors in the index. Default value: \"NONE\" Possible values: [\"NONE\", \"ALL_ANCESTORS\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_id":{"type":"string","description":"The index id.","description_kind":"plain","computed":true},"kind":{"type":"string","description":"The entity kind which the index applies to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"direction":{"type":"string","description":"The direction the index should optimize for sorting. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The property name to index.","description_kind":"plain","required":true}},"description":"An ordered list of properties to index on.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"google_datastream_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The connection profile identifier.","description_kind":"plain","required":true},"create_without_validation":{"type":"bool","description":"Create the connection profile without validating it.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this connection profile is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"bigquery_profile":{"nesting_mode":"list","block":{"description":"BigQuery warehouse profile.","description_kind":"plain"},"max_items":1},"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"SSH password.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"SSH private key.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"Forward SSH tunnel connectivity.","description_kind":"plain"},"max_items":1},"gcs_profile":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The Cloud Storage bucket name.","description_kind":"plain","required":true},"root_path":{"type":"string","description":"The root path inside the Cloud Storage bucket.","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket profile.","description_kind":"plain"},"max_items":1},"mysql_profile":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the MySQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the MySQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the MySQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the MySQL connection.","description_kind":"plain","required":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM-encoded certificate of the CA that signed the source database\nserver's certificate.","description_kind":"plain","optional":true,"sensitive":true},"ca_certificate_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true},"client_certificate":{"type":"string","description":"PEM-encoded certificate that will be used by the replica to\nauthenticate against the source database server. If this field\nis used then the 'clientKey' and the 'caCertificate' fields are\nmandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_certificate_set":{"type":"bool","description":"Indicates whether the clientCertificate field is set.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'client_certificate' and the\n'ca_certificate' fields are mandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_key_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true}},"description":"SSL configuration for the MySQL connection.","description_kind":"plain"},"max_items":1}},"description":"MySQL database profile.","description_kind":"plain"},"max_items":1},"oracle_profile":{"nesting_mode":"list","block":{"attributes":{"connection_attributes":{"type":["map","string"],"description":"Connection string attributes","description_kind":"plain","optional":true},"database_service":{"type":"string","description":"Database for the Oracle connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the Oracle connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Oracle connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the Oracle connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the Oracle connection.","description_kind":"plain","required":true}},"description":"Oracle database profile.","description_kind":"plain"},"max_items":1},"postgresql_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the PostgreSQL connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the PostgreSQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the PostgreSQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the PostgreSQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the PostgreSQL connection.","description_kind":"plain","required":true}},"description":"PostgreSQL database profile.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"A reference to a private connection resource. Format: 'projects/{project}/locations/{location}/privateConnections/{name}'","description_kind":"plain","required":true}},"description":"Private connectivity.","description_kind":"plain"},"max_items":1},"sql_server_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the SQL Server connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the SQL Server connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the SQL Server connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the SQL Server connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the SQL Server connection.","description_kind":"plain","required":true}},"description":"SQL Server database profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_private_connection":{"version":1,"block":{"attributes":{"create_without_validation":{"type":"bool","description":"If set to true, will skip validations.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc":{"type":"string","description":"Fully qualified name of the VPC that Datastream will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween Datastream and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_datastream_stream":{"version":0,"block":{"attributes":{"create_without_validation":{"type":"bool","description":"Create the stream without validating it.","description_kind":"plain","optional":true},"customer_managed_encryption_key":{"type":"string","description":"A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data\nwill be encrypted using an internal Stream-specific encryption key provisioned through KMS.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Stream. Set this field to 'RUNNING' to start the stream, and 'PAUSED' to pause the stream.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this stream is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The stream's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the stream.","description_kind":"plain","computed":true},"stream_id":{"type":"string","description":"The stream identifier.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"backfill_all":{"nesting_mode":"list","block":{"block_types":{"mysql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"oracle_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"postgresql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"sql_server_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The SQL Server data type. Full data types list can be found here:\nhttps://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"SQL Server schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"SQL Server data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1}},"description":"Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded.","description_kind":"plain"},"max_items":1},"backfill_none":{"nesting_mode":"list","block":{"description":"Backfill strategy to disable automatic backfill for the Stream's objects.","description_kind":"plain"},"max_items":1},"destination_config":{"nesting_mode":"list","block":{"attributes":{"destination_connection_profile":{"type":"string","description":"Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"bigquery_destination_config":{"nesting_mode":"list","block":{"attributes":{"data_freshness":{"type":"string","description":"The guaranteed data freshness (in seconds) when querying tables created by the stream.\nEditing this field will only affect new tables created in the future, but existing tables\nwill not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true}},"block_types":{"append_only":{"nesting_mode":"list","block":{"description":"AppendOnly mode defines that the stream of changes (INSERT, UPDATE-INSERT, UPDATE-DELETE and DELETE\nevents) to a source table will be written to the destination Google BigQuery table, retaining the\nhistorical state of the data.","description_kind":"plain"},"max_items":1},"merge":{"nesting_mode":"list","block":{"description":"Merge mode defines that all changes to a table will be merged at the destination Google BigQuery\ntable. This is the default write mode. When selected, BigQuery reflects the way the data is stored\nin the source database. With Merge mode, no historical record of the change events is kept.","description_kind":"plain"},"max_items":1},"single_target_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID in the format projects/{project}/datasets/{dataset_id} or\n{project}:{dataset_id}","description_kind":"plain","required":true}},"description":"A single target dataset to which all data will be streamed.","description_kind":"plain"},"max_items":1},"source_hierarchy_datasets":{"nesting_mode":"list","block":{"block_types":{"dataset_template":{"nesting_mode":"list","block":{"attributes":{"dataset_id_prefix":{"type":"string","description":"If supplied, every created dataset will have its name prefixed by the provided value.\nThe prefix and name will be separated by an underscore. i.e. _.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery\ntable. The BigQuery Service Account associated with your project requires access to this\nencryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}.\nSee https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee https://cloud.google.com/bigquery/docs/locations for supported locations.","description_kind":"plain","required":true}},"description":"Dataset template used for dynamic dataset creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Google BigQuery.","description_kind":"plain"},"max_items":1},"gcs_destination_config":{"nesting_mode":"list","block":{"attributes":{"file_rotation_interval":{"type":"string","description":"The maximum duration for which new events are added before a file is closed and a new file is created.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true,"computed":true},"file_rotation_mb":{"type":"number","description":"The maximum file size to be saved in the bucket.","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path inside the Cloud Storage bucket to write data to.","description_kind":"plain","optional":true}},"block_types":{"avro_file_format":{"nesting_mode":"list","block":{"description":"AVRO file format configuration.","description_kind":"plain"},"max_items":1},"json_file_format":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"Compression of the loaded JSON file. Possible values: [\"NO_COMPRESSION\", \"GZIP\"]","description_kind":"plain","optional":true},"schema_file_format":{"type":"string","description":"The schema file format along JSON data files. Possible values: [\"NO_SCHEMA_FILE\", \"AVRO_SCHEMA_FILE\"]","description_kind":"plain","optional":true}},"description":"JSON file format configuration.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"Destination connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"source_config":{"nesting_mode":"list","block":{"attributes":{"source_connection_profile":{"type":"string","description":"Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"mysql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"oracle_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"drop_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to retrieve from the source.","description_kind":"plain"},"max_items":1},"stream_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"postgresql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non\nnegative. If not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"publication":{"type":"string","description":"The name of the publication that includes the set of all tables\nthat are defined in the stream's include_objects.","description_kind":"plain","required":true},"replication_slot":{"type":"string","description":"The name of the logical replication slot that's configured with\nthe pgoutput plugin.","description_kind":"plain","required":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"PostgreSQL data source configuration.","description_kind":"plain"},"max_items":1},"sql_server_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Max concurrent backfill tasks.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Max concurrent CDC tasks.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The SQL Server data type. Full data types list can be found here:\nhttps://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"SQL Server schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"SQL Server objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The SQL Server data type. Full data types list can be found here:\nhttps://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"SQL Server schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"SQL Server objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"SQL Server data source configuration.","description_kind":"plain"},"max_items":1}},"description":"Source connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_deployment_manager_deployment":{"version":0,"block":{"attributes":{"create_policy":{"type":"string","description":"Set the policy to use for creating new resources. Only used on\ncreate and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or\n'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist,\nthe deployment will fail. Note that updating this field does not\nactually affect the deployment, just how it is updated. Default value: \"CREATE_OR_ACQUIRE\" Possible values: [\"ACQUIRE\", \"CREATE_OR_ACQUIRE\"]","description_kind":"plain","optional":true},"delete_policy":{"type":"string","description":"Set the policy to use for deleting new resources on update/delete.\nValid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE',\nresource is deleted after removal from Deployment Manager. If\n'ABANDON', the resource is only removed from Deployment Manager\nand is not actually deleted. Note that updating this field does not\nactually change the deployment, just how it is updated. Default value: \"DELETE\" Possible values: [\"ABANDON\", \"DELETE\"]","description_kind":"plain","optional":true},"deployment_id":{"type":"string","description":"Unique identifier for deployment. Output only.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional user-provided description of deployment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"manifest":{"type":"string","description":"Output only. URL of the manifest representing the last manifest that\nwas successfully deployed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the deployment","description_kind":"plain","required":true},"preview":{"type":"bool","description":"If set to true, a deployment is created with \"shell\" resources\nthat are not actually instantiated. This allows you to preview a\ndeployment. It can be updated to false to actually deploy\nwith real resources.\n ~\u003e**NOTE:** Deployment Manager does not allow update\nof a deployment in preview (unless updating to preview=false). Thus,\nTerraform will force-recreate deployments if either preview is updated\nto true or if other fields are updated while preview is true.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Output only. Server defined URL for the resource.","description_kind":"plain","computed":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":"Key for label.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of label.","description_kind":"plain","optional":true}},"description":"Key-value pairs to apply to this labels.","description_kind":"plain"}},"target":{"nesting_mode":"list","block":{"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full YAML contents of your configuration file.","description_kind":"plain","required":true}},"description":"The root configuration file to use for this deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"imports":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full contents of the template that you want to import.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the template to import, as declared in the YAML\nconfiguration.","description_kind":"plain","optional":true}},"description":"Specifies import files for this configuration. This can be\nused to import templates or other files. For example, you might\nimport a text file in order to use the file in a template.","description_kind":"plain"}}},"description":"Parameters that define your deployment, including the deployment\nconfiguration and relevant templates.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_agent":{"version":0,"block":{"attributes":{"api_version":{"type":"string","description":"API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query\ndifferent service endpoints for different API versions. However, bots connectors and webhook calls will follow\nthe specified API version.\n* API_VERSION_V1: Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", \"API_VERSION_V2_BETA_1\"]","description_kind":"plain","optional":true,"computed":true},"avatar_uri":{"type":"string","description":"The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered\ninto this field, the Dialogflow will save the image in the backend. The address of the backend image returned\nfrom the API will be shown in the [avatarUriBackend] field.","description_kind":"plain","optional":true},"avatar_uri_backend":{"type":"string","description":"The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar,\nthe [avatarUri] field can be used.","description_kind":"plain","computed":true},"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent,\nyou can tune the machine learning classification threshold. If the returned score value is less than the threshold\nvalue, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be\ntriggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the\ndefault of 0.3 is used.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this agent.","description_kind":"plain","required":true},"enable_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_mode":{"type":"string","description":"Determines how intents are detected from user queries.\n* MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates\nsyntax and composite entities.\n* MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones\nusing @sys.any or very large developer entities. Possible values: [\"MATCH_MODE_HYBRID\", \"MATCH_MODE_ML_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the defaultLanguageCode).","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The agent tier. If not specified, TIER_STANDARD is assumed.\n* TIER_STANDARD: Standard tier.\n* TIER_ENTERPRISE: Enterprise tier (Essentials).\n* TIER_ENTERPRISE_PLUS: Enterprise tier (Plus).\nNOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between\nthe Terraform state and Dialogflow if the agent tier is changed outside of Terraform. Possible values: [\"TIER_STANDARD\", \"TIER_ENTERPRISE\", \"TIER_ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_agent":{"version":0,"block":{"attributes":{"avatar_uri":{"type":"string","description":"The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the agent, unique within the location.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location this agent is located in.\n\n~\u003e **Note:** The first time you are deploying an Agent in your project you must configure location settings.\n This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console.\n Another options is to use global location so you don't need to manually configure location settings.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the agent.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the default_language_code).","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"git_integration_settings":{"nesting_mode":"list","block":{"block_types":{"github_settings":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"string","description":"The access token used to authenticate the access to the GitHub repository.","description_kind":"plain","optional":true,"sensitive":true},"branches":{"type":["list","string"],"description":"A list of branches configured to be used from Dialogflow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The unique repository display name for the GitHub repository.","description_kind":"plain","optional":true},"repository_uri":{"type":"string","description":"The GitHub repository URI related to the agent.","description_kind":"plain","optional":true},"tracking_branch":{"type":"string","description":"The branch of the GitHub repository tracked for this agent.","description_kind":"plain","optional":true}},"description":"Settings of integration with GitHub.","description_kind":"plain"},"max_items":1}},"description":"Git integration settings for this agent.","description_kind":"plain"},"max_items":1},"speech_to_text_settings":{"nesting_mode":"list","block":{"attributes":{"enable_speech_adaptation":{"type":"bool","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","optional":true}},"description":"Settings related to speech recognition.","description_kind":"plain"},"max_items":1},"text_to_speech_settings":{"nesting_mode":"list","block":{"attributes":{"synthesize_speech_configs":{"type":"string","description":"Configuration of how speech should be synthesized, mapping from [language](https://cloud.google.com/dialogflow/cx/docs/reference/language) to [SynthesizeSpeechConfig](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents#synthesizespeechconfig).\nThese settings affect:\n* The phone gateway synthesize configuration set via Agent.text_to_speech_settings.\n* How speech is synthesized when invoking session APIs. 'Agent.text_to_speech_settings' only applies if 'OutputAudioConfig.synthesize_speech_config' is not specified.","description_kind":"plain","optional":true}},"description":"Settings related to speech synthesizing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_entity_type":{"version":0,"block":{"attributes":{"auto_expansion_mode":{"type":"string","description":"Represents kinds of entities.\n* AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity.\n* AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: [\"AUTO_EXPANSION_MODE_DEFAULT\", \"AUTO_EXPANSION_MODE_UNSPECIFIED\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the entity type, unique within the agent.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates whether the entity type can be automatically expanded.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value.\n* KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language of the following fields in entityType:\nEntityType.entities.value\nEntityType.entities.synonyms\nEntityType.excluded_phrases.value\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a entity type for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging.","description_kind":"plain","optional":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions.\nFor KIND_LIST entity types: This collection must contain exactly one synonym equal to value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions.\nFor KIND_MAP entity types: A canonical value to be used in place of synonyms.\nFor KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","optional":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"},"min_items":1},"excluded_phrases":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The word or phrase to be excluded.","description_kind":"plain","optional":true}},"description":"Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion.\nIf the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_environment":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the environment (unique in an agent). Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the environment.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Agent to create an Environment for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Update time of this environment. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_configs":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}.","description_kind":"plain","required":true}},"description":"A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_dialogflow_cx_flow":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the flow.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_start_flow":{"type":"bool","description":"Marks this as the [Default Start Flow](https://cloud.google.com/dialogflow/cx/docs/concept/flow#start) for an agent. When you create an agent, the Default Start Flow is created automatically.\nThe Default Start Flow cannot be deleted; deleting the 'google_dialogflow_cx_flow' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_flow' resources linked to the same agent with 'is_default_start_flow = true' because they will compete to control a single Default Start Flow resource in GCP.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in flow:\nFlow.event_handlers.trigger_fulfillment.messages\nFlow.event_handlers.trigger_fulfillment.conditional_cases\nFlow.transition_routes.trigger_fulfillment.messages\nFlow.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the flow.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a flow for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"A flow's transition route group serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"A flow's event handlers serve two purposes:\nThey are responsible for handling events (e.g. no match, webhook errors) in the flow.\nThey are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow.\nUnlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored.","description_kind":"plain"}},"nlu_settings":{"nesting_mode":"list","block":{"attributes":{"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold.\nIf the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used.","description_kind":"plain","optional":true},"model_training_mode":{"type":"string","description":"Indicates NLU model training mode.\n* MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode.\n* MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: [\"MODEL_TRAINING_MODE_AUTOMATIC\", \"MODEL_TRAINING_MODE_MANUAL\"]","description_kind":"plain","optional":true},"model_type":{"type":"string","description":"Indicates the type of NLU model.\n* MODEL_TYPE_STANDARD: Use standard NLU model.\n* MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: [\"MODEL_TYPE_STANDARD\", \"MODEL_TYPE_ADVANCED\"]","description_kind":"plain","optional":true}},"description":"NLU related settings of the flow.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A flow's transition routes serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying \"help\" or \"can I talk to a human?\", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow.\n\nTransitionRoutes are evalauted in the following order:\n TransitionRoutes with intent specified.\n TransitionRoutes with only condition specified.\n TransitionRoutes with intent specified are inherited by pages in the flow.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_intent":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_negative_intent":{"type":"bool","description":"Marks this as the [Default Negative Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#negative) for an agent. When you create an agent, a Default Negative Intent is created automatically.\nThe Default Negative Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_negative_intent = true' because they will compete to control a single Default Negative Intent resource in GCP.","description_kind":"plain","optional":true},"is_default_welcome_intent":{"type":"bool","description":"Marks this as the [Default Welcome Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#welcome) for an agent. When you create an agent, a Default Welcome Intent is created automatically.\nThe Default Welcome Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_welcome_intent = true' because they will compete to control a single Default Welcome Intent resource in GCP.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation.\nAdding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event.\nTo manage the fallback intent, set 'is_default_negative_intent = true'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes.\nPrefix \"sys-\" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. \"sys-head\" means the intent is a head intent. \"sys.contextual\" means the intent is a contextual intent.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in intent:\nIntent.training_phrases.parts.text\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create an intent for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\nIf the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console.\nIf the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","required":true},"id":{"type":"string","description":"The unique identifier of the parameter. This field is used by training phrases to annotate their parts.","description_kind":"plain","required":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging.\nNote: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true}},"description":"The collection of parameters associated with the intent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"training_phrases":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The unique identifier of the training phrase.","description_kind":"plain","computed":true},"repeat_count":{"type":"number","description":"Indicates how many times this example was added to the intent.","description_kind":"plain","optional":true}},"block_types":{"parts":{"nesting_mode":"list","block":{"attributes":{"parameter_id":{"type":"string","description":"The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The text for this part.","description_kind":"plain","required":true}},"description":"The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase.\nNote: The API does not automatically annotate training phrases like the Dialogflow Console does.\nNote: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated.\nIf the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set.\nIf you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways:\nPart.text is set to a part of the phrase that has no parameters.\nPart.text is set to a part of the phrase that you want to annotate, and the parameterId field is set.","description_kind":"plain"},"min_items":1}},"description":"The collection of training phrases the agent is trained on to identify the intent.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_page":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the agent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_code":{"type":"string","description":"The language of the following fields in page:\n\nPage.entry_fulfillment.messages\nPage.entry_fulfillment.conditional_cases\nPage.event_handlers.trigger_fulfillment.messages\nPage.event_handlers.trigger_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.messages\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.reprompt_event_handlers.messages\nPage.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases\nPage.transition_routes.trigger_fulfillment.messages\nPage.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The flow to create a page for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page.\nIf multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -\u003e page's transition route group -\u003e flow's transition routes.\nIf multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"entry_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the session is entering the page.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"Handlers associated with the page to handle events such as webhook errors, no match or no input.","description_kind":"plain"}},"form":{"nesting_mode":"list","block":{"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"default_value":{"type":"string","description":"The default value of an optional parameter. If the parameter is required, the default value will be ignored.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the parameter, unique within the form.","description_kind":"plain","optional":true},"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","optional":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log.\nIf redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true},"required":{"type":"bool","description":"Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them.\nRequired parameters must be filled before form filling concludes.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"fill_behavior":{"nesting_mode":"list","block":{"block_types":{"initial_prompt_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter.","description_kind":"plain"},"max_items":1},"reprompt_event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are:\n* sys.no-match-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-match-default\n* sys.no-input-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-input-default\n* sys.invalid-parameter\n[initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter.\nIf the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on.\nA sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed.\nA sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt.\nIf the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted.","description_kind":"plain"}}},"description":"Defines fill behavior for the parameter.","description_kind":"plain"},"max_items":1}},"description":"Parameters to collect from the user.","description_kind":"plain"}}},"description":"The form associated with the page, used for collecting parameters relevant to the page.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow.\nWhen we are in a certain page, the TransitionRoutes are evalauted in the following order:\nTransitionRoutes defined in the page with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in flow with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in the page with only condition specified.\nTransitionRoutes defined in the transition route groups with only condition specified.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_security_settings":{"version":0,"block":{"attributes":{"deidentify_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text.\nNote: deidentifyTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the security settings, unique within the location.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config.\nNote: inspectTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location these settings are located in. Settings can only be applied to an agent in the same location.\nSee [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the settings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purge_data_types":{"type":["list","string"],"description":"List of types of data to remove when retention settings triggers purge. Possible values: [\"DIALOGFLOW_HISTORY\"]","description_kind":"plain","optional":true},"redaction_scope":{"type":"string","description":"Defines what types of data to redact. If not set, defaults to not redacting any kind of data.\n* REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk. Possible values: [\"REDACT_DISK_STORAGE\"]","description_kind":"plain","optional":true},"redaction_strategy":{"type":"string","description":"Defines how we redact data. If not set, defaults to not redacting.\n* REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted. Possible values: [\"REDACT_WITH_SERVICE\"]","description_kind":"plain","optional":true},"retention_strategy":{"type":"string","description":"Defines how long we retain persisted data that contains sensitive info. Only one of 'retention_window_days' and 'retention_strategy' may be set.\n* REMOVE_AFTER_CONVERSATION: Removes data when the conversation ends. If there is no conversation explicitly established, a default conversation ends when the corresponding Dialogflow session ends. Possible values: [\"REMOVE_AFTER_CONVERSATION\"]","description_kind":"plain","optional":true},"retention_window_days":{"type":"number","description":"Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL.\nOnly one of 'retention_window_days' and 'retention_strategy' may be set.","description_kind":"plain","optional":true}},"block_types":{"audio_export_settings":{"nesting_mode":"list","block":{"attributes":{"audio_export_pattern":{"type":"string","description":"Filename pattern for exported audio.","description_kind":"plain","optional":true},"audio_format":{"type":"string","description":"File format for exported audio file. Currently only in telephony recordings.\n* MULAW: G.711 mu-law PCM with 8kHz sample rate.\n* MP3: MP3 file format.\n* OGG: OGG Vorbis. Possible values: [\"MULAW\", \"MP3\", \"OGG\"]","description_kind":"plain","optional":true},"enable_audio_redaction":{"type":"bool","description":"Enable audio redaction if it is true.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.","description_kind":"plain","optional":true}},"description":"Controls audio export settings for post-conversation analytics when ingesting audio to conversations.\nIf retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled.\nIf audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket.\nThis setting won't effect audio input for implicit sessions via [Sessions.DetectIntent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.sessions/detectIntent#google.cloud.dialogflow.cx.v3.Sessions.DetectIntent).","description_kind":"plain"},"max_items":1},"insights_export_settings":{"nesting_mode":"list","block":{"attributes":{"enable_insights_export":{"type":"bool","description":"If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.","description_kind":"plain","required":true}},"description":"Controls conversation exporting settings to Insights after conversation is completed.\nIf retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_test_case":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the test was created. A timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The human-readable name of the test case, unique within the agent. Limit of 200 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_test_result":{"type":["list",["object",{"conversation_turns":["list",["object",{"user_input":["list",["object",{"enable_sentiment_analysis":"bool","injected_parameters":"string","input":["list",["object",{"dtmf":["list",["object",{"digits":"string","finish_digit":"string"}]],"event":["list",["object",{"event":"string"}]],"language_code":"string","text":["list",["object",{"text":"string"}]]}]],"is_webhook_enabled":"bool"}]],"virtual_agent_output":["list",["object",{"current_page":["list",["object",{"display_name":"string","name":"string"}]],"differences":["list",["object",{"description":"string","type":"string"}]],"session_parameters":"string","status":["list",["object",{"code":"number","details":"string","message":"string"}]],"text_responses":["list",["object",{"text":["list","string"]}]],"triggered_intent":["list",["object",{"display_name":"string","name":"string"}]]}]]}]],"environment":"string","name":"string","test_result":"string","test_time":"string"}]],"description":"The latest test result.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the test case.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/testCases/\u003cTestCase ID\u003e.","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Additional freeform notes about the test case. Limit of 400 characters.","description_kind":"plain","optional":true},"parent":{"type":"string","description":"The agent to create the test case for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags are short descriptions that users may apply to test cases for organizational and filtering purposes.\nEach tag should start with \"#\" and has a limit of 30 characters","description_kind":"plain","optional":true}},"block_types":{"test_case_conversation_turns":{"nesting_mode":"list","block":{"block_types":{"user_input":{"nesting_mode":"list","block":{"attributes":{"enable_sentiment_analysis":{"type":"bool","description":"Whether sentiment analysis is enabled.","description_kind":"plain","optional":true},"injected_parameters":{"type":"string","description":"Parameters that need to be injected into the conversation during intent detection.","description_kind":"plain","optional":true},"is_webhook_enabled":{"type":"bool","description":"If webhooks should be allowed to trigger in response to the user utterance. Often if parameters are injected, webhooks should not be enabled.","description_kind":"plain","optional":true}},"block_types":{"input":{"nesting_mode":"list","block":{"attributes":{"language_code":{"type":"string","description":"The language of the input. See [Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) for a list of the currently supported language codes.\nNote that queries in the same session do not necessarily need to specify the same language.","description_kind":"plain","optional":true}},"block_types":{"dtmf":{"nesting_mode":"list","block":{"attributes":{"digits":{"type":"string","description":"The dtmf digits.","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The finish digit (if any).","description_kind":"plain","optional":true}},"description":"The DTMF event to be handled.","description_kind":"plain"},"max_items":1},"event":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"Name of the event.","description_kind":"plain","required":true}},"description":"The event to be triggered.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"text":{"type":"string","description":"The natural language text to be processed. Text length must not exceed 256 characters.","description_kind":"plain","required":true}},"description":"The natural language text to be processed.","description_kind":"plain"},"max_items":1}},"description":"User input. Supports text input, event input, dtmf input in the test case.","description_kind":"plain"},"max_items":1}},"description":"The user input.","description_kind":"plain"},"max_items":1},"virtual_agent_output":{"nesting_mode":"list","block":{"attributes":{"session_parameters":{"type":"string","description":"The session parameters available to the bot at this point.","description_kind":"plain","optional":true}},"block_types":{"current_page":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Page](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages#Page) on which the utterance was spoken.","description_kind":"plain"},"max_items":1},"text_responses":{"nesting_mode":"list","block":{"attributes":{"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text responses from the agent for the turn.","description_kind":"plain"}},"triggered_intent":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Intent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents#Intent) that triggered the response.","description_kind":"plain"},"max_items":1}},"description":"The virtual agent output.","description_kind":"plain"},"max_items":1}},"description":"The conversation turns uttered when the test case was created, in chronological order. These include the canonical set of agent utterances that should occur when the agent is working properly.","description_kind":"plain"}},"test_config":{"nesting_mode":"list","block":{"attributes":{"flow":{"type":"string","description":"Flow name to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"page":{"type":"string","description":"The page to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"tracking_parameters":{"type":["list","string"],"description":"Session parameters to be compared when calculating differences.","description_kind":"plain","optional":true}},"description":"Config for the test case.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the version. Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation.","description_kind":"plain","computed":true},"nlu_settings":{"type":["list",["object",{"classification_threshold":"number","model_training_mode":"string","model_type":"string"}]],"description":"The NLU settings of the flow at version creation.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Flow to create an Version for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of this version.\n* RUNNING: Version is not ready to serve (e.g. training is running).\n* SUCCEEDED: Training has succeeded and this version is ready to serve.\n* FAILED: Version training failed.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_webhook":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Indicates whether the webhook is disabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the webhook, unique within the agent.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the webhook.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a webhook for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"timeout":{"type":"string","description":"Webhook execution timeout.","description_kind":"plain","optional":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"Configuration for a generic web service.","description_kind":"plain"},"max_items":1},"service_directory":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"The name of Service Directory service.","description_kind":"plain","required":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"The name of Service Directory service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for a Service Directory service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_entity_type":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The name of this entity type to be displayed on the console.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates the kind of entity type.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value.\n* KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity\ntypes can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/agent/entityTypes/\u003cEntity type ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym\ncould be green onions.\nFor KIND_LIST entity types:\n* This collection must contain exactly one synonym equal to value.","description_kind":"plain","required":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value\ncould be scallions.\nFor KIND_MAP entity types:\n* A reference value to be used in place of synonyms.\nFor KIND_LIST entity types:\n* A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","required":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_fulfillment":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the fulfillment, unique within the agent.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether fulfillment is enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the fulfillment.\nFormat: projects/\u003cProject ID\u003e/agent/fulfillment - projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agent/fulfillment","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"features":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of the feature that enabled for fulfillment.\n* SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: [\"SMALLTALK\"]","description_kind":"plain","required":true}},"description":"The field defines whether the fulfillment is enabled for certain features.","description_kind":"plain"}},"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password for HTTP Basic authentication.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with fulfillment requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The fulfillment URI for receiving POST requests. It must use https protocol.","description_kind":"plain","required":true},"username":{"type":"string","description":"The user name for HTTP Basic authentication.","description_kind":"plain","optional":true}},"description":"Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_intent":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The name of the action associated with the intent.\nNote: The action name must not contain whitespaces.","description_kind":"plain","optional":true,"computed":true},"default_response_platforms":{"type":["list","string"],"description":"The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED\n(i.e. default platform). Possible values: [\"FACEBOOK\", \"SLACK\", \"TELEGRAM\", \"KIK\", \"SKYPE\", \"LINE\", \"VIBER\", \"ACTIONS_ON_GOOGLE\", \"GOOGLE_HANGOUTS\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this intent to be displayed on the console.","description_kind":"plain","required":true},"events":{"type":["list","string"],"description":"The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of\nthe contexts must be present in the active user session for an event to trigger this intent. See the\n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details.","description_kind":"plain","optional":true},"followup_intent_info":{"type":["list",["object",{"followup_intent_name":"string","parent_followup_intent_name":"string"}]],"description":"Information about all followup intents that have this intent as a direct or indirect parent. We populate this field\nonly in the output.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"input_context_names":{"type":["list","string"],"description":"The list of context names required for this intent to be triggered.\nFormat: projects/\u003cProject ID\u003e/agent/sessions/-/contexts/\u003cContext ID\u003e.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent.","description_kind":"plain","optional":true,"computed":true},"ml_disabled":{"type":"bool","description":"Indicates whether Machine Learning is disabled for the intent.\nNote: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML\nONLY match mode. Also, auto-markup in the UI is turned off.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent_followup_intent_name":{"type":"string","description":"The unique identifier of the parent intent in the chain of followup intents.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\n - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds\n to the Normal priority in the console.\n - If the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reset_contexts":{"type":"bool","description":"Indicates whether to delete all contexts in the current session when this intent is matched.","description_kind":"plain","optional":true,"computed":true},"root_followup_intent_name":{"type":"string","description":"The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup\nintents chain for this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"webhook_state":{"type":"string","description":"Indicates whether webhooks are enabled for the intent.\n* WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent.\n* WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot\nfilling prompt is forwarded to the webhook. Possible values: [\"WEBHOOK_STATE_ENABLED\", \"WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_chat_engine":{"version":0,"block":{"attributes":{"chat_engine_metadata":{"type":["list",["object",{"dialogflow_agent":"string"}]],"description":"Additional information of the Chat Engine.","description_kind":"plain","computed":true},"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. Multiple DataStores in the same Collection can be associated here. All listed DataStores must be 'SOLUTION_TYPE_CHAT'. Adding or removing data stores will force recreation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"The ID to use for chat engine.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the chat engine registers. Vertical on Engine has to match vertical of the DataStore linked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the chat engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"chat_engine_config":{"nesting_mode":"list","block":{"block_types":{"agent_creation_config":{"nesting_mode":"list","block":{"attributes":{"business":{"type":"string","description":"Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. See [Language Support](https://cloud.google.com/dialogflow/docs/reference/language) for a list of the currently supported language codes.","description_kind":"plain","required":true},"location":{"type":"string","description":"Agent location for Agent creation, currently supported values: global/us/eu, it needs to be the same region as the Chat Engine.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of the agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris.","description_kind":"plain","required":true}},"description":"The configuration to generate the Dialogflow agent that is associated to this Engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configurations for a chat Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_data_store":{"version":0,"block":{"attributes":{"content_config":{"type":"string","description":"The content config of the data store. Possible values: [\"NO_CONTENT\", \"CONTENT_REQUIRED\", \"PUBLIC_WEBSITE\"]","description_kind":"plain","required":true},"create_advanced_site_search":{"type":"bool","description":"If true, an advanced data store for site search will be created. If the\ndata store is not configured as site search (GENERIC vertical and\nPUBLIC_WEBSITE contentConfig), this flag will be ignored.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Timestamp when the DataStore was created.","description_kind":"plain","computed":true},"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"default_schema_id":{"type":"string","description":"The id of the default Schema associated with this data store.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the data store. This field must be a UTF-8 encoded\nstring with a length limit of 128 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the data store registers. Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the data store. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_default_schema_creation":{"type":"bool","description":"A boolean flag indicating whether to skip the default schema creation for\nthe data store. Only enable this flag if you are certain that the default\nschema is incompatible with your use case.\nIf set to true, you must manually create a schema for the data store\nbefore any documents can be ingested.\nThis flag cannot be specified if 'data_store.starting_schema' is\nspecified.","description_kind":"plain","optional":true},"solution_types":{"type":["list","string"],"description":"The solutions that the data store enrolls. Possible values: [\"SOLUTION_TYPE_RECOMMENDATION\", \"SOLUTION_TYPE_SEARCH\", \"SOLUTION_TYPE_CHAT\"]","description_kind":"plain","optional":true}},"block_types":{"document_processing_config":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The full resource name of the Document Processing Config. Format:\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}/documentProcessingConfig'.","description_kind":"plain","computed":true}},"block_types":{"default_parsing_config":{"nesting_mode":"list","block":{"block_types":{"digital_parsing_config":{"nesting_mode":"list","block":{"description":"Configurations applied to digital parser.","description_kind":"plain"},"max_items":1},"ocr_parsing_config":{"nesting_mode":"list","block":{"attributes":{"use_native_text":{"type":"bool","description":"If true, will use native text instead of OCR text on pages containing native text.","description_kind":"plain","optional":true}},"description":"Configurations applied to OCR parser. Currently it only applies to PDFs.","description_kind":"plain"},"max_items":1}},"description":"Configurations for default Document parser. If not specified, this resource\nwill be configured to use a default DigitalParsingConfig, and the default parsing\nconfig will be applied to all file types for Document parsing.","description_kind":"plain"},"max_items":1},"parsing_config_overrides":{"nesting_mode":"set","block":{"attributes":{"file_type":{"type":"string","description_kind":"plain","required":true}},"block_types":{"digital_parsing_config":{"nesting_mode":"list","block":{"description":"Configurations applied to digital parser.","description_kind":"plain"},"max_items":1},"ocr_parsing_config":{"nesting_mode":"list","block":{"attributes":{"use_native_text":{"type":"bool","description":"If true, will use native text instead of OCR text on pages containing native text.","description_kind":"plain","optional":true}},"description":"Configurations applied to OCR parser. Currently it only applies to PDFs.","description_kind":"plain"},"max_items":1}},"description":"Map from file type to override the default parsing configuration based on the file type. Supported keys:\n * 'pdf': Override parsing config for PDF files, either digital parsing, ocr parsing or layout parsing is supported.\n * 'html': Override parsing config for HTML files, only digital parsing and or layout parsing are supported.\n * 'docx': Override parsing config for DOCX files, only digital parsing and or layout parsing are supported.","description_kind":"plain"}}},"description":"Configuration for Document understanding and enrichment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_schema":{"version":0,"block":{"attributes":{"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"json_schema":{"type":"string","description":"The JSON representation of the schema.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the schema. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}/schemas/{schema_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema_id":{"type":"string","description":"The unique id of the schema.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_search_engine":{"version":0,"block":{"attributes":{"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. For SOLUTION_TYPE_SEARCH type of engines, they can only associate with at most one data store.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Required. The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"Unique ID to use for Search Engine App.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the engine registers. The restriction of the Engine industry vertical is based on DataStore: If unspecified, default to GENERIC. Vertical on Engine has to match vertical of the DataStore liniked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the search engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.cd","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"search_engine_config":{"nesting_mode":"list","block":{"attributes":{"search_add_ons":{"type":["list","string"],"description":"The add-on that this search engine enables. Possible values: [\"SEARCH_ADD_ON_LLM\"]","description_kind":"plain","optional":true},"search_tier":{"type":"string","description":"The search feature tier of this engine. Defaults to SearchTier.SEARCH_TIER_STANDARD if not specified. Default value: \"SEARCH_TIER_STANDARD\" Possible values: [\"SEARCH_TIER_STANDARD\", \"SEARCH_TIER_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Configurations for a Search Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The DNS name of this managed zone, for instance \"example.com.\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"Set this true to delete all records in the zone.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this ManagedZone.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"User assigned name for this resource.\nMust be unique within the project.","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description":"Delegate your managed_zone to these virtual name servers;\ndefined by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"]","description_kind":"plain","optional":true}},"block_types":{"cloud_logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_logging":{"type":"bool","description":"If set, enable query logging for this ManagedZone. False by default, making logging opt-in.","description_kind":"plain","required":true}},"description":"Cloud logging configuration","description_kind":"plain"},"max_items":1},"dnssec_config":{"nesting_mode":"list","block":{"attributes":{"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true},"non_existence":{"type":"string","description":"Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"]","description_kind":"plain","optional":true}},"block_types":{"default_key_specs":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"]","description_kind":"plain","optional":true},"key_length":{"type":"number","description":"Length of the keys in bits","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"]","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true}},"description":"Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.","description_kind":"plain"}}},"description":"DNSSEC configuration","description_kind":"plain"},"max_items":1},"forwarding_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address of a target name server.","description_kind":"plain","required":true}},"description":"List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.","description_kind":"plain"},"min_items":1}},"description":"The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.","description_kind":"plain"},"max_items":1},"peering_config":{"nesting_mode":"list","block":{"block_types":{"target_network":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The network with which to peer.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.","description_kind":"plain"},"max_items":1},"private_visibility_config":{"nesting_mode":"list","block":{"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to bind to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you\nmay experience issues with this resource while updating. If you've defined a 'networks' block and\nadd another 'networks' block while keeping the old block, Terraform will see an incorrect diff\nand apply an incorrect update to the resource. If you encounter this issue, remove all 'networks'\nblocks in an update and then apply another update adding all of them back simultaneously.","description_kind":"plain"}}},"description":"For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"enable_inbound_forwarding":{"type":"bool","description":"Allows networks bound to this policy to receive DNS queries sent\nby VMs or applications over VPN connections. When enabled, a\nvirtual IP address will be allocated from each of the sub-networks\nthat are bound to this policy.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Controls whether logging is enabled for the networks bound to this policy.\nDefaults to no logging if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User assigned name for this policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"alternative_name_server_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address to forward to.","description_kind":"plain","required":true}},"description":"Sets an alternative name server for the associated networks. When specified,\nall DNS queries are forwarded to a name server that you choose. Names such as .internal\nare not available when an alternative name server is specified.","description_kind":"plain"},"min_items":1}},"description":"Sets an alternative name server for the associated networks.\nWhen specified, all DNS queries are forwarded to a name server that you choose.\nNames such as .internal are not available when an alternative name server is specified.","description_kind":"plain"},"max_items":1},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"List of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description":"The name of the zone in which this record set will reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The DNS name this record set will apply to.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \\\" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \\\"\\\" inside the Terraform configuration string (e.g. \"first255characters\\\"\\\"morecharacters\").","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"plain","optional":true},"type":{"type":"string","description":"The DNS record set type.","description_kind":"plain","required":true}},"block_types":{"routing_policy":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing":{"type":"bool","description":"Specifies whether to enable fencing for geo queries.","description_kind":"plain","optional":true}},"block_types":{"geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Geo location based routing policy.","description_kind":"plain"}},"primary_backup":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing_for_backups":{"type":"bool","description":"Specifies whether to enable fencing for backup geo queries.","description_kind":"plain","optional":true},"trickle_ratio":{"type":"number","description":"Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.","description_kind":"plain","optional":true}},"block_types":{"backup_geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The backup geo targets, which provide a regional failover policy for the otherwise global primary targets.","description_kind":"plain"},"min_items":1},"primary":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of global primary targets to be health checked.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy.","description_kind":"plain"},"max_items":1},"wrr":{"nesting_mode":"list","block":{"attributes":{"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true},"weight":{"type":"number","description":"The ratio of traffic routed to the target.","description_kind":"plain","required":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of `rrdatas` or `health_checked_targets` can be set.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Weighted Round Robin based routing policy.","description_kind":"plain"}}},"description":"The configuration for steering traffic based on query. You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) type.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_response_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the response policy, such as 'My new response policy'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy_name":{"type":"string","description":"The user assigned name for this Response Policy, such as 'myresponsepolicy'.","description_kind":"plain","required":true}},"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The fully qualified URL of the VPC network to bind to.\nThis should be formatted like\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_response_policy_rule":{"version":0,"block":{"attributes":{"dns_name":{"type":"string","description":"The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy":{"type":"string","description":"Identifies the response policy addressed by this request.","description_kind":"plain","required":true},"rule_name":{"type":"string","description":"An identifier for this rule. Must be unique with the ResponsePolicy.","description_kind":"plain","required":true}},"block_types":{"local_data":{"nesting_mode":"list","block":{"block_types":{"local_datas":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"For example, www.example.com.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description":"As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Number of seconds that this ResourceRecordSet can be cached by\nresolvers.","description_kind":"plain","optional":true},"type":{"type":"string","description":"One of valid DNS resource types. Possible values: [\"A\", \"AAAA\", \"CAA\", \"CNAME\", \"DNSKEY\", \"DS\", \"HTTPS\", \"IPSECVPNKEY\", \"MX\", \"NAPTR\", \"NS\", \"PTR\", \"SOA\", \"SPF\", \"SRV\", \"SSHFP\", \"SVCB\", \"TLSA\", \"TXT\"]","description_kind":"plain","required":true}},"description":"All resource record sets for this selector, one per resource record type. The name must match the dns_name.","description_kind":"plain"},"min_items":1}},"description":"Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name;\nin particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name. Must be unique.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the processor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor_default_version":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"processor":{"type":"string","description":"The processor to set the version on.","description_kind":"plain","required":true},"version":{"type":"string","description":"The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel.\nApply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_document_schema":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name of the schema given by the user.","description_kind":"plain","required":true},"document_is_folder":{"type":"bool","description":"Tells whether the document is a folder or a typical document.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the document schema.","description_kind":"plain","computed":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"property_type_options":{"nesting_mode":"list","block":{"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1}},"description":"Nested structured data property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text/string property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_location":{"version":0,"block":{"attributes":{"access_control_mode":{"type":"string","description":"The access control mode for accessing the customer data. Possible values: [\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\", \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_BYOID\", \"ACL_MODE_UNIVERSAL_ACCESS\"]","description_kind":"plain","required":true},"database_type":{"type":"string","description":"The type of database used to store customer data. Possible values: [\"DB_INFRA_SPANNER\", \"DB_CLOUD_SQL_POSTGRES\"]","description_kind":"plain","required":true},"document_creator_default_role":{"type":"string","description":"The default role for the person who create a document. Possible values: [\"DOCUMENT_ADMIN\", \"DOCUMENT_EDITOR\", \"DOCUMENT_VIEWER\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"The KMS key used for CMEK encryption. It is required that\nthe kms key is in the same region as the endpoint. The\nsame key will be used for all provisioned resources, if\nencryption is available. If the kmsKey is left empty, no\nencryption will be enforced.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the instance is to be provisioned. It takes the form projects/{projectNumber}/locations/{location}.","description_kind":"plain","required":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_cluster":{"version":0,"block":{"attributes":{"cluster_ca_certificate":{"type":"string","description":"The PEM-encoded public certificate of the cluster's CA.","description_kind":"plain","computed":true,"sensitive":true},"control_plane_version":{"type":"string","description":"The control plane release version.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node used if a maximum value is not\nspecified explicitly for a node pool in this cluster. If unspecified, the\nKubernetes default value will be used.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of the Kubernetes API server.","description_kind":"plain","computed":true},"external_load_balancer_ipv4_address_pools":{"type":["list","string"],"description":"Address pools for cluster data plane external load balancing.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the edgecloud cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"maintenance_events":{"type":["list",["object",{"create_time":"string","end_time":"string","operation":"string","schedule":"string","start_time":"string","state":"string","target_version":"string","type":"string","update_time":"string","uuid":"string"}]],"description":"All the maintenance events scheduled for the cluster, including the ones\nongoing, planned for the future and done in the past (up to 90 days).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The GDCE cluster name.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes. This field can be empty\nif the cluster does not have any worker nodes.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the Kubernetes API server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel a cluster is subscribed to. Possible values: [\"RELEASE_CHANNEL_UNSPECIFIED\", \"NONE\", \"REGULAR\"]","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Indicates the status of the cluster.","description_kind":"plain","computed":true},"target_version":{"type":"string","description":"The target cluster version. For example: \"1.5.0\".","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"An active Google username.","description_kind":"plain","required":true}},"description":"User that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster. Currently, this is a singular field, but will\nbe expanded to allow multiple admins in the future.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"RBAC policy that will be applied and managed by GEC.","description_kind":"plain"},"min_items":1,"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"local":{"nesting_mode":"list","block":{"attributes":{"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to host control\nplane nodes. The filtering language accepts strings like \"name=\u003cname\u003e\",\nand is documented here: [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes to serve as replicas of the Control Plane.\nOnly 1 and 3 are supported.","description_kind":"plain","optional":true,"computed":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true},"shared_deployment_policy":{"type":"string","description":"Policy configuration about how user applications are deployed. Possible values: [\"SHARED_DEPLOYMENT_POLICY_UNSPECIFIED\", \"ALLOWED\", \"DISALLOWED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Local control plane configuration.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote control plane configuration.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the cluster control plane.","description_kind":"plain"},"max_items":1},"control_plane_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g.\nprojects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}\nto use for protecting control plane disks. If not specified, a\nGoogle-managed key will be used instead.","description_kind":"plain","optional":true,"computed":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting control\nplane disks. Only applicable if kms_key is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then\nnodes may go offline as they cannot access their local data. This can be\ncaused by a lack of permissions to use the key, or if the key is disabled\nor deleted.","description_kind":"plain","computed":true},"kms_status":{"type":["list",["object",{"code":"number","message":"string"}]],"description":"Error status returned by Cloud KMS when using this key. This field may be\npopulated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'.\nIf populated, this field contains the error status reported by Cloud KMS.","description_kind":"plain","computed":true}},"description":"Remote control plane disk encryption options. This field is only used when\nenabling CMEK support.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster.\nMembership names are formatted as\n'projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The name of the Fleet host project where this cluster will be registered.\nProject names are formatted as\n'projects/\u003cproject-number\u003e'.","description_kind":"plain","required":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"maintenance_exclusions":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"A unique (per cluster) id for the window.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The time that the window ends. The end time must take place after the\nstart time.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time that the window first starts.","description_kind":"plain","optional":true,"computed":true}},"description":"Represents an arbitrary window of time.","description_kind":"plain"},"max_items":1}},"description":"Exclusions to automatic maintenance. Non-emergency maintenance should not occur\nin these windows. Each exclusion has a unique name and may be active or expired.\nThe max number of maintenance exclusions allowed at a given time is 3.","description_kind":"plain"}},"window":{"nesting_mode":"list","block":{"block_types":{"recurring_window":{"nesting_mode":"list","block":{"attributes":{"recurrence":{"type":"string","description":"An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how\nthis window recurs. They go on for the span of time between the start and\nend time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The time that the window ends. The end time must take place after the\nstart time.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time that the window first starts.","description_kind":"plain","optional":true,"computed":true}},"description":"Represents an arbitrary window of time.","description_kind":"plain"},"max_items":1}},"description":"Represents an arbitrary window of time that recurs.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the maintenance window in which maintenance may be performed.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Cluster-wide maintenance policy configuration.","description_kind":"plain"},"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"cluster_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all pods in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6.","description_kind":"plain","computed":true},"services_ipv4_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"services_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all services in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"system_addons_config":{"nesting_mode":"list","block":{"block_types":{"ingress":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Whether Ingress is disabled.","description_kind":"plain","optional":true,"computed":true},"ipv4_vip":{"type":"string","description":"Ingress VIP.","description_kind":"plain","optional":true,"computed":true}},"description":"Config for the Ingress add-on which allows customers to create an Ingress\nobject to manage external access to the servers in a cluster. The add-on\nconsists of istiod and istio-ingress.","description_kind":"plain"},"max_items":1}},"description":"Config that customers are allowed to define for GDCE system add-ons.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_node_pool":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The name of the target Distributed Cloud Edge Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the node pool was created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to join the node pool.\nThe filtering language accepts strings like \"name=\u003cname\u003e\", and is\ndocumented in more detail in [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the node pool.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"The number of nodes in the pool.","description_kind":"plain","required":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the node pool was last updated.","description_kind":"plain","computed":true}},"block_types":{"local_disk_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks.\nIf not specified, a Google-managed key will be used instead.","description_kind":"plain","optional":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kmsKey is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data.\nThis can be caused by a lack of permissions to use the key, or if the key is disabled or deleted.","description_kind":"plain","computed":true}},"description":"Local disk encryption options. This field is only used when enabling CMEK support.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"\"The Kubernetes node labels\"","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for each node in the NodePool","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_vpn_connection":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the VPN connection was created.","description_kind":"plain","computed":true},"details":{"type":["list",["object",{"cloud_router":["list",["object",{"name":"string"}]],"cloud_vpns":["list",["object",{"gateway":"string"}]],"error":"string","state":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_high_availability":{"type":"bool","description":"Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Google Cloud Platform location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of VPN connection","description_kind":"plain","required":true},"nat_gateway_ip":{"type":"string","description":"NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster.\nThis is empty if NAT is not used.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The VPN connection Cloud Router name.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the VPN connection was last updated.","description_kind":"plain","computed":true},"vpc":{"type":"string","description":"The network ID of VPC to connect to.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_project":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project of the VPC to connect to. If not specified, it is the same as the cluster project.","description_kind":"plain","optional":true}},"description":"Project detail of the VPC network. Required if VPC is in a different project than the cluster project.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_edgenetwork_network":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"mtu":{"type":"number","description":"IP (L3) MTU value of the network. Default value is '1500'. Possible values are: '1500', '9000'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","computed":true},"network_id":{"type":"string","description":"A unique ID that identifies this network.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgenetwork_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_cidr":{"type":["list","string"],"description":"The ranges of ipv4 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"ipv6_cidr":{"type":["list","string"],"description":"The ranges of ipv6 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'","description_kind":"plain","computed":true},"network":{"type":"string","description":"The ID of the network to which this router belongs.\nMust be of the form: 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current stage of the resource to the device by config push.","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"A unique ID that identifies this subnet.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID for this subnetwork. If not specified, one is assigned automatically.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service":{"version":1,"block":{"attributes":{"apis":{"type":["list",["object",{"methods":["list",["object",{"name":"string","request_type":"string","response_type":"string","syntax":"string"}]],"name":"string","syntax":"string","version":"string"}]],"description":"A list of API objects.","description_kind":"plain","computed":true},"config_id":{"type":"string","description":"The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.","description_kind":"plain","computed":true},"dns_address":{"type":"string","description":"The address at which the service can be found - usually the same as the service name.","description_kind":"plain","computed":true},"endpoints":{"type":["list",["object",{"address":"string","name":"string"}]],"description":"A list of Endpoint objects.","description_kind":"plain","computed":true},"grpc_config":{"type":"string","description":"The full text of the Service Config YAML file (Example located here). If provided, must also provide protoc_output_base64. open_api config must not be provided.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"openapi_config":{"type":"string","description":"The full text of the OpenAPI YAML configuration as described here. Either this, or both of grpc_config and protoc_output_base64 must be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project ID that the service belongs to. If not provided, provider project is used.","description_kind":"plain","optional":true,"computed":true},"protoc_output_base64":{"type":"string","description":"The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_binding":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_member":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_essential_contacts_contact":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email address to send notifications to. This does not need to be a Google account.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_tag":{"type":"string","description":"The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages.","description_kind":"plain","required":true},"name":{"type":"string","description":"The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}","description_kind":"plain","computed":true},"notification_category_subscriptions":{"type":["list","string"],"description":"The categories of notifications that the contact will receive communications for.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_channel":{"version":0,"block":{"attributes":{"activation_token":{"type":"string","description":"Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the channel. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{project}/topics/{topic_id}`.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE","description_kind":"plain","computed":true},"third_party_provider":{"type":"string","description":"The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: `projects/{project}/locations/{location}/providers/{provider_id}`.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_google_channel_config":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the config. Must be in the format of, `projects/{project}/locations/{location}/googleChannelConfig`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_trigger":{"version":0,"block":{"attributes":{"channel":{"type":"string","description":"Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners.","description_kind":"plain","optional":true},"conditions":{"type":["map","string"],"description":"Output only. The reason(s) why a trigger is in FAILED state.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"event_data_content_type":{"type":"string","description":"Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to `application/json` if the value is not defined.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User labels attached to the triggers that can be used to group resources.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the trigger. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"cloud_function":{"type":"string","description":"The Cloud Function resource name. Only Cloud Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} This is a read-only field. [WARNING] Creating Cloud Functions V2 triggers is only supported via the Cloud Functions product. An error will be returned if the user sets this value.","description_kind":"plain","computed":true},"workflow":{"type":"string","description":"The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`","description_kind":"plain","optional":true}},"block_types":{"cloud_run_service":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"region":{"type":"string","description":"Required. The region the Cloud Run service is deployed in.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed.","description_kind":"plain","required":true}},"description":"Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger.","description_kind":"plain"},"max_items":1},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created.","description_kind":"plain","required":true},"location":{"type":"string","description":"Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Required. The namespace the GKE service is running in.","description_kind":"plain","required":true},"path":{"type":"string","description":"Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the GKE service.","description_kind":"plain","required":true}},"description":"A GKE service capable of receiving events. The service should be running in the same project as the trigger.","description_kind":"plain"},"max_items":1},"http_endpoint":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: `http://10.10.10.8:80/route`, `http://svc.us-central1.p.local:8080/`. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS.","description_kind":"plain","required":true}},"description":"An HTTP endpoint destination described by an URI.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"network_attachment":{"type":"string","description":"Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: `projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}`","description_kind":"plain","required":true}},"description":"Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type.","description_kind":"plain"},"max_items":1}},"description":"Required. Destination specifies where the events should be sent to.","description_kind":"plain"},"min_items":1,"max_items":1},"matching_criteria":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.","description_kind":"plain","required":true}},"description":"Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transport":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"subscription":{"type":"string","description":"Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion.","description_kind":"plain","optional":true}},"description":"The Pub/Sub topic and subscription used by Eventarc as delivery intermediary.","description_kind":"plain"},"max_items":1}},"description":"Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_filestore_backup":{"version":0,"block":{"attributes":{"capacity_gb":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"download_bytes":{"type":"string","description":"Amount of bytes that will be downloaded if the backup is restored.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_file_share":{"type":"string","description":"Name of the file share in the source Cloud Filestore instance that the backup is created from.","description_kind":"plain","required":true},"source_instance":{"type":"string","description":"The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup.","description_kind":"plain","required":true},"source_instance_tier":{"type":"string","description":"The service tier of the source Cloud Filestore instance that this backup is created from.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The backup state.","description_kind":"plain","computed":true},"storage_bytes":{"type":"string","description":"The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","required":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"file_shares":{"nesting_mode":"list","block":{"attributes":{"capacity_gb":{"type":"number","description":"File share capacity in GiB. This must be at least 1024 GiB\nfor the standard tier, or 2560 GiB for the premium tier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the fileshare (16 characters or less)","description_kind":"plain","required":true},"source_backup":{"type":"string","description":"The resource name of the backup, in the format\nprojects/{projectId}/locations/{locationId}/backups/{backupId},\nthat this file share has been restored from.","description_kind":"plain","optional":true}},"block_types":{"nfs_export_options":{"nesting_mode":"list","block":{"attributes":{"access_mode":{"type":"string","description":"Either READ_ONLY, for allowing only read requests on the exported directory,\nor READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"anon_gid":{"type":"number","description":"An integer representing the anonymous group id with a default value of 65534.\nAnon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"anon_uid":{"type":"number","description":"An integer representing the anonymous user id with a default value of 65534.\nAnon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"ip_ranges":{"type":["list","string"],"description":"List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share.\nOverlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned.\nThe limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.","description_kind":"plain","optional":true},"squash_mode":{"type":"string","description":"Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH,\nfor not allowing root access. The default is NO_ROOT_SQUASH. Default value: \"NO_ROOT_SQUASH\" Possible values: [\"NO_ROOT_SQUASH\", \"ROOT_SQUASH\"]","description_kind":"plain","optional":true}},"description":"Nfs Export Options. There is a limit of 10 export options per file share.","description_kind":"plain"},"max_items":10}},"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"networks":{"nesting_mode":"list","block":{"attributes":{"connect_mode":{"type":"string","description":"The network connect mode of the Filestore instance.\nIf not provided, the connect mode defaults to\nDIRECT_PEERING. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"A list of IPv4 or IPv6 addresses.","description_kind":"plain","computed":true},"modes":{"type":["list","string"],"description":"IP versions for which the instance has\nIP addresses assigned. Possible values: [\"ADDRESS_MODE_UNSPECIFIED\", \"MODE_IPV4\", \"MODE_IPV6\"]","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the GCE VPC network to which the\ninstance is connected.","description_kind":"plain","required":true},"reserved_ip_range":{"type":"string","description":"A /29 CIDR block that identifies the range of IP\naddresses reserved for this instance.","description_kind":"plain","optional":true,"computed":true}},"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_snapshot":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filesystem_used_bytes":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The resource name of the filestore instance.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the snapshot. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The snapshot state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_app_attest_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the App Attest configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_debug_token":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of a\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id),\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id),\nor [Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id)","description_kind":"plain","required":true},"debug_token_id":{"type":"string","description":"The last segment of the resource name of the debug token.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A human readable display name used to identify this debug token.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token":{"type":"string","description":"The secret token itself. Must be provided during creation, and must be a UUID4,\ncase insensitive. You may use a method of your choice such as random/random_uuid\nto generate the token.\n\nThis field is immutable once set, and cannot be updated. You can, however, delete\nthis debug token to revoke it.\n\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_device_check_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the DeviceCheck configuration object","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The contents of the private key (.p8) file associated with the key specified by keyId.","description_kind":"plain","required":true,"sensitive":true},"private_key_set":{"type":"bool","description":"Whether the privateKey field was previously set. Since App Check will never return the\nprivateKey field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from DeviceCheck artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_play_integrity_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the Play Integrity configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from Play Integrity artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_enterprise_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA Enterprise configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_key":{"type":"string","description":"The score-based site key created in reCAPTCHA Enterprise used to invoke reCAPTCHA and generate the reCAPTCHA tokens for your application.\n\n**Important**: This is not the siteSecret (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key.","description_kind":"plain","required":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_v3_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA V3 configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_secret":{"type":"string","description":"The site secret used to identify your service for reCAPTCHA v3 verification.\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true},"site_secret_set":{"type":"bool","description":"Whether the siteSecret was previously set. Since we will never return the siteSecret field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA V3 artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_service_config":{"version":0,"block":{"attributes":{"enforcement_mode":{"type":"string","description":"The App Check enforcement mode for a service supported by App Check. Valid values are\n\n(Unset)\nFirebase App Check is not enforced for the service, nor are App Check metrics collected.\nThough the service is not protected by App Check in this mode, other applicable protections,\nsuch as user authorization, are still enforced. An unconfigured service is in this mode by default.\nThis is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the\nenforcement to OFF for this service.\n\nUNENFORCED\nFirebase App Check is not enforced for the service. App Check metrics are collected to help you\ndecide when to turn on enforcement for the service. Though the service is not protected by App Check\nin this mode, other applicable protections, such as user authorization, are still enforced.\n\nENFORCED\nFirebase App Check is enforced for the service. The service will reject any request that attempts to\naccess your project's resources if it does not have valid App Check token attached, with some exceptions\ndepending on the service; for example, some services will still allow requests bearing the developer's\nprivileged service account credentials without an App Check token. App Check metrics continue to be\ncollected to help you detect issues with your App Check integration and monitor the composition of your\ncallers. While the service is protected by App Check, other applicable protections, such as user\nauthorization, continue to be enforced at the same time.\n\nUse caution when choosing to enforce App Check on a Firebase service. If your users have not updated\nto an App Check capable version of your app, their apps will no longer be able to use your Firebase\nservices that are enforcing App Check. App Check metrics can help you decide whether to enforce App\nCheck on your Firebase services.\n\nIf your app has not launched yet, you should enable enforcement immediately, since there are no outdated\nclients in use. Possible values: [\"UNENFORCED\", \"ENFORCED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The fully-qualified resource name of the service enforcement configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The identifier of the service to configure enforcement. Currently, the following service IDs are supported:\n firebasestorage.googleapis.com (Cloud Storage for Firebase)\n firebasedatabase.googleapis.com (Firebase Realtime Database)\n firestore.googleapis.com (Cloud Firestore)\n identitytoolkit.googleapis.com (Authentication)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_release":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the release was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: `projects/{project_id}/releases/{release_id}`\\Firestore Rules Releases will **always** have the name 'cloud.firestore'","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"ruleset_name":{"type":"string","description":"Name of the `Ruleset` referred to by this `Release`. The `Ruleset` must exist for the `Release` to be created.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Time the release was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_ruleset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the `Ruleset` was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["list",["object",{"services":["list","string"]}]],"description":"Output only. The metadata for this ruleset.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Output only. Name of the `Ruleset`. The ruleset_id is auto generated by the service. Format: `projects/{project_id}/rulesets/{ruleset_id}`","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"language":{"type":"string","description":"`Language` of the `Source` bundle. If unspecified, the language will default to `FIREBASE_RULES`. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS","description_kind":"plain","optional":true}},"block_types":{"files":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"Textual Content.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint (e.g. github sha) associated with the `File`.","description_kind":"plain","optional":true},"name":{"type":"string","description":"File name.","description_kind":"plain","required":true}},"description":"`File` set constituting the `Source` bundle.","description_kind":"plain"},"min_items":1}},"description":"`Source` for the `Ruleset`.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_backup_schedule":{"version":0,"block":{"attributes":{"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique backup schedule identifier across all locations and databases for the given project. Format:\n'projects/{{project}}/databases/{{database}}/backupSchedules/{{backupSchedule}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retention":{"type":"string","description":"At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".\n\nYou can set this to a value up to 14 weeks.","description_kind":"plain","required":true}},"block_types":{"daily_recurrence":{"nesting_mode":"list","block":{"description":"For a schedule that runs daily.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"weekly_recurrence":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"The day of week to run. Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"For a schedule that runs weekly on a specific day.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_database":{"version":0,"block":{"attributes":{"app_engine_integration_mode":{"type":"string","description":"The App Engine integration mode to use for this database. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"concurrency_mode":{"type":"string","description":"The concurrency control mode to use for this database. Possible values: [\"OPTIMISTIC\", \"PESSIMISTIC\", \"OPTIMISTIC_WITH_ENTITY_GROUPS\"]","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Output only. The timestamp at which this database was created.","description_kind":"plain","computed":true},"delete_protection_state":{"type":"string","description":"State of delete protection for the database.\nWhen delete protection is enabled, this database cannot be deleted.\nThe default value is 'DELETE_PROTECTION_STATE_UNSPECIFIED', which is currently equivalent to 'DELETE_PROTECTION_DISABLED'.\n**Note:** Additionally, to delete this database using 'terraform destroy', 'deletion_policy' must be set to 'DELETE'. Possible values: [\"DELETE_PROTECTION_STATE_UNSPECIFIED\", \"DELETE_PROTECTION_ENABLED\", \"DELETE_PROTECTION_DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Deletion behavior for this database.\nIf the deletion policy is 'ABANDON', the database will be removed from Terraform state but not deleted from Google Cloud upon destruction.\nIf the deletion policy is 'DELETE', the database will both be removed from Terraform state and deleted from Google Cloud upon destruction.\nThe default value is 'ABANDON'.\nSee also 'delete_protection'.","description_kind":"plain","optional":true},"earliest_version_time":{"type":"string","description":"Output only. The earliest timestamp at which older versions of the data can be read from the database. See versionRetentionPeriod above; this field is populated with now - versionRetentionPeriod.\nThis value is continuously updated, and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an\nup-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_prefix":{"type":"string","description":"Output only. The keyPrefix for this database.\nThis keyPrefix is used, in combination with the project id (\"~\") to construct the application id\nthat is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes.\nThis value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo).","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The location of the database. Available locations are listed at\nhttps://cloud.google.com/firestore/docs/locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID to use for the database, which will become the final\ncomponent of the database's resource name. This value should be 4-63\ncharacters. Valid characters are /[a-z][0-9]-/ with first character\na letter and the last a letter or a number. Must not be\nUUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/.\n\"(default)\" database id is also valid.","description_kind":"plain","required":true},"point_in_time_recovery_enablement":{"type":"string","description":"Whether to enable the PITR feature on this database.\nIf 'POINT_IN_TIME_RECOVERY_ENABLED' is selected, reads are supported on selected versions of the data from within the past 7 days.\nversionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour\nand reads against 1-minute snapshots beyond 1 hour and within 7 days.\nIf 'POINT_IN_TIME_RECOVERY_DISABLED' is selected, reads are supported on any version of the data from within the past 1 hour. Default value: \"POINT_IN_TIME_RECOVERY_DISABLED\" Possible values: [\"POINT_IN_TIME_RECOVERY_ENABLED\", \"POINT_IN_TIME_RECOVERY_DISABLED\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the database.\nSee https://cloud.google.com/datastore/docs/firestore-or-datastore\nfor information about how to choose. Possible values: [\"FIRESTORE_NATIVE\", \"DATASTORE_MODE\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. The system-generated UUID4 for this Database.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp at which this database was most recently updated.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"Output only. The period during which past versions of data are retained in the database.\nAny read or query can specify a readTime within this window, and will read the state of the database at that time.\nIf the PITR feature is enabled, the retention period is 7 days. Otherwise, the retention period is 1 hour.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"cmek_config":{"nesting_mode":"list","block":{"attributes":{"active_key_version":{"type":["list","string"],"description":"Currently in-use KMS key versions (https://cloud.google.com/kms/docs/resource-hierarchy#key_versions).\nDuring key rotation (https://cloud.google.com/kms/docs/key-rotation), there can be\nmultiple in-use key versions.\n\nThe expected format is\n'projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{key_version}'.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The resource ID of a Cloud KMS key. If set, the database created will\nbe a Customer-managed Encryption Key (CMEK) database encrypted with\nthis key. This feature is allowlist only in initial launch.\n\nOnly keys in the same location as this database are allowed to be used\nfor encryption. For Firestore's nam5 multi-region, this corresponds to Cloud KMS\nmulti-region us. For Firestore's eur3 multi-region, this corresponds to\nCloud KMS multi-region europe. See https://cloud.google.com/kms/docs/locations.\n\nThis value should be the KMS key resource ID in the format of\n'projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}'.\nHow to retrive this resource ID is listed at\nhttps://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version.","description_kind":"plain","required":true}},"description":"The CMEK (Customer Managed Encryption Key) configuration for a Firestore\ndatabase. If not present, the database is secured by the default Google\nencryption key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_document":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 format.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"document_id":{"type":"string","description":"The client-assigned document ID to use for this document during creation.","description_kind":"plain","required":true},"fields":{"type":"string","description":"The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this document. Format:\n'projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}'","description_kind":"plain","computed":true},"path":{"type":"string","description":"A relative path to the collection this document exists within","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Last update timestamp in RFC3339 format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_field":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The id of the collection group to configure.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"field":{"type":"string","description":"The id of the field to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this field. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"index_config":{"nesting_mode":"list","block":{"block_types":{"indexes":{"nesting_mode":"set","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=, !=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Collection scoped queries require you specify\nthe collection at query time. Collection group scope allows queries across all\ncollections with the same id. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"]","description_kind":"plain","optional":true}},"description":"The indexes to configure on the field. Order or array contains must be specified.","description_kind":"plain"}}},"description":"The single field index configuration for this field.\nCreating an index configuration for this field will override any inherited configuration with the\nindexes specified. Configuring the index configuration with an empty block disables all indexes on\nthe field.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"ttl_config":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"The state of TTL (time-to-live) configuration for documents that have this Field set.","description_kind":"plain","computed":true}},"description":"The TTL configuration for this Field. If set to an empty block (i.e. 'ttl_config {}'), a TTL policy is configured based on the field. If unset, a TTL policy is not configured (or will be disabled upon updating the resource).","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_index":{"version":0,"block":{"attributes":{"api_scope":{"type":"string","description":"The API scope at which a query is run. Default value: \"ANY_API\" Possible values: [\"ANY_API\", \"DATASTORE_MODE_API\"]","description_kind":"plain","optional":true},"collection":{"type":"string","description":"The collection being indexed.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\", \"COLLECTION_RECURSIVE\"]","description_kind":"plain","optional":true}},"block_types":{"fields":{"nesting_mode":"list","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order', 'arrayConfig', and\n'vectorConfig' can be specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"field_path":{"type":"string","description":"Name of the field.","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=.\nOnly one of 'order', 'arrayConfig', and 'vectorConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true}},"block_types":{"vector_config":{"nesting_mode":"list","block":{"attributes":{"dimension":{"type":"number","description":"The resulting index will only include vectors of this dimension, and can be used for vector search\nwith the same dimension.","description_kind":"plain","optional":true}},"block_types":{"flat":{"nesting_mode":"list","block":{"description":"Indicates the vector index is a flat index.","description_kind":"plain"},"max_items":1}},"description":"Indicates that this field supports vector search operations. Only one of 'order', 'arrayConfig', and\n'vectorConfig' can be specified. Vector Fields should come after the field path '__name__'.","description_kind":"plain"},"max_items":1}},"description":"The fields supported by this index. The last non-stored field entry is\nalways for the field path '__name__'. If, on creation, '__name__' was not\nspecified as the last field, it will be added automatically with the same\ndirection as that of the last field defined. If the final field in a\ncomposite index is not directional, the '__name__' will be ordered\n'\"ASCENDING\"' (unless explicitly specified otherwise).","description_kind":"plain"},"min_items":2},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The folder id from the name \"folders/{folder_id}\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Folder. Its format is folders/{folder_id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Folder has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"ID of the folder of the access approval settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"folders/{folder_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n * all\n * App Engine\n * BigQuery\n * Cloud Bigtable\n * Cloud Key Management Service\n * Compute Engine\n * Cloud Dataflow\n * Cloud Identity and Access Management\n * Cloud Pub/Sub\n * Cloud Storage\n * Persistent Disk\n\nNote: These values are supported as input, but considered a legacy format:\n * all\n * appengine.googleapis.com\n * bigquery.googleapis.com\n * bigtable.googleapis.com\n * cloudkms.googleapis.com\n * compute.googleapis.com\n * dataflow.googleapis.com\n * iam.googleapis.com\n * pubsub.googleapis.com\n * storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_folder_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The source cluster from which Backups will be created via this BackupPlan.","description_kind":"plain","required":true},"deactivated":{"type":"bool","description":"This flag indicates whether this BackupPlan has been deactivated.\nSetting this field to True locks the BackupPlan such that no further updates will be allowed\n(except deletes), including the deactivated field itself. It also prevents any new Backups\nfrom being created via this BackupPlan (including scheduled Backups).","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"User specified descriptive string for this BackupPlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"etag is used for optimistic concurrency control as a way to help prevent simultaneous\nupdates of a backup plan from overwriting each other. It is strongly suggested that\nsystems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates\nin order to avoid race conditions: An etag is returned in the response to backupPlans.get,\nand systems are expected to put that etag in the request to backupPlans.patch or\nbackupPlans.delete to ensure that their change will be applied to the same version of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Backup Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protected_pod_count":{"type":"number","description":"The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State of the BackupPlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why BackupPlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, include all namespaced resources.","description_kind":"plain","optional":true},"include_secrets":{"type":"bool","description":"This flag specifies whether Kubernetes Secret resources should be included\nwhen they fall into the scope of Backups.","description_kind":"plain","optional":true,"computed":true},"include_volume_data":{"type":"bool","description":"This flag specifies whether volume data should be backed up when PVCs are\nincluded in the scope of a Backup.","description_kind":"plain","optional":true,"computed":true},"permissive_mode":{"type":"bool","description":"This flag specifies whether Backups will not fail when\nBackup for GKE detects Kubernetes configuration that is\nnon-standard or requires additional setup to restore.","description_kind":"plain","optional":true}},"block_types":{"encryption_key":{"nesting_mode":"list","block":{"attributes":{"gcp_kms_encryption_key":{"type":"string","description":"Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*","description_kind":"plain","required":true}},"description":"This defines a customer managed encryption key that will be used to encrypt the \"config\"\nportion (the Kubernetes resources) of Backups created via this plan.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of namespaced Kubernetes Resources.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"If set, include just the resources in the listed namespaces.","description_kind":"plain"},"max_items":1}},"description":"Defines the configuration of Backups created via this BackupPlan.","description_kind":"plain"},"max_items":1},"backup_schedule":{"nesting_mode":"list","block":{"attributes":{"cron_schedule":{"type":"string","description":"A standard cron string that defines a repeating schedule for\ncreating Backups via this BackupPlan.\nThis is mutually exclusive with the rpoConfig field since at most one\nschedule can be defined for a BackupPlan.\nIf this is defined, then backupRetainDays must also be defined.","description_kind":"plain","optional":true},"paused":{"type":"bool","description":"This flag denotes whether automatic Backup creation is paused for this BackupPlan.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"rpo_config":{"nesting_mode":"list","block":{"attributes":{"target_rpo_minutes":{"type":"number","description":"Defines the target RPO for the BackupPlan in minutes, which means the target\nmaximum data loss in time that is acceptable for this BackupPlan. This must be\nat least 60, i.e., 1 hour, and at most 86400, i.e., 60 days.","description_kind":"plain","required":true}},"block_types":{"exclusion_windows":{"nesting_mode":"list","block":{"attributes":{"daily":{"type":"bool","description":"The exclusion window occurs every day if set to \"True\".\nSpecifying this field to \"False\" is an error.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Specifies duration of the window in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\". Restrictions for duration based on the\nrecurrence type to allow some time for backup to happen:\n - single_occurrence_date: no restriction\n - daily window: duration \u003c 24 hours\n - weekly window:\n - days of week includes all seven days of a week: duration \u003c 24 hours\n - all other weekly window: duration \u003c 168 hours (i.e., 24 * 7 hours)","description_kind":"plain","required":true}},"block_types":{"days_of_week":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"A list of days of week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"The exclusion window occurs on these days of each week in UTC.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain"},"max_items":1},"single_occurrence_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date.","description_kind":"plain","optional":true}},"description":"No recurrence. The exclusion window occurs only once and on this date in UTC.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain"},"max_items":1},"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time.","description_kind":"plain","optional":true}},"description":"Specifies the start time of the window using time of the day in UTC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"User specified time windows during which backup can NOT happen for this BackupPlan.\nBackups should start and finish outside of any given exclusion window. Note: backup\njobs will be scheduled to start and finish outside the duration of the window as\nmuch as possible, but running jobs will not get canceled when it runs into the window.\nAll the time and date values in exclusionWindows entry in the API are in UTC. We\nonly allow \u003c=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no\nrestriction on number of single occurrence windows.","description_kind":"plain"}}},"description":"Defines the RPO schedule configuration for this BackupPlan. This is mutually\nexclusive with the cronSchedule field since at most one schedule can be defined\nfor a BackupPLan. If this is defined, then backupRetainDays must also be defined.","description_kind":"plain"},"max_items":1}},"description":"Defines a schedule for automatic Backup creation via this BackupPlan.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"backup_delete_lock_days":{"type":"number","description":"Minimum age for a Backup created via this BackupPlan (in days).\nMust be an integer value between 0-90 (inclusive).\nA Backup created under this BackupPlan will not be deletable\nuntil it reaches Backup's (create time + backup_delete_lock_days).\nUpdating this field of a BackupPlan does not affect existing Backups.\nBackups created after a successful update will inherit this new value.","description_kind":"plain","optional":true,"computed":true},"backup_retain_days":{"type":"number","description":"The default maximum age of a Backup created via this BackupPlan.\nThis field MUST be an integer value \u003e= 0 and \u003c= 365. If specified,\na Backup created under this BackupPlan will be automatically deleted\nafter its age reaches (createTime + backupRetainDays).\nIf not specified, Backups created under this BackupPlan will NOT be\nsubject to automatic deletion. Updating this field does NOT affect\nexisting Backups under it. Backups created AFTER a successful update\nwill automatically pick up the new value.\nNOTE: backupRetainDays must be \u003e= backupDeleteLockDays.\nIf cronSchedule is defined, then this must be \u003c= 360 * the creation interval.\nIf rpo_config is defined, then this must be\n\u003c= 360 * targetRpoMinutes/(1440minutes/day)","description_kind":"plain","optional":true,"computed":true},"locked":{"type":"bool","description":"This flag denotes whether the retention policy of this BackupPlan is locked.\nIf set to True, no further update is allowed on this policy, including\nthe locked field itself.","description_kind":"plain","optional":true,"computed":true}},"description":"RetentionPolicy governs lifecycle of Backups created under this plan.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan":{"version":0,"block":{"attributes":{"backup_plan":{"type":"string","description":"A reference to the BackupPlan from which Backups may be used\nas the source for Restores created via this RestorePlan.","description_kind":"plain","required":true},"cluster":{"type":"string","description":"The source cluster from which Restores will be created via this RestorePlan.","description_kind":"plain","required":true},"description":{"type":"string","description":"User specified descriptive string for this RestorePlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Restore Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The State of the RestorePlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why RestorePlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"restore_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, restore all namespaced resources in the Backup.\nSetting this field to False will result in an error.","description_kind":"plain","optional":true},"cluster_resource_conflict_policy":{"type":"string","description":"Defines the behavior for handling the situation where cluster-scoped resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'CLUSTER_RESOURCE_CONFLICT_POLICY_UNSPECIFIED'\nif 'clusterResourceRestoreScope' is anyting other than 'noGroupKinds'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#clusterresourceconflictpolicy\nfor more information on each policy option. Possible values: [\"USE_EXISTING_VERSION\", \"USE_BACKUP_VERSION\"]","description_kind":"plain","optional":true},"namespaced_resource_restore_mode":{"type":"string","description":"Defines the behavior for handling the situation where sets of namespaced resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#namespacedresourcerestoremode\nfor more information on each mode. Possible values: [\"DELETE_AND_RESTORE\", \"FAIL_ON_CONFLICT\", \"MERGE_SKIP_ON_CONFLICT\", \"MERGE_REPLACE_VOLUME_ON_CONFLICT\", \"MERGE_REPLACE_ON_CONFLICT\"]","description_kind":"plain","optional":true},"no_namespaces":{"type":"bool","description":"Do not restore any namespaced resources if set to \"True\".\nSpecifying this field to \"False\" is not allowed.","description_kind":"plain","optional":true},"volume_data_restore_policy":{"type":"string","description":"Specifies the mechanism to be used to restore volume data.\nThis should be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nIf not specified, it will be treated as 'NO_VOLUME_DATA_RESTORATION'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy\nfor more information on each policy option. Possible values: [\"RESTORE_VOLUME_DATA_FROM_BACKUP\", \"REUSE_VOLUME_HANDLE_FROM_BACKUP\", \"NO_VOLUME_DATA_RESTORATION\"]","description_kind":"plain","optional":true}},"block_types":{"cluster_resource_restore_scope":{"nesting_mode":"list","block":{"attributes":{"all_group_kinds":{"type":"bool","description":"If True, all valid cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true},"no_group_kinds":{"type":"bool","description":"If True, no cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true}},"block_types":{"excluded_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to NOT restore from the backup.\nIf specified, all valid cluster-scoped resources will be restored except\nfor those specified in the list.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain"}},"selected_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to restore from the backup.\nIf specified, only the selected resources will be restored.\nMutually exclusive to any other field in the 'clusterResourceRestoreScope'.","description_kind":"plain"}}},"description":"Identifies the cluster-scoped resources to restore from the Backup.","description_kind":"plain"},"max_items":1},"excluded_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces excluded from restoration.\nAll namespaces except those in this list will be restored.","description_kind":"plain"},"max_items":1},"restore_order":{"nesting_mode":"list","block":{"block_types":{"group_kind_dependencies":{"nesting_mode":"list","block":{"block_types":{"requiring":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"The requiring group kind requires that the satisfying\ngroup kind be restored first.","description_kind":"plain"},"min_items":1,"max_items":1},"satisfying":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"The satisfying group kind must be restored first\nin order to satisfy the dependency.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of group kind dependency pairs\nthat is used by Backup for GKE to\ngenerate a group kind restore order.","description_kind":"plain"},"min_items":1}},"description":"It contains custom ordering to use on a Restore.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of selected ProtectedApplications to restore.\nThe listed ProtectedApplications and all the resources\nto which they refer will be restored.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces to restore from the Backup.\nThe listed Namespaces and all resources contained in them will be restored.","description_kind":"plain"},"max_items":1},"transformation_rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description is a user specified string description\nof the transformation rule.","description_kind":"plain","optional":true}},"block_types":{"field_actions":{"nesting_mode":"list","block":{"attributes":{"from_path":{"type":"string","description":"A string containing a JSON Pointer value that references the\nlocation in the target document to move the value from.","description_kind":"plain","optional":true},"op":{"type":"string","description":"Specifies the operation to perform. Possible values: [\"REMOVE\", \"MOVE\", \"COPY\", \"ADD\", \"TEST\", \"REPLACE\"]","description_kind":"plain","required":true},"path":{"type":"string","description":"A string containing a JSON-Pointer value that references a\nlocation within the target document where the operation is performed.","description_kind":"plain","optional":true},"value":{"type":"string","description":"A string that specifies the desired value in string format\nto use for transformation.","description_kind":"plain","optional":true}},"description":"A list of transformation rule actions to take against candidate\nresources. Actions are executed in order defined - this order\nmatters, as they could potentially interfere with each other and\nthe first operation could affect the outcome of the second operation.","description_kind":"plain"},"min_items":1},"resource_filter":{"nesting_mode":"list","block":{"attributes":{"json_path":{"type":"string","description":"This is a JSONPath expression that matches specific fields of\ncandidate resources and it operates as a filtering parameter\n(resources that are not matched with this expression will not\nbe candidates for transformation).","description_kind":"plain","optional":true},"namespaces":{"type":["list","string"],"description":"(Filtering parameter) Any resource subject to transformation must\nbe contained within one of the listed Kubernetes Namespace in the\nBackup. If this field is not provided, no namespace filtering will\nbe performed (all resources in all Namespaces, including all\ncluster-scoped resources, will be candidates for transformation).\nTo mix cluster-scoped and namespaced resources in the same rule,\nuse an empty string (\"\") as one of the target namespaces.","description_kind":"plain","optional":true}},"block_types":{"group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"(Filtering parameter) Any resource subject to transformation must\nbelong to one of the listed \"types\". If this field is not provided,\nno type filtering will be performed\n(all resources of all types matching previous filtering parameters\nwill be candidates for transformation).","description_kind":"plain"}}},"description":"This field is used to specify a set of fields that should be used to\ndetermine which resources in backup should be acted upon by the\nsupplied transformation rule actions, and this will ensure that only\nspecific resources are affected by transformation rule actions.","description_kind":"plain"},"max_items":1}},"description":"A list of transformation rules to be applied against Kubernetes\nresources as they are selected for restoration from a Backup.\nRules are executed in order defined - this order matters,\nas changes made by a rule may impact the filtering logic of subsequent\nrules. An empty list means no transformation will occur.","description_kind":"plain"}},"volume_data_restore_policy_bindings":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Specifies the mechanism to be used to restore this volume data.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy\nfor more information on each policy option. Possible values: [\"RESTORE_VOLUME_DATA_FROM_BACKUP\", \"REUSE_VOLUME_HANDLE_FROM_BACKUP\", \"NO_VOLUME_DATA_RESTORATION\"]","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"The volume type, as determined by the PVC's\nbound PV, to apply the policy to. Possible values: [\"GCE_PERSISTENT_DISK\"]","description_kind":"plain","required":true}},"description":"A table that binds volumes by their scope to a restore policy. Bindings\nmust have a unique scope. Any volumes not scoped in the bindings are\nsubject to the policy defined in volume_data_restore_policy.","description_kind":"plain"}}},"description":"Defines the configuration of Restores created via this RestorePlan.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. When the Feature resource was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. When the Feature resource was deleted.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"GCP labels for this Feature.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The full, unique name of this Feature resource","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_state":{"type":["list",["object",{"has_resources":"bool","state":"string"}]],"description":"State of the Feature resource itself.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"state":["list",["object",{"code":"string","description":"string","update_time":"string"}]]}]],"description":"Output only. The Hub-wide Feature state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. When the Feature resource was last updated.","description_kind":"plain","computed":true}},"block_types":{"fleet_default_member_config":{"nesting_mode":"list","block":{"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"MANAGEMENT_AUTOMATIC\", \"MANAGEMENT_MANUAL\"]","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","optional":true}},"block_types":{"config_sync":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.","description_kind":"plain","optional":true},"prevent_drift":{"type":"bool","description":"Set to true to enable the Config Sync admission webhook to prevent drifts. If set to 'false', disables the Config Sync admission webhook and does not prevent drifts.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in hierarchical or unstructured mode","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS Proxy to be used when communicating with the Git repo","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true}},"description":"Git repo configuration for the cluster","description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","deprecated":true,"optional":true}},"description":"OCI repo configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"ConfigSync configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"Config Management spec","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Whether to automatically manage Service Mesh Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"MANAGEMENT_AUTOMATIC\", \"MANAGEMENT_MANUAL\"]","description_kind":"plain","required":true}},"description":"Service Mesh spec","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Configures the version of Policy Controller","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation Possible values: [\"INSTALL_SPEC_UNSPECIFIED\", \"INSTALL_SPEC_NOT_INSTALLED\", \"INSTALL_SPEC_ENABLED\", \"INSTALL_SPEC_SUSPENDED\", \"INSTALL_SPEC_DETACHED\"]","description_kind":"plain","required":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component":{"type":"string","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: [\"AFFINITY_UNSPECIFIED\", \"NO_AFFINITY\", \"ANTI_AFFINITY\"]","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_toleration":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":"Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. Possible values: [\"MONITORING_BACKEND_UNSPECIFIED\", \"PROMETHEUS\", \"CLOUD_MONITORING\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Monitoring specifies the configuration of monitoring Policy Controller.","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle":{"type":"string","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"Configures which bundles to install and their corresponding install specs.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: [\"INSTALATION_UNSPECIFIED\", \"NOT_INSTALLED\", \"ALL\"]","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Configuration of Policy Controller","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller spec","description_kind":"plain"},"max_items":1}},"description":"Optional. Fleet Default Membership Configuration.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"block_types":{"clusterupgrade":{"nesting_mode":"list","block":{"attributes":{"upstream_fleets":{"type":["list","string"],"description":"Specified if other fleet should be considered as a source of upgrades. Currently, at most one upstream fleet is allowed. The fleet name should be either fleet project number or id.","description_kind":"plain","required":true}},"block_types":{"gke_upgrade_overrides":{"nesting_mode":"list","block":{"block_types":{"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"min_items":1,"max_items":1},"upgrade":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the upgrade, e.g., \"k8s_control_plane\". It should be a valid upgrade name. It must not exceet 99 characters.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the upgrade, e.g., \"1.22.1-gke.100\". It should be a valid version. It must not exceet 99 characters.","description_kind":"plain","required":true}},"description":"Which upgrade to override.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration overrides for individual upgrades.","description_kind":"plain"}},"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"max_items":1}},"description":"Clusterupgrade feature spec.","description_kind":"plain"},"max_items":1},"fleetobservability":{"nesting_mode":"list","block":{"block_types":{"logging_config":{"nesting_mode":"list","block":{"block_types":{"default_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the default routing config to logs not specified in other configs.","description_kind":"plain"},"max_items":1},"fleet_scope_logs_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the routing config to all logs for all fleet scopes.","description_kind":"plain"},"max_items":1}},"description":"Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet.","description_kind":"plain"},"max_items":1}},"description":"Fleet Observability feature spec.","description_kind":"plain"},"max_items":1},"multiclusteringress":{"nesting_mode":"list","block":{"attributes":{"config_membership":{"type":"string","description":"Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: 'projects/foo-proj/locations/global/memberships/bar'","description_kind":"plain","required":true}},"description":"Multicluster Ingress-specific spec.","description_kind":"plain"},"max_items":1}},"description":"Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_feature_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_membership":{"version":0,"block":{"attributes":{"feature":{"type":"string","description":"The name of the feature","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the feature","description_kind":"plain","required":true},"membership":{"type":"string","description":"The name of the membership","description_kind":"plain","required":true},"membership_location":{"type":"string","description":"The location of the membership","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project of the feature","description_kind":"plain","optional":true,"computed":true}},"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"Optional. Version of ACM to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"binauthz":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether binauthz is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"**DEPRECATED** Binauthz configuration for the cluster. This field will be ignored and should not be set.","description_kind":"plain"},"max_items":1},"config_sync":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.","description_kind":"plain","optional":true},"metrics_gcp_service_account_email":{"type":"string","description":"The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA.","description_kind":"plain","optional":true},"prevent_drift":{"type":"bool","description":"Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in \"hierarchical\" or \"unstructured\" mode.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secretType is gcpServiceAccount.","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS proxy to be used when communicating with the Git repo.","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth.","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. ","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds(int64 format) between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"Config Sync configuration for the cluster.","description_kind":"plain"},"max_items":1},"hierarchy_controller":{"nesting_mode":"list","block":{"attributes":{"enable_hierarchical_resource_quota":{"type":"bool","description":"Whether hierarchical resource quota is enabled in this cluster.","description_kind":"plain","optional":true},"enable_pod_tree_labels":{"type":"bool","description":"Whether pod tree labels are enabled in this cluster.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether Hierarchy Controller is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"Hierarchy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1},"policy_controller":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"string","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true},"template_library_installed":{"type":"bool","description":"Installs the default template library along with Policy Controller.","description_kind":"plain","optional":true}},"block_types":{"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1}},"description":"**DEPRECATED** Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.","description_kind":"plain"},"max_items":1}},"description":"Config Management-specific spec.","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"control_plane":{"type":"string","description":"**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL","description_kind":"plain","deprecated":true,"optional":true},"management":{"type":"string","description":"Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL","description_kind":"plain","optional":true}},"description":"Manage Mesh Features","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of Policy Controller to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation. Possible values: INSTALL_SPEC_UNSPECIFIED, INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, INSTALL_SPEC_DETACHED","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component_name":{"type":"string","description":"The name for the key in the map for which this object is mapped to in the API","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_tolerations":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle_name":{"type":"string","description":"The name for the key in the map for which this object is mapped to in the API","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"map of bundle name to BundleInstallSpec. The bundle name maps to the `bundleName` key in the `policycontroller.gke.io/constraintData` annotation on a constraint.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller-specific spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_fleet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time the fleet was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the fleet was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters.\nAllowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"The state of the fleet resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource. This is unique across all\nFleet resources. If a Fleet resource is deleted and another\nresource with the same name is created, it gets a different uid.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the fleet was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"default_cluster_config":{"nesting_mode":"list","block":{"block_types":{"binary_authorization_config":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. Possible values: [\"DISABLED\", \"POLICY_BINDINGS\"]","description_kind":"plain","optional":true}},"block_types":{"policy_bindings":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The relative resource name of the binauthz platform policy to audit. GKE\nplatform policies have the following format:\n'projects/{project_number}/platforms/gke/policies/{policy_id}'.","description_kind":"plain","optional":true}},"description":"Binauthz policies that apply to this cluster.","description_kind":"plain"}}},"description":"Enable/Disable binary authorization features for the cluster.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets which mode to use for Security Posture features. Possible values: [\"DISABLED\", \"BASIC\", \"ENTERPRISE\"]","description_kind":"plain","optional":true},"vulnerability_mode":{"type":"string","description":"Sets which mode to use for vulnerability scanning. Possible values: [\"VULNERABILITY_DISABLED\", \"VULNERABILITY_BASIC\", \"VULNERABILITY_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Enable/Disable Security Posture features for the cluster.","description_kind":"plain"},"max_items":1}},"description":"The default cluster configurations to apply across the fleet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this membership.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership.\nThe default value is 'global'.","description_kind":"plain","optional":true},"membership_id":{"type":"string","description":"The client-provided identifier of the membership.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the membership.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"authority":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://' and // be a valid\nwith length \u003c2000 characters. For example: 'https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster' (must be 'locations' rather than 'zones'). If the cluster is provisioned with Terraform, this is '\"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}\"'.","description_kind":"plain","required":true}},"description":"Authority encodes how Google will recognize identities from this Membership.\nSee the workload identity documentation for more details:\nhttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity","description_kind":"plain"},"max_items":1},"endpoint":{"nesting_mode":"list","block":{"block_types":{"gke_cluster":{"nesting_mode":"list","block":{"attributes":{"resource_link":{"type":"string","description":"Self-link of the GCP resource for the GKE cluster.\nFor example: '//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster'.\nIt can be at the most 1000 characters in length. If the cluster is provisioned with Terraform,\nthis can be '\"//container.googleapis.com/${google_container_cluster.my-cluster.id}\"' or\n'google_container_cluster.my-cluster.id'.","description_kind":"plain","required":true}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the MembershipBinding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the MembershipBinding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Membership binding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership","description_kind":"plain","required":true},"membership_binding_id":{"type":"string","description":"The client-provided identifier of the membership binding.","description_kind":"plain","required":true},"membership_id":{"type":"string","description":"Id of the membership","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the membershipbinding itself","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"A Workspace resource name in the format\n'projects/*/locations/*/scopes/*'.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the membership binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the MembershipBinding was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_namespace":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Namespace was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Namespace.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the namespace","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Namespace-level cluster namespace labels. These labels are applied\nto the related namespace of the member clusters bound to the parent\nScope. Scope-level labels ('namespace_labels' in the Fleet Scope\nresource) take precedence over Namespace-level labels if they share\na key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The name of the Scope instance.","description_kind":"plain","required":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_namespace_id":{"type":"string","description":"The client-provided identifier of the namespace.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the namespace resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Scope was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Scope was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Scope.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the scope","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Scope-level cluster namespace labels. For the member clusters bound\nto the Scope, these labels are applied to each namespace under the\nScope. Scope-level labels take precedence over Namespace-level\nlabels ('namespace_labels' in the Fleet Namespace resource) if they\nshare a key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"The client-provided identifier of the scope.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the scope resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Scope was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_hub_scope_rbac_role_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the RBAC Role Binding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the RBAC Role Binding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\ngroup is the group, as seen by the kubernetes cluster.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this ScopeRBACRoleBinding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the RBAC Role Binding","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_rbac_role_binding_id":{"type":"string","description":"The client-provided identifier of the RBAC Role Binding.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the RBAC Role Binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the RBAC Role Binding was updated in UTC.","description_kind":"plain","computed":true},"user":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\nuser is the name of the user as seen by the kubernetes cluster, example\n\"alice\" or \"alice@domain.tld\"","description_kind":"plain","optional":true}},"block_types":{"role":{"nesting_mode":"list","block":{"attributes":{"predefined_role":{"type":"string","description":"PredefinedRole is an ENUM representation of the default Kubernetes Roles Possible values: [\"UNKNOWN\", \"ADMIN\", \"EDIT\", \"VIEW\"]","description_kind":"plain","optional":true}},"description":"Role to bind to the principal.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_admin_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Admin Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal Admin Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Admin Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal admin cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal Admin Cluster.","description_kind":"plain","computed":true}},"block_types":{"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the Admin Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal Admin Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nFor example: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nFor Example: http://domain\nWARNING: Do not provide credentials in the format\nof http://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The Admin Cluster this Bare Metal User Cluster belongs to.\nThis is the full resource name of the Admin Cluster's hub membership.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. If unspecified,\ndefaults to DISABLED. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization related configurations.","description_kind":"plain"},"max_items":1},"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the User Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"bgp_lb_config":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) of the cluster.\nThis field can be updated after cluster creation.","description_kind":"plain","required":true}},"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"string","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"bgp_peer_configs":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) for the network that contains the\nexternal peer device.","description_kind":"plain","required":true},"control_plane_nodes":{"type":["list","string"],"description":"The IP address of the control plane node that connects to the external\npeer.\nIf you don't specify any control plane nodes, all control plane nodes\ncan connect to the external peer. If you specify one or more IP addresses,\nonly the nodes specified participate in peering sessions.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the external peer device.","description_kind":"plain","required":true}},"description":"The list of BGP peers that the cluster will connect to.\nAt least one peer must be configured for each control plane node.\nControl plane nodes will connect to these peers to advertise the control\nplane VIP. The Services load balancer also uses these peers by default.\nThis field can be updated after cluster creation.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"registry_burst":{"type":"number","description":"The maximum size of bursty pulls, temporarily allows pulls to burst to this\nnumber, while still not exceeding registry_pull_qps.\nThe value must not be a negative number.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 10.","description_kind":"plain","optional":true},"registry_pull_qps":{"type":"number","description":"The limit of registry pulls per second.\nSetting this value to 0 means no limit.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 5.","description_kind":"plain","optional":true},"serialize_image_pulls_disabled":{"type":"bool","description":"Prevents the Kubelet from pulling multiple images at a time.\nWe recommend *not* changing the default value on nodes that run docker\ndaemon with version \u003c 1.9 or an Another Union File System (Aufs) storage\nbackend. Issue https://github.com/kubernetes/kubernetes/issues/10959 has\nmore details.","description_kind":"plain","optional":true}},"description":"The modifiable kubelet configurations for the baremetal machines.","description_kind":"plain"},"max_items":1},"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the node pool running data plane load balancing. L2 connectivity\nis required among nodes in this pool. If missing, the control plane node\npool is used for data plane load balancing.","description_kind":"plain"},"max_items":1}},"description":"Configuration for BGP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the load balancer's node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal User Cluster.","description_kind":"plain","required":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this Bare Metal User Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enables the use of advanced Anthos networking features, such as Bundled\nLoad Balancing with BGP or the egress NAT gateway.\nSetting configuration for advanced networking features will automatically\nset this flag.","description_kind":"plain","optional":true}},"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"multiple_network_interfaces_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable multiple network interfaces for your pods.\nWhen set network_config.advanced_networking is automatically\nset to true.","description_kind":"plain","optional":true}},"description":"Configuration for multiple network interfaces.","description_kind":"plain"},"max_items":1},"sr_iov_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to install the SR-IOV operator.","description_kind":"plain","optional":true}},"description":"Configuration for SR-IOV.","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"container_runtime":{"type":"string","description":"The available runtimes that can be used to run containers in a Bare Metal User Cluster. Possible values: [\"CONTAINER_RUNTIME_UNSPECIFIED\", \"DOCKER\", \"CONTAINERD\"]","description_kind":"plain","optional":true,"computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"os_environment_config":{"nesting_mode":"list","block":{"attributes":{"package_repo_excluded":{"type":"bool","description":"Whether the package repo should not be included when initializing\nbare metal machines.","description_kind":"plain","required":true}},"description":"OS environment related configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nFor example [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nFor example: http://domain\nWARNING: Do not provide credentials in the format\nof http://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Specifies which upgrade policy to use. Possible values: [\"SERIAL\", \"CONCURRENT\"]","description_kind":"plain","optional":true}},"description":"The cluster upgrade policy.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the Bare Metal Node Pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal node pool name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed node pool status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Node Pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"},"min_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"Node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_vmware_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The admin cluster this VMware User Cluster belongs to.\nThis is the full resource name of the admin cluster's hub membership.\nIn the future, references to other resource types might be allowed if\nadmin clusters are modeled as their own resources.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the VMware User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which VMware User Cluster was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time at which VMware User Cluster was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this VMware User Cluster.","description_kind":"plain","optional":true},"disable_bundled_ingress":{"type":"bool","description":"Disable bundled ingress.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_control_plane_v2":{"type":"bool","description":"Enable control plane V2. Default to false.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The DNS name of VMware User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet configuration for the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the VMware OnPremUserCluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\n\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The VMware cluster name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"The Anthos clusters on the VMware version for your user cluster.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the VMware User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the VMware User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which VMware User Cluster was last updated.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"ValidationCheck represents the result of the preflight check job.","description_kind":"plain","computed":true},"vm_tracking_enabled":{"type":"bool","description":"Enable VM tracking.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"anti_affinity_groups":{"nesting_mode":"list","block":{"attributes":{"aag_config_disabled":{"type":"bool","description":"Spread nodes across at least three physical hosts (requires at least three\nhosts).\nEnabled by default.","description_kind":"plain","required":true}},"description":"AAGConfig specifies whether to spread VMware User Cluster nodes across at\nleast three physical hosts in the datacenter.","description_kind":"plain"},"max_items":1},"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster.","description_kind":"plain"}}},"description":"RBAC policy that will be applied and managed by GKE On-Prem.","description_kind":"plain"},"max_items":1},"auto_repair_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether auto repair is enabled.","description_kind":"plain","required":true}},"description":"Configuration for auto repairing.","description_kind":"plain"},"max_items":1},"control_plane_node":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"number","description":"The number of CPUs for each admin cluster node that serve as control planes\nfor this VMware User Cluster. (default: 4 CPUs)","description_kind":"plain","optional":true},"memory":{"type":"number","description":"The megabytes of memory for each admin cluster node that serves as a\ncontrol plane for this VMware User Cluster (default: 8192 MB memory).","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of control plane nodes for this VMware User Cluster.\n(default: 1 replica).","description_kind":"plain","optional":true},"vsphere_config":{"type":["list",["object",{"datastore":"string","storage_policy_name":"string"}]],"description":"Vsphere-specific config.","description_kind":"plain","computed":true}},"block_types":{"auto_resize_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable control plane node auto resizing.","description_kind":"plain","required":true}},"description":"AutoResizeConfig provides auto resizing configurations.","description_kind":"plain"},"max_items":1}},"description":"VMware User Cluster control plane nodes must have either 1 or 3 replicas.","description_kind":"plain"},"min_items":1,"max_items":1},"dataplane_v2":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enable advanced networking which requires dataplane_v2_enabled to be set true.","description_kind":"plain","optional":true},"dataplane_v2_enabled":{"type":"bool","description":"Enables Dataplane V2.","description_kind":"plain","optional":true},"windows_dataplane_v2_enabled":{"type":"bool","description":"Enable Dataplane V2 for clusters with Windows nodes.","description_kind":"plain","optional":true}},"description":"VmwareDataplaneV2Config specifies configuration for Dataplane V2.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"f5_config":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The load balancer's IP address.","description_kind":"plain","optional":true},"partition":{"type":"string","description":"he preexisting partition to be used by the load balancer. T\nhis partition is usually created for the admin cluster for example:\n'my-f5-admin-partition'.","description_kind":"plain","optional":true},"snat_pool":{"type":"string","description":"The pool name. Only necessary, if using SNAT.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for F5 Big IP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_node_port":{"type":"number","description":"NodePort for control plane service. The Kubernetes API server in the admin\ncluster is implemented as a Service of type NodePort (ex. 30968).","description_kind":"plain","optional":true,"computed":true},"ingress_http_node_port":{"type":"number","description":"NodePort for ingress service's http. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 32527).","description_kind":"plain","optional":true,"computed":true},"ingress_https_node_port":{"type":"number","description":"NodePort for ingress service's https. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 30139).","description_kind":"plain","optional":true,"computed":true},"konnectivity_server_node_port":{"type":"number","description":"NodePort for konnectivity server service running as a sidecar in each\nkube-apiserver pod (ex. 30564).","description_kind":"plain","optional":true,"computed":true}},"description":"Manually configured load balancers.","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address\nmust be either in the CIDR form (1.2.3.0/24) or range\nform (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for\nthose special IP addresses.","description_kind":"plain","optional":true,"computed":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true,"computed":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1}},"description":"Configuration for MetalLB typed load balancers.","description_kind":"plain"},"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this cluster.","description_kind":"plain","optional":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this cluster.","description_kind":"plain","optional":true}},"description":"The VIPs used by the load balancer.","description_kind":"plain"},"max_items":1}},"description":"Load Balancer configuration.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges.\nOnly a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address\nfrom these ranges. Only a single range is supported.. This field\ncannot be changed after creation.","description_kind":"plain","required":true},"vcenter_network":{"type":"string","description":"vcenter_network specifies vCenter network name. Inherited from the admin cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"control_plane_v2_config":{"nesting_mode":"list","block":{"block_types":{"control_plane_ip_block":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","optional":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","optional":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","optional":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"}}},"description":"Static IP addresses for the control plane nodes.","description_kind":"plain"},"max_items":1}},"description":"Configuration for control plane V2 mode.","description_kind":"plain"},"max_items":1},"dhcp_ip_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"enabled is a flag to mark if DHCP IP allocation is\nused for VMware user clusters.","description_kind":"plain","required":true}},"description":"Configuration settings for a DHCP IP configuration.","description_kind":"plain"},"max_items":1},"host_config":{"nesting_mode":"list","block":{"attributes":{"dns_search_domains":{"type":["list","string"],"description":"DNS search domains.","description_kind":"plain","optional":true},"dns_servers":{"type":["list","string"],"description":"DNS servers.","description_kind":"plain","optional":true},"ntp_servers":{"type":["list","string"],"description":"NTP servers.","description_kind":"plain","optional":true}},"description":"Represents common network settings irrespective of the host's IP address.","description_kind":"plain"},"max_items":1},"static_ip_config":{"nesting_mode":"list","block":{"block_types":{"ip_blocks":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","required":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","required":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","required":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"},"min_items":1}},"description":"Represents the configuration values for static IP allocation to nodes.","description_kind":"plain"},"min_items":1}},"description":"Configuration settings for a static IP configuration.","description_kind":"plain"},"max_items":1}},"description":"The VMware User Cluster network configuration.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"attributes":{"vsphere_csi_disabled":{"type":"bool","description":"Whether or not to deploy vSphere CSI components in the VMware User Cluster.\nEnabled by default.","description_kind":"plain","required":true}},"description":"Storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"control_plane_only":{"type":"bool","description":"Controls whether the upgrade applies to the control plane only.","description_kind":"plain","optional":true}},"description":"Specifies upgrade policy for the cluster.","description_kind":"plain"},"max_items":1},"vcenter":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The vCenter IP address.","description_kind":"plain","computed":true},"ca_cert_data":{"type":"string","description":"Contains the vCenter CA certificate public key for SSL verification.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The name of the vCenter cluster for the user cluster.","description_kind":"plain","optional":true},"datacenter":{"type":"string","description":"The name of the vCenter datacenter for the user cluster.","description_kind":"plain","optional":true},"datastore":{"type":"string","description":"The name of the vCenter datastore for the user cluster.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The name of the vCenter folder for the user cluster.","description_kind":"plain","optional":true},"resource_pool":{"type":"string","description":"The name of the vCenter resource pool for the user cluster.","description_kind":"plain","optional":true},"storage_policy_name":{"type":"string","description":"The name of the vCenter storage policy for the user cluster.","description_kind":"plain","optional":true}},"description":"VmwareVCenterConfig specifies vCenter config for the user cluster.\nInherited from the admin cluster.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_vmware_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the node pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The vmware node pool name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"Anthos version for the node pool. Defaults to the user cluster version.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"vmware_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"VMware disk size to be used during creation.","description_kind":"plain","optional":true},"cpus":{"type":"number","description":"The number of CPUs for each node in the node pool.","description_kind":"plain","optional":true},"enable_load_balancer":{"type":"bool","description":"Allow node pool traffic to be load balanced. Only works for clusters with\nMetalLB load balancers.","description_kind":"plain","optional":true},"image":{"type":"string","description":"The OS image name in vCenter, only valid when using Windows.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The OS image to be used for each node in a node pool.\nCurrently 'cos', 'ubuntu', 'ubuntu_containerd' and 'windows' are supported.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node.\nThese will added in addition to any default label(s) that\nKubernetes may apply to the node.\nIn case of conflict in label keys, the applied set may differ depending on\nthe Kubernetes version -- it's best to assume the behavior is undefined\nand conflicts should be avoided.","description_kind":"plain","optional":true,"computed":true},"memory_mb":{"type":"number","description":"The megabytes of memory for each node in the node pool.","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of nodes in the node pool.","description_kind":"plain","optional":true}},"block_types":{"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Available taint effects. Possible values: [\"EFFECT_UNSPECIFIED\", \"NO_SCHEDULE\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","required":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}},"vsphere_config":{"nesting_mode":"list","block":{"attributes":{"datastore":{"type":"string","description":"The name of the vCenter datastore. Inherited from the user cluster.","description_kind":"plain","optional":true},"host_groups":{"type":["list","string"],"description":"Vsphere host groups to apply to all VMs in the node pool","description_kind":"plain","optional":true}},"block_types":{"tags":{"nesting_mode":"list","block":{"attributes":{"category":{"type":"string","description":"The Vsphere tag category.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The Vsphere tag name.","description_kind":"plain","optional":true}},"description":"Tags to apply to VMs.","description_kind":"plain"}}},"description":"Specifies the vSphere config for node pool.","description_kind":"plain"},"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"node_pool_autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_replicas":{"type":"number","description":"Maximum number of replicas in the NodePool.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"Minimum number of replicas in the NodePool.","description_kind":"plain","required":true}},"description":"Node Pool autoscaling config for the node pool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_consent_ttl":{"type":"string","description":"Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_consent_create_on_update":{"type":"bool","description":"If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize Consent stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}'\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}'\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this ConsentStore, for example:\n\"consent1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_binding":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_member":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dataset":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the Dataset.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Dataset.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"The default timezone used by this dataset. Must be a either a valid IANA time zone name such as\n\"America/New_York\" or empty, which defaults to UTC. This is used for parsing times in resources\n(e.g., HL7 messages) where no explicit timezone is specified.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"KMS encryption key that is used to secure this dataset and its sub-resources. The key used for\nencryption and the dataset must be in the same location. If empty, the default Google encryption\nkey will be used to secure this dataset. The format is\nprojects/{projectId}/locations/{locationId}/keyRings/{keyRingId}/cryptoKeys/{keyId}.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dicom_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize DICOM stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the DicomStore.\n\n** Changing this property may recreate the Dicom store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true},"send_for_bulk_import":{"type":"bool","description":"Indicates whether or not to send Pub/Sub notifications on bulk import. Only supported for DICOM imports.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_binding":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_member":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_fhir_store":{"version":0,"block":{"attributes":{"complex_data_type_reference_parsing":{"type":"string","description":"Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED by default after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. Possible values: [\"COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED\", \"DISABLED\", \"ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_search_handling_strict":{"type":"bool","description":"If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters.\nIf false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters.\nThe handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient.","description_kind":"plain","optional":true},"disable_referential_integrity":{"type":"bool","description":"Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store\ncreation. The default value is false, meaning that the API will enforce referential integrity and fail the\nrequests that will result in inconsistent state in the FHIR store. When this field is set to true, the API\nwill skip referential integrity check. Consequently, operations that rely on references, such as\nPatient.get$everything, will not return all the results if broken references exist.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"disable_resource_versioning":{"type":"bool","description":"Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation\nof FHIR store. If set to false, which is the default behavior, all write operations will cause historical\nversions to be recorded automatically. The historical versions can be fetched through the history APIs, but\ncannot be updated. If set to true, no historical versions will be kept. The server will send back errors for\nattempts to read the historical versions.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_history_import":{"type":"bool","description":"Whether to allow the bulk import API to accept history bundles and directly insert historical resource\nversions into the FHIR store. Importing resource histories creates resource interactions that appear to have\noccurred in the past, which clients may not want to allow. If set to false, history bundles within an import\nwill fail with an error.\n\n** Changing this property may recreate the FHIR store (removing all data) **\n\n** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **","description_kind":"plain","optional":true},"enable_update_create":{"type":"bool","description":"Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update\noperation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through\nthe Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit\nlogs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient\nidentifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub\nnotifications.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize FHIR stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the FhirStore.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The FHIR specification version. Possible values: [\"DSTU2\", \"STU3\", \"R4\"]","description_kind":"plain","required":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain","deprecated":true},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true},"send_full_resource":{"type":"bool","description":"Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation.\nNote that setting this to true does not guarantee that all resources will be sent in the format of\nfull FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be\nsent. Clients should always check the \"payloadType\" label from a Pub/Sub message to determine whether\nit needs to fetch the full resource as a separate operation.","description_kind":"plain","optional":true},"send_previous_resource_on_delete":{"type":"bool","description":"Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. Note that setting this to\ntrue does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a\nresource change is too large or during heavy traffic, only the resource name will be sent. Clients should always\ncheck the \"payloadType\" label from a Pub/Sub message to determine whether it needs to fetch the full previous\nresource as a separate operation.","description_kind":"plain","optional":true}},"description":"A list of notifcation configs that configure the notification for every resource mutation in this FHIR store.","description_kind":"plain"}},"stream_configs":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"Supply a FHIR resource type (such as \"Patient\" or \"Observation\"). See\nhttps://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats\nan empty list as an intent to stream all the supported resource types in this FHIR store.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_uri":{"type":"string","description":"BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId","description_kind":"plain","required":true}},"block_types":{"schema_config":{"nesting_mode":"list","block":{"attributes":{"recursive_structure_depth":{"type":"number","description":"The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem\nresource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called\nconcept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default\nvalue 2. The maximum depth allowed is 5.","description_kind":"plain","required":true},"schema_type":{"type":"string","description":"Specifies the output schema type.\n * ANALYTICS: Analytics schema defined by the FHIR community.\n See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md.\n * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON.\n * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: \"ANALYTICS\" Possible values: [\"ANALYTICS\", \"ANALYTICS_V2\", \"LOSSLESS\"]","description_kind":"plain","optional":true}},"block_types":{"last_updated_partition_config":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of partitioning. Possible values: [\"PARTITION_TYPE_UNSPECIFIED\", \"HOUR\", \"DAY\", \"MONTH\", \"YEAR\"]","description_kind":"plain","required":true}},"description":"The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column.","description_kind":"plain"},"max_items":1}},"description":"The configuration for the exported BigQuery schema.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The destination BigQuery structure that contains both the dataset location and corresponding schema config.\nThe output is organized in one table per resource type. The server reuses the existing tables (if any) that\nare named after the resource types, e.g. \"Patient\", \"Observation\". When there is no existing table for a given\nresource type, the server attempts to create one.\nSee the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of streaming configs that configure the destinations of streaming export for every resource mutation in\nthis FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next\nresource mutation is streamed to the new location in addition to the existing ones. When a location is removed\nfrom the list, the server stops streaming to that location. Before adding a new config, you must add the required\nbigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on\nthe order of dozens of seconds) is expected before the results show up in the streaming destination.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize HL7v2 stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the Hl7V2Store.\n\n** Changing this property may recreate the Hl7v2 store (removing all data) **","description_kind":"plain","required":true},"reject_duplicate_message":{"type":"bool","description":"Determines whether duplicate messages are allowed.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Restricts notifications sent for messages matching a filter. If this is empty, all messages\nare matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings\n\nFields/functions available for filtering are:\n\n* messageType, from the MSH-9.1 field. For example, NOT messageType = \"ADT\".\n* send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date \u003c \"2017-01-02\".\n* sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime \u003c \"2017-01-02T00:00:00-05:00\".\n* sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = \"ABC\".\n* PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId(\"123456\", \"MRN\").\n* labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels.\"priority\"=\"high\". The operator :* can be used to assert the existence of a label. For example, labels.\"priority\":*.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.\n\nIf a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver","description_kind":"plain","required":true}},"description":"A list of notification configs. Each configuration uses a filter to determine whether to publish a\nmessage (both Ingest \u0026 Create) on the corresponding notification destination. Only the message name\nis sent as part of the notification. Supplied by the client.","description_kind":"plain"}},"parser_config":{"nesting_mode":"list","block":{"attributes":{"allow_null_header":{"type":"bool","description":"Determines whether messages with no header are allowed.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"JSON encoded string for schemas used to parse messages in this\nstore if schematized parsing is desired.","description_kind":"plain","optional":true},"segment_terminator":{"type":"string","description":"Byte(s) to be used as the segment terminator. If this is unset, '\\r' will be used as segment terminator.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The version of the unschematized parser to be used when a custom 'schema' is not set. Default value: \"V1\" Possible values: [\"V1\", \"V2\", \"V3\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iam_access_boundary_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"access_boundary_rule":{"nesting_mode":"list","block":{"attributes":{"available_permissions":{"type":["list","string"],"description":"A list of permissions that may be allowed for use on the specified resource.","description_kind":"plain","optional":true},"available_resource":{"type":"string","description":"The full resource name of a Google Cloud resource entity.","description_kind":"plain","optional":true}},"block_types":{"availability_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The availability condition further constrains the access allowed by the access boundary rule.","description_kind":"plain"},"max_items":1}},"description":"An access boundary rule in an IAM policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_deny_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"deny_rule":{"nesting_mode":"list","block":{"attributes":{"denied_permissions":{"type":["list","string"],"description":"The permissions that are explicitly denied by this rule. Each permission uses the format '{service-fqdn}/{resource}.{verb}',\nwhere '{service-fqdn}' is the fully qualified domain name for the service. For example, 'iam.googleapis.com/roles.list'.","description_kind":"plain","optional":true},"denied_principals":{"type":["list","string"],"description":"The identities that are prevented from using one or more permissions on Google Cloud resources.","description_kind":"plain","optional":true},"exception_permissions":{"type":["list","string"],"description":"Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.\nIf a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.\nThe excluded permissions can be specified using the same syntax as deniedPermissions.","description_kind":"plain","optional":true},"exception_principals":{"type":["list","string"],"description":"The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.\nFor example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.","description_kind":"plain","optional":true}},"block_types":{"denial_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A deny rule in an IAM deny policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A user-specified description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,\nor use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the pool.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Immutable. The resource name of the parent. Format: 'organizations/{org-id}'.","description_kind":"plain","required":true},"session_duration":{"type":"string","description":"Duration that the Google Cloud access tokens, console sign-in sessions,\nand 'gcloud' sign-in sessions from this pool are valid.\nMust be greater than 15 minutes (900s) and less than 12 hours (43200s).\nIf 'sessionDuration' is not configured, minted credentials have a default duration of one hour (3600s).\nA duration in seconds with up to nine fractional digits, ending with ''s''. Example: \"'3.5s'\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"Output only. The state of the pool.\n * STATE_UNSPECIFIED: State unspecified.\n * ACTIVE: The pool is active, and may be used in Google Cloud policies.\n * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted\n after approximately 30 days. You can restore a soft-deleted pool using\n [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).\n You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.\n While a pool is deleted, you cannot use it to exchange tokens, or use\n existing tokens to access resources. If the pool is undeleted, existing\n tokens grant access again.","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,\ndigits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"access_restrictions":{"nesting_mode":"list","block":{"attributes":{"disable_programmatic_signin":{"type":"bool","description":"Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.\nSee [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).","description_kind":"plain","optional":true}},"block_types":{"allowed_services":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the service.\nExample: console.cloud.google","description_kind":"plain","optional":true}},"description":"Services allowed for web sign-in with the workforce pool.\nIf not set by default there are no restrictions.","description_kind":"plain"}}},"description":"Configure access restrictions on the workforce pool users. This is an optional field. If specified web\nsign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"A [Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n 'google.profile_photo' and 'google.display_name' are not supported.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters.\nIf unspecified, all valid authentication credentials will be accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from the authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings.\n This is also the subject that appears in Cloud Logging logs. This is a required field and\n the mapped subject cannot exceed 127 bytes.\n * 'google.groups': Groups the authenticating user belongs to. You can grant groups access to\n resources using an IAM 'principalSet' binding; access applies to all members of the group.\n * 'google.display_name': The name of the authenticated user. This is an optional field and\n the mapped display name cannot exceed 100 bytes. If not set, 'google.subject' will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n * 'google.profile_photo': The URL that specifies the authenticated user's thumbnail photo.\n This is an optional field. When set, the image will be visible as the user's profile picture.\n If not set, a generic user icon will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}', where {custom_attribute}\nis the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.\nThe maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a workforce pool\nto Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor OIDC providers, you must supply a custom mapping that includes the 'google.subject' attribute.\nFor example, the following maps the sub claim of the incoming credential to the 'subject' attribute\non a Google token:\n'''\n{\"google.subject\": \"assertion.sub\"}\n'''\n\nAn object containing a list of '\"key\": value' pairs.\nExample: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-specified description of the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the provider.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}'","description_kind":"plain","computed":true},"provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name.\nThis value must be 4-32 characters, and may contain the characters [a-z0-9-].\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently\n deleted after approximately 30 days. You can restore a soft-deleted provider using\n [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name.\nThe IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.\nIt must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"extra_attributes_oauth2_client":{"nesting_mode":"list","block":{"attributes":{"attributes_type":{"type":"string","description":"Represents the IdP and type of claims that should be fetched.\n* AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided\nin ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.\nSee https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on\n'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: [\"AZURE_AD_GROUPS_MAIL\"]","description_kind":"plain","required":true},"client_id":{"type":"string","description":"The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.","description_kind":"plain"},"min_items":1,"max_items":1},"query_parameters":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the\nfilter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The\ngroups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.","description_kind":"plain","optional":true}},"description":"Represents the parameters to control which claims are fetched from an IdP.","description_kind":"plain"},"max_items":1}},"description":"The configuration for OAuth 2.0 client used to get the additional user\nattributes. This should be used when users can't get the desired claims\nin authentication credentials. Currently this configuration is only\nsupported with OIDC protocol.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID. Must match the audience claim of the JWT issued by the identity provider.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URI. Must be a valid URI using the 'https' scheme.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true,"sensitive":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The optional client secret. Required to enable Authorization Code flow for web sign-in.","description_kind":"plain"},"max_items":1},"web_sso_config":{"nesting_mode":"list","block":{"attributes":{"additional_scopes":{"type":["list","string"],"description":"Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the 'openid', 'profile' and 'email' scopes that are supported by the identity provider are requested.\nEach additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.","description_kind":"plain","optional":true},"assertion_claims_behavior":{"type":"string","description":"The behavior for how OIDC Claims are included in the 'assertion' object used for attribute mapping and attribute condition.\n* MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.\n* ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values: [\"MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS\", \"ONLY_ID_TOKEN_CLAIMS\"]","description_kind":"plain","required":true},"response_type":{"type":"string","description":"The Response Type to request for in the OIDC Authorization Request for web sign-in.\n\nThe 'CODE' Response Type is recommended to avoid the Implicit Flow, for security reasons.\n* CODE: The 'response_type=code' selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.\n* ID_TOKEN: The 'response_type=id_token' selection uses the Implicit Flow for web sign-in. Possible values: [\"CODE\", \"ID_TOKEN\"]","description_kind":"plain","required":true}},"description":"Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.","description_kind":"plain"},"max_items":1}},"description":"Represents an OpenId Connect 1.0 identity provider.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.\nThe xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).\nThe max size of the acceptable xml document will be bounded to 128k characters.\n\nThe metadata xml document should satisfy the following constraints:\n1) Must contain an Identity Provider Entity ID.\n2) Must contain at least one non-expired signing key certificate.\n3) For each signing key:\n a) Valid from should be no more than 7 days from now.\n b) Valid to should be no more than 10 years in the future.\n4) Up to 3 IdP signing keys are allowed in the metadata xml.\n\nWhen updating the provider's metadata xml, at least one non-expired signing key\nmust overlap with the existing metadata. This requirement is skipped if there are\nno non-expired signing keys present in the existing metadata.","description_kind":"plain","required":true}},"description":"Represents a SAML identity provider.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use\nexisting tokens to access resources. If the pool is re-enabled, existing tokens grant\naccess again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the pool. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the pool as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pool.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The pool is active, and may be used in Google Cloud policies.\n* DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after\n approximately 30 days. You can restore a soft-deleted pool using\n UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is\n permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or\n use existing tokens to access resources. If the pool is undeleted, existing tokens grant\n access again.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"[A Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters. If\nunspecified, all valid authentication credential are accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups'\nvalue of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value\n in IAM bindings. This is also the subject that appears in Cloud Logging logs.\n Cannot exceed 127 characters.\n * 'google.groups': Groups the external identity belongs to. You can grant groups\n access to resources using an IAM 'principalSet' binding; access applies to all\n members of the group.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}',\nwhere '{custom_attribute}' is the name of the custom attribute to be mapped. You can\ndefine a maximum of 50 custom attributes. The maximum length of a mapped attribute key\nis 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a\nworkload to Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor AWS providers, the following rules apply:\n - If no attribute mapping is defined, the following default mapping applies:\n '''\n {\n \"google.subject\":\"assertion.arn\",\n \"attribute.aws_role\":\n \"assertion.arn.contains('assumed-role')\"\n \" ? assertion.arn.extract('{account_arn}assumed-role/')\"\n \" + 'assumed-role/'\"\n \" + assertion.arn.extract('assumed-role/{role_name}/')\"\n \" : assertion.arn\",\n }\n '''\n - If any custom attribute mappings are defined, they must include a mapping to the\n 'google.subject' attribute.\n\nFor OIDC providers, the following rules apply:\n - Custom attribute mappings must be defined, and must include a mapping to the\n 'google.subject' attribute. For example, the following maps the 'sub' claim of the\n incoming credential to the 'subject' attribute on a Google token.\n '''\n {\"google.subject\": \"assertion.sub\"}\n '''","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description for the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the provider as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active, and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted\n after approximately 30 days. You can restore a soft-deleted provider using\n UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider\n until it is permanently deleted.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID used for the pool, which is the final component of the pool resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"workload_identity_pool_provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name. This\nvalue must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"attributes":{"account_id":{"type":"string","description":"The AWS account ID.","description_kind":"plain","required":true}},"description":"An Amazon Web Services identity provider. Not compatible with the property oidc or saml.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"allowed_audiences":{"type":["list","string"],"description":"Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange\nrequests are rejected if the token audience does not match one of the configured\nvalues. Each audience may be at most 256 characters. A maximum of 10 audiences may\nbe configured.\n\nIf this list is empty, the OIDC token audience must be equal to the full canonical\nresource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.\nFor example:\n'''\n//iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\nhttps://iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\n'''","description_kind":"plain","optional":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URL.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"description":"An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.","description_kind":"plain","required":true}},"description":"An SAML 2.0 identity provider. Not compatible with the property oidc or aws.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_brand":{"version":0,"block":{"attributes":{"application_title":{"type":"string","description":"Application name displayed on OAuth consent screen.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'\nNOTE: The name can also be expressed as 'projects/{project_id}/brands/{brand_id}', e.g. when importing.\nNOTE: The brand identification corresponds to the project number as only one\nbrand can be created per project.","description_kind":"plain","computed":true},"org_internal_only":{"type":"bool","description":"Whether the brand is only intended for usage inside the GSuite organization only.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"support_email":{"type":"string","description":"Support email displayed on the OAuth consent screen. Can be either a\nuser or group email. When a user email is specified, the caller must\nbe the user with the associated email address. When a group email is\nspecified, the caller can be either a user or a service account which\nis an owner of the specified group in Cloud Identity.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_dest_group":{"version":0,"block":{"attributes":{"cidrs":{"type":["list","string"],"description":"List of CIDRs that this group applies to.","description_kind":"plain","optional":true},"fqdns":{"type":["list","string"],"description":"List of FQDNs that this group applies to.","description_kind":"plain","optional":true},"group_name":{"type":"string","description":"Unique tunnel destination group name.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full resource name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tunnel group. Must be the same as the network resources in the group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_binding":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_member":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_policy":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_identity_platform_config":{"version":0,"block":{"attributes":{"authorized_domains":{"type":["list","string"],"description":"List of domains authorized for OAuth redirects.","description_kind":"plain","optional":true,"computed":true},"autodelete_anonymous_users":{"type":"bool","description":"Whether anonymous users will be auto-deleted after a period of 30 days","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blocking_functions":{"nesting_mode":"list","block":{"block_types":{"forward_inbound_credentials":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's access token.","description_kind":"plain","optional":true},"id_token":{"type":"bool","description":"Whether to pass the user's OIDC identity provider's ID token.","description_kind":"plain","optional":true},"refresh_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's refresh token.","description_kind":"plain","optional":true}},"description":"The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.","description_kind":"plain"},"max_items":1},"triggers":{"nesting_mode":"set","block":{"attributes":{"event_type":{"type":"string","description_kind":"plain","required":true},"function_uri":{"type":"string","description":"HTTP URI trigger for the Cloud Function.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"When the trigger was changed.","description_kind":"plain","computed":true}},"description":"Map of Trigger to event type. Key should be one of the supported event types: \"beforeCreate\", \"beforeSignIn\".","description_kind":"plain"},"min_items":1}},"description":"Configuration related to blocking functions.","description_kind":"plain"},"max_items":1},"client":{"nesting_mode":"list","block":{"attributes":{"api_key":{"type":"string","description":"API key that can be used when making requests for this project.","description_kind":"plain","computed":true,"sensitive":true},"firebase_subdomain":{"type":"string","description":"Firebase subdomain.","description_kind":"plain","computed":true}},"block_types":{"permissions":{"nesting_mode":"list","block":{"attributes":{"disabled_user_deletion":{"type":"bool","description":"When true, end users cannot delete their account on the associated project through any of our API methods","description_kind":"plain","optional":true},"disabled_user_signup":{"type":"bool","description":"When true, end users cannot sign up for a new account on the associated project through any of our API methods","description_kind":"plain","optional":true}},"description":"Configuration related to restricting a user's ability to affect their account.","description_kind":"plain"},"max_items":1}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"mfa":{"nesting_mode":"list","block":{"attributes":{"enabled_providers":{"type":["list","string"],"description":"A list of usable second factors for this project. Possible values: [\"PHONE_SMS\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"provider_configs":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"totp_provider_config":{"nesting_mode":"list","block":{"attributes":{"adjacent_intervals":{"type":"number","description":"The allowed number of adjacent intervals that will be used for verification to avoid clock skew.","description_kind":"plain","optional":true}},"description":"TOTP MFA provider config for this project.","description_kind":"plain"},"max_items":1}},"description":"A list of usable second factors for this project along with their configurations.\nThis field does not support phone based MFA, for that use the 'enabledProviders' field.","description_kind":"plain"}}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"monitoring":{"nesting_mode":"list","block":{"block_types":{"request_logging":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether logging is enabled for this project or not.","description_kind":"plain","optional":true}},"description":"Configuration for logging requests made to this project to Stackdriver Logging","description_kind":"plain"},"max_items":1}},"description":"Configuration related to monitoring project activity.","description_kind":"plain"},"max_items":1},"multi_tenant":{"nesting_mode":"list","block":{"attributes":{"allow_tenants":{"type":"bool","description":"Whether this project can have tenants or not.","description_kind":"plain","optional":true},"default_tenant_location":{"type":"string","description":"The default cloud parent org or folder that the tenant project should be created under.\nThe parent resource name should be in the format of \"/\", such as \"folders/123\" or \"organizations/456\".\nIf the value is not set, the tenant will be created under the same organization or folder as the agent project.","description_kind":"plain","optional":true}},"description":"Configuration related to multi-tenant functionality.","description_kind":"plain"},"max_items":1},"quota":{"nesting_mode":"list","block":{"block_types":{"sign_up_quota_config":{"nesting_mode":"list","block":{"attributes":{"quota":{"type":"number","description":"A sign up APIs quota that customers can override temporarily.","description_kind":"plain","optional":true},"quota_duration":{"type":"string","description":"How long this quota will be active for. It is measurred in seconds, e.g., Example: \"9.615s\".","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"When this quota will take affect.","description_kind":"plain","optional":true}},"description":"Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to quotas.","description_kind":"plain"},"max_items":1},"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","required":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","required":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"sms_region_config":{"nesting_mode":"list","block":{"block_types":{"allow_by_default":{"nesting_mode":"list","block":{"attributes":{"disallowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.","description_kind":"plain"},"max_items":1},"allowlist_only":{"nesting_mode":"list","block":{"attributes":{"allowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of only allowing regions by explicitly adding them to an allowlist.","description_kind":"plain"},"max_items":1}},"description":"Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the DefaultSupportedIdpConfig resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The IdP's x509 certificate.","description_kind":"plain","optional":true}},"description":"The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","optional":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","optional":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_project_default_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource. Example: \"projects/my-awesome-project/config\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","optional":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","optional":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"google_identity_platform_tenant":{"version":0,"block":{"attributes":{"allow_password_signup":{"type":"bool","description":"Whether to allow email/password user authentication.","description_kind":"plain","optional":true},"disable_auth":{"type":"bool","description":"Whether authentication is disabled for the tenant. If true, the users under\nthe disabled tenant are not allowed to sign-in. Admins of the disabled tenant\nare not able to manage its users.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name of the tenant.","description_kind":"plain","required":true},"enable_email_link_signin":{"type":"bool","description":"Whether to enable email link user authentication.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the tenant that is generated by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the default supported IDP config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this DefaultSupportedIdpConfig resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this inbound SAML config resource exists","description_kind":"plain","required":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The x509 certificate","description_kind":"plain","optional":true}},"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","required":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","required":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this OIDC IDP configuration resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_connection":{"version":0,"block":{"attributes":{"connection_revision":{"type":"string","description":"Connection revision. This field is only updated when the connection is created or updated by User.","description_kind":"plain","computed":true},"connector_version":{"type":"string","description":"connectorVersion of the Connector.","description_kind":"plain","required":true},"connector_version_infra_config":{"type":["list",["object",{"ratelimit_threshold":"string"}]],"description":"This configuration provides infra configs like rate limit threshold which need to be configurable for every connector version.","description_kind":"plain","computed":true},"connector_version_launch_stage":{"type":"string","description":"Flag to mark the version indicating the launch stage.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An arbitrary description for the Conection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"eventing_enablement_type":{"type":"string","description":"Eventing enablement type. Will be nil if eventing is not enabled. Possible values: [\"EVENTING_AND_CONNECTION\", \"ONLY_EVENTING\"]","description_kind":"plain","optional":true},"eventing_runtime_data":{"type":["list",["object",{"events_listener_endpoint":"string","status":["list",["object",{"description":"string","state":"string"}]]}]],"description":"Eventing Runtime Data.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Connection needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Connection needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Service account needed for runtime plane to access Google Cloud resources.","description_kind":"plain","optional":true,"computed":true},"service_directory":{"type":"string","description":"The name of the Service Directory service name. Used for Private Harpoon to resolve the ILB address.\ne.g. \"projects/cloud-connectors-e2e-testing/locations/us-central1/namespaces/istio-system/services/istio-ingressgateway-connectors\"","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"description":"string","state":"string","status":"string"}]],"description":"Status of the Integration Connector.","description_kind":"plain","computed":true},"subscription_type":{"type":"string","description":"This subscription type enum states the subscription type of the project.","description_kind":"plain","computed":true},"suspended":{"type":"bool","description":"Suspended indicates if a user has suspended a connection or not.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\", \"OAUTH2_JWT_BEARER\", \"OAUTH2_CLIENT_CREDENTIALS\", \"SSH_PUBLIC_KEY\", \"OAUTH2_AUTH_CODE_FLOW\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"oauth2_auth_code_flow":{"nesting_mode":"list","block":{"attributes":{"auth_uri":{"type":"string","description":"Auth URL for Authorization Code Flow.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"Client ID for user-provided OAuth app.","description_kind":"plain","optional":true},"enable_pkce":{"type":"bool","description":"Whether to enable PKCE when the user performs the auth code flow.","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description":"Scopes the connection will request when the user performs the auth code flow.","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Client secret for user-provided OAuth app.","description_kind":"plain"},"max_items":1}},"description":"Parameters to support Oauth 2.0 Auth Code Grant Authentication.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"Secret version of Password for Authentication.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing the client secret.","description_kind":"plain"},"max_items":1}},"description":"OAuth3 Client Credentials for Authentication.","description_kind":"plain"},"max_items":1},"oauth2_jwt_bearer":{"nesting_mode":"list","block":{"block_types":{"client_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing a PKCS#8 PEM-encoded private key associated with the Client Certificate.\nThis private key will be used to sign JWTs used for the jwt-bearer authorization grant.\nSpecified in the form as: projects/*/secrets/*/versions/*.","description_kind":"plain"},"max_items":1},"jwt_claims":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Value for the \"aud\" claim.","description_kind":"plain","optional":true},"issuer":{"type":"string","description":"Value for the \"iss\" claim.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"Value for the \"sub\" claim.","description_kind":"plain","optional":true}},"description":"JwtClaims providers fields to generate the token.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 JWT Bearer for Authentication.","description_kind":"plain"},"max_items":1},"ssh_public_key":{"nesting_mode":"list","block":{"attributes":{"cert_type":{"type":"string","description":"Format of SSH Client cert.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The user account used to authenticate.","description_kind":"plain","required":true}},"block_types":{"ssh_client_cert":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"SSH Client Cert. It should contain both public and private key.","description_kind":"plain"},"max_items":1},"ssh_client_cert_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password (passphrase) for ssh client certificate if it has one.","description_kind":"plain"},"max_items":1}},"description":"SSH Public Key for Authentication.","description_kind":"plain"},"max_items":1},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","required":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"authConfig for the connection.","description_kind":"plain"},"max_items":1},"config_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"Config Variables for the connection.","description_kind":"plain"}},"destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The key is the destination identifier that is supported by the Connector.","description_kind":"plain","required":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"For publicly routable host.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port is the target port number that is accepted by the destination.","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"PSC service attachments. Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","optional":true}},"description":"The destinations for the key.","description_kind":"plain"}}},"description":"Define the Connectors target endpoint.","description_kind":"plain"}},"eventing_config":{"nesting_mode":"list","block":{"attributes":{"enrichment_enabled":{"type":"bool","description":"Enrichment Enabled.","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","optional":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"authConfig for Eventing Configuration.","description_kind":"plain"},"max_items":1},"registration_destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Key for the connection","description_kind":"plain","optional":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Host","description_kind":"plain","optional":true},"port":{"type":"number","description":"port number","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"Service Attachment","description_kind":"plain","optional":true}},"description":"destinations for the connection","description_kind":"plain"}}},"description":"registrationDestinationConfig","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Eventing Configuration of a connection","description_kind":"plain"},"max_items":1},"lock_config":{"nesting_mode":"list","block":{"attributes":{"locked":{"type":"bool","description":"Indicates whether or not the connection is locked.","description_kind":"plain","required":true},"reason":{"type":"string","description":"Describes why a connection is locked.","description_kind":"plain","optional":true}},"description":"Determines whether or no a connection is locked. If locked, a reason must be specified.","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enabled represents whether logging is enabled or not for a connection.","description_kind":"plain","required":true}},"description":"Log configuration for the connection.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true}},"description":"Node configuration for the connection.","description_kind":"plain"},"max_items":1},"ssl_config":{"nesting_mode":"list","block":{"attributes":{"client_cert_type":{"type":"string","description":"Type of Client Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"server_cert_type":{"type":"string","description":"Type of Server Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"trust_model":{"type":"string","description":"Enum for Trust Model Possible values: [\"PUBLIC\", \"PRIVATE\", \"INSECURE\"]","description_kind":"plain","optional":true},"type":{"type":"string","description":"Enum for controlling the SSL Type (TLS/MTLS) Possible values: [\"TLS\", \"MTLS\"]","description_kind":"plain","required":true},"use_ssl":{"type":"bool","description":"Bool for enabling SSL","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"Additional SSL related field values.","description_kind":"plain"}},"client_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Certificate","description_kind":"plain"},"max_items":1},"client_private_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Private Key","description_kind":"plain"},"max_items":1},"client_private_key_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret containing the passphrase protecting the Client Private Key","description_kind":"plain"},"max_items":1},"private_server_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Private Server Certificate. Needs to be specified if trust model is PRIVATE.","description_kind":"plain"},"max_items":1}},"description":"SSL Configuration of a connection","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_endpoint_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_global_access":{"type":"bool","description":"Enable global access for endpoint attachment.","description_kind":"plain","optional":true},"endpoint_ip":{"type":"string","description":"The Private Service Connect connection endpoint ip.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_attachment":{"type":"string","description":"The path of the service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_managed_zone":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the resource.","description_kind":"plain","optional":true},"dns":{"type":"string","description":"DNS Name of the resource.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of Managed Zone needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"target_project":{"type":"string","description":"The name of the Target Project.","description_kind":"plain","required":true},"target_vpc":{"type":"string","description":"The name of the Target Project VPC Network.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integrations_auth_config":{"version":0,"block":{"attributes":{"certificate_id":{"type":"string","description":"Certificate id for client certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp when the auth config is created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"creator_email":{"type":"string","description":"The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call.","description_kind":"plain","computed":true},"credential_type":{"type":"string","description":"Credential type of the encrypted credential.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the auth config.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of the auth config.","description_kind":"plain","required":true},"encrypted_credential":{"type":"string","description":"Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key.\n\nA base64-encoded string.","description_kind":"plain","computed":true},"expiry_notification_duration":{"type":["list","string"],"description":"User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modifier_email":{"type":"string","description":"The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location in which client needs to be provisioned.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the auth config.","description_kind":"plain","computed":true},"override_valid_time":{"type":"string","description":"User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reason":{"type":"string","description":"The reason / details of the current status.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The status of the auth config.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the auth config is modified.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_time":{"type":"string","description":"The time until the auth config is valid. Empty or max value is considered the auth config won't expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The visibility of the auth config. Possible values: [\"PRIVATE\", \"CLIENT_VISIBLE\"]","description_kind":"plain","optional":true}},"block_types":{"client_certificate":{"nesting_mode":"list","block":{"attributes":{"encrypted_private_key":{"type":"string","description":"The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.","description_kind":"plain","required":true},"passphrase":{"type":"string","description":"'passphrase' should be left unset if private key is not encrypted.\nNote that 'passphrase' is not the password for web server, but an extra layer of security to protected private key.","description_kind":"plain","optional":true},"ssl_certificate":{"type":"string","description":"The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.","description_kind":"plain","required":true}},"description":"Raw client certificate","description_kind":"plain"},"max_items":1},"decrypted_credential":{"nesting_mode":"list","block":{"attributes":{"credential_type":{"type":"string","description":"Credential type associated with auth configs.","description_kind":"plain","required":true}},"block_types":{"auth_token":{"nesting_mode":"list","block":{"attributes":{"token":{"type":"string","description":"The token for the auth type.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Authentication type, e.g. \"Basic\", \"Bearer\", etc.","description_kind":"plain","optional":true}},"description":"Auth token credential.","description_kind":"plain"},"max_items":1},"jwt":{"nesting_mode":"list","block":{"attributes":{"jwt":{"type":"string","description":"The token calculated by the header, payload and signature.","description_kind":"plain","computed":true},"jwt_header":{"type":"string","description":"Identifies which algorithm is used to generate the signature.","description_kind":"plain","optional":true},"jwt_payload":{"type":"string","description":"Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"User's pre-shared secret to sign the token.","description_kind":"plain","optional":true}},"description":"JWT credential.","description_kind":"plain"},"max_items":1},"oauth2_authorization_code":{"nesting_mode":"list","block":{"attributes":{"auth_endpoint":{"type":"string","description":"The auth url endpoint to send the auth code request to.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The client's id.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The client's secret.","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"token_endpoint":{"type":"string","description":"The token url endpoint to send the token request to.","description_kind":"plain","optional":true}},"description":"OAuth2 authorization code credential.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client's ID.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The client's secret.","description_kind":"plain","optional":true},"request_type":{"type":"string","description":"Represent how to pass parameters to fetch access token Possible values: [\"REQUEST_TYPE_UNSPECIFIED\", \"REQUEST_BODY\", \"QUERY_PARAMETERS\", \"ENCODED_HEADER\"]","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"token_endpoint":{"type":"string","description":"The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.","description_kind":"plain","optional":true}},"block_types":{"token_params":{"nesting_mode":"list","block":{"block_types":{"entries":{"nesting_mode":"list","block":{"block_types":{"key":{"nesting_mode":"list","block":{"block_types":{"literal_value":{"nesting_mode":"list","block":{"attributes":{"string_value":{"type":"string","description":"String.","description_kind":"plain","optional":true}},"description":"Passing a literal value","description_kind":"plain"},"max_items":1}},"description":"Key of the map entry.","description_kind":"plain"},"max_items":1},"value":{"nesting_mode":"list","block":{"block_types":{"literal_value":{"nesting_mode":"list","block":{"attributes":{"string_value":{"type":"string","description":"String.","description_kind":"plain","optional":true}},"description":"Passing a literal value","description_kind":"plain"},"max_items":1}},"description":"Value of the map entry.","description_kind":"plain"},"max_items":1}},"description":"A list of parameter map entries.","description_kind":"plain"}}},"description":"Token parameters for the auth request.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 client credentials.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The service account email to be used as the identity for the token.","description_kind":"plain","optional":true},"token":{"type":"string","description":"ID token obtained for the service account.","description_kind":"plain","computed":true},"token_expire_time":{"type":"string","description":"The approximate time until the token retrieved is valid.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description":"Google OIDC ID Token.","description_kind":"plain"},"max_items":1},"service_account_credentials":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Name of the service account that has the permission to make the request.","description_kind":"plain","optional":true}},"description":"Service account credential.","description_kind":"plain"},"max_items":1},"username_and_password":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password to be used.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username to be used.","description_kind":"plain","optional":true}},"description":"Username and password credential.","description_kind":"plain"},"max_items":1}},"description":"Raw auth credentials.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integrations_client":{"version":0,"block":{"attributes":{"create_sample_integrations":{"type":"bool","description":"Indicates if sample integrations should be created along with provisioning.","description_kind":"plain","optional":true},"create_sample_workflows":{"type":"bool","description":"Indicates if sample workflow should be created along with provisioning.","description_kind":"plain","deprecated":true,"optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location in which client needs to be provisioned.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provision_gmek":{"type":"bool","description":"Indicates provision with GMEK or CMEK.","description_kind":"plain","deprecated":true,"optional":true},"run_as_service_account":{"type":"string","description":"User input run-as service account, if empty, will bring up a new default service account.","description_kind":"plain","optional":true}},"block_types":{"cloud_kms_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud KMS key is a named object containing one or more key versions, along\nwith metadata for the key. A key exists on exactly one key ring tied to a\nspecific location.","description_kind":"plain","required":true},"key_version":{"type":"string","description":"Each version of a key contains key material used for encryption or signing.\nA key's version is represented by an integer, starting at 1. To decrypt data\nor verify a signature, you must use the same key version that was used to\nencrypt or sign the data.","description_kind":"plain","optional":true},"kms_location":{"type":"string","description":"Location name of the key ring, e.g. \"us-west1\".","description_kind":"plain","required":true},"kms_project_id":{"type":"string","description":"The Google Cloud project id of the project where the kms key stored. If empty,\nthe kms key is stored at the same project as customer's project and ecrypted\nwith CMEK, otherwise, the kms key is stored in the tenant project and\nencrypted with GMEK.","description_kind":"plain","optional":true},"kms_ring":{"type":"string","description":"A key ring organizes keys in a specific Google Cloud location and allows you to\nmanage access control on groups of keys. A key ring's name does not need to be\nunique across a Google Cloud project, but must be unique within a given location.","description_kind":"plain","required":true}},"description":"Cloud KMS config for AuthModule to encrypt/decrypt credentials.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"crypto_key_backend":{"type":"string","description":"The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.\nThe resource name is in the format \"projects/*/locations/*/ekmConnections/*\" and only applies to \"EXTERNAL_VPC\" keys.","description_kind":"plain","optional":true,"computed":true},"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 30 days.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","optional":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion\nor 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_template":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use when creating a version based on this template.\nSee the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.","description_kind":"plain","required":true},"protection_level":{"type":"string","description":"The protection level to use when creating a version based on this template. Possible values include \"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\". Defaults to \"SOFTWARE\".","description_kind":"plain","optional":true}},"description":"A template describing settings for new crypto key versions.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_binding":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_member":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.","description_kind":"plain","computed":true},"attestation":{"type":["list",["object",{"cert_chains":["list",["object",{"cavium_certs":["list","string"],"google_card_certs":["list","string"],"google_partition_certs":["list","string"]}]],"content":"string","external_protection_level_options":["list",["object",{"ekm_connection_key_path":"string","external_key_uri":"string"}]],"format":"string"}]],"description":"Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly provided for key versions with protectionLevel HSM.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The name of the cryptoKey associated with the CryptoKeyVersions.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"generate_time":{"type":"string","description":"The time this CryptoKeyVersion key material was generated","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name for this CryptoKeyVersion.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the CryptoKeyVersion. Possible values: [\"PENDING_GENERATION\", \"ENABLED\", \"DISABLED\", \"DESTROYED\", \"DESTROY_SCHEDULED\", \"PENDING_IMPORT\", \"IMPORT_FAILED\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"external_protection_level_options":{"nesting_mode":"list","block":{"attributes":{"ekm_connection_key_path":{"type":"string","description":"The path to the external key material on the EKM when using EkmConnection e.g., \"v0/my/key\". Set this field instead of externalKeyUri when using an EkmConnection.","description_kind":"plain","optional":true},"external_key_uri":{"type":"string","description":"The URI for an external resource that this CryptoKeyVersion represents.","description_kind":"plain","optional":true}},"description":"ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_ekm_connection":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which the EkmConnection was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"crypto_space_path":{"type":"string","description":"Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.","description_kind":"plain","optional":true,"computed":true},"etag":{"type":"string","description":"Optional. Etag of the currently stored EkmConnection.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_management_mode":{"type":"string","description":"Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default value: \"MANUAL\" Possible values: [\"MANUAL\", \"CLOUD_KMS\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the EkmConnection.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the EkmConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"service_resolvers":{"nesting_mode":"list","block":{"attributes":{"endpoint_filter":{"type":"string","description":"Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"Required. The hostname of the EKM replica used at TLS and HTTP layers.","description_kind":"plain","required":true},"service_directory_service":{"type":"string","description":"Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/*","description_kind":"plain","required":true}},"block_types":{"server_certificates":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true.","description_kind":"plain","computed":true},"not_after_time":{"type":"string","description":"Output only. The certificate is not valid after this time. Only present if parsed is true.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"not_before_time":{"type":"string","description":"Output only. The certificate is not valid before this time. Only present if parsed is true.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"parsed":{"type":"bool","description":"Output only. True if the certificate was parsed successfully.","description_kind":"plain","computed":true},"raw_der":{"type":"string","description":"Required. The raw certificate bytes in DER format. A base64-encoded string.","description_kind":"plain","required":true},"serial_number":{"type":"string","description":"Output only. The certificate serial number as a hex string. Only present if parsed is true.","description_kind":"plain","computed":true},"sha256_fingerprint":{"type":"string","description":"Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.","description_kind":"plain","computed":true},"subject":{"type":"string","description":"Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true.","description_kind":"plain","computed":true},"subject_alternative_dns_names":{"type":["list","string"],"description":"Output only. The subject Alternative DNS names. Only present if parsed is true.","description_kind":"plain","optional":true,"computed":true}},"description":"Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.","description_kind":"plain"},"min_items":1}},"description":"A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_key_ring_import_job":{"version":0,"block":{"attributes":{"attestation":{"type":["list",["object",{"content":"string","format":"string"}]],"description":"Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.\nUse this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly present if the chosen ImportMethod is one with a protection level of HSM.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"The time at which this resource is scheduled for expiration and can no longer be used.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_job_id":{"type":"string","description":"It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}","description_kind":"plain","required":true},"import_method":{"type":"string","description":"The wrapping method to be used for incoming key material. Possible values: [\"RSA_OAEP_3072_SHA1_AES_256\", \"RSA_OAEP_4096_SHA1_AES_256\"]","description_kind":"plain","required":true},"key_ring":{"type":"string","description":"The KeyRing that this import job belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The protection level of the ImportJob. This must match the protectionLevel of the\nversionTemplate on the CryptoKey you attempt to import into. Possible values: [\"SOFTWARE\", \"HSM\", \"EXTERNAL\"]","description_kind":"plain","required":true},"public_key":{"type":["list",["object",{"pem":"string"}]],"description":"The public key with which to wrap key material prior to import. Only returned if state is 'ACTIVE'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the ImportJob, indicating if it can be used.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description":"The additional authenticated data used for integrity checks during encryption and decryption.","description_kind":"plain","optional":true,"sensitive":true},"ciphertext":{"type":"string","description":"Contains the result of encrypting the provided plaintext, encoded in base64.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The full name of the CryptoKey that will be used to encrypt the provided plaintext.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description":"The plaintext to be encrypted.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_billing_account_bucket_config":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_billing_account_exclusion":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_billing_account_sink":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The billing account exported to the sink.","description_kind":"plain","required":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_folder_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The folder to be exported to the sink. Note that either [FOLDER_ID] or \"folders/[FOLDER_ID]\" is accepted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included.","description_kind":"plain","optional":true},"intercept_children":{"type":"bool","description":"Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except _Required sinks. This sink will be visible to child resources when listing sinks.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_linked_dataset":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket to which the linked dataset is attached.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\"\nand \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this link. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"Output only. The linked dataset lifecycle state.","description_kind":"plain","computed":true},"link_id":{"type":"string","description":"The id of the linked dataset.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the linked dataset.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the linked dataset. The name can have up to 100 characters. A valid link id\n(at the end of the link name) must only have alphanumeric characters and underscores within it.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the linked dataset.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID\nof the link, so the link must match the naming restrictions of BigQuery datasets\n(alphanumeric characters and underscores only). The dataset will have a resource path of\n\"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]\"","description_kind":"plain","computed":true}},"description":"The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along\nwith it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery\nViews corresponding to the LogViews in the bucket.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket of the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the view.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this view.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the view. For example: \\'projects/my-project/locations/global/buckets/my-bucket/views/my-view\\'","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of the view.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_log_view_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_log_view_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_metric":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects\nare supported. The bucket has to be in the same project as the metric.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this metric, which is used in documentation. The maximum length of the\ndescription is 8000 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this metric is disabled and it does not generate any points.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which\nis used to match log entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key string to an extractor expression which is used to extract data from a log\nentry field and assign as the label value. Each label key specified in the LabelDescriptor must\nhave an associated extractor expression in this map. The syntax of the extractor expression is\nthe same as for the valueExtractor field.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The client-assigned metric identifier. Examples - \"error_count\", \"nginx/requests\".\nMetric identifiers are limited to 100 characters and can include only the following\ncharacters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash\ncharacter (/) denotes a hierarchy of name pieces, and it cannot be the first character\nof the name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"value_extractor":{"type":"string","description":"A valueExtractor is required when using a distribution logs-based metric to extract the values to\nrecord from a log entry. Two functions are supported for value extraction - EXTRACT(field) or\nREGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which\nthe value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax\n(https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified\nlog entry field. The value of the field is converted to a string before applying the regex. It is an\nerror to specify a regex that does not include exactly one capture group.","description_kind":"plain","optional":true}},"block_types":{"bucket_options":{"nesting_mode":"list","block":{"block_types":{"explicit_buckets":{"nesting_mode":"list","block":{"attributes":{"bounds":{"type":["list","number"],"description":"The values must be monotonically increasing.","description_kind":"plain","required":true}},"description":"Specifies a set of buckets with arbitrary widths.","description_kind":"plain"},"max_items":1},"exponential_buckets":{"nesting_mode":"list","block":{"attributes":{"growth_factor":{"type":"number","description":"Must be greater than 1.","description_kind":"plain","required":true},"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"scale":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies an exponential sequence of buckets that have a width that is proportional to the value of\nthe lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.","description_kind":"plain"},"max_items":1},"linear_buckets":{"nesting_mode":"list","block":{"attributes":{"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"offset":{"type":"number","description":"Lower bound of the first bucket.","description_kind":"plain","required":true},"width":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies a linear sequence of buckets that all have the same width (except overflow and underflow).\nEach bucket represents a constant absolute uncertainty on the specific value in the bucket.","description_kind":"plain"},"max_items":1}},"description":"The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it\ndescribes the bucket boundaries used to create a histogram of the extracted values.","description_kind":"plain"},"max_items":1},"metric_descriptor":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case\nwithout an ending period, for example \"Request count\". This field is optional but it is\nrecommended to be set for any metrics associated with user-visible concepts, such as Quota.","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to DELTA. Possible values: [\"DELTA\", \"GAUGE\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"unit":{"type":"string","description":"The unit in which the metric value is reported. It is only applicable if the valueType is\n'INT64', 'DOUBLE', or 'DISTRIBUTION'. The supported units are a subset of\n[The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to INT64. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\", \"MONEY\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The label key.","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"BOOL\", \"INT64\", \"STRING\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. For\nexample, the appengine.googleapis.com/http/server/response_latencies metric type has a label\nfor the HTTP response code, response_code, so you can look at latencies for successful responses\nor just for responses that failed.","description_kind":"plain"}}},"description":"The optional metric descriptor associated with the logs-based metric.\nIf unspecified, it uses a default metric descriptor with a DELTA metric kind,\nINT64 value type, with no labels and a unit of \"1\". Such a metric counts the\nnumber of log entries matching the filter expression.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_organization_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve or configure settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.","description_kind":"plain","optional":true},"intercept_children":{"type":"bool","description":"Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except _Required sinks. This sink will be visible to child resources when listing sinks.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization to be exported to the sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_project_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"enable_analytics":{"type":"bool","description":"Enable log analytics for the bucket. Cannot be disabled once enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"locked":{"type":"bool","description":"Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"project":{"type":"string","description":"The parent project that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_project_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_logging_project_sink":{"version":0,"block":{"attributes":{"custom_writer_identity":{"type":"string","description":"A service account provided by the caller that will be used to write the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are routing logs to a destination outside this sink's project. If not specified, a Logging service account will automatically be generated.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project to create the sink in. If omitted, the project associated with the provider is used.","description_kind":"plain","optional":true,"computed":true},"unique_writer_identity":{"type":"bool","description":"Whether or not to create a unique identity associated with this sink. If false (the legacy behavior), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (default), then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.","description_kind":"plain","optional":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_looker_instance":{"version":0,"block":{"attributes":{"consumer_network":{"type":"string","description":"Network name in the consumer project in the format of: projects/{project}/global/networks/{network}\nNote that the consumer network may be in a different GCP project than the consumer\nproject that is hosting the Looker Instance.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"egress_public_ip":{"type":"string","description":"Public Egress IP (IPv4).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_private_ip":{"type":"string","description":"Private Ingress IP (IPv4).","description_kind":"plain","computed":true},"ingress_public_ip":{"type":"string","description":"Public Ingress IP (IPv4).","description_kind":"plain","computed":true},"looker_uri":{"type":"string","description":"Looker instance URI which can be used to access the Looker Instance UI.","description_kind":"plain","computed":true},"looker_version":{"type":"string","description":"The Looker version that the instance is using.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"platform_edition":{"type":"string","description":"Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values:\n- LOOKER_CORE_TRIAL: trial instance (Currently Unavailable)\n- LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable)\n- LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance\n- LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance\n- LOOKER_CORE_EMBED_ANNUAL: subscription embed instance Default value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\"]","description_kind":"plain","optional":true},"private_ip_enabled":{"type":"bool","description":"Whether private IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_ip_enabled":{"type":"bool","description":"Whether public IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the Looker region of the instance.","description_kind":"plain","optional":true,"computed":true},"reserved_range":{"type":"string","description":"Name of a reserved IP address range within the consumer network, to be used for\nprivate service access connection. User may or may not specify this in a request.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time the instance was updated in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true}},"block_types":{"admin_settings":{"nesting_mode":"list","block":{"attributes":{"allowed_email_domains":{"type":["list","string"],"description":"Email domain allowlist for the instance.\n\nDefine the email domains to which your users can deliver Looker (Google Cloud core) content.\nUpdating this list will restart the instance. Updating the allowed email domains from terraform\nmeans the value provided will be considered as the entire list and not an amendment to the\nexisting list of allowed email domains.","description_kind":"plain","optional":true}},"description":"Looker instance Admin settings.","description_kind":"plain"},"max_items":1},"custom_domain":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name","description_kind":"plain","optional":true},"state":{"type":"string","description":"Status of the custom domain.","description_kind":"plain","computed":true}},"description":"Custom domain settings for a Looker instance.","description_kind":"plain"},"max_items":1},"deny_maintenance_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance denial period for this instance.\n\nYou must allow at least 14 days of maintenance availability\nbetween any two deny maintenance periods.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Name of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","optional":true},"kms_key_name_version":{"type":"string","description":"Full name and version of the CMEK key currently in use to encrypt Looker data.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Status of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","computed":true}},"description":"Looker instance encryption settings.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"Required. Day of the week for this MaintenanceWindow (in UTC).\n\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance window for an instance.\n\nMaintenance of your instance takes place once a month, and will require\nyour instance to be restarted during updates, which will temporarily\ndisrupt service.","description_kind":"plain"},"max_items":1},"oauth_config":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID for the Oauth config.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for the Oauth config.","description_kind":"plain","required":true}},"description":"Looker Instance OAuth login settings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"user_metadata":{"nesting_mode":"list","block":{"attributes":{"additional_developer_user_count":{"type":"number","description":"Number of additional Developer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_standard_user_count":{"type":"number","description":"Number of additional Standard Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_viewer_user_count":{"type":"number","description":"Number of additional Viewer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true}},"description":"Metadata about users for a Looker instance.\n\nThese settings are only available when platform edition LOOKER_CORE_STANDARD is set.\n\nThere are ten Standard and two Developer users included in the cost of the product.\nYou can allocate additional Standard, Viewer, and Developer users for this instance.\nIt is an optional step and can be modified later.\n\nWith the Standard edition of Looker (Google Cloud core), you can provision up to 50\ntotal users, distributed across Viewer, Standard, and Developer.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_memcache_instance":{"version":0,"block":{"attributes":{"authorized_network":{"type":"string","description":"The full name of the GCE network to connect the instance to. If not provided,\n'default' will be used.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"discovery_endpoint":{"type":"string","description":"Endpoint for Discovery API","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-visible name for the instance.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Output only. Published maintenance schedule.","description_kind":"plain","computed":true},"memcache_full_version":{"type":"string","description":"The full version of memcached server running on this instance.","description_kind":"plain","computed":true},"memcache_nodes":{"type":["list",["object",{"host":"string","node_id":"string","port":"number","state":"string","zone":"string"}]],"description":"Additional information about the instance state, if available.","description_kind":"plain","computed":true},"memcache_version":{"type":"string","description":"The major version of Memcached software. If not provided, latest supported version will be used.\nCurrently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically\ndetermined by our system based on the latest supported minor version. Default value: \"MEMCACHE_1_5\" Possible values: [\"MEMCACHE_1_5\", \"MEMCACHE_1_6_15\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"Number of nodes in the memcache instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Memcache instance. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range_id":{"type":["list","string"],"description":"Contains the name of allocated IP address ranges associated with\nthe private service access connection for example, \"test-default\"\nassociated with IP range 10.0.0.0/29.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zones":{"type":["set","string"],"description":"Zones where memcache nodes should be provisioned. If not\nprovided, all zones will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Required. The length of the maintenance window, ranging from 3 hours to 8 hours.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number of weekly_maintenance_windows\nis expected to be one.","description_kind":"plain"},"min_items":1}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"memcache_parameters":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"This is a unique ID associated with this set of parameters.","description_kind":"plain","computed":true},"params":{"type":["map","string"],"description":"User-defined set of parameters to use in the memcache process.","description_kind":"plain","optional":true}},"description":"User-specified parameters for this memcache instance.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"Number of CPUs per node.","description_kind":"plain","required":true},"memory_size_mb":{"type":"number","description":"Memory size in Mebibytes for each memcache node.","description_kind":"plain","required":true}},"description":"Configuration for memcache nodes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The description of the group.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group_id":{"type":"string","description":"Required. User specified ID for the group. It will become the last component of the group name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression: '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the group.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the group.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the group was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_preference_set":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the preference set was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the preference set.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-friendly display name. Maximum length is 63 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the preference set.","description_kind":"plain","computed":true},"preference_set_id":{"type":"string","description":"Required. User specified ID for the preference set. It will become the last component of the preference set name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the preference set was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. Possible values: 'COMMITMENT_PLAN_UNSPECIFIED', 'COMMITMENT_PLAN_NONE', 'COMMITMENT_PLAN_ONE_YEAR', 'COMMITMENT_PLAN_THREE_YEARS'","description_kind":"plain","optional":true},"sizing_optimization_strategy":{"type":"string","description":"Sizing optimization strategy specifies the preferred strategy used when extrapolating usage data to calculate insights and recommendations for a virtual machine. If you are unsure which value to set, a moderate sizing optimization strategy is often a good value to start with. Possible values: 'SIZING_OPTIMIZATION_STRATEGY_UNSPECIFIED', 'SIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE', 'SIZING_OPTIMIZATION_STRATEGY_MODERATE', 'SIZING_OPTIMIZATION_STRATEGY_AGGRESSIVE'","description_kind":"plain","optional":true},"target_product":{"type":"string","description":"Target product for assets using this preference set. Specify either target product or business goal, but not both. Possible values: 'COMPUTE_MIGRATION_TARGET_PRODUCT_UNSPECIFIED', 'COMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE', 'COMPUTE_MIGRATION_TARGET_PRODUCT_VMWARE_ENGINE', 'COMPUTE_MIGRATION_TARGET_PRODUCT_SOLE_TENANCY'","description_kind":"plain","optional":true}},"block_types":{"compute_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"license_type":{"type":"string","description":"License type to consider when calculating costs for virtual machine insights and recommendations. If unspecified, costs are calculated based on the default licensing plan. Possible values: 'LICENSE_TYPE_UNSPECIFIED', 'LICENSE_TYPE_DEFAULT', 'LICENSE_TYPE_BRING_YOUR_OWN_LICENSE'","description_kind":"plain","optional":true}},"block_types":{"machine_preferences":{"nesting_mode":"list","block":{"block_types":{"allowed_machine_series":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"string","description":"Code to identify a Compute Engine machine series. Consult https://cloud.google.com/compute/docs/machine-resource#machine_type_comparison for more details on the available series.","description_kind":"plain","optional":true}},"description":"Compute Engine machine series to consider for insights and recommendations. If empty, no restriction is applied on the machine series.","description_kind":"plain"}}},"description":"The type of machines to consider when calculating virtual machine migration insights and recommendations. Not all machine types are available in all zones and regions.","description_kind":"plain"},"max_items":1}},"description":"The user preferences relating to Compute Engine target platform.","description_kind":"plain"},"max_items":1},"region_preferences":{"nesting_mode":"list","block":{"attributes":{"preferred_regions":{"type":["list","string"],"description":"A list of preferred regions, ordered by the most preferred region first. Set only valid Google Cloud region names. See https://cloud.google.com/compute/docs/regions-zones for available regions.","description_kind":"plain","optional":true}},"description":"The user preferences relating to target regions.","description_kind":"plain"},"max_items":1},"sole_tenancy_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. Possible values: 'COMMITMENT_PLAN_UNSPECIFIED', 'ON_DEMAND', 'COMMITMENT_1_YEAR', 'COMMITMENT_3_YEAR'","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 2.0 inclusive.","description_kind":"plain","optional":true},"host_maintenance_policy":{"type":"string","description":"Sole Tenancy nodes maintenance policy. Possible values: 'HOST_MAINTENANCE_POLICY_UNSPECIFIED', 'HOST_MAINTENANCE_POLICY_DEFAULT', 'HOST_MAINTENANCE_POLICY_RESTART_IN_PLACE', 'HOST_MAINTENANCE_POLICY_MIGRATE_WITHIN_NODE_GROUP'","description_kind":"plain","optional":true}},"block_types":{"node_types":{"nesting_mode":"list","block":{"attributes":{"node_name":{"type":"string","description":"Name of the Sole Tenant node. Consult https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes","description_kind":"plain","optional":true}},"description":"A list of sole tenant node types. An empty list means that all possible node types will be considered.","description_kind":"plain"}}},"description":"Preferences concerning Sole Tenancy nodes and VMs.","description_kind":"plain"},"max_items":1},"vmware_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. Possible values: 'COMMITMENT_PLAN_UNSPECIFIED', 'ON_DEMAND', 'COMMITMENT_1_YEAR_MONTHLY_PAYMENTS', 'COMMITMENT_3_YEAR_MONTHLY_PAYMENTS', 'COMMITMENT_1_YEAR_UPFRONT_PAYMENT', 'COMMITMENT_3_YEAR_UPFRONT_PAYMENT',","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 8.0, with 0.1 increment.","description_kind":"plain","optional":true},"memory_overcommit_ratio":{"type":"number","description":"Memory overcommit ratio. Acceptable values are 1.0, 1.25, 1.5, 1.75 and 2.0.","description_kind":"plain","optional":true},"storage_deduplication_compression_ratio":{"type":"number","description":"The Deduplication and Compression ratio is based on the logical (Used Before) space required to store data before applying deduplication and compression, in relation to the physical (Used After) space required after applying deduplication and compression. Specifically, the ratio is the Used Before space divided by the Used After space. For example, if the Used Before space is 3 GB, but the physical Used After space is 1 GB, the deduplication and compression ratio is 3x. Acceptable values are between 1.0 and 4.0.","description_kind":"plain","optional":true}},"description":"The user preferences relating to Google Cloud VMware Engine target platform.","description_kind":"plain"},"max_items":1}},"description":"VirtualMachinePreferences enables you to create sets of assumptions, for example, a geographical location and pricing track, for your migrated virtual machines. The set of preferences influence recommendations for migrating virtual machine assets.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_ml_engine_model":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"The description specified for the model when it was created.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"One or more labels that you can add, to organize your models.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the model.","description_kind":"plain","required":true},"online_prediction_console_logging":{"type":"bool","description":"If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging","description_kind":"plain","optional":true},"online_prediction_logging":{"type":"bool","description":"If true, online prediction access logs are sent to StackDriver Logging.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"regions":{"type":["list","string"],"description":"The list of regions where the model is going to be deployed.\nCurrently only one region per model is supported","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"default_version":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name specified for the version when it was created.","description_kind":"plain","required":true}},"description":"The default version of the model. This version will be used to handle\nprediction requests that do not specify a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_alert_policy":{"version":0,"block":{"attributes":{"combiner":{"type":"string","description":"How to combine the results of multiple conditions to\ndetermine if an incident should be opened. Possible values: [\"AND\", \"OR\", \"AND_WITH_MATCHING_RESOURCE\"]","description_kind":"plain","required":true},"creation_record":{"type":["list",["object",{"mutate_time":"string","mutated_by":"string"}]],"description":"A read-only record of the creation of the alerting policy.\nIf provided in a call to create or update, this field will\nbe ignored.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A short name or phrase used to identify the policy in\ndashboards, notifications, and incidents. To avoid confusion, don't use\nthe same display name for multiple policies in the same project. The\nname is limited to 512 Unicode characters.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether or not the policy is enabled. The default is true.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique resource name for this policy.\nIts syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]","description_kind":"plain","computed":true},"notification_channels":{"type":["list","string"],"description":"Identifies the notification channels to which notifications should be\nsent when incidents are opened or closed or when new violations occur\non an already opened incident. Each element of this array corresponds\nto the name field in each of the NotificationChannel objects that are\nreturned from the notificationChannels.list method. The syntax of the\nentries in this field is\n'projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The severity of an alert policy indicates how important incidents generated\nby that policy are. The severity level will be displayed on the Incident\ndetail page and in notifications. Possible values: [\"CRITICAL\", \"ERROR\", \"WARNING\"]","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"alert_strategy":{"nesting_mode":"list","block":{"attributes":{"auto_close":{"type":"string","description":"If an alert policy that was active has no data for this long, any open incidents will close.","description_kind":"plain","optional":true}},"block_types":{"notification_channel_strategy":{"nesting_mode":"list","block":{"attributes":{"notification_channel_names":{"type":["list","string"],"description":"The notification channels that these settings apply to. Each of these\ncorrespond to the name field in one of the NotificationChannel objects\nreferenced in the notification_channels field of this AlertPolicy. The format is\n'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"renotify_interval":{"type":"string","description":"The frequency at which to send reminder notifications for open incidents.","description_kind":"plain","optional":true}},"description":"Control over how the notification channels in 'notification_channels'\nare notified when this alert fires, on a per-channel basis.","description_kind":"plain"}},"notification_rate_limit":{"nesting_mode":"list","block":{"attributes":{"period":{"type":"string","description":"Not more than one notification per period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"60.5s\".","description_kind":"plain","optional":true}},"description":"Required for alert policies with a LogMatch condition.\nThis limit is not implemented for alert policies that are not log-based.","description_kind":"plain"},"max_items":1}},"description":"Control over how this alert policy's notification channels are notified.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short name or phrase used to identify the\ncondition in dashboards, notifications, and\nincidents. To avoid confusion, don't use the same\ndisplay name for multiple conditions in the same\npolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique resource name for this condition.\nIts syntax is:\nprojects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID]\n[CONDITION_ID] is assigned by Stackdriver Monitoring when\nthe condition is created as part of a new or updated alerting\npolicy.","description_kind":"plain","computed":true}},"block_types":{"condition_absent":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nfail to report new data to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g. 60s, 120s, or 300s\n--are supported.","description_kind":"plain","required":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.","description_kind":"plain"}},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations.","description_kind":"plain"},"max_items":1}},"description":"A condition that checks that a time series\ncontinues to receive new data points.","description_kind":"plain"},"max_items":1},"condition_matched_log":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A logs-based filter.","description_kind":"plain","required":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key to an extractor expression, which is used to\nextract the value for this label key. Each entry in this map is\na specification for how data should be extracted from log entries that\nmatch filter. Each combination of extracted values is treated as\na separate rule for the purposes of triggering notifications.\nLabel keys and corresponding values can be used in notifications\ngenerated by this condition.","description_kind":"plain","optional":true}},"description":"A condition that checks for log messages matching given constraints.\nIf set, no other conditions can be present.","description_kind":"plain"},"max_items":1},"condition_monitoring_query_language":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"Monitoring Query Language query that outputs a boolean stream.","description_kind":"plain","required":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A Monitoring Query Language query that outputs a boolean stream","description_kind":"plain"},"max_items":1},"condition_prometheus_query_language":{"nesting_mode":"list","block":{"attributes":{"alert_rule":{"type":"string","description":"The alerting rule name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Alerts are considered firing once their PromQL expression evaluated\nto be \"true\" for this long. Alerts whose PromQL expression was not\nevaluated to be \"true\" for long enough are considered pending. The\ndefault value is zero. Must be zero or positive.","description_kind":"plain","optional":true},"evaluation_interval":{"type":"string","description":"How often this rule should be evaluated. Must be a positive multiple\nof 30 seconds or missing. The default value is 30 seconds. If this\nPrometheusQueryLanguageCondition was generated from a Prometheus\nalerting rule, then this value should be taken from the enclosing\nrule group.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to add to or overwrite in the PromQL query result. Label names\nmust be valid.\n\nLabel values can be templatized by using variables. The only available\nvariable names are the names of the labels in the PromQL result, including\n\"__name__\" and \"value\". \"labels\" may be empty. This field is intended to be\nused for organizing and identifying the AlertPolicy","description_kind":"plain","optional":true},"query":{"type":"string","description":"The PromQL expression to evaluate. Every evaluation cycle this\nexpression is evaluated at the current time, and all resultant time\nseries become pending/firing alerts. This field must not be empty.","description_kind":"plain","required":true},"rule_group":{"type":"string","description":"The rule group name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future. This field is optional.","description_kind":"plain","optional":true}},"description":"A condition type that allows alert policies to be defined using\nPrometheus Query Language (PromQL).\n\nThe PrometheusQueryLanguageCondition message contains information\nfrom a Prometheus alerting rule and its associated rule group.","description_kind":"plain"},"max_items":1},"condition_threshold":{"nesting_mode":"list","block":{"attributes":{"comparison":{"type":"string","description":"The comparison to apply between the time\nseries (indicated by filter and aggregation)\nand the threshold (indicated by\nthreshold_value). The comparison is applied\non each time series, with the time series on\nthe left-hand side and the threshold on the\nright-hand side. Only COMPARISON_LT and\nCOMPARISON_GT are supported currently. Possible values: [\"COMPARISON_GT\", \"COMPARISON_GE\", \"COMPARISON_LT\", \"COMPARISON_LE\", \"COMPARISON_EQ\", \"COMPARISON_NE\"]","description_kind":"plain","required":true},"denominator_filter":{"type":"string","description":"A filter that identifies a time series that\nshould be used as the denominator of a ratio\nthat will be compared with the threshold. If\na denominator_filter is specified, the time\nseries specified by the filter field will be\nused as the numerator.The filter is similar\nto the one that is specified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"threshold_value":{"type":"number","description":"A value against which to compare the time\nseries.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.This field is similar to the\none in the MetricService.ListTimeSeries\nrequest. It is advisable to use the\nListTimeSeries method when debugging this\nfield.","description_kind":"plain"}},"denominator_aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series selected by\ndenominatorFilter as well as how to combine\nthe retrieved time series together (such as\nwhen aggregating multiple streams on each\nresource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).When\ncomputing ratios, the aggregations and\ndenominator_aggregations fields must use the\nsame alignment period and produce time\nseries that have the same periodicity and\nlabels.This field is similar to the one in\nthe MetricService.ListTimeSeries request. It\nis advisable to use the ListTimeSeries\nmethod when debugging this field.","description_kind":"plain"}},"forecast_options":{"nesting_mode":"list","block":{"attributes":{"forecast_horizon":{"type":"string","description":"The length of time into the future to forecast\nwhether a timeseries will violate the threshold.\nIf the predicted value is found to violate the\nthreshold, and the violation is observed in all\nforecasts made for the Configured 'duration',\nthen the timeseries is considered to be failing.","description_kind":"plain","required":true}},"description":"When this field is present, the 'MetricThreshold'\ncondition forecasts whether the time series is\npredicted to violate the threshold within the\n'forecastHorizon'. When this field is not set, the\n'MetricThreshold' tests the current value of the\ntimeseries against the threshold.","description_kind":"plain"},"max_items":1},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A condition that compares a time series against a\nthreshold.","description_kind":"plain"},"max_items":1}},"description":"A list of conditions for the policy. The conditions are combined by\nAND or OR according to the combiner field. If the combined conditions\nevaluate to true, then an incident is created. A policy can have from\none to six conditions.","description_kind":"plain"},"min_items":1},"documentation":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The text of the documentation, interpreted according to mimeType.\nThe content may not exceed 8,192 Unicode characters and may not\nexceed more than 10,240 bytes when encoded in UTF-8 format,\nwhichever is smaller.","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"The format of the content field. Presently, only the value\n\"text/markdown\" is supported.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"The subject line of the notification. The subject line may not\nexceed 10,240 bytes. In notifications generated by this policy the contents\nof the subject line after variable expansion will be truncated to 255 bytes\nor shorter at the latest UTF-8 character boundary.","description_kind":"plain","optional":true}},"block_types":{"links":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short display name for the link. The display name must not be empty or exceed 63 characters. Example: \"playbook\".","description_kind":"plain","optional":true},"url":{"type":"string","description":"The url of a webpage. A url can be templatized by using variables in the path or the query parameters. The total length of a URL should not exceed 2083 characters before and after variable expansion. Example: \"https://my_domain.com/playbook?name=${resource.name}\".","description_kind":"plain","optional":true}},"description":"Links to content such as playbooks, repositories, and other resources. This field can contain up to 3 entries.","description_kind":"plain"}}},"description":"Documentation that is included with notifications and incidents related\nto this policy. Best practice is for the documentation to include information\nto help responders understand, mitigate, escalate, and correct the underlying\nproblems detected by the alerting policy. Notification channels that have\nlimited capacity might not show this documentation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_custom_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"telemetry":{"nesting_mode":"list","block":{"attributes":{"resource_name":{"type":"string","description":"The full name of the resource that defines this service.\nFormatted as described in\nhttps://cloud.google.com/apis/design/resource_names.","description_kind":"plain","optional":true}},"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_dashboard":{"version":0,"block":{"attributes":{"dashboard_json":{"type":"string","description":"The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_group":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A user-assigned name for this group, used only for display\npurposes.","description_kind":"plain","required":true},"filter":{"type":"string","description":"The filter used to determine which monitored resources\nbelong to this group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_cluster":{"type":"bool","description":"If true, the members of this group are considered to be a\ncluster. The system can perform additional analysis on\ngroups that are clusters.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for this group. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\".","description_kind":"plain","computed":true},"parent_name":{"type":"string","description":"The name of the group's parent, if it has one. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\". For\ngroups with no parent, parentName is the empty string, \"\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_metric_descriptor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A detailed description of the metric, which can be used in documentation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"launch_stage":{"type":"string","description":"The launch stage of the metric definition. Possible values: [\"LAUNCH_STAGE_UNSPECIFIED\", \"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"METRIC_KIND_UNSPECIFIED\", \"GAUGE\", \"DELTA\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"monitored_resource_types":{"type":["set","string"],"description":"If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the metric descriptor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/.","description_kind":"plain","required":true},"unit":{"type":"string","description":"The units in which the metric value is reported. It is only applicable if the\nvalueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of\nthe stored metric values.\n\nDifferent systems may scale the values to be more easily displayed (so a value of\n0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as\n3.5MBy). However, if the unit is KBy, then the value of the metric is always in\nthousands of bytes, no matter how it may be displayed.\n\nIf you want a custom metric to record the exact number of CPU-seconds used by a job,\nyou can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently\n1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as\n12005.\n\nAlternatively, if you want a custom metric to record data in a more granular way, you\ncan create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value\n12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024).\nThe supported units are a subset of The Unified Code for Units of Measure standard.\nMore info can be found in the API documentation\n(https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors).","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]*","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"STRING\", \"BOOL\", \"INT64\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels.","description_kind":"plain"}},"metadata":{"nesting_mode":"list","block":{"attributes":{"ingest_delay":{"type":"string","description":"The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true},"sample_period":{"type":"string","description":"The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true}},"description":"Metadata which can be used to guide usage of the metric.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_monitored_project":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when this 'MonitoredProject' was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metrics_scope":{"type":"string","description":"Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the 'MonitoredProject'. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: 'locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER}'","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","required":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"block_types":{"sensitive_labels":{"nesting_mode":"list","block":{"attributes":{"auth_token":{"type":"string","description":"An authorization token for a notification channel. Channel types that support this field include: slack","description_kind":"plain","optional":true,"sensitive":true},"password":{"type":"string","description":"An password for a notification channel. Channel types that support this field include: webhook_basicauth","description_kind":"plain","optional":true,"sensitive":true},"service_key":{"type":"string","description":"An servicekey token for a notification channel. Channel types that support this field include: pagerduty","description_kind":"plain","optional":true,"sensitive":true}},"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"basic_service":{"nesting_mode":"list","block":{"attributes":{"service_labels":{"type":["map","string"],"description":"Labels that specify the resource that emits the monitoring data\nwhich is used for SLO reporting of this 'Service'.","description_kind":"plain","optional":true},"service_type":{"type":"string","description":"The type of service that this basic service defines, e.g.\nAPP_ENGINE service type","description_kind":"plain","optional":true}},"description":"A well-known service type, defined by its service type and service labels.\nValid values of service types and services labels are described at\nhttps://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_slo":{"version":0,"block":{"attributes":{"calendar_period":{"type":"string","description":"A calendar period, semantically \"since the start of the current\n\u003ccalendarPeriod\u003e\". Possible values: [\"DAY\", \"WEEK\", \"FORTNIGHT\", \"MONTH\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Name used for UI elements listing this SLO.","description_kind":"plain","optional":true},"goal":{"type":"number","description":"The fraction of service that must be good in order for this objective\nto be met. 0 \u003c goal \u003c= 0.999","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rolling_period_days":{"type":"number","description":"A rolling time period, semantically \"in the past X days\".\nMust be between 1 to 30 days, inclusive.","description_kind":"plain","optional":true},"service":{"type":"string","description":"ID of the service to which this SLO belongs.","description_kind":"plain","required":true},"slo_id":{"type":"string","description":"The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"basic_sli":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic Service-Level Indicator (SLI) on a well-known service type.\nPerformance will be computed on the basis of pre-defined metrics.\n\nSLIs are used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"request_based_sli":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided.\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1}},"description":"A request-based SLI defines a SLI for which atomic units of\nservice are counted directly.\n\nA SLI describes a good service.\nIt is used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"windows_based_sli":{"nesting_mode":"list","block":{"attributes":{"good_bad_metric_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nwith ValueType = BOOL. The window is good if any true values\nappear in the window. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain","optional":true},"window_period":{"type":"string","description":"Duration over which window quality is evaluated, given as a\nduration string \"{X}s\" representing X seconds. Must be an\ninteger fraction of a day and at least 60s.","description_kind":"plain","optional":true}},"block_types":{"good_total_ratio_threshold":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"number","description":"If window performance \u003e= threshold, the window is counted\nas good.","description_kind":"plain","optional":true}},"block_types":{"basic_sli_performance":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to 'true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1},"performance":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.","description_kind":"plain"},"max_items":1}},"description":"Request-based SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1}},"description":"Criterion that describes a window as good if its performance is\nhigh enough. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1},"metric_mean_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nThe provided TimeSeries must have ValueType = INT64 or\nValueType = DOUBLE and MetricKind = GAUGE. Mean value 'X'\nshould satisfy 'range.min \u003c= X \u003c= range.max'\nunder good service.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Mean value 'X' of 'time_series'\nvalues should satisfy 'range.min \u003c= X \u003c= range.max' for a\ngood service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *averaged* across returned streams.\nOne of 'good_bad_metric_filter',\n\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.\nAverage value X of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"max_items":1},"metric_sum_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nquality. The provided TimeSeries must have\nValueType = INT64 or ValueType = DOUBLE and\nMetricKind = GAUGE.\n\nSummed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Summed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *summed* across returned streams.\nSummed value 'X' of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.\n\nOne of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1}},"description":"A windows-based SLI defines the criteria for time windows.\ngood_service is defined based off the count of these time windows\nfor which the provided service was of good quality.\n\nA SLI describes a good service. It is used to measure and calculate\nthe quality of the Service's performance with respect to a single\naspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_monitoring_uptime_check_config":{"version":0,"block":{"attributes":{"checker_type":{"type":"string","description":"The checker type to use for the check. If the monitored resource type is 'servicedirectory_service', 'checker_type' must be set to 'VPC_CHECKERS'. Possible values: [\"STATIC_IP_CHECKERS\", \"VPC_CHECKERS\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique resource name for this UptimeCheckConfig. The format is 'projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]'.","description_kind":"plain","computed":true},"period":{"type":"string","description":"How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selected_regions":{"type":["list","string"],"description":"The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). [See the accepted formats]( https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration)","description_kind":"plain","required":true},"uptime_check_id":{"type":"string","description":"The id of the uptime check","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data to be used for organizing and identifying the 'UptimeCheckConfig' objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"content_matchers":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"String or regex content to match (max 1024 bytes)","description_kind":"plain","required":true},"matcher":{"type":"string","description":"The type of content matcher that will be applied to the server output, compared to the content string when the check is run. Default value: \"CONTAINS_STRING\" Possible values: [\"CONTAINS_STRING\", \"NOT_CONTAINS_STRING\", \"MATCHES_REGEX\", \"NOT_MATCHES_REGEX\", \"MATCHES_JSON_PATH\", \"NOT_MATCHES_JSON_PATH\"]","description_kind":"plain","optional":true}},"block_types":{"json_path_matcher":{"nesting_mode":"list","block":{"attributes":{"json_matcher":{"type":"string","description":"Options to perform JSONPath content matching. Default value: \"EXACT_MATCH\" Possible values: [\"EXACT_MATCH\", \"REGEX_MATCH\"]","description_kind":"plain","optional":true},"json_path":{"type":"string","description":"JSONPath within the response output pointing to the expected 'ContentMatcher::content' to match against.","description_kind":"plain","required":true}},"description":"Information needed to perform a JSONPath content match. Used for 'ContentMatcherOption::MATCHES_JSON_PATH' and 'ContentMatcherOption::NOT_MATCHES_JSON_PATH'.","description_kind":"plain"},"max_items":1}},"description":"The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required.","description_kind":"plain"}},"http_check":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"The request body associated with the HTTP POST request. If 'content_type' is 'URL_ENCODED', the body passed in must be URL-encoded. Users can provide a 'Content-Length' header via the 'headers' field or the API will do so. If the 'request_method' is 'GET' and 'body' is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. 'foo=bar' in URL-encoded form is 'foo%3Dbar' and in base64 encoding is 'Zm9vJTI1M0RiYXI='.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"The content type to use for the check. Possible values: [\"TYPE_UNSPECIFIED\", \"URL_ENCODED\", \"USER_PROVIDED\"]","description_kind":"plain","optional":true},"custom_content_type":{"type":"string","description":"A user provided content type header to use for the check. The invalid configurations outlined in the 'content_type' field apply to custom_content_type', as well as the following 1. 'content_type' is 'URL_ENCODED' and 'custom_content_type' is set. 2. 'content_type' is 'USER_PROVIDED' and 'custom_content_type' is not set.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in [RFC 2616 (page 31)](https://www.w3.org/Protocols/rfc2616/rfc2616.txt). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100.","description_kind":"plain","optional":true,"computed":true},"mask_headers":{"type":"bool","description":"Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if 'mask_headers' is set to 'true' then the headers will be obscured with '******'.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with '/', a '/' will be prepended automatically. Optional (defaults to '/').","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with 'host' (specified within the ['monitored_resource'](#nested_monitored_resource)) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL).","description_kind":"plain","optional":true,"computed":true},"request_method":{"type":"string","description":"The HTTP request method to use for the check. If set to 'METHOD_UNSPECIFIED' then 'request_method' defaults to 'GET'. Default value: \"GET\" Possible values: [\"METHOD_UNSPECIFIED\", \"GET\", \"POST\"]","description_kind":"plain","optional":true},"use_ssl":{"type":"bool","description":"If true, use HTTPS instead of HTTP to run the check.","description_kind":"plain","optional":true},"validate_ssl":{"type":"bool","description":"Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where 'monitored_resource' is set to 'uptime_url'. If 'use_ssl' is 'false', setting 'validate_ssl' to 'true' has no effect.","description_kind":"plain","optional":true}},"block_types":{"accepted_response_status_codes":{"nesting_mode":"list","block":{"attributes":{"status_class":{"type":"string","description":"A class of status codes to accept. Possible values: [\"STATUS_CLASS_1XX\", \"STATUS_CLASS_2XX\", \"STATUS_CLASS_3XX\", \"STATUS_CLASS_4XX\", \"STATUS_CLASS_5XX\", \"STATUS_CLASS_ANY\"]","description_kind":"plain","optional":true},"status_value":{"type":"number","description":"A status code to accept.","description_kind":"plain","optional":true}},"description":"If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299.","description_kind":"plain"}},"auth_info":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password to authenticate.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"The username to authenticate.","description_kind":"plain","required":true}},"description":"The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields.","description_kind":"plain"},"max_items":1},"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to an HTTP check.","description_kind":"plain"},"max_items":1},"service_agent_authentication":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of authentication to use. Possible values: [\"SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED\", \"OIDC_TOKEN\"]","description_kind":"plain","optional":true}},"description":"The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make an HTTP or HTTPS check.","description_kind":"plain"},"max_items":1},"monitored_resource":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels 'project_id', 'instance_id', and 'zone'.","description_kind":"plain","required":true},"type":{"type":"string","description":"The monitored resource type. This field must match the type field of a ['MonitoredResourceDescriptor'](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is 'gce_instance'. For a list of types, see [Monitoring resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list).","description_kind":"plain","required":true}},"description":"The [monitored resource]\n(https://cloud.google.com/monitoring/api/resources) associated with the\nconfiguration. The following monitored resource types are supported for\nuptime checks:\n* 'aws_ec2_instance'\n* 'aws_elb_load_balancer'\n* 'gae_app'\n* 'gce_instance'\n* 'k8s_service'\n* 'servicedirectory_service'\n* 'uptime_url'","description_kind":"plain"},"max_items":1},"resource_group":{"nesting_mode":"list","block":{"attributes":{"group_id":{"type":"string","description":"The group of resources being monitored. Should be the 'name' of a group","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The resource type of the group members. Possible values: [\"RESOURCE_TYPE_UNSPECIFIED\", \"INSTANCE\", \"AWS_ELB_LOAD_BALANCER\"]","description_kind":"plain","optional":true}},"description":"The group resource associated with the configuration.","description_kind":"plain"},"max_items":1},"synthetic_monitor":{"nesting_mode":"list","block":{"block_types":{"cloud_function_v2":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The fully qualified name of the cloud function resource.","description_kind":"plain","required":true}},"description":"Target a Synthetic Monitor GCFv2 Instance","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A Synthetic Monitor deployed to a Cloud Functions V2 instance.","description_kind":"plain"},"max_items":1},"tcp_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with host (specified within the 'monitored_resource') to construct the full URL.","description_kind":"plain","required":true}},"block_types":{"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to a TCP check.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make a TCP check.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_active_directory":{"version":0,"block":{"attributes":{"administrators":{"type":["list","string"],"description":"Domain user accounts to be added to the local Administrators group of the SMB service. Comma-separated list of domain users or groups. The Domain Admin group is automatically added when the service joins your domain as a hidden group.","description_kind":"plain","optional":true},"aes_encryption":{"type":"bool","description":"Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.","description_kind":"plain","optional":true},"backup_operators":{"type":["list","string"],"description":"Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns":{"type":"string","description":"Comma separated list of DNS server IP addresses for the Active Directory domain.","description_kind":"plain","required":true},"domain":{"type":"string","description":"Fully qualified domain name for the Active Directory domain.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encrypt_dc_connections":{"type":"bool","description":"If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kdc_hostname":{"type":"string","description":"Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1","description_kind":"plain","optional":true},"kdc_ip":{"type":"string","description":"IP address of the Active Directory server used as Kerberos Key Distribution Center.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_signing":{"type":"bool","description":"Specifies whether or not the LDAP traffic needs to be signed.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Active Directory pool. Needs to be unique per location.","description_kind":"plain","required":true},"net_bios_prefix":{"type":"string","description":"NetBIOS name prefix of the server to be created.\nA five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:\n'\\\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\\SHARE_NAME'","description_kind":"plain","required":true},"nfs_users_with_ldap":{"type":"bool","description":"Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.\nThis option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).","description_kind":"plain","optional":true},"organizational_unit":{"type":"string","description":"Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.\nDefaults to 'CN=Computers' if left empty.","description_kind":"plain","optional":true,"computed":true},"password":{"type":"string","description":"Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_operators":{"type":["list","string"],"description":"Domain accounts that require elevated privileges such as 'SeSecurityPrivilege' to manage security logs. Comma-separated list.","description_kind":"plain","optional":true},"site":{"type":"string","description":"Specifies an Active Directory site to manage domain controller selection.\nUse when Active Directory domain controllers in multiple regions are configured. Defaults to 'Default-First-Site-Name' if left empty.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of the Active Directory policy (not the Active Directory itself).","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"The state details of the Active Directory.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup":{"version":0,"block":{"attributes":{"backup_type":{"type":"string","description":"Type of backup, manually created or created by a backup policy. Possible Values : [TYPE_UNSPECIFIED, MANUAL, SCHEDULED]","description_kind":"plain","computed":true},"chain_storage_bytes":{"type":"string","description":"Backups of a volume build incrementally on top of each other. They form a \"backup chain\".\nTotal size of all backups in a chain in bytes = baseline backup size + sum(incremental backup size)","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the backup. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"If specified, backup will be created from the given snapshot. If not specified,\nthere will be a new snapshot taken to initiate the backup creation.\nFormat: 'projects/{{projectId}}/locations/{{location}}/volumes/{{volumename}}/snapshots/{{snapshotname}}''","description_kind":"plain","optional":true},"source_volume":{"type":"string","description":"ID of volumes this backup belongs to. Format: 'projects/{{projects_id}}/locations/{{location}}/volumes/{{name}}''","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of the Backup Vault. Possible Values : [STATE_UNSPECIFIED, CREATING, UPLOADING, READY, DELETING, ERROR, UPDATING]","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"vault_name":{"type":"string","description":"Name of the backup vault to store the backup in.","description_kind":"plain","required":true},"volume_usage_bytes":{"type":"string","description":"Size of the file system when the backup was created. When creating a new volume from the backup, the volume capacity will have to be at least as big.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_policy":{"version":0,"block":{"attributes":{"assigned_volume_count":{"type":"number","description":"The total number of volumes assigned by this backup policy.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the backup policy. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"daily_backup_limit":{"type":"number","description":"Number of daily backups to keep. Note that the minimum daily backup limit is 2.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"If enabled, make backups automatically according to the schedules.\nThis will be applied to all volumes that have this policy attached and enforced on volume level.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"monthly_backup_limit":{"type":"number","description":"Number of monthly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the backup policy. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the backup policy.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"weekly_backup_limit":{"type":"number","description":"Number of weekly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_vault":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the backup vault. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location (region) of the backup vault.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup vault. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Backup Vault.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_kmsconfig":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Resource name of the KMS key to use. Only regional keys are supported. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description for the CMEK policy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instructions":{"type":"string","description":"Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access.\n\nTo make the policy work, a CMEK policy check is required, which verifies key access.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the policy location. CMEK policies apply to the whole region.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the CMEK policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Service account which needs to have access to the provided KMS key.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_storage_pool":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Specifies the Active Directory policy to be used. Format: 'projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"capacity_gib":{"type":"string","description":"Capacity of the storage pool (in GiB).","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports if volumes in the pool are encrypted using a Google-managed encryption key or CMEK.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_config":{"type":"string","description":"Specifies the CMEK policy to be used for volume encryption. Format: 'projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"When enabled, the volumes uses Active Directory as LDAP name service for UID/GID lookups. Required to enable extended group support for NFSv3,\nusing security identifiers for NFSv4.1 or principal names for kerberized NFSv4.1.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the location. For zonal Flex pools specify a zone name, in all other cases a region name.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the storage pool. Needs to be unique per location/region.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the storage pool. Possible values: [\"PREMIUM\", \"EXTREME\", \"STANDARD\", \"FLEX\"]","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"volume_capacity_gib":{"type":"string","description":"Size allocated to volumes in the storage pool (in GiB).","description_kind":"plain","computed":true},"volume_count":{"type":"number","description":"Number of volume in the storage pool.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Reports the resource name of the Active Directory policy being used. Inherited from storage pool.","description_kind":"plain","computed":true},"capacity_gib":{"type":"string","description":"Capacity of the volume (in GiB).","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Create time of the volume. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the volume should be deleted forcefully.\nVolumes may have nested snapshot resources. Deleting such a volume will fail.\nSetting this parameter to FORCE will delete volumes including nested snapshots.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports the data-at-rest encryption type of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"has_replication":{"type":"bool","description":"Indicates whether the volume is part of a volume replication relationship.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kerberos_enabled":{"type":"bool","description":"Flag indicating if the volume is a kerberos volume or not, export policy rules control kerberos security modes (krb5, krb5i, krb5p).","description_kind":"plain","optional":true},"kms_config":{"type":"string","description":"Reports the CMEK policy resurce name being used for volume encryption. Inherited from storage pool.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"Flag indicating if the volume is NFS LDAP enabled or not. Inherited from storage pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Name of the pool location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"mount_options":{"type":["list",["object",{"export":"string","export_full":"string","instructions":"string","protocol":"string"}]],"description":"Reports mount instructions for this volume.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'. Inherited from storage pool.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocols":{"type":["list","string"],"description":"The protocol of the volume. Allowed combinations are '['NFSV3']', '['NFSV4']', '['SMB']', '['NFSV3', 'NFSV4']', '['SMB', 'NFSV3']' and '['SMB', 'NFSV4']'. Possible values: [\"NFSV3\", \"NFSV4\", \"SMB\"]","description_kind":"plain","required":true},"psa_range":{"type":"string","description":"Name of the Private Service Access allocated range. Inherited from storage pool.","description_kind":"plain","computed":true},"restricted_actions":{"type":["list","string"],"description":"List of actions that are restricted on this volume. Possible values: [\"DELETE\"]","description_kind":"plain","optional":true},"security_style":{"type":"string","description":"Security Style of the Volume. Use UNIX to use UNIX or NFSV4 ACLs for file permissions.\nUse NTFS to use NTFS ACLs for file permissions. Can only be set for volumes which use SMB together with NFS as protocol. Possible values: [\"NTFS\", \"UNIX\"]","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the volume. Inherited from storage pool. Supported values are : PREMIUM, EXTERME, STANDARD, FLEX.","description_kind":"plain","computed":true},"share_name":{"type":"string","description":"Share name (SMB) or export path (NFS) of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"smb_settings":{"type":["list","string"],"description":"Settings for volumes with SMB access. Possible values: [\"ENCRYPT_DATA\", \"BROWSABLE\", \"CHANGE_NOTIFY\", \"NON_BROWSABLE\", \"OPLOCKS\", \"SHOW_SNAPSHOT\", \"SHOW_PREVIOUS_VERSIONS\", \"ACCESS_BASED_ENUMERATION\", \"CONTINUOUSLY_AVAILABLE\"]","description_kind":"plain","optional":true,"computed":true},"snapshot_directory":{"type":"bool","description":"If enabled, a NFS volume will contain a read-only .snapshot directory which provides access to each of the volume's snapshots. Will enable \"Previous Versions\" support for SMB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the volume.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the volume.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"Name of the storage pool to create the volume in. Pool needs enough spare capacity to accomodate the volume.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unix_permissions":{"type":"string","description":"Unix permission the mount point will be created with. Default is 0770. Applicable for UNIX security style volumes only.","description_kind":"plain","optional":true,"computed":true},"used_gib":{"type":"string","description":"Used capacity of the volume (in GiB). This is computed periodically and it does not represent the realtime usage.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"backup_policies":{"type":["list","string"],"description":"Specify a single backup policy ID for scheduled backups. Format: 'projects/{{projectId}}/locations/{{location}}/backupPolicies/{{backupPolicyName}}'","description_kind":"plain","optional":true},"backup_vault":{"type":"string","description":"ID of the backup vault to use. A backup vault is reqired to create manual or scheduled backups.\nFormat: 'projects/{{projectId}}/locations/{{location}}/backupVaults/{{backupVaultName}}'","description_kind":"plain","optional":true},"scheduled_backup_enabled":{"type":"bool","description":"When set to true, scheduled backup is enabled on the volume. Omit if no backup_policy is specified.","description_kind":"plain","optional":true}},"description":"Backup configuration for the volume.","description_kind":"plain"},"max_items":1},"export_policy":{"nesting_mode":"list","block":{"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"Defines the access type for clients matching the 'allowedClients' specification. Possible values: [\"READ_ONLY\", \"READ_WRITE\", \"READ_NONE\"]","description_kind":"plain","optional":true},"allowed_clients":{"type":"string","description":"Defines the client ingress specification (allowed clients) as a comma seperated list with IPv4 CIDRs or IPv4 host addresses.","description_kind":"plain","optional":true},"has_root_access":{"type":"string","description":"If enabled, the root user (UID = 0) of the specified clients doesn't get mapped to nobody (UID = 65534). This is also known as no_root_squash.","description_kind":"plain","optional":true},"kerberos5_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode. The 'kerberos5ReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5i_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5i_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode. The 'kerberos5iReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5p_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5p_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. The 'kerberos5pReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"nfsv3":{"type":"bool","description":"Enable to apply the export rule to NFSV3 clients.","description_kind":"plain","optional":true},"nfsv4":{"type":"bool","description":"Enable to apply the export rule to NFSV4.1 clients.","description_kind":"plain","optional":true}},"description":"Export rules (up to 5) control NFS volume access.","description_kind":"plain"},"min_items":1}},"description":"Export policy of the volume for NFSV3 and/or NFSV4.1 access.","description_kind":"plain"},"max_items":1},"restore_parameters":{"nesting_mode":"list","block":{"attributes":{"source_backup":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/backupVaults/{{backupVaultId}}/backups/{{backup}}'.","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/volumes/{{volume}}/snapshots/{{snapshot}}'.","description_kind":"plain","optional":true}},"description":"Used to create this volume from a snapshot (= cloning) or an backup.","description_kind":"plain"},"max_items":1},"snapshot_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables automated snapshot creation according to defined schedule. Default is false.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain","optional":true}},"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the daily schedule.","description_kind":"plain","required":true}},"description":"Daily schedule policy.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the hourly schedule.","description_kind":"plain","required":true}},"description":"Hourly schedule policy.","description_kind":"plain"},"max_items":1},"monthly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_month":{"type":"string","description":"Set the day or days of the month to make a snapshot (1-31). Accepts a comma separated number of days. Defaults to '1'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the monthly schedule","description_kind":"plain","required":true}},"description":"Monthly schedule policy.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Set the day or days of the week to make a snapshot. Accepts a comma separated days of the week. Defaults to 'Sunday'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the weekly schedule.","description_kind":"plain","required":true}},"description":"Weekly schedule policy.","description_kind":"plain"},"max_items":1}},"description":"Snapshot policy defines the schedule for automatic snapshot creation.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_replication":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"delete_destination_volume":{"type":"bool","description":"A destination volume is created as part of replication creation. The destination volume will not became\nunder Terraform management unless you import it manually. If you delete the replication, this volume\nwill remain.\nSetting this parameter to true will delete the *current* destination volume when destroying the\nreplication. If you reversed the replication direction, this will be your former source volume!\nFor production use, it is recommended to keep this parameter false to avoid accidental volume\ndeletion. Handle with care. Default is false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An description of this resource.","description_kind":"plain","optional":true},"destination_volume":{"type":"string","description":"Full resource name of destination volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_stopping":{"type":"bool","description":"Only replications with mirror_state=MIRRORED can be stopped. A replication in mirror_state=TRANSFERRING\ncurrently receives an update and stopping the update might be undesirable. Set this parameter to true\nto stop anyway. All data transferred to the destination will be discarded and content of destination\nvolume will remain at the state of the last successful update. Default is false.","description_kind":"plain","optional":true},"healthy":{"type":"bool","description":"Condition of the relationship. Can be one of the following:\n - true: The replication relationship is healthy. It has not missed the most recent scheduled transfer.\n - false: The replication relationship is not healthy. It has missed the most recent scheduled transfer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of region for this resource. The resource needs to be created in the region of the destination volume.","description_kind":"plain","required":true},"mirror_state":{"type":"string","description":"Indicates the state of the mirror between source and destination volumes. Depending on the amount of data\nin your source volume, PREPARING phase can take hours or days. mirrorState = MIRRORED indicates your baseline\ntransfer ended and destination volume became accessible read-only. TRANSFERRING means a MIRRORED volume\ncurrently receives an update. Updated every 5 minutes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the replication. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"replication_enabled":{"type":"bool","description":"Set to false to stop/break the mirror. Stopping the mirror makes the destination volume read-write\nand act independently from the source volume.\nSet to true to enable/resume the mirror. WARNING: Resuming a mirror overwrites any changes\ndone to the destination volume with the content of the source volume.","description_kind":"plain","optional":true},"replication_schedule":{"type":"string","description":"Specifies the replication interval. Possible values: [\"EVERY_10_MINUTES\", \"HOURLY\", \"DAILY\"]","description_kind":"plain","required":true},"role":{"type":"string","description":"Reverting a replication can swap source and destination volume roles. This field indicates if the 'location' hosts\nthe source or destination volume. For resume and revert and resume operations it is critical to understand\nwhich volume is the source volume, since it will overwrite changes done to the destination volume.","description_kind":"plain","computed":true},"source_volume":{"type":"string","description":"Full resource name of source volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"state":{"type":"string","description":"Indicates the state of replication resource. State of the mirror itself is indicated in mirrorState.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the replication resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_stats":{"type":["list",["object",{"lag_duration":"string","last_transfer_bytes":"string","last_transfer_duration":"string","last_transfer_end_time":"string","last_transfer_error":"string","total_transfer_duration":"string","transfer_bytes":"string","update_time":"string"}]],"description":"Replication transfer statistics. All statistics are updated every 5 minutes.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the existing source volume.","description_kind":"plain","required":true},"wait_for_mirror":{"type":"bool","description":"Replication resource state is independent of mirror_state. With enough data, it can take many hours\nfor mirror_state to reach MIRRORED. If you want Terraform to wait for the mirror to finish on\ncreate/stop/resume operations, set this parameter to true. Default is false.","description_kind":"plain","optional":true}},"block_types":{"destination_volume_parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description for the destination volume.","description_kind":"plain","optional":true},"share_name":{"type":"string","description":"Share name for destination volume. If not specified, name of source volume's share name will be used.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"Name of an existing storage pool for the destination volume with format: 'projects/{{project}}/locations/{{location}}/storagePools/{{poolId}}'","description_kind":"plain","required":true},"volume_id":{"type":"string","description":"Name for the destination volume to be created. If not specified, the name of the source volume will be used.","description_kind":"plain","optional":true,"computed":true}},"description":"Destination volume parameters.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_snapshot":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description for the snapshot.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the snapshot location. Snapshots are child resources of volumes and live in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the snapshot.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"used_bytes":{"type":"number","description":"Storage used to store blocks unique to this snapshot.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the volume to create the snapshot in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_hub":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the hub was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the hub.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"export_psc":{"type":"bool","description":"Whether Private Service Connect transitivity is enabled for the hub. If true, Private Service Connect endpoints in VPC spokes attached to the hub are made accessible to other VPC spokes attached to the hub. The default value is false.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Immutable. The name of the hub. Hub names must be unique. They use the following form: 'projects/{project_number}/locations/global/hubs/{hub_id}'","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_vpcs":{"type":["list",["object",{"uri":"string"}]],"description":"The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this hub.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the hub was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_internal_range":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP range that this internal range defines.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"overlaps":{"type":["list","string"],"description":"Optional. Types of resources that are allowed to overlap with the current internal range. Possible values: [\"OVERLAP_ROUTE_RANGE\", \"OVERLAP_EXISTING_SUBNET_RANGE\"]","description_kind":"plain","optional":true},"peering":{"type":"string","description":"The type of peering set for this internal range. Possible values: [\"FOR_SELF\", \"FOR_PEER\", \"NOT_SHARED\"]","description_kind":"plain","required":true},"prefix_length":{"type":"number","description":"An alternate to ipCidrRange. Can be set when trying to create a reservation that automatically finds a free range of the given size.\nIf both ipCidrRange and prefixLength are set, there is an error if the range sizes do not match. Can also be used during updates to change the range size.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"target_cidr_range":{"type":["list","string"],"description":"Optional. Can be set to narrow down or pick a different address space while searching for a free range.\nIf not set, defaults to the \"10.0.0.0/8\" address space. This can be used to search in other rfc-1918 address spaces like \"172.16.0.0/12\" and \"192.168.0.0/16\" or non-rfc-1918 address spaces used in the VPC.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"usage":{"type":"string","description":"The type of usage set for this InternalRange. Possible values: [\"FOR_VPC\", \"EXTERNAL_TO_VPC\"]","description_kind":"plain","required":true},"users":{"type":["list","string"],"description":"Output only. The list of resources that refer to this internal range.\nResources that use the internal range for their range allocation are referred to as users of the range.\nOther resources mark themselves as users while doing so by creating a reference to this internal range. Having a user, based on this reference, prevents deletion of the internal range referred to. Can be empty.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_policy_based_route":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of this resource.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"next_hop_ilb_ip":{"type":"string","description":"The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets.","description_kind":"plain","optional":true},"next_hop_other_routes":{"type":"string","description":"Other routes that will be referenced to determine the next hop of the packet. Possible values: [\"DEFAULT_ROUTING\"]","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"warnings":{"type":["list",["object",{"code":"string","data":["map","string"],"warning_message":"string"}]],"description":"If potential misconfigurations are detected for this route, this field will be populated with warning messages.","description_kind":"plain","computed":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"dest_range":{"type":"string","description":"The destination IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true},"ip_protocol":{"type":"string","description":"The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.","description_kind":"plain","optional":true},"protocol_version":{"type":"string","description":"Internet protocol versions this policy-based route applies to. Possible values: [\"IPV4\"]","description_kind":"plain","required":true},"src_range":{"type":"string","description":"The source IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true}},"description":"The filter to match L4 traffic.","description_kind":"plain"},"min_items":1,"max_items":1},"interconnect_attachment":{"nesting_mode":"list","block":{"attributes":{"region":{"type":"string","description":"Cloud region to install this policy-based route on for Interconnect attachments. Use 'all' to install it on all Interconnect attachments.","description_kind":"plain","required":true}},"description":"The interconnect attachments that this policy-based route applies to.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here will install this PBR.","description_kind":"plain","required":true}},"description":"VM instances to which this policy-based route applies to.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_connectivity_regional_endpoint":{"version":0,"block":{"attributes":{"access_type":{"type":"string","description":"The access type of this regional endpoint. This field is reflected in the PSC Forwarding Rule configuration to enable global access. Possible values: [\"GLOBAL\", \"REGIONAL\"]","description_kind":"plain","required":true},"address":{"type":"string","description":"The IP Address of the Regional Endpoint. When no address is provided, an IP from the subnetwork is allocated. Use one of the following formats: * IPv4 address as in '10.0.0.1' * Address resource URI as in 'projects/{project}/regions/{region}/addresses/{address_name}'\n\n~\u003e **Note:** This field accepts both a reference to a Compute Address resource, which is the resource name of which format is given in the description, and IP literal value. If the user chooses to input a reserved address value; they need to make sure that the reserved address is in IPv4 version, its purpose is GCE_ENDPOINT, its type is INTERNAL and its status is RESERVED. If the user chooses to input an IP literal, they need to make sure that it's a valid IPv4 address (x.x.x.x) within the subnetwork.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Time when the RegionalEndpoint was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the RegionalEndpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the RegionalEndpoint.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC network for this private regional endpoint. Format: 'projects/{project}/global/networks/{network}'","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_forwarding_rule":{"type":"string","description":"The resource reference of the PSC Forwarding Rule created on behalf of the customer. Format: '//compute.googleapis.com/projects/{project}/regions/{region}/forwardingRules/{forwarding_rule_name}'","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork from which the IP address will be allocated. Format: 'projects/{project}/regions/{region}/subnetworks/{subnetwork}'","description_kind":"plain","optional":true,"computed":true},"target_google_api":{"type":"string","description":"The service endpoint this private regional endpoint connects to. Format: '{apiname}.{region}.p.rep.googleapis.com' Example: \\\"cloudkms.us-central1.p.rep.googleapis.com\\\".","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time when the RegionalEndpoint was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_service_connection_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"infrastructure":{"type":"string","description":"The type of underlying resources used to create the connection.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the ServiceConnectionPolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names","description_kind":"plain","required":true},"network":{"type":"string","description":"The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"consumer_address":"string","consumer_forwarding_rule":"string","consumer_target_project":"string","error":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"error_info":["list",["object",{"domain":"string","metadata":["map","string"],"reason":"string"}]],"error_type":"string","gce_operation":"string","psc_connection_id":"string","state":"string"}]],"description":"Information about each Private Service Connect connection.","description_kind":"plain","computed":true},"service_class":{"type":"string","description":"The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.\nIt is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"psc_config":{"nesting_mode":"list","block":{"attributes":{"limit":{"type":"string","description":"Max number of PSC connections for this policy.","description_kind":"plain","optional":true},"subnetworks":{"type":["list","string"],"description":"IDs of the subnetworks or fully qualified identifiers for the subnetworks","description_kind":"plain","required":true}},"description":"Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_spoke":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the spoke was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the spoke.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hub":{"type":"string","description":"Immutable. The URI of the hub that this spoke is attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the spoke. Spoke names must be unique.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this spoke.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the spoke was last updated.","description_kind":"plain","computed":true}},"block_types":{"linked_interconnect_attachments":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked interconnect attachment resources","description_kind":"plain","required":true}},"description":"A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.","description_kind":"plain"},"max_items":1},"linked_router_appliance_instances":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The IP address on the VM to use for peering.","description_kind":"plain","optional":true},"virtual_machine":{"type":"string","description":"The URI of the virtual machine resource","description_kind":"plain","optional":true}},"description":"The list of router appliance instances","description_kind":"plain"},"min_items":1}},"description":"The URIs of linked Router appliance resources","description_kind":"plain"},"max_items":1},"linked_vpc_network":{"nesting_mode":"list","block":{"attributes":{"exclude_export_ranges":{"type":["list","string"],"description":"IP ranges encompassing the subnets to be excluded from peering.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the VPC network resource.","description_kind":"plain","required":true}},"description":"VPC network that is associated with the spoke.","description_kind":"plain"},"max_items":1},"linked_vpn_tunnels":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked VPN tunnel resources.","description_kind":"plain","required":true}},"description":"The URIs of linked VPN tunnel resources","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_management_connectivity_test":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The user-supplied description of the Connectivity Test.\nMaximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the connectivity test.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"IP Protocol of the test. When not provided, \"TCP\" is assumed.","description_kind":"plain","optional":true},"related_projects":{"type":["list","string"],"description":"Other projects that may be relevant for reachability analysis.\nThis is applicable to scenarios where a test can cross project\nboundaries.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n1. Only the IP address is specified, and the IP address is within\na GCP project. 2. When you are using Shared VPC and the IP address\nthat you provide is from the service project. In this case, the\nnetwork that the IP address resides in is defined in the host\nproject.","description_kind":"plain","optional":true}},"description":"Required. Destination specification of the Connectivity Test.\n\nYou can use a combination of destination IP address, Compute\nEngine VM instance, or VPC network to uniquely identify the\ndestination location.\n\nEven if the destination IP address is not unique, the source IP\nlocation is unique. Usually, the analysis can infer the destination\nendpoint from route information.\n\nIf the destination you specify is a VM instance and the instance has\nmultiple network interfaces, then you must also specify either a\ndestination IP address or VPC network to identify the destination\ninterface.\n\nA reachability analysis proceeds even if the destination location\nis ambiguous. However, the result can include endpoints that you\ndon't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"source":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"Type of the network where the endpoint is located. Possible values: [\"GCP_NETWORK\", \"NON_GCP_NETWORK\"]","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n\n1. Only the IP address is specified, and the IP address is\n within a GCP project.\n2. When you are using Shared VPC and the IP address\n that you provide is from the service project. In this case,\n the network that the IP address resides in is defined in the\n host project.","description_kind":"plain","optional":true}},"description":"Required. Source specification of the Connectivity Test.\n\nYou can use a combination of source IP address, virtual machine\n(VM) instance, or Compute Engine network to uniquely identify the\nsource location.\n\nExamples: If the source IP address is an internal IP address within\na Google Cloud Virtual Private Cloud (VPC) network, then you must\nalso specify the VPC network. Otherwise, specify the VM instance,\nwhich already contains its internal IP address and VPC network\ninformation.\n\nIf the source of the test is within an on-premises network, then\nyou must provide the destination VPC network.\n\nIf the source endpoint is a Compute Engine VM instance with multiple\nnetwork interfaces, the instance itself is not sufficient to\nidentify the endpoint. So, you must also specify the source IP\naddress or VPC network.\n\nA reachability analysis proceeds even if the source location is\nambiguous. However, the test result may include endpoints that\nyou don't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group":{"version":0,"block":{"attributes":{"capacity":{"type":"number","description":"Capacity of the Address Group.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"items":{"type":["list","string"],"description":"List of items.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the AddressGroup resource.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the AddressGroup resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the Address Group. Possible values are \"IPV4\" or \"IPV6\". Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_network_security_firewall_endpoint":{"version":0,"block":{"attributes":{"associated_networks":{"type":["list","string"],"description":"List of networks that are associated with this endpoint in the local zone.\nThis is a projection of the FirewallEndpointAssociations pointing at this\nendpoint. A network will only appear in this list after traffic routing is\nfully configured. Format: projects/{project}/global/networks/{name}.","description_kind":"plain","computed":true},"billing_project_id":{"type":"string","description":"Project to bill on endpoint uptime usage.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the firewall endpoint was created in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location (zone) of the firewall endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the firewall endpoint resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this firewall endpoint belongs to.\nFormat: organizations/{organization_id}.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"Whether reconciling is in progress, recommended per https://google.aip.dev/128.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the endpoint.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the firewall endpoint was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_firewall_endpoint_association":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the firewall endpoint was created in UTC.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the association is disabled. True indicates that traffic will not be intercepted.\n\n~\u003e **Note:** The API will reject the request if this value is set to true when creating the resource,\notherwise on an update the association can be disabled.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"firewall_endpoint":{"type":"string","description":"The URL of the firewall endpoint that is being associated.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location (zone) of the firewall endpoint association.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the firewall endpoint association resource.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network that is being associated.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this firewall endpoint association belongs to.\nFormat: projects/{project_id}.","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Whether reconciling is in progress, recommended per https://google.aip.dev/128.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the endpoint.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tls_inspection_policy":{"type":"string","description":"The URL of the TlsInspectionPolicy that is being associated.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Time the firewall endpoint was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}\ngatewaySecurityPolicy should match the pattern:(^a-z?$).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy_rule":{"version":0,"block":{"attributes":{"application_matcher":{"type":"string","description":"CEL expression for matching on L7/application level criteria.","description_kind":"plain","optional":true},"basic_profile":{"type":"string","description":"Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values: [\"BASIC_PROFILE_UNSPECIFIED\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether the rule is enforced.","description_kind":"plain","required":true},"gateway_security_policy":{"type":"string","description":"The name of the gatewat security policy this rule belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule}\nrule should match the pattern: (^a-z?$).","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority of the rule. Lower number corresponds to higher precedence.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"session_matcher":{"type":"string","description":"CEL expression for matching on session criteria.","description_kind":"plain","required":true},"tls_inspection_enabled":{"type":"bool","description":"Flag to enable TLS inspection of traffic matching on. Can only be true if the\nparent GatewaySecurityPolicy references a TLSInspectionConfig.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_security_profile":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the security profile was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the security profile. The Max length is 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an up-to-date\nvalue before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the security profile.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the security profile resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this security profile belongs to.\nFormat: organizations/{organization_id}.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of security profile. Possible values: [\"THREAT_PREVENTION\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the security profile was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"threat_prevention_profile":{"nesting_mode":"list","block":{"block_types":{"severity_overrides":{"nesting_mode":"list","block":{"attributes":{"action":{"type":"string","description":"Threat action override. Possible values: [\"ALERT\", \"ALLOW\", \"DEFAULT_ACTION\", \"DENY\"]","description_kind":"plain","required":true},"severity":{"type":"string","description":"Severity level to match. Possible values: [\"CRITICAL\", \"HIGH\", \"INFORMATIONAL\", \"LOW\", \"MEDIUM\"]","description_kind":"plain","required":true}},"description":"The configuration for overriding threats actions by severity match.","description_kind":"plain"}},"threat_overrides":{"nesting_mode":"list","block":{"attributes":{"action":{"type":"string","description":"Threat action. Possible values: [\"ALERT\", \"ALLOW\", \"DEFAULT_ACTION\", \"DENY\"]","description_kind":"plain","required":true},"threat_id":{"type":"string","description":"Vendor-specific ID of a threat to override.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of threat.","description_kind":"plain","computed":true}},"description":"The configuration for overriding threats actions by threat id match.\nIf a threat is matched both by configuration provided in severity overrides\nand threat overrides, the threat overrides action is applied.","description_kind":"plain"}}},"description":"The threat prevention configuration for the security profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_security_profile_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the security profile group was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the profile. The Max length is 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an up-to-date\nvalue before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the security profile group.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the security profile group resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this security profile group belongs to.\nFormat: organizations/{organization_id}.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"threat_prevention_profile":{"type":"string","description":"Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Time the security profile group was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_tls_inspection_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue interception certificates.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"custom_tls_features":{"type":["list","string"],"description":"List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"exclude_public_ca_set":{"type":"bool","description":"If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trustConfig. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trustConfig will be accepted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the tls inspection policy.","description_kind":"plain","optional":true},"min_tls_version":{"type":"string","description":"Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field. Possible values: [\"TLS_VERSION_UNSPECIFIED\", \"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\", \"TLS_1_3\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the TlsInspectionPolicy resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tls_feature_profile":{"type":"string","description":"The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers (\\\"PROFILE_COMPATIBLE\\\"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field. Possible values: [\"PROFILE_UNSPECIFIED\", \"PROFILE_COMPATIBLE\", \"PROFILE_MODERN\", \"PROFILE_RESTRICTED\", \"PROFILE_CUSTOM\"]","description_kind":"plain","optional":true},"trust_config":{"type":"string","description":"A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form \\\"projects/{project}/locations/{location}/trustConfigs/{trust_config}\\\". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Trust config and the TLS inspection policy must be in the same region. Note that Secure Web Proxy does not yet honor this field.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_url_lists":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time when the security policy was created.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the url lists.","description_kind":"plain","required":true},"name":{"type":"string","description":"Short name of the UrlList resource to be created.\nThis value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. 'urlList'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. Time when the security policy was updated.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"values":{"type":["list","string"],"description":"FQDNs and URLs.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_keyset":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]*\nwhich means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"managed":{"type":"bool","description":"Set to true to have the CDN automatically manage this public key value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes).\nRepresentations or encodings of the public key other than this will be rejected with an error.","description_kind":"plain","optional":true,"sensitive":true}},"description":"An ordered list of Ed25519 public keys to use for validating signed requests.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.\nYou may specify no more than one Google-managed public key.\nIf you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys.\n\nEd25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key.\nEnsure that the private key is kept secret, and that only authorized users can add public keys to a keyset.","description_kind":"plain"},"max_items":3},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"validation_shared_keys":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the secret version in Secret Manager.\n\nThe resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves.\nThe secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.\n* If you are using HMAC-SHA1, we suggest 20-byte secrets.\n* If you are using HMAC-SHA256, we suggest 32-byte secrets.\nSee RFC 2104, Section 3 for more details on these recommendations.","description_kind":"plain","required":true}},"description":"An ordered list of shared keys to use for validating signed requests.\nShared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset.\nYou can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.","description_kind":"plain"},"max_items":3}},"description_kind":"plain"}},"google_network_services_edge_cache_origin":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"failover_origin":{"type":"string","description":"The Origin resource to try when the current origin cannot be reached.\nAfter maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request.\n\nThe value of timeout.maxAttemptsTimeout dictates the timeout across all origins.\nA reference to a Topic resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_attempts":{"type":"number","description":"The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions.\n\nOnce maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts,\nretryConditions and failoverOrigin to control its own cache fill failures.\n\nThe total number of allowed attempts to cache fill across this and failover origins is limited to four.\nThe total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.\n\nThe last valid, non-retried response from all origins will be returned to the client.\nIf no origin returns a valid response, an HTTP 502 will be returned to the client.\n\nDefaults to 1. Must be a value greater than 0 and less than 4.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"origin_address":{"type":"string","description":"A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.\n\nThis address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname\n\nWhen providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes.\nIf a Cloud Storage bucket is provided, it must be in the canonical \"gs://bucketname\" format. Other forms, such as \"storage.googleapis.com\", will be rejected.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port to connect to the origin on.\nDefaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security \u0026 performance.\n\nWhen using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: [\"HTTP2\", \"HTTPS\", \"HTTP\"]","description_kind":"plain","optional":true,"computed":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more retry conditions for the configured origin.\n\nIf the failure mode during a connection attempt to the origin matches the configured retryCondition(s),\nthe origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request.\n\nThe default retryCondition is \"CONNECT_FAILURE\".\n\nretryConditions apply to this origin, and not subsequent failoverOrigin(s),\nwhich may specify their own retryConditions and maxAttempts.\n\nValid values are:\n\n- CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts.\n- HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams.\n- GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n- RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)\n- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.\n- FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: [\"CONNECT_FAILURE\", \"HTTP_5XX\", \"GATEWAY_ERROR\", \"RETRIABLE_4XX\", \"NOT_FOUND\", \"FORBIDDEN\"]","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"The access key ID your origin uses to identify the key.","description_kind":"plain","required":true},"origin_region":{"type":"string","description":"The name of the AWS region that your origin is in.","description_kind":"plain","required":true},"secret_access_key_version":{"type":"string","description":"The Secret Manager secret version of the secret access key used by your origin.\n\nThis is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require.","description_kind":"plain","required":true}},"description":"Enable AWS Signature Version 4 origin authentication.","description_kind":"plain"},"max_items":1},"origin_override_action":{"nesting_mode":"list","block":{"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.\n\nBy default, added header values are appended\nto the response or request headers with the\nsame field names. The added values are\nseparated by commas.\n\nTo overwrite existing values, set 'replace' to 'true'.","description_kind":"plain","optional":true}},"description":"Describes a header to add.\n\nYou may add a maximum of 25 request headers.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding and removing\nheaders, for request handled by this origin.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected\norigin, the request's host header is replaced with\ncontents of the hostRewrite.\n\nThis value must be between 1 and 255 characters.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for request that are\nhandled by this origin.","description_kind":"plain"},"max_items":1}},"description":"The override actions, including url rewrites and header\nadditions, for requests that use this origin.","description_kind":"plain"},"max_items":1},"origin_redirect":{"nesting_mode":"list","block":{"attributes":{"redirect_conditions":{"type":["list","string"],"description":"The set of redirect response codes that the CDN\nfollows. Values of\n[RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions)\nare accepted.","description_kind":"plain","optional":true}},"description":"Follow redirects from this origin.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"string","description":"The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.\n\nDefaults to 5 seconds. The timeout must be a value between 1s and 15s.\n\nThe connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.","description_kind":"plain","optional":true},"max_attempts_timeout":{"type":"string","description":"The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nIf a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.","description_kind":"plain","optional":true},"read_timeout":{"type":"string","description":"The maximum duration to wait between reads of a single HTTP connection/stream.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nThe readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true},"response_timeout":{"type":"string","description":"The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.\n\nDefaults to 30 seconds. The timeout must be a value between 1s and 120s.\n\nThe responseTimeout starts after the connection has been established.\n\nThis also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true}},"description":"The connection and HTTP timeout configuration for this origin.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_service":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"disable_http2":{"type":"bool","description":"Disables HTTP/2.\n\nHTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.\n\nSome legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.","description_kind":"plain","optional":true},"disable_quic":{"type":"bool","description":"HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.","description_kind":"plain","optional":true,"computed":true},"edge_security_policy":{"type":"string","description":"Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService.","description_kind":"plain","optional":true},"edge_ssl_certificates":{"type":["list","string"],"description":"URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.\n\nNote that only \"global\" certificates with a \"scope\" of \"EDGE_CACHE\" can be attached to an EdgeCacheService.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_addresses":{"type":["list","string"],"description":"The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"ipv6_addresses":{"type":["list","string"],"description":"The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"require_tls":{"type":"bool","description":"Require TLS (HTTPS) for all clients connecting to this service.\n\nClients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).\nYou must have at least one (1) edgeSslCertificate specified to enable this.","description_kind":"plain","optional":true,"computed":true},"ssl_policy":{"type":"string","description":"URL of the SslPolicy resource that will be associated with the EdgeCacheService.\n\nIf not set, the EdgeCacheService has no SSL policy configured, and will default to the \"COMPATIBLE\" policy.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Specifies whether to enable logging for traffic served by this service.","description_kind":"plain","optional":true,"computed":true},"sample_rate":{"type":"number","description":"Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].\n\nThis field can only be specified if logging is enabled for this service.","description_kind":"plain","optional":true}},"description":"Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"routing":{"nesting_mode":"list","block":{"block_types":{"host_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the hostRule.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"The list of host patterns to match.\n\nHost patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.\n\nWhen multiple hosts are specified, hosts are matched in the following priority:\n\n 1. Exact domain names: ''www.foo.com''.\n 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''.\n 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''.\n 4. Special wildcard ''*'' matching any domain.\n\n Notes:\n\n The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service.\n\n Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the \":authority\" header, from the incoming request.\n\n You may specify up to 10 hosts.","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the pathMatcher associated with this hostRule.","description_kind":"plain","required":true}},"description":"The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply.","description_kind":"plain"},"min_items":1,"max_items":10},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"route_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the routeRule.","description_kind":"plain","optional":true},"origin":{"type":"string","description":"The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names (\"my-origin\") or fully-qualified resource URLs - e.g. \"networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin\"\n\nOnly one of origin or urlRedirect can be set.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"The priority of this route rule, where 1 is the highest priority.\n\nYou cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers\nto which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Describes a header to add.","description_kind":"plain"},"max_items":25},"request_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to remove.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25},"response_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Headers to add to the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain"},"max_items":25},"response_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"Headers to remove from the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding \u0026 removing headers, for requests that match this route.","description_kind":"plain"},"max_items":1},"match_rule":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.","description_kind":"plain","optional":true,"computed":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /.","description_kind":"plain","optional":true}},"block_types":{"header_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value of the header should exactly match contents of exactMatch.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The header name to match on.","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false (default), the headerMatch is considered a match if the match criteria above are met.\nIf set to true, the headerMatch is considered a match if the match criteria above are NOT met.","description_kind":"plain","optional":true,"computed":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch.","description_kind":"plain","optional":true}},"description":"Specifies a list of header match criteria, all of which must match corresponding headers in the request.","description_kind":"plain"},"max_items":3},"query_parameter_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request.","description_kind":"plain"},"max_items":5}},"description":"The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates\nwithin a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.","description_kind":"plain"},"min_items":1,"max_items":5},"route_action":{"nesting_mode":"list","block":{"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.\n\nFor all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: [\"CACHE_ALL_STATIC\", \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"BYPASS_CACHE\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"string","description":"Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.\n\n- The TTL must be \u003e 0 and \u003c= 86400s (1 day)\n- The clientTtl cannot be larger than the defaultTtl (if set)\n- Fractions of a second are not allowed.\n\nOmit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true},"default_ttl":{"type":"string","description":"Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).\n\nDefaults to 3600s (1 hour).\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\" (equivalent to must-revalidate)\n- The value of defaultTTL cannot be set to a value greater than that of maxTTL.\n- Fractions of a second are not allowed.\n- When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses.\n\nNote that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Specifies the maximum allowed TTL for cached content served by this origin.\n\nDefaults to 86400s (1 day).\n\nCache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\"\n- The value of maxTtl must be equal to or greater than defaultTtl.\n- Fractions of a second are not allowed.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.\n\nBy default, the CDNPolicy will apply the following default TTLs to these status codes:\n\n- HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m\n- HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s\n- HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s\n\nThese defaults can be overridden in negativeCachingPolicy","description_kind":"plain","optional":true},"negative_caching_policy":{"type":["map","string"],"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\n\n- Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching.\n- TTLs must be \u003e= 0 (where 0 is \"always revalidate\") and \u003c= 86400s (1 day)\n\nNote that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists.","description_kind":"plain","optional":true},"signed_request_keyset":{"type":"string","description":"The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.","description_kind":"plain","optional":true,"computed":true},"signed_request_maximum_expiration_ttl":{"type":"string","description":"Limit how far into the future the expiration time of a signed request may be.\n\nWhen set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.\n\n- The TTL must be \u003e 0.\n- Fractions of a second are not allowed.\n\nBy default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future.","description_kind":"plain","optional":true},"signed_request_mode":{"type":"string","description":"Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.\n\nYou must also set a signedRequestKeyset to enable signed requests.\n\nWhen set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: [\"DISABLED\", \"REQUIRE_SIGNATURES\", \"REQUIRE_TOKENS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"add_signatures":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"The actions to take to add signatures to responses. Possible values: [\"GENERATE_COOKIE\", \"GENERATE_TOKEN_HLS_COOKIELESS\", \"PROPAGATE_TOKEN_HLS_COOKIELESS\"]","description_kind":"plain","required":true},"copied_parameters":{"type":["list","string"],"description":"The parameters to copy from the verified token to the generated token.\n\nOnly the following parameters may be copied:\n\n * 'PathGlobs'\n * 'paths'\n * 'acl'\n * 'URLPrefix'\n * 'IPRanges'\n * 'SessionID'\n * 'id'\n * 'Data'\n * 'data'\n * 'payload'\n * 'Headers'\n\nYou may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"keyset":{"type":"string","description":"The keyset to use for signature generation.\n\nThe following are both valid paths to an EdgeCacheKeyset resource:\n\n * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset'\n * 'yourKeyset'\n\nThis must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to put the generated token.\n\nIf not specified, defaults to 'edge-cache-token'.\n\nIf specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nThis field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"token_ttl":{"type":"string","description":"The duration the token is valid starting from the moment the token is first generated.\n\nDefaults to '86400s' (1 day).\n\nThe TTL must be \u003e= 0 and \u003c= 604,800 seconds (1 week).\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Enable signature generation or propagation on this route.\n\nThis field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"exclude_host":{"type":"bool","description":"If true, requests to different hosts will be cached separately.\n\nNote: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.","description_kind":"plain","optional":true,"computed":true},"exclude_query_string":{"type":"bool","description":"If true, exclude query string parameters from the cache key\n\nIf false (the default), include the query string parameters in\nthe cache key according to includeQueryParameters and\nexcludeQueryParameters. If neither includeQueryParameters nor\nexcludeQueryParameters is set, the entire query string will be\nincluded.","description_kind":"plain","optional":true},"excluded_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to exclude from cache keys. All other parameters will be included.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true,"computed":true},"included_cookie_names":{"type":["list","string"],"description":"Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.\n\nCookie names:\n - must be valid RFC 6265 \"cookie-name\" tokens\n - are case sensitive\n - cannot start with \"Edge-Cache-\" (case insensitive)\n\n Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.\n\n You may specify up to three cookie names.","description_kind":"plain","optional":true},"included_header_names":{"type":["list","string"],"description":"Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.\n\n- Header names must be valid HTTP RFC 7230 header field values.\n- Header field names are case insensitive\n- To include the HTTP method, use \":method\"\n\nNote that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.","description_kind":"plain","optional":true},"included_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys. All other parameters will be excluded.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"Defines the request parameters that contribute to the cache key.","description_kind":"plain"},"max_items":1},"signed_token_options":{"nesting_mode":"list","block":{"attributes":{"allowed_signature_algorithms":{"type":["list","string"],"description":"The allowed signature algorithms to use.\n\nDefaults to using only ED25519.\n\nYou may specify up to 3 signature algorithms to use. Possible values: [\"ED25519\", \"HMAC_SHA_256\", \"HMAC_SHA1\"]","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to find the token.\n\nThe name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nDefaults to 'edge-cache-token'.","description_kind":"plain","optional":true}},"description":"Additional options for signed tokens.\n\nsignedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1}},"description":"The policy to use for defining caching and signed request behaviour for requests that match this route.","description_kind":"plain"},"max_items":1},"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\n\nThis translates to the Access-Control-Allow-Credentials response header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods response header.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\n\nThis translates to the Access-Control-Allow-Origin response header.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"max_age":{"type":"string","description":"Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).\n\n- Setting the value to -1 forces a pre-flight check for all requests (not recommended)\n- A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval.\n- This translates to the Access-Control-Max-Age header.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"description":"CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was supplied in the request.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.\n\nThis can only be set if there is at least one (1) edgeSslCertificate set on the service.","description_kind":"plain","optional":true,"computed":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was supplied in the request.\n\npathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.\n\nThe path value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.\n\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction.\n\nThe supported values are:\n\n- 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301.\n- 'FOUND', which corresponds to 302.\n- 'SEE_OTHER' which corresponds to 303.\n- 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained.\n- 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: [\"MOVED_PERMANENTLY_DEFAULT\", \"FOUND\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\", \"PERMANENT_REDIRECT\"]","description_kind":"plain","optional":true,"computed":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained.","description_kind":"plain","optional":true,"computed":true}},"description":"The URL redirect configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.","description_kind":"plain"},"min_items":1,"max_items":200}},"description":"The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion.","description_kind":"plain"},"min_items":1,"max_items":10}},"description":"Defines how requests are routed, modified, cached and/or which origin content is filled from.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_gateway":{"version":0,"block":{"attributes":{"addresses":{"type":["list","string"],"description":"Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,\nan IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.\nGateways of type 'OPEN_MESH' listen on 0.0.0.0.","description_kind":"plain","optional":true,"computed":true},"certificate_urls":{"type":["list","string"],"description":"A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.\nThis feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"delete_swg_autogen_router_on_destroy":{"type":"bool","description":"When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation.\nIf there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway_security_policy":{"type":"string","description":"A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.\nFor example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'.\nThis policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the Gateway resource to be created.","description_kind":"plain","required":true},"network":{"type":"string","description":"The relative resource name identifying the VPC network that is using this configuration.\nFor example: 'projects/*/global/networks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"ports":{"type":["list","number"],"description":"One or more port numbers (1-65535), on which the Gateway will receive traffic.\nThe proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are\nlimited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"Immutable. Scope determines how configuration across multiple Gateway instances are merged.\nThe configuration for multiple Gateway instances with the same scope will be merged as presented as\na single coniguration to the proxy/load balancer.\nMax length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.\nIf empty, TLS termination is disabled.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"The relative resource name identifying the subnetwork in which this SWG is allocated.\nFor example: 'projects/*/regions/us-central1/subnetworks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY. Possible values: [\"TYPE_UNSPECIFIED\", \"OPEN_MESH\", \"SECURE_WEB_GATEWAY\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_lb_route_extension":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rules":{"type":["list","string"],"description":"A list of references to the forwarding rules to which this service extension is attached to.\nAt least one forwarding rule is required. There can be only one LbRouteExtension resource per forwarding rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the LbRouteExtension resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service) and\n[Supported application load balancers](https://cloud.google.com/service-extensions/docs/callouts-overview#supported-lbs). Possible values: [\"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the route extension","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the LbRouteExtension resource in the following format: projects/{project}/locations/{location}/lbRouteExtensions/{lbRouteExtension}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"extension_chains":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name for this extension chain. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last character must be a letter or a number.","description_kind":"plain","required":true}},"block_types":{"extensions":{"nesting_mode":"list","block":{"attributes":{"authority":{"type":"string","description":"The :authority header in the gRPC request sent from Envoy to the extension service.","description_kind":"plain","optional":true},"fail_open":{"type":"bool","description":"Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error.\nAny subsequent extensions in the extension chain are also executed.\nWhen set to FALSE: * If response headers have not been delivered to the downstream client,\na generic 500 error is returned to the client. The error response can be tailored by\nconfiguring a custom error response in the load balancer.","description_kind":"plain","optional":true},"forward_headers":{"type":["list","string"],"description":"List of the HTTP headers to forward to the extension (from the client or backend).\nIf omitted, all headers are sent. Each element is a string indicating the header name.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this extension. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last a letter or a number.","description_kind":"plain","required":true},"service":{"type":"string","description":"The reference to the service that runs the extension. Must be a reference to a backend service","description_kind":"plain","required":true},"timeout":{"type":"string","description":"Specifies the timeout for each individual message on the stream. The timeout must be between 10-1000 milliseconds.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"A set of extensions to execute for the matching request.\nAt least one extension is required. Up to 3 extensions can be defined for each extension chain for\nLbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain.","description_kind":"plain"},"min_items":1},"match_condition":{"nesting_mode":"list","block":{"attributes":{"cel_expression":{"type":"string","description":"A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed.","description_kind":"plain","required":true}},"description":"Conditions under which this chain is invoked for a request.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A set of ordered extension chains that contain the match conditions and extensions to execute.\nMatch conditions for each extension chain are evaluated in sequence for a given request.\nThe first extension chain that has a condition that matches the request is executed.\nAny subsequent extension chains do not execute. Limited to 5 extension chains per resource.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_lb_traffic_extension":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rules":{"type":["list","string"],"description":"A list of references to the forwarding rules to which this service extension is attached to.\nAt least one forwarding rule is required. There can be only one LBTrafficExtension resource per forwarding rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the LbTrafficExtension resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service) and\n[Supported application load balancers](https://cloud.google.com/service-extensions/docs/callouts-overview#supported-lbs). Possible values: [\"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the traffic extension","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the LbTrafficExtension resource in the following format: projects/{project}/locations/{location}/lbTrafficExtensions/{lbTrafficExtension}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"extension_chains":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name for this extension chain. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last a letter or a number.","description_kind":"plain","required":true}},"block_types":{"extensions":{"nesting_mode":"list","block":{"attributes":{"authority":{"type":"string","description":"The :authority header in the gRPC request sent from Envoy to the extension service.","description_kind":"plain","optional":true},"fail_open":{"type":"bool","description":"Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error.\nAny subsequent extensions in the extension chain are also executed.\nWhen set to FALSE: * If response headers have not been delivered to the downstream client,\na generic 500 error is returned to the client. The error response can be tailored by\nconfiguring a custom error response in the load balancer.","description_kind":"plain","optional":true},"forward_headers":{"type":["list","string"],"description":"List of the HTTP headers to forward to the extension (from the client or backend).\nIf omitted, all headers are sent. Each element is a string indicating the header name.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this extension. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last a letter or a number.","description_kind":"plain","required":true},"service":{"type":"string","description":"The reference to the service that runs the extension. Must be a reference to a backend service","description_kind":"plain","required":true},"supported_events":{"type":["list","string"],"description":"A set of events during request or response processing for which this extension is called.\nThis field is required for the LbTrafficExtension resource. It's not relevant for the LbRouteExtension\nresource. Possible values:'EVENT_TYPE_UNSPECIFIED', 'REQUEST_HEADERS', 'REQUEST_BODY', 'RESPONSE_HEADERS',\n'RESPONSE_BODY', 'RESPONSE_BODY' and 'RESPONSE_BODY'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Specifies the timeout for each individual message on the stream. The timeout must be between 10-1000 milliseconds.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"A set of extensions to execute for the matching request.\nAt least one extension is required. Up to 3 extensions can be defined for each extension chain for\nLbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain.","description_kind":"plain"},"min_items":1},"match_condition":{"nesting_mode":"list","block":{"attributes":{"cel_expression":{"type":"string","description":"A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed.","description_kind":"plain","required":true}},"description":"Conditions under which this chain is invoked for a request.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A set of ordered extension chains that contain the match conditions and extensions to execute.\nMatch conditions for each extension chain are evaluated in sequence for a given request.\nThe first extension chain that has a condition that matches the request is executed.\nAny subsequent extension chains do not execute. Limited to 5 extension chains per resource.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_environment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of this environment for the UI.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name specified for the Environment instance.\nFormat: projects/{project_id}/locations/{location}/environments/{environmentId}","description_kind":"plain","required":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance fully boots up.\nThe path must be a URL or Cloud Storage path. Example: \"gs://path-to-file/file-name\"","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance":{"version":1,"block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","optional":true,"computed":true},"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"number","description":"The size of the data disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB).\nYou can choose the size of the data disk based on how big your notebooks and data are.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Notebook Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disk_encryption":{"type":"string","description":"Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values: [\"DISK_ENCRYPTION_UNSPECIFIED\", \"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"install_gpu_driver":{"type":"bool","description":"Whether the end user authorizes Google Cloud to install GPU driver\non this instance. If this field is empty or set to false, the GPU driver\nwon't be installed. Only applicable to instances with GPUs.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"The list of owners of this instance after creation.\nFormat: alias@example.com.\nCurrently supports one owner only.\nIf not specified, all of the service account users of\nyour VM instance's service account can use the instance.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK.\nFormat: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this instance. These can be later modified by the setLabels method.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"machine_type":{"type":"string","description":"A reference to a machine type which defines VM kind.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Custom metadata to apply to this instance.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the Notebook instance.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC that this instance is in.\nFormat: projects/{project_id}/global/networks/{network_id}","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC driver. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"no_proxy_access":{"type":"bool","description":"The notebook instance will not register with the proxy..","description_kind":"plain","optional":true},"no_public_ip":{"type":"bool","description":"No public IP will be assigned to this instance.","description_kind":"plain","optional":true},"no_remove_data_disk":{"type":"bool","description":"If true, the data disk will not be auto deleted when deleting the instance.","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a\nnotebook instance fully boots up. The path must be a URL\nor Cloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the Jupyter notebook.\nOnly returned when the resource is in a 'PROVISIONED' state. If\nneeded you can utilize 'terraform apply -refresh-only' to await\nthe population of this value.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account on this instance, giving access to other\nGoogle Cloud services. You can use any service account within\nthe same project, but you must have the service account user\npermission to use the instance. If not specified,\nthe Compute Engine default service account is used.","description_kind":"plain","optional":true,"computed":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances.\nIf not specified, the following scopes are defined:\n- https://www.googleapis.com/auth/cloud-platform\n- https://www.googleapis.com/auth/userinfo.email","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this instance.","description_kind":"plain","computed":true},"subnet":{"type":"string","description":"The name of the subnet that this instance is in.\nFormat: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id}","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to instance.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Instance update time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of this accelerator. Possible values: [\"ACCELERATOR_TYPE_UNSPECIFIED\", \"NVIDIA_TESLA_K80\", \"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\", \"NVIDIA_TESLA_A100\", \"TPU_V2\", \"TPU_V3\"]","description_kind":"plain","required":true}},"description":"The hardware accelerator used on this instance. If you use accelerators,\nmake sure that your configuration has enough vCPUs and memory to support the\nmachineType you have selected.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"The type of Compute Reservation. Possible values: [\"NO_RESERVATION\", \"ANY_RESERVATION\", \"SPECIFIC_RESERVATION\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the\nboot integrity of the instance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image when the instance is created.\nEnabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs\nauthentic software by verifying the digital signature of all boot components, and halting the boot process\nif signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. Check [Images using supported Shielded VM features]\nNot all combinations are valid","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain","deprecated":true}},"google_notebooks_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_location":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Location resource.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_runtime":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"The health state of this runtime. For a list of possible output\nvalues, see 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#healthstate'.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"metrics":{"type":["list",["object",{"system_metrics":["map","string"]}]],"description":"Contains Runtime daemon metrics such as Service status and JupyterLab\nstatus","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name specified for the Notebook runtime.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this runtime.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"The type of access mode this instance. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#RuntimeAccessType'.","description_kind":"plain","optional":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the runtime.","description_kind":"plain","computed":true},"runtime_owner":{"type":"string","description":"The owner of this runtime after creation. Format: 'alias@example.com'.\nCurrently supports one owner only.","description_kind":"plain","optional":true}},"description":"The config settings for accessing runtime.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"enable_health_monitoring":{"type":"bool","description":"Verifies core internal services are running. Default: True.","description_kind":"plain","optional":true},"idle_shutdown":{"type":"bool","description":"Runtime will automatically shutdown after idle_shutdown_time.\nDefault: True","description_kind":"plain","optional":true},"idle_shutdown_timeout":{"type":"number","description":"Time in minutes to wait before shuting down runtime.\nDefault: 180 minutes","description_kind":"plain","optional":true},"install_gpu_driver":{"type":"bool","description":"Install Nvidia Driver automatically.","description_kind":"plain","optional":true},"notebook_upgrade_schedule":{"type":"string","description":"Cron expression in UTC timezone for schedule instance auto upgrade.\nPlease follow the [cron format](https://en.wikipedia.org/wiki/Cron).","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance\nfully boots up. The path must be a URL or\nCloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"post_startup_script_behavior":{"type":"string","description":"Behavior for the post startup script. Possible values: [\"POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED\", \"RUN_EVERY_START\", \"DOWNLOAD_AND_RUN_EVERY_START\"]","description_kind":"plain","optional":true},"upgradeable":{"type":"bool","description":"Bool indicating whether an newer image is available in an image family.","description_kind":"plain","computed":true}},"block_types":{"kernels":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to use as Kernels in the notebook instance.","description_kind":"plain"}}},"description":"The config settings for software inside the runtime.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"instance_id":{"type":"string","description":"The unique identifier of the Managed Compute Engine instance.","description_kind":"plain","computed":true},"instance_name":{"type":"string","description":"The user-friendly name of the Managed Compute Engine instance.","description_kind":"plain","computed":true}},"block_types":{"virtual_machine_config":{"nesting_mode":"list","block":{"attributes":{"guest_attributes":{"type":["map","string"],"description":"The Compute Engine guest attributes. (see [Project and instance\nguest attributes](https://cloud.google.com/compute/docs/\nstoring-retrieving-metadata#guest_attributes)).","description_kind":"plain","computed":true},"internal_ip_only":{"type":"bool","description":"If true, runtime will only have internal IP addresses. By default,\nruntimes are not restricted to internal IP addresses, and will\nhave ephemeral external IP addresses assigned to each vm. This\n'internal_ip_only' restriction can only be enabled for subnetwork\nenabled networks, and all dependencies must be configured to be\naccessible without external IP addresses.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for runtimes.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to virtual machine.\n(see [Project and instance metadata](https://cloud.google.com\n/compute/docs/storing-retrieving-metadata#project_and_instance\n_metadata)).","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine network to be used for machine communications.\nCannot be specified with subnetwork. If neither 'network' nor\n'subnet' is specified, the \"default\" network of the project is\nused, if it exists. A full URL or partial URI. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/global/default'\n * 'projects/[project_id]/regions/global/default'\nRuntimes are managed resources inside Google Infrastructure.\nRuntimes support the following network configurations:\n * Google Managed Network (Network \u0026 subnet are empty)\n * Consumer Project VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.\n * Shared VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. This may be gVNIC\nor VirtioNet. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"reserved_ip_range":{"type":"string","description":"Reserved IP Range name is used for VPC Peering. The\nsubnetwork allocation will use the range *name* if it's assigned.","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"The Compute Engine subnetwork to be used for machine\ncommunications. Cannot be specified with network. A full URL or\npartial URI are valid. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/us-east1/subnetworks/sub0'\n * 'projects/[project_id]/regions/us-east1/subnetworks/sub0'","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to runtime (see [Tagging instances]\n(https://cloud.google.com/compute/docs/\nlabel-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone where the virtual machine is located.","description_kind":"plain","computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Accelerator model. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#AcceleratorType'","description_kind":"plain","optional":true}},"description":"The Compute Engine accelerator configuration for this runtime.","description_kind":"plain"},"max_items":1},"container_images":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to start the notebook instance.","description_kind":"plain"}},"data_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Optional. Specifies whether the disk will be auto-deleted\nwhen the instance is deleted (but not when the disk is\ndetached from the instance).","description_kind":"plain","computed":true},"boot":{"type":"bool","description":"Optional. Indicates that this is a boot disk. The virtual\nmachine will use the first partition of the disk for its\nroot filesystem.","description_kind":"plain","computed":true},"device_name":{"type":"string","description":"Optional. Specifies a unique device name of your choice\nthat is reflected into the /dev/disk/by-id/google-* tree\nof a Linux operating system running within the instance.\nThis name can be used to reference the device for mounting,\nresizing, and so on, from within the instance.\nIf not specified, the server chooses a default device name\nto apply to this disk, in the form persistent-disk-x, where\nx is a number assigned by Google Compute Engine. This field\nis only applicable for persistent disks.","description_kind":"plain","computed":true},"guest_os_features":{"type":["list","string"],"description":"Indicates a list of features to enable on the guest operating\nsystem. Applicable only for bootable images. To see a list of\navailable features, read 'https://cloud.google.com/compute/docs/\nimages/create-delete-deprecate-private-images#guest-os-features'\noptions. ''","description_kind":"plain","computed":true},"index":{"type":"number","description":"Output only. A zero-based index to this disk, where 0 is\nreserved for the boot disk. If you have many disks attached\nto an instance, each disk would have a unique index number.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"\"Specifies the disk interface to use for attaching this disk,\nwhich is either SCSI or NVME. The default is SCSI. Persistent\ndisks must always use SCSI and the request will fail if you attempt\nto attach a persistent disk in any other format than SCSI. Local SSDs\ncan use either NVME or SCSI. For performance characteristics of SCSI\nover NVMe, see Local SSD performance. Valid values: * NVME * SCSI\".","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Type of the resource. Always compute#attachedDisk for attached\ndisks.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Output only. Any valid publicly visible licenses.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE\nor READ_ONLY. If not specified, the default is to attach\nthe disk in READ_WRITE mode.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Specifies a valid partial or full URL to an existing\nPersistent Disk resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the disk, either SCRATCH or PERSISTENT.\nIf not specified, the default is PERSISTENT.","description_kind":"plain","optional":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Provide this property when creating the disk.","description_kind":"plain","optional":true},"disk_name":{"type":"string","description":"Specifies the disk name. If not specified, the default is\nto use the name of the instance. If the disk with the\ninstance name exists already in the given zone/region, a\nnew name will be automatically generated.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Specifies the size of the disk in base-2 GB. If not\nspecified, the disk will be the same size as the image\n(usually 10GB). If specified, the size must be equal to\nor larger than 10GB. Default 100 GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"The type of the boot disk attached to this runtime,\ndefaults to standard persistent disk. For valid values,\nsee 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#disktype'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. These can be later modified\nby the disks.setLabels method. This field is only\napplicable for persistent disks.","description_kind":"plain","optional":true,"computed":true}},"description":"Input only. Specifies the parameters for a new disk that will\nbe created alongside the new instance. Use initialization\nparameters to create boot disks or local SSDs attached to the\nnew instance. This property is mutually exclusive with the\nsource property; you can only define one or the other, but not\nboth.","description_kind":"plain"},"max_items":1}},"description":"Data disk option configuration settings.","description_kind":"plain"},"min_items":1,"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS resource identifier of the customer-managed\nencryption key used to protect a resource, such as a disks.\nIt has the following format:\n'projects/{PROJECT_ID}/locations/{REGION}/keyRings/\n{KEY_RING_NAME}/cryptoKeys/{KEY_NAME}'","description_kind":"plain","optional":true}},"description":"Encryption settings for virtual machine data disk.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.\nEnables monitoring and attestation of the boot integrity of\nthe instance. The attestation is performed against the\nintegrity policy baseline. This baseline is initially derived\nfrom the implicitly trusted boot image when the instance is\ncreated. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.Secure\nBoot helps ensure that the system only runs authentic software\nby verifying the digital signature of all boot components, and\nhalting the boot process if signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled. Enabled by\ndefault.","description_kind":"plain","optional":true}},"description":"Shielded VM Instance configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Virtual Machine configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Use a Compute Engine VM image to start the managed notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_org_policy_custom_constraint":{"version":0,"block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The timestamp representing when the constraint was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_org_policy_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * 'projects/{project_number}/policies/{constraint_name}' * 'folders/{folder_id}/policies/{constraint_name}' * 'organizations/{organization_id}/policies/{constraint_name}' For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: 'projects/{project_id}/policies/{constraint_name}' is also an acceptable name for API requests, but responses will return the name using the equivalent project number.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","required":true}},"block_types":{"dry_run_spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a 'CreatePolicy' request. When the policy' is returned from either a 'GetPolicy' or a 'ListPolicies' request, this 'etag' indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a 'GetEffectivePolicy' request, the 'etag' will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this policy. If 'inherit_from_parent' is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the 'constraint_default' enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, 'rules' must be empty and 'inherit_from_parent' must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to 'CreatePolicy' or 'UpdatePolicy' was made for that policy.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If '\"TRUE\"', then the 'Policy' is enforced. If '\"FALSE\"', then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the 'expression' field in the 'Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set 'enforced' to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the 'Policy', used for concurrency control. This field is ignored if used in a 'CreatePolicy' request. When the 'Policy' is returned from either a 'GetPolicy' or a 'ListPolicies' request, this 'etag' indicates the version of the current 'Policy' to use when executing a read-modify-write loop. When the 'Policy' is returned from a 'GetEffectivePolicy' request, the 'etag' will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this 'Policy'. If 'inherit_from_parent' is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the 'constraint_default' enforcement behavior of the specific 'Constraint' at this resource. This field can be set in policies for either list or boolean constraints. If set, 'rules' must be empty and 'inherit_from_parent' must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to 'CreatePolicy' or 'UpdatePolicy' was made for that 'Policy'.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If '\"TRUE\"', then the 'Policy' is enforced. If '\"FALSE\"', then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the 'expression' field in the 'Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set 'enforced' to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Basic information about the Organization Policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"organizations/{organization_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"organization_id":{"type":"string","description":"ID of the organization of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can be done for individual services.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_organization_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to create a custom role.","description_kind":"plain","required":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The role id to use for this role.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_os_policy_assignment":{"version":0,"block":{"attributes":{"baseline":{"type":"bool","description":"Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision.\nFor a given OS policy assignment, there is only one revision with a value of 'true' for this field.","description_kind":"plain","computed":true},"deleted":{"type":"bool","description":"Output only. Indicates that this revision deletes the OS policy assignment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"OS policy assignment description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Indicates that reconciliation is in progress for the revision. This value is 'true' when the 'rollout_state' is one of:\n* IN_PROGRESS\n* CANCELLING","description_kind":"plain","computed":true},"revision_create_time":{"type":"string","description":"Output only. The timestamp that the revision was created.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment","description_kind":"plain","computed":true},"rollout_state":{"type":"string","description":"Output only. OS policy assignment rollout state","description_kind":"plain","computed":true},"skip_await_rollout":{"type":"bool","description":"Set to true to skip awaiting rollout during resource creation and update.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server generated unique id for the OS policy assignment resource.","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VMs in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true}},"block_types":{"exclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM exclusion.\nIf the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM inclusion.\nIf the list has more than one 'LabelSet', the VM is included if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inventories":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*' An empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventories to select VMs.\nA VM is selected if its inventory data matches at least one of the following inventories.","description_kind":"plain"}}},"description":"Filter to select VMs.","description_kind":"plain"},"min_items":1,"max_items":1},"os_policies":{"nesting_mode":"list","block":{"attributes":{"allow_no_resource_group_match":{"type":"bool","description":"This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to 'true' if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Policy description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The id of the OS policy with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the assignment.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Policy mode Possible values: [\"MODE_UNSPECIFIED\", \"VALIDATION\", \"ENFORCEMENT\"]","description_kind":"plain","required":true}},"block_types":{"resource_groups":{"nesting_mode":"list","block":{"block_types":{"inventory_filters":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version\nPrefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*'\nAn empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventory filters for the resource group.\nThe resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters.\nFor example, to apply this resource group to VMs running either 'RHEL' or 'CentOS' operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos'\nIf the list is empty, this resource group will be applied to the target VM unconditionally.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The id of the resource with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the OS policy.","description_kind":"plain","required":true}},"block_types":{"exec":{"nesting_mode":"list","block":{"block_types":{"enforce":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to bring this resource into the desired state. An exit code of 100 indicates \"success\", any other exit code indicates a failure running enforce.","description_kind":"plain"},"max_items":1},"validate":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to validate this resource is in the desired state. An exit code of 100 indicates \"in desired state\", and exit code of 101 indicates \"not in desired state\". Any other exit code indicates a failure running validate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Exec resource","description_kind":"plain"},"max_items":1},"file":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"A a file with this content. The size of the content is limited to 1024 characters.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The absolute path of the file within the VM.","description_kind":"plain","required":true},"permissions":{"type":"string","description":"Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755.\nBelow are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4","description_kind":"plain","computed":true},"state":{"type":"string","description":"Desired state of the file. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"PRESENT\", \"ABSENT\", \"CONTENTS_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local source.","description_kind":"plain"},"max_items":1}},"description":"File resource","description_kind":"plain"},"max_items":1},"pkg":{"nesting_mode":"list","block":{"attributes":{"desired_state":{"type":"string","description":"The desired state the agent should maintain for this package. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"INSTALLED\", \"REMOVED\"]","description_kind":"plain","required":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Apt.","description_kind":"plain"},"max_items":1},"deb":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'dpkg -i package' - install when true: 'apt-get update \u0026\u0026 apt-get -y install package.deb'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A deb package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A deb package file.","description_kind":"plain"},"max_items":1},"googet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by GooGet.","description_kind":"plain"},"max_items":1},"msi":{"nesting_mode":"list","block":{"attributes":{"properties":{"type":["list","string"],"description":"Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of 'ACTION=INSTALL REBOOT=ReallySuppress'.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"The MSI package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An MSI package.","description_kind":"plain"},"max_items":1},"rpm":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'rpm --upgrade --replacepkgs package.rpm' - install when true: 'yum -y install package.rpm' or 'zypper -y install package.rpm'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"An rpm package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An rpm package file.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by YUM.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Zypper.","description_kind":"plain"},"max_items":1}},"description":"Package resource","description_kind":"plain"},"max_items":1},"repository":{"nesting_mode":"list","block":{"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"archive_type":{"type":"string","description":"Type of archive files in this repository. Possible values: [\"ARCHIVE_TYPE_UNSPECIFIED\", \"DEB\", \"DEB_SRC\"]","description_kind":"plain","required":true},"components":{"type":["list","string"],"description":"List of components for this repository. Must contain at least one item.","description_kind":"plain","required":true},"distribution":{"type":"string","description":"Distribution of this repository.","description_kind":"plain","required":true},"gpg_key":{"type":"string","description":"URI of the key file for this repository. The agent maintains a keyring at '/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg'.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI for this repository.","description_kind":"plain","required":true}},"description":"An Apt Repository.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the repository.","description_kind":"plain","required":true},"url":{"type":"string","description":"The url of the repository.","description_kind":"plain","required":true}},"description":"A Goo Repository.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the yum config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for resource conflicts.","description_kind":"plain","required":true}},"description":"A Yum Repository.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the zypper config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.","description_kind":"plain","required":true}},"description":"A Zypper Repository.","description_kind":"plain"},"max_items":1}},"description":"Package repository resource","description_kind":"plain"},"max_items":1}},"description":"List of resources configured for this resource group. The resources are executed in the exact order specified here.","description_kind":"plain"},"min_items":1}},"description":"List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored.\nIf none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag 'allow_no_resource_group_match'","description_kind":"plain"},"min_items":1}},"description":"List of OS policies to be applied to the VMs.","description_kind":"plain"},"min_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"min_wait_duration":{"type":"string","description":"This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the 'disruption_budget' at least until this duration of time has passed after configuration changes are applied.","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_patch_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the patch deployment was created. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the patch deployment. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Duration of the patch. After the duration ends, the patch times out.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_execute_time":{"type":"string","description":"The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the patch deployment resource in a project.\nThe patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.","description_kind":"plain","computed":true},"patch_deployment_id":{"type":"string","description":"A name for the patch deployment in the project. When creating a name the following rules apply:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the project.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Time the patch deployment was last updated. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VM instances in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true},"instance_name_prefixes":{"type":["list","string"],"description":"Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group\nVMs when targeting configs, for example prefix=\"prod-\".","description_kind":"plain","optional":true},"instances":{"type":["list","string"],"description":"Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',\n'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or\n'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'","description_kind":"plain","optional":true},"zones":{"type":["list","string"],"description":"Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone.","description_kind":"plain","optional":true}},"block_types":{"group_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Compute Engine instance labels that must be present for a VM instance to be targeted by this filter","description_kind":"plain","required":true}},"description":"Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances.","description_kind":"plain"}}},"description":"VM instances to patch.","description_kind":"plain"},"min_items":1,"max_items":1},"one_time_schedule":{"nesting_mode":"list","block":{"attributes":{"execute_time":{"type":"string","description":"The desired patch job execution time. A timestamp in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"Schedule a one-time execution.","description_kind":"plain"},"max_items":1},"patch_config":{"nesting_mode":"list","block":{"attributes":{"mig_instances_allowed":{"type":"bool","description":"Allows the patch job to run on Managed instance groups (MIGs).","description_kind":"plain","optional":true},"reboot_config":{"type":"string","description":"Post-patch reboot settings. Possible values: [\"DEFAULT\", \"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"type":{"type":"string","description":"By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. Possible values: [\"DIST\", \"UPGRADE\"]","description_kind":"plain","optional":true}},"description":"Apt update settings. Use this setting to override the default apt patch rules.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain","required":true}},"description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain"},"max_items":1},"post_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run after the patch update.","description_kind":"plain"},"max_items":1},"pre_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run before the patch update.","description_kind":"plain"},"max_items":1},"windows_update":{"nesting_mode":"list","block":{"attributes":{"classifications":{"type":["list","string"],"description":"Only apply updates of these windows update classifications. If empty, all updates are applied. Possible values: [\"CRITICAL\", \"SECURITY\", \"DEFINITION\", \"DRIVER\", \"FEATURE_PACK\", \"SERVICE_PACK\", \"TOOL\", \"UPDATE_ROLLUP\", \"UPDATE\"]","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of KBs to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of kbs to be updated. These are the only patches that will be updated.\nThis field must not be used with other patch configurations.","description_kind":"plain","optional":true}},"description":"Windows update settings. Use this setting to override the default Windows patch rules.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"minimal":{"type":"bool","description":"Will cause patch to run yum update-minimal instead.","description_kind":"plain","optional":true},"security":{"type":"bool","description":"Adds the --security flag to yum update. Not supported on all platforms.","description_kind":"plain","optional":true}},"description":"Yum update settings. Use this setting to override the default yum patch rules.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"categories":{"type":["list","string"],"description":"Install only patches with these categories. Common categories include security, recommended, and feature.","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of packages to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.\nThis field must not be used with any other patch configuration fields.","description_kind":"plain","optional":true},"severities":{"type":["list","string"],"description":"Install only patches with these severities. Common severities include critical, important, moderate, and low.","description_kind":"plain","optional":true},"with_optional":{"type":"bool","description":"Adds the --with-optional flag to zypper patch.","description_kind":"plain","optional":true},"with_update":{"type":"bool","description":"Adds the --with-update flag, to zypper patch.","description_kind":"plain","optional":true}},"description":"zypper update settings. Use this setting to override the default zypper patch rules.","description_kind":"plain"},"max_items":1}},"description":"Patch configuration that is applied.","description_kind":"plain"},"max_items":1},"recurring_schedule":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The end time at which a recurring patch deployment schedule is no longer active.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_execute_time":{"type":"string","description":"The time the last patch job ran successfully.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"next_execute_time":{"type":"string","description":"The time the next patch job is scheduled to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"start_time":{"type":"string","description":"The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"monthly":{"nesting_mode":"list","block":{"attributes":{"month_day":{"type":"number","description":"One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.\nMonths without the target day will be skipped. For example, a schedule to run \"every month on the 31st\"\nwill not run in February, April, June, etc.","description_kind":"plain","optional":true}},"block_types":{"week_day_of_month":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"A day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"day_offset":{"type":"number","description":"Represents the number of days before or after the given week day of month that the patch deployment is scheduled for.","description_kind":"plain","optional":true},"week_ordinal":{"type":"number","description":"Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month.","description_kind":"plain","required":true}},"description":"Week day in a month.","description_kind":"plain"},"max_items":1}},"description":"Schedule with monthly executions.","description_kind":"plain"},"max_items":1},"time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Time of the day to run a recurring deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"time_zone":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\".","description_kind":"plain","required":true},"version":{"type":"string","description":"IANA Time Zone Database version number, e.g. \"2019a\".","description_kind":"plain","optional":true}},"description":"Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are\ndetermined by the chosen time zone.","description_kind":"plain"},"min_items":1,"max_items":1},"weekly":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\". Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"description":"Schedule with weekly executions.","description_kind":"plain"},"max_items":1}},"description":"Schedule recurring executions.","description_kind":"plain"},"max_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode of the patch rollout. Possible values: [\"ZONE_BY_ZONE\", \"CONCURRENT_ZONES\"]","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.\nDuring patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.\nA VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.\nFor zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.\nFor example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout strategy of the patch job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_login_ssh_public_key":{"version":0,"block":{"attributes":{"expiration_time_usec":{"type":"string","description":"An expiration time in microseconds since epoch.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The SHA-256 fingerprint of the SSH public key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Public key text in SSH format, defined by RFC4253 section 6.6.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project ID of the Google Cloud Platform project.","description_kind":"plain","optional":true},"user":{"type":"string","description":"The user email.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CaPool. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this CaPool.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The Tier of this CaPool. Possible values: [\"ENTERPRISE\", \"DEVOPS\"]","description_kind":"plain","required":true}},"block_types":{"issuance_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_lifetime":{"type":"string","description":"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority\nexpires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true}},"block_types":{"allowed_issuance_modes":{"nesting_mode":"list","block":{"attributes":{"allow_config_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CertificateConfig.","description_kind":"plain","required":true},"allow_csr_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CSR.","description_kind":"plain","required":true}},"description":"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.","description_kind":"plain"},"max_items":1},"allowed_key_types":{"nesting_mode":"list","block":{"block_types":{"elliptic_curve":{"nesting_mode":"list","block":{"attributes":{"signature_algorithm":{"type":"string","description":"The algorithm used. Possible values: [\"ECDSA_P256\", \"ECDSA_P384\", \"EDDSA_25519\"]","description_kind":"plain","required":true}},"description":"Represents an allowed Elliptic Curve key type.","description_kind":"plain"},"max_items":1},"rsa":{"nesting_mode":"list","block":{"attributes":{"max_modulus_size":{"type":"string","description":"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice will not enforce an explicit upper bound on RSA modulus sizes.","description_kind":"plain","optional":true},"min_modulus_size":{"type":"string","description":"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice-level min RSA modulus size will continue to apply.","description_kind":"plain","optional":true}},"description":"Describes an RSA key that may be used in a Certificate issued from a CaPool.","description_kind":"plain"},"max_items":1}},"description":"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here.\nOtherwise, any key may be used.","description_kind":"plain"}},"baseline_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request\nincludes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate\nrequest uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate\nissuance request will fail.","description_kind":"plain"},"max_items":1},"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate.\nOtherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"If this is set, the Subject field may be copied from a certificate request into the signed certificate.\nOtherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a\ncertificate is signed. To see the full allowed syntax and some examples,\nsee https://cloud.google.com/certificate-authority-service/docs/cel-guide","description_kind":"plain"},"max_items":1}},"description":"Describes constraints on identities that may appear in Certificates issued through this CaPool.\nIf this is omitted, then this CaPool will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1}},"description":"The IssuancePolicy to control how Certificates will be issued from this CaPool.","description_kind":"plain"},"max_items":1},"publishing_options":{"nesting_mode":"list","block":{"attributes":{"encoding_format":{"type":"string","description":"Specifies the encoding format of each CertificateAuthority's CA\ncertificate and CRLs. If this is omitted, CA certificates and CRLs\nwill be published in PEM. Possible values: [\"PEM\", \"DER\"]","description_kind":"plain","optional":true},"publish_ca_cert":{"type":"bool","description":"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\"\nX.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding\nX.509 extension will not be written in issued certificates.","description_kind":"plain","required":true},"publish_crl":{"type":"bool","description":"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension\nin all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not\nbe written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are\nalso rebuilt shortly after a certificate is revoked.","description_kind":"plain","required":true}},"description":"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_binding":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_member":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate":{"version":0,"block":{"attributes":{"certificate_authority":{"type":"string","description":"The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from\na Certificate Authority with resource name 'projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca',\nargument 'pool' should be set to 'projects/my-project/locations/us-central1/caPools/my-pool', argument 'certificate_authority'\nshould be set to 'my-ca'.","description_kind":"plain","optional":true},"certificate_description":{"type":["list",["object",{"aia_issuing_certificate_urls":["list","string"],"authority_key_id":["list",["object",{"key_id":"string"}]],"cert_fingerprint":["list",["object",{"sha256_hash":"string"}]],"crl_distribution_points":["list","string"],"public_key":["list",["object",{"format":"string","key":"string"}]],"subject_description":["list",["object",{"hex_serial_number":"string","lifetime":"string","not_after_time":"string","not_before_time":"string","subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"custom_sans":["list",["object",{"critical":"bool","obect_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_description":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.","description_kind":"plain","computed":true},"certificate_template":{"type":"string","description":"The resource name for a CertificateTemplate used to issue this certificate,\nin the format 'projects/*/locations/*/certificateTemplates/*'. If this is specified,\nthe caller must have the necessary permission to use this template. If this is\nomitted, no template will be used. This template must be in the same location\nas the Certificate.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_certificate_authority":{"type":"string","description":"The resource name of the issuing CertificateAuthority in the format 'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Certificate. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this Certificate.","description_kind":"plain","required":true},"pem_certificate":{"type":"string","description":"Output only. The pem-encoded, signed X.509 certificate.","description_kind":"plain","computed":true},"pem_certificate_chain":{"type":["list","string"],"description":"The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description":"Immutable. A pem-encoded X.509 certificate signing request (CSR).","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"revocation_details":{"type":["list",["object",{"revocation_state":"string","revocation_time":"string"}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is\nconsidered revoked if and only if this field is present.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateAuthority was updated.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"format":{"type":"string","description":"The format of the public key. Currently, only PEM format is supported. Possible values: [\"KEY_TYPE_UNSPECIFIED\", \"PEM\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.","description_kind":"plain","optional":true}},"description":"A PublicKey describes a public key.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_key_id":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The value of the KeyId in lowercase hexidecimal.","description_kind":"plain","optional":true}},"description":"When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..","description_kind":"plain"},"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the CertificateAuthority.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the CertificateAuthority will fail.\nWhen the field is set to false, deleting the CertificateAuthority is allowed.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","optional":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_key_id":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The value of the KeyId in lowercase hexidecimal.","description_kind":"plain","optional":true}},"description":"When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..","description_kind":"plain"},"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","required":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0\nrequires setting 'zero_max_issuer_path_length = true'.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nIf both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"key_spec":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use for creating a managed Cloud KMS key for a for a simplified\nexperience. All managed keys will be have their ProtectionLevel as HSM. Possible values: [\"SIGN_HASH_ALGORITHM_UNSPECIFIED\", \"RSA_PSS_2048_SHA256\", \"RSA_PSS_3072_SHA256\", \"RSA_PSS_4096_SHA256\", \"RSA_PKCS1_2048_SHA256\", \"RSA_PKCS1_3072_SHA256\", \"RSA_PKCS1_4096_SHA256\", \"EC_P256_SHA256\", \"EC_P384_SHA384\"]","description_kind":"plain","optional":true},"cloud_kms_key_version":{"type":"string","description":"The resource name for an existing Cloud KMS CryptoKeyVersion in the format\n'projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*'.","description_kind":"plain","optional":true}},"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"subordinate_config":{"nesting_mode":"list","block":{"attributes":{"certificate_authority":{"type":"string","description":"This can refer to a CertificateAuthority that was used to create a\nsubordinate CertificateAuthority. This field is used for information\nand usability purposes only. The resource name is in the format\n'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","optional":true}},"block_types":{"pem_issuer_chain":{"nesting_mode":"list","block":{"attributes":{"pem_certificates":{"type":["list","string"],"description":"Expected to be in leaf-to-root order according to RFC 5246.","description_kind":"plain","optional":true}},"description":"Contains the PEM certificate chain for the issuers of this CertificateAuthority,\nbut not pem certificate for this CA itself.","description_kind":"plain"},"max_items":1}},"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human-readable description of scenarios this template is intended for.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels with user-defined metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"maximum_lifetime":{"type":"string","description":"Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateTemplate in the format 'projects/*/locations/*/certificateTemplates/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was updated.","description_kind":"plain","computed":true}},"block_types":{"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel","description_kind":"plain"},"max_items":1}},"description":"Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1},"passthrough_extensions":{"nesting_mode":"list","block":{"attributes":{"known_extensions":{"type":["list","string"],"description":"Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.","description_kind":"plain"}}},"description":"Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.","description_kind":"plain"},"max_items":1},"predefined_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value of this X.509 extension.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Required. The OID for this X.509 extension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Describes custom X.509 extensions.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Detailed scenarios in which a key may be used.","description_kind":"plain"},"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","description_kind":"plain"}}},"description":"Optional. Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_binding":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_member":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privileged_access_manager_entitlement":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"entitlement_id":{"type":"string","description":"The ID to use for this Entitlement. This will become the last part of the resource name.\nThis value should be 4-63 characters, and valid characters are \"[a-z]\", \"[0-9]\", and \"-\". The first character should be from [a-z].\nThis value should be unique among all other Entitlements under the specified 'parent'.","description_kind":"plain","required":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The region of the Entitlement resource.","description_kind":"plain","required":true},"max_request_duration":{"type":"string","description":"The maximum amount of time for which access would be granted for a request.\nA requester can choose to ask for access for less than this duration but never more.\nFormat: calculate the time in seconds and concatenate it with 's' i.e. 2 hours = \"7200s\", 45 minutes = \"2700s\"","description_kind":"plain","required":true},"name":{"type":"string","description":"Output Only. The entitlement's name follows a hierarchical structure, comprising the organization, folder, or project, alongside the region and a unique entitlement ID.\nFormats: organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}, folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}, and projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Format: projects/{project-id|project-number} or organizations/{organization-number} or folders/{folder-number}","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the Entitlement.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"additional_notification_targets":{"nesting_mode":"list","block":{"attributes":{"admin_email_recipients":{"type":["set","string"],"description":"Optional. Additional email addresses to be notified when a principal(requester) is granted access.","description_kind":"plain","optional":true},"requester_email_recipients":{"type":["set","string"],"description":"Optional. Additional email address to be notified about an eligible entitlement.","description_kind":"plain","optional":true}},"description":"AdditionalNotificationTargets includes email addresses to be notified.","description_kind":"plain"},"max_items":1},"approval_workflow":{"nesting_mode":"list","block":{"block_types":{"manual_approvals":{"nesting_mode":"list","block":{"attributes":{"require_approver_justification":{"type":"bool","description":"Optional. Do the approvers need to provide a justification for their actions?","description_kind":"plain","optional":true}},"block_types":{"steps":{"nesting_mode":"list","block":{"attributes":{"approvals_needed":{"type":"number","description":"How many users from the above list need to approve.\nIf there are not enough distinct users in the list above then the workflow\nwill indefinitely block. Should always be greater than 0. Currently 1 is the only\nsupported value.","description_kind":"plain","optional":true},"approver_email_recipients":{"type":["set","string"],"description":"Optional. Additional email addresses to be notified when a grant is pending approval.","description_kind":"plain","optional":true}},"block_types":{"approvers":{"nesting_mode":"list","block":{"attributes":{"principals":{"type":["set","string"],"description":"Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1","description_kind":"plain","required":true}},"description":"The potential set of approvers in this step. This list should contain at only one entry.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"List of approval steps in this workflow. These steps would be followed in the specified order sequentially. 1 step is supported for now.","description_kind":"plain"},"min_items":1}},"description":"A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for an Grant.\nThe workflow can consist of multiple serial steps where each step defines who can act as Approver in that step and how many of those users should approve before the workflow moves to the next step.\nThis can be used to create approval workflows such as\n* Require an approval from any user in a group G.\n* Require an approval from any k number of users from a Group G.\n* Require an approval from any user in a group G and then from a user U. etc.\nA single user might be part of 'approvers' ACL for multiple steps in this workflow but they can only approve once and that approval will only be considered to satisfy the approval step at which it was granted.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The approvals needed before access will be granted to a requester.\nNo approvals will be needed if this field is null. Different types of approval workflows that can be used to gate privileged access granting.","description_kind":"plain"},"max_items":1},"eligible_users":{"nesting_mode":"list","block":{"attributes":{"principals":{"type":["set","string"],"description":"Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at \"https://cloud.google.com/iam/docs/principal-identifiers#v1\"","description_kind":"plain","required":true}},"description":"Who can create Grants using Entitlement. This list should contain at most one entry","description_kind":"plain"},"min_items":1},"privileged_access":{"nesting_mode":"list","block":{"block_types":{"gcp_iam_access":{"nesting_mode":"list","block":{"attributes":{"resource":{"type":"string","description":"Name of the resource.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of this resource.","description_kind":"plain","required":true}},"block_types":{"role_bindings":{"nesting_mode":"list","block":{"attributes":{"condition_expression":{"type":"string","description":"The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement would be able to access the resource only if this condition evaluates to true for their request.\nhttps://cloud.google.com/iam/docs/conditions-overview#attributes.","description_kind":"plain","optional":true},"role":{"type":"string","description":"IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview.","description_kind":"plain","required":true}},"description":"Role bindings to be created on successful grant.","description_kind":"plain"},"min_items":1}},"description":"GcpIamAccess represents IAM based access control on a GCP resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Privileged access that this service can be used to gate.","description_kind":"plain"},"min_items":1,"max_items":1},"requester_justification_config":{"nesting_mode":"list","block":{"block_types":{"not_mandatory":{"nesting_mode":"list","block":{"description":"The justification is not mandatory but can be provided in any of the supported formats.","description_kind":"plain"},"max_items":1},"unstructured":{"nesting_mode":"list","block":{"description":"The requester has to provide a justification in the form of free flowing text.","description_kind":"plain"},"max_items":1}},"description":"Defines the ways in which a requester should provide the justification while requesting for access.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","optional":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","optional":true},"deletion_policy":{"type":"string","description":"The deletion policy for the Project. Setting PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"PREVENT\", \"ABANDON\", \"DELETE\"","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","required":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","required":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"(ReadOnly) The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Project has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"projects/{project_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project id.","description_kind":"plain","deprecated":true,"optional":true},"project_id":{"type":"string","description":"ID of the project of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_default_service_accounts":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE, DELETE, DISABLE.\n\t\t\t\tNote that DEPRIVILEGE action will ignore the REVERT configuration in the restore_policy.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID where service accounts are created.","description_kind":"plain","required":true},"restore_policy":{"type":"string","description":"The action to be performed in the default service accounts on the resource destroy.\n\t\t\t\tValid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.","description_kind":"plain","optional":true},"service_accounts":{"type":["map","string"],"description":"The Service Accounts changed by this resource. It is used for revert the action on the destroy.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_project_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format projects/{{project}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"role_id":{"type":"string","description":"The camel case role id to use for this role. Cannot contain - characters.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_member_remove":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The IAM principal that should not have the target role.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project id of the target project.","description_kind":"plain","required":true},"role":{"type":"string","description":"The target role that should be removed.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","optional":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_usage_export_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to store reports in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description":"A prefix for the reports, for instance, the project name.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project to set the export bucket on. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_public_ca_external_account_key":{"version":0,"block":{"attributes":{"b64_mac_key":{"type":"string","description":"Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService\nwhen the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"location":{"type":"string","description":"Location for the externalAccountKey. Currently only 'global' is supported.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name. projects/{project}/locations/{location}/externalAccountKeys/{keyId}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the reservation.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite reservation.","description_kind":"plain","optional":true},"throughput_capacity":{"type":"number","description":"The reserved throughput capacity. Every unit of throughput capacity is\nequivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed\nmessages.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_subscription":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","required":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"delivery_config":{"nesting_mode":"list","block":{"attributes":{"delivery_requirement":{"type":"string","description":"When this subscription should send messages to subscribers relative to messages persistence in storage. Possible values: [\"DELIVER_IMMEDIATELY\", \"DELIVER_AFTER_STORED\", \"DELIVERY_REQUIREMENT_UNSPECIFIED\"]","description_kind":"plain","required":true}},"description":"The settings for this subscription's message delivery.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"partition_config":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of partitions in the topic. Must be at least 1.","description_kind":"plain","required":true}},"block_types":{"capacity":{"nesting_mode":"list","block":{"attributes":{"publish_mib_per_sec":{"type":"number","description":"Subscribe throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true},"subscribe_mib_per_sec":{"type":"number","description":"Publish throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true}},"description":"The capacity configuration.","description_kind":"plain"},"max_items":1}},"description":"The settings for this topic's partitions.","description_kind":"plain"},"max_items":1},"reservation_config":{"nesting_mode":"list","block":{"attributes":{"throughput_reservation":{"type":"string","description":"The Reservation to use for this topic's throughput capacity.","description_kind":"plain","optional":true}},"description":"The settings for this topic's Reservation usage.","description_kind":"plain"},"max_items":1},"retention_config":{"nesting_mode":"list","block":{"attributes":{"per_partition_bytes":{"type":"string","description":"The provisioned storage, in bytes, per partition. If the number of bytes stored\nin any of the topic's partitions grows beyond this value, older messages will be\ndropped to make room for newer ones, regardless of the value of period.","description_kind":"plain","required":true},"period":{"type":"string","description":"How long a published message is retained. If unset, messages will be retained as\nlong as the bytes retained for each partition is below perPartitionBytes. A\nduration in seconds with up to nine fractional digits, terminated by 's'.\nExample: \"3.5s\".","description_kind":"plain","optional":true}},"description":"The settings for a topic's message retention.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema":{"version":0,"block":{"attributes":{"definition":{"type":"string","description":"The definition of the schema.\nThis should contain a string representing the full definition of the schema\nthat is a valid schema definition of the type specified in type. Changes\nto the definition commit new [schema revisions](https://cloud.google.com/pubsub/docs/commit-schema-revision).\nA schema can only have up to 20 revisions, so updates that fail with an\nerror indicating that the limit has been reached require manually\n[deleting old revisions](https://cloud.google.com/pubsub/docs/delete-schema-revision).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID to use for the schema, which will become the final component of the schema's resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the schema definition Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"PROTOCOL_BUFFER\", \"AVRO\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","optional":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","required":true}},"block_types":{"bigquery_config":{"nesting_mode":"list","block":{"attributes":{"drop_unknown_fields":{"type":"bool","description":"When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that\nare not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync\nand any messages with extra fields are not written and remain in the subscription's backlog.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The service account to use to write to BigQuery. If not specified, the Pub/Sub\n[service agent](https://cloud.google.com/iam/docs/service-agents),\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com, is used.","description_kind":"plain","optional":true},"table":{"type":"string","description":"The name of the table to which to write data, of the form {projectId}.{datasetId}.{tableId}","description_kind":"plain","required":true},"use_table_schema":{"type":"bool","description":"When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages\nmust be published in JSON format. Only one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"use_topic_schema":{"type":"bool","description":"When true, use the topic's schema as the columns to write to in BigQuery, if it exists.\nOnly one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table.\nThe subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.","description_kind":"plain","optional":true}},"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"cloud_storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like \"gs://\".","description_kind":"plain","required":true},"filename_datetime_format":{"type":"string","description":"User-provided format string specifying how to represent datetimes in Cloud Storage filenames.","description_kind":"plain","optional":true},"filename_prefix":{"type":"string","description":"User-provided prefix for Cloud Storage filename.","description_kind":"plain","optional":true},"filename_suffix":{"type":"string","description":"User-provided suffix for Cloud Storage filename. Must not end in \"/\".","description_kind":"plain","optional":true},"max_bytes":{"type":"number","description":"The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB.\nThe maxBytes limit may be exceeded in cases where messages are larger than the limit.","description_kind":"plain","optional":true},"max_duration":{"type":"string","description":"The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes.\nMay not exceed the subscription's acknowledgement deadline.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The service account to use to write to Cloud Storage. If not specified, the Pub/Sub\n[service agent](https://cloud.google.com/iam/docs/service-agents),\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com, is used.","description_kind":"plain","optional":true},"state":{"type":"string","description":"An output-only field that indicates whether or not the subscription can receive messages.","description_kind":"plain","computed":true}},"block_types":{"avro_config":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey as additional fields in the output.","description_kind":"plain","optional":true}},"description":"If set, message data will be written to Cloud Storage in Avro format.","description_kind":"plain"},"max_items":1}},"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"dead_letter_policy":{"nesting_mode":"list","block":{"attributes":{"dead_letter_topic":{"type":"string","description":"The name of the topic to which dead letter messages should be published.\nFormat is 'projects/{project}/topics/{topic}'.\n\nThe Cloud Pub/Sub service account associated with the enclosing subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Publish() to this topic.\n\nThe operation will fail if the topic does not exist.\nUsers should ensure that there is a subscription attached to this topic\nsince messages published to a topic with no subscriptions are lost.","description_kind":"plain","optional":true},"max_delivery_attempts":{"type":"number","description":"The maximum number of delivery attempts for any message. The value must be\nbetween 5 and 100.\n\nThe number of delivery attempts is defined as 1 + (the sum of number of\nNACKs and number of times the acknowledgement deadline has been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline with a 0 deadline. Note that\nclient libraries may automatically extend ack_deadlines.\n\nThis field will be honored on a best effort basis.\n\nIf this parameter is 0, a default value of 5 is used.","description_kind":"plain","optional":true}},"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain"},"max_items":1},"expiration_policy":{"nesting_mode":"list","block":{"attributes":{"ttl":{"type":"string","description":"Specifies the \"time-to-live\" duration for an associated resource. The\nresource expires if it is not active for a period of ttl.\nIf ttl is set to \"\", the associated resource never expires.\nA duration in seconds with up to nine fractional digits, terminated by 's'.\nExample - \"3.5s\".","description_kind":"plain","required":true}},"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain"},"max_items":1},"push_config":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Endpoint configuration attributes.\n\nEvery endpoint has a set of API supported attributes that can\nbe used to control different aspects of the message delivery.\n\nThe currently supported attribute is x-goog-version, which you\ncan use to change the format of the pushed message. This\nattribute indicates the version of the data expected by\nthe endpoint. This controls the shape of the pushed message\n(i.e., its fields and metadata). The endpoint version is\nbased on the version of the Pub/Sub API.\n\nIf not present during the subscriptions.create call,\nit will default to the version of the API used to make\nsuch call. If not present during a subscriptions.modifyPushConfig\ncall, its value will not be changed. subscriptions.get\ncalls will always return a valid version, even if the\nsubscription was created without this attribute.\n\nThe possible values for this attribute are:\n\n- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.\n- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.","description_kind":"plain","optional":true},"push_endpoint":{"type":"string","description":"A URL locating the endpoint to which messages should be pushed.\nFor example, a Webhook endpoint might use\n\"https://example.com/push\".","description_kind":"plain","required":true}},"block_types":{"no_wrapper":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, writes the Pub/Sub message metadata to\n'x-goog-pubsub-\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request. Writes the\nPub/Sub message attributes to '\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request.","description_kind":"plain","required":true}},"description":"When set, the payload to the push endpoint is not wrapped.Sets the\n'data' field as the HTTP body for delivery.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim\nidentifies the recipients that the JWT is intended for. The audience\nvalue is a single case-sensitive string. Having multiple values (array)\nfor the audience field is not supported. More info about the OIDC JWT\ntoken audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3\nNote: if not specified, the Push endpoint URL will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating the OIDC token.\nThe caller (for subscriptions.create, subscriptions.patch, and\nsubscriptions.modifyPushConfig RPCs) must have the\niam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, Pub/Sub will generate and attach an OIDC JWT token as\nan Authorization header in the HTTP request for every pushed message.","description_kind":"plain"},"max_items":1}},"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_backoff":{"type":"string","description":"The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"minimum_backoff":{"type":"string","description":"The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_subscription_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"ingestion_data_source_settings":{"nesting_mode":"list","block":{"block_types":{"aws_kinesis":{"nesting_mode":"list","block":{"attributes":{"aws_role_arn":{"type":"string","description":"AWS role ARN to be used for Federated Identity authentication with\nKinesis. Check the Pub/Sub docs for how to set up this role and the\nrequired permissions that need to be attached to it.","description_kind":"plain","required":true},"consumer_arn":{"type":"string","description":"The Kinesis consumer ARN to used for ingestion in\nEnhanced Fan-Out mode. The consumer must be already\ncreated and ready to be used.","description_kind":"plain","required":true},"gcp_service_account":{"type":"string","description":"The GCP service account to be used for Federated Identity authentication\nwith Kinesis (via a 'AssumeRoleWithWebIdentity' call for the provided\nrole). The 'awsRoleArn' must be set up with 'accounts.google.com:sub'\nequals to this service account number.","description_kind":"plain","required":true},"stream_arn":{"type":"string","description":"The Kinesis stream ARN to ingest data from.","description_kind":"plain","required":true}},"description":"Settings for ingestion from Amazon Kinesis Data Streams.","description_kind":"plain"},"max_items":1}},"description":"Settings for ingestion from a data source into this topic.","description_kind":"plain"},"max_items":1},"message_storage_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_persistence_regions":{"type":["list","string"],"description":"A list of IDs of GCP regions where messages that are published to\nthe topic may be persisted in storage. Messages published by\npublishers running in non-allowed GCP regions (or running outside\nof GCP altogether) will be routed for storage in one of the\nallowed regions. An empty list means that no regions are allowed,\nand is not a valid configuration.","description_kind":"plain","required":true}},"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain"},"max_items":1},"schema_settings":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of messages validated against schema. Default value: \"ENCODING_UNSPECIFIED\" Possible values: [\"ENCODING_UNSPECIFIED\", \"JSON\", \"BINARY\"]","description_kind":"plain","optional":true},"schema":{"type":"string","description":"The name of the schema that messages published should be\nvalidated against. Format is projects/{project}/schemas/{schema}.\nThe value of this field will be _deleted-schema_\nif the schema has been deleted.","description_kind":"plain","required":true}},"description":"Settings for validating messages published against a schema.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_topic_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_recaptcha_enterprise_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp corresponding to the creation of this Key.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-readable display name of this key. Modifiable by user.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"See [Creating and managing labels](https://cloud.google.com/recaptcha-enterprise/docs/labels).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id for the Key, which is the same as the Site Key itself.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"android_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_package_names":{"type":"bool","description":"If set to true, it means allowed_package_names will not be enforced.","description_kind":"plain","optional":true},"allowed_package_names":{"type":["list","string"],"description":"Android package names of apps allowed to use the key. Example: 'com.companyname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by Android apps.","description_kind":"plain"},"max_items":1},"ios_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_bundle_ids":{"type":"bool","description":"If set to true, it means allowed_bundle_ids will not be enforced.","description_kind":"plain","optional":true},"allowed_bundle_ids":{"type":["list","string"],"description":"iOS bundle ids of apps allowed to use the key. Example: 'com.companyname.productname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by iOS apps.","description_kind":"plain"},"max_items":1},"testing_options":{"nesting_mode":"list","block":{"attributes":{"testing_challenge":{"type":"string","description":"For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE","description_kind":"plain","optional":true,"computed":true},"testing_score":{"type":"number","description":"All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.","description_kind":"plain","optional":true}},"description":"Options for user acceptance testing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"waf_settings":{"nesting_mode":"list","block":{"attributes":{"waf_feature":{"type":"string","description":"Supported WAF features. For more information, see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, EXPRESS","description_kind":"plain","required":true},"waf_service":{"type":"string","description":"The WAF service that uses this key. Possible values: CA, FASTLY","description_kind":"plain","required":true}},"description":"Settings specific to keys that can be used for WAF (Web Application Firewall).","description_kind":"plain"},"max_items":1},"web_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_domains":{"type":"bool","description":"If set to true, it means allowed_domains will not be enforced.","description_kind":"plain","optional":true},"allow_amp_traffic":{"type":"bool","description":"If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type.","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com'","description_kind":"plain","optional":true},"challenge_security_preference":{"type":"string","description":"Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY","description_kind":"plain","optional":true,"computed":true},"integration_type":{"type":"string","description":"Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE","description_kind":"plain","required":true}},"description":"Settings for keys that can be used by websites.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_cluster":{"version":0,"block":{"attributes":{"authorization_mode":{"type":"string","description":"Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. Default value: \"AUTH_MODE_DISABLED\" Possible values: [\"AUTH_MODE_UNSPECIFIED\", \"AUTH_MODE_IAM_AUTH\", \"AUTH_MODE_DISABLED\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp associated with the cluster creation request. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"discovery_endpoints":{"type":["list",["object",{"address":"string","port":"number","psc_config":["list",["object",{"network":"string"}]]}]],"description":"Output only. Endpoints created on each given network,\nfor Redis clients to connect to the cluster.\nCurrently only one endpoint is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the resource in this scope including project and location using the form:\nprojects/{projectId}/locations/{locationId}/clusters/{clusterId}","description_kind":"plain","optional":true,"computed":true},"node_type":{"type":"string","description":"The nodeType for the Redis cluster.\nIf not provided, REDIS_HIGHMEM_MEDIUM will be used as default Possible values: [\"REDIS_SHARED_CORE_NANO\", \"REDIS_HIGHMEM_MEDIUM\", \"REDIS_HIGHMEM_XLARGE\", \"REDIS_STANDARD_SMALL\"]","description_kind":"plain","optional":true,"computed":true},"precise_size_gb":{"type":"number","description":"Output only. Redis memory precise size in GB for the entire cluster.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"address":"string","forwarding_rule":"string","network":"string","project_id":"string","psc_connection_id":"string"}]],"description":"Output only. PSC connections for discovery of the cluster topology and accessing the cluster.","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Configure Redis Cluster behavior using a subset of native Redis configuration parameters.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/cluster/supported-instance-configurations","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the region of the Redis cluster.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes per shard.","description_kind":"plain","optional":true},"shard_count":{"type":"number","description":"Required. Number of shards for the Redis cluster.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Output only. Redis memory size in GB for the entire cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster. Can be CREATING, READY, UPDATING, DELETING and SUSPENDED","description_kind":"plain","computed":true},"state_info":{"type":["list",["object",{"update_info":["list",["object",{"target_replica_count":"number","target_shard_count":"number"}]]}]],"description":"Output only. Additional information about the current state of the cluster.","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"Optional. The in-transit encryption for the Redis cluster.\nIf not provided, encryption is disabled for the cluster. Default value: \"TRANSIT_ENCRYPTION_MODE_DISABLED\" Possible values: [\"TRANSIT_ENCRYPTION_MODE_UNSPECIFIED\", \"TRANSIT_ENCRYPTION_MODE_DISABLED\", \"TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System assigned, unique identifier for the cluster.","description_kind":"plain","computed":true}},"block_types":{"psc_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. The consumer network where the network address of\nthe discovery endpoint will be reserved, in the form of\nprojects/{network_project_id_or_number}/global/networks/{network_id}.","description_kind":"plain","required":true}},"description":"Required. Each PscConfig configures the consumer network where two\nnetwork addresses will be designated to the cluster for client access.\nCurrently, only one PscConfig is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"zone_distribution_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Immutable. The mode for zone distribution for Memorystore Redis cluster.\nIf not provided, MULTI_ZONE will be used as default Possible values: [\"MULTI_ZONE\", \"SINGLE_ZONE\"]","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Immutable. The zone for single zone Memorystore Redis cluster.","description_kind":"plain","optional":true}},"description":"Immutable. Zone distribution config for Memorystore Redis cluster.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","optional":true,"computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","optional":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true,"sensitive":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","optional":true,"computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","optional":true,"computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"The self service update maintenance version.","description_kind":"plain","optional":true,"computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","optional":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","optional":true,"computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","optional":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.","description_kind":"plain"}}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"persistence_mode":{"type":"string","description":"Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"]","description_kind":"plain","optional":true,"computed":true},"rdb_next_snapshot_time":{"type":"string","description":"Output only. The next time that a snapshot attempt is scheduled to occur.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up\nto nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"rdb_snapshot_period":{"type":"string","description":"Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]","description_kind":"plain","optional":true},"rdb_snapshot_start_time":{"type":"string","description":"Optional. Date and time that the first snapshot was/will be attempted,\nand to which future snapshots will be aligned. If not provided,\nthe current time will be used.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution\nand up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true,"computed":true}},"description":"Persistence configuration for an instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_resource_manager_lien":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time of creation","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A system-generated unique identifier for this Lien.","description_kind":"plain","computed":true},"origin":{"type":"string","description":"A stable, user-visible/meaningful string identifying the origin\nof the Lien, intended to be inspected programmatically. Maximum length of\n200 characters.","description_kind":"plain","required":true},"parent":{"type":"string","description":"A reference to the resource this Lien is attached to.\nThe server will validate the parent against those for which Liens are supported.\nSince a variety of objects can have Liens against them, you must provide the type\nprefix (e.g. \"projects/my-project-name\").","description_kind":"plain","required":true},"reason":{"type":"string","description":"Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.","description_kind":"plain","required":true},"restrictions":{"type":["list","string"],"description":"The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will validate\nthe permissions against those for which Liens are supported. An empty\nlist is meaningless and will be rejected.\ne.g. ['resourcemanager.projects.delete']","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_event_threat_detection_custom_module":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"Config for the module. For the resident module, its config value is defined at this level.\nFor the inherited module, its config value is inherited from the ancestor module.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The human readable name to be displayed for the module.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The state of enablement for the module at the given level of the hierarchy. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Event Threat Detection custom module.\nIts format is \"organizations/{organization}/eventThreatDetectionSettings/customModules/{module}\".","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"type":{"type":"string","description":"Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'folders/{{folder}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_folder_security_health_analytics_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}\".\nThe id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","optional":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","optional":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_organization_event_threat_detection_custom_module":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"Config for the module. For the resident module, its config value is defined at this level.\nFor the inherited module, its config value is inherited from the ancestor module.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human readable name to be displayed for the module.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The state of enablement for the module at the given level of the hierarchy. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. Only global is supported at the moment.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Event Threat Detection custom module.\nIts format is \"organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{eventThreatDetectionCustomModule}\".","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"type":{"type":"string","description":"Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_organization_security_health_analytics_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}\".\nThe id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_project_security_health_analytics_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization,folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}\".\nThe id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/muteConfigs/{configId},\nfolders/{folder}/muteConfigs/{configId},\nor projects/{project}/muteConfigs/{configId}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Resource name of the new mute configs's parent. Its format is\n\"organizations/[organization_id]\", \"folders/[folder_id]\", or\n\"projects/[project_id]\".","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_organization_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization,folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'projects/{{projectId}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_scc_v2_folder_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder whose Cloud Security Command Center the Mute\nConfig lives in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by folder. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor projects/{project}/locations/global/muteConfigs/{configId}","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the mute config.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_folder_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'folders/{{folder}}/locations/{{location}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor projects/{project}/locations/global/muteConfigs/{configId}","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Mute\nConfig lives in.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the mute config.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_scc_big_query_exports":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.\nThis field is set by the server and will be ignored if provided on export creation or update.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Big Query Export\nConfig lives in.","description_kind":"plain","required":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_scc_v2_project_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by project. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\nprojects/{project}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor organizations/{organization}/locations/global/muteConfigs/{configId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the mute config.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_project_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location ID of the parent organization. Only global is supported at the moment.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","optional":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires.","description_kind":"plain","optional":true}},"block_types":{"replication":{"nesting_mode":"list","block":{"block_types":{"auto":{"nesting_mode":"list","block":{"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.","description_kind":"plain","required":true}},"description":"The customer-managed encryption configuration of the Secret.\nIf no configuration is provided, Google-managed default\nencryption is used.","description_kind":"plain"},"max_items":1}},"description":"The Secret will automatically be replicated without any restrictions.","description_kind":"plain"},"max_items":1},"user_managed":{"nesting_mode":"list","block":{"block_types":{"replicas":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The canonical IDs of the location to replicate data. For example: \"us-east1\".","description_kind":"plain","required":true}},"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination secret.","description_kind":"plain","required":true}},"description":"Customer Managed Encryption for the secret.","description_kind":"plain"},"max_items":1}},"description":"The list of Replicas for this Secret. Cannot be empty.","description_kind":"plain"},"min_items":1}},"description":"The Secret will be replicated to the regions specified by the user.","description_kind":"plain"},"max_items":1}},"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain"},"min_items":1,"max_items":1},"rotation":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).\nIf rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.","description_kind":"plain","optional":true}},"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"topics":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*.\nFor publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.","description_kind":"plain","required":true}},"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the secret version. Setting 'ABANDON' allows the resource\nto be abandoned rather than deleted. Setting 'DISABLE' allows the resource to be\ndisabled rather than deleted. Default is 'DELETE'. Possible values are:\n * DELETE\n * DISABLE\n * ABANDON","description_kind":"plain","optional":true},"destroy_time":{"type":"string","description":"The time at which the Secret was destroyed. Only present if state is DESTROYED.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"The current state of the SecretVersion.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description":"If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the SecretVersion. Format:\n'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'","description_kind":"plain","computed":true},"secret":{"type":"string","description":"Secret Manager secret resource","description_kind":"plain","required":true},"secret_data":{"type":"string","description":"The secret data. Must be no larger than 64KiB.","description_kind":"plain","required":true,"sensitive":true},"version":{"type":"string","description":"The version of the Secret.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_config":{"type":["list",["object",{"api":"string","git_http":"string","git_ssh":"string","html":"string"}]],"description":"A list of hostnames for this instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The name for the Instance.","description_kind":"plain","required":true},"kms_key":{"type":"string","description":"Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the Instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the Instance.","description_kind":"plain","computed":true},"state_note":{"type":"string","description":"Provides information about the current instance state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"private_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"CA pool resource, resource must in the format of 'projects/{project}/locations/{location}/caPools/{ca_pool}'.","description_kind":"plain","required":true},"http_service_attachment":{"type":"string","description":"Service Attachment for HTTP, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true},"is_private":{"type":"bool","description":"'Indicate if it's private instance.'","description_kind":"plain","required":true},"ssh_service_attachment":{"type":"string","description":"Service Attachment for SSH, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true}},"description":"Private settings for private instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secure_source_manager_repository":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the repository was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the repository, which cannot exceed 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the instance in which the repository is hosted.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the Repository.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Repository.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The ID for the Repository.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Unique identifier of the repository.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the repository was updated in UTC.","description_kind":"plain","computed":true},"uris":{"type":["list",["object",{"api":"string","git_https":"string","html":"string"}]],"description":"URIs for the repository.","description_kind":"plain","computed":true}},"block_types":{"initial_config":{"nesting_mode":"list","block":{"attributes":{"default_branch":{"type":"string","description":"Default branch name of the repository.","description_kind":"plain","optional":true},"gitignores":{"type":["list","string"],"description":"List of gitignore template names user can choose from.\nValid values can be viewed at https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.repositories#initialconfig.","description_kind":"plain","optional":true},"license":{"type":"string","description":"License template name user can choose from.\nValid values can be viewed at https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.repositories#initialconfig.","description_kind":"plain","optional":true},"readme":{"type":"string","description":"README template name.\nValid values can be viewed at https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.repositories#initialconfig.","description_kind":"plain","optional":true}},"description":"Initial configurations for the repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_securityposture_posture":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Posture was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the resource, eg: global.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Id of the posture. It is an immutable field.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Revision_id of the posture.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture. Update to state field should not be triggered along with\nwith other field updates. Possible values: [\"DEPRECATED\", \"DRAFT\", \"ACTIVE\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the Posture was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"policy_sets":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy set.","description_kind":"plain","optional":true},"policy_set_id":{"type":"string","description":"ID of the policy set.","description_kind":"plain","required":true}},"block_types":{"policies":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy.","description_kind":"plain","optional":true},"policy_id":{"type":"string","description":"ID of the policy.","description_kind":"plain","required":true}},"block_types":{"compliance_standards":{"nesting_mode":"list","block":{"attributes":{"control":{"type":"string","description":"Mapping of security controls for the policy.","description_kind":"plain","optional":true},"standard":{"type":"string","description":"Mapping of compliance standards for the policy.","description_kind":"plain","optional":true}},"description":"Mapping for policy to security standards and controls.","description_kind":"plain"}},"constraint":{"nesting_mode":"list","block":{"block_types":{"org_policy_constraint":{"nesting_mode":"list","block":{"attributes":{"canned_constraint_id":{"type":"string","description":"Organization policy canned constraint Id","description_kind":"plain","required":true}},"block_types":{"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy canned constraint definition.","description_kind":"plain"},"max_items":1},"org_policy_constraint_custom":{"nesting_mode":"list","block":{"block_types":{"custom_constraint":{"nesting_mode":"list","block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true}},"description":"Organization policy custom constraint definition.","description_kind":"plain"},"max_items":1},"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy custom constraint policy definition.","description_kind":"plain"},"max_items":1},"security_health_analytics_custom_module":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A server generated id of custom module.","description_kind":"plain","computed":true},"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to\nresolve the detected issue","description_kind":"plain","optional":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"SEVERITY_UNSPECIFIED\", \"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","required":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be\nspecified to return the value of the property or a text string enclosed\nin quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties. A set of optional name-value pairs that define custom source properties to\nreturn with each finding that is generated by the custom module. The custom\nsource properties that are defined here are included in the finding JSON\nunder 'sourceProperties'.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings.When the expression\nevaluates to true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom module details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Definition of Security Health Analytics Custom Module.","description_kind":"plain"},"max_items":1},"security_health_analytics_module":{"nesting_mode":"list","block":{"attributes":{"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"module_name":{"type":"string","description":"The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.","description_kind":"plain","required":true}},"description":"Security Health Analytics built-in detector definition.","description_kind":"plain"},"max_items":1}},"description":"Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"List of security policy","description_kind":"plain"},"min_items":1}},"description":"List of policy sets for the posture.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_securityposture_posture_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the posture deployment was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture deployment.","description_kind":"plain","optional":true},"desired_posture_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture to be deployed.","description_kind":"plain","computed":true},"desired_posture_revision_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture revision_id to be deployed.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"failure_message":{"type":"string","description":"This is a output only optional field which will be filled in case where\nPostureDeployment enters a failure state like UPDATE_FAILED or\nCREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's\nCREATE/UPDATE/DELETE methods.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource, eg. global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture deployment instance.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_deployment_id":{"type":"string","description":"ID of the posture deployment.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Relative name of the posture which needs to be deployed. It should be in the format:\n organizations/{organization_id}/locations/{location}/postures/{posture_id}","description_kind":"plain","required":true},"posture_revision_id":{"type":"string","description":"Revision_id the posture which needs to be deployed.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture deployment.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture deployment. A posture deployment can be in the following terminal states:\nACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.","description_kind":"plain","computed":true},"target_resource":{"type":"string","description":"The resource on which the posture should be deployed. This can be in one of the following formats:\nprojects/{project_number},\nfolders/{folder_number},\norganizations/{organization_id}","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the posture deployment was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035. Changing this forces a new service account to be created.","description_kind":"plain","required":true},"create_ignore_already_exists":{"type":"bool","description":"If set to true, skip service account creation if a service account with the same email already exists.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the service account is disabled. Defaults to false","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the service account. Can be updated without creating a new resource.","description_kind":"plain","optional":true},"email":{"type":"string","description":"The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully-qualified name of the service account.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description":"The unique id of the service account.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keepers":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger recreation of resource.","description_kind":"plain","optional":true},"key_algorithm":{"type":"string","description":"The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: \"KEY_ALG_RSA_1024\", \"KEY_ALG_RSA_2048\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name used for this key pair","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_type":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description":"The public key, base64 encoded","description_kind":"plain","computed":true},"public_key_data":{"type":"string","description":"A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.","description_kind":"plain","optional":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true},"service_account_id":{"type":"string","description":"The ID of the parent service account of the key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}, where {ACCOUNT} is the email address or unique id of the service account. If the {ACCOUNT} syntax is used, the project will be inferred from the provider's configuration.","description_kind":"plain","required":true},"valid_after":{"type":"string","description":"The key can be used after this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_before":{"type":"string","description":"The key can be used before this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_networking_connection":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"When set to ABANDON, terraform will abandon management of the resource instead of deleting it. Prevents terraform apply failures with CloudSQL. Note: The resource will still exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"Name of VPC network connected with service producers using VPC peering.","description_kind":"plain","required":true},"peering":{"type":"string","description_kind":"plain","computed":true},"reserved_peering_ranges":{"type":["list","string"],"description":"Named IP address range(s) of PEERING type reserved for this service provider. Note that invoking this method with a different range when connection is already established will not reallocate already provisioned service producer subnetworks.","description_kind":"plain","required":true},"service":{"type":"string","description":"Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true},"update_on_creation_fail":{"type":"bool","description":"When set to true, enforce an update of the reserved peering ranges on the existing service networking connection in case of a new connection creation failure.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description":"The DNS domain name suffix of the peered DNS domain.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the peered DNS domain.","description_kind":"plain","required":true},"network":{"type":"string","description":"Network in the consumer project to peer with.","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to create a peered DNS domain for, e.g. servicenetworking.googleapis.com","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_vpc_service_controls":{"version":0,"block":{"attributes":{"enabled":{"type":"bool","description":"Desired VPC Service Controls state service producer VPC network, as\ndescribed at the top of this page.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The network that the consumer is using to connect with services.","description_kind":"plain","required":true},"project":{"type":"string","description":"The id of the Google Cloud project containing the consumer network.","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service that is managing peering connectivity for a service\nproducer's organization. For Google services that support this\nfunctionality, this value is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"block_types":{"pubsub_configs":{"nesting_mode":"set","block":{"attributes":{"message_format":{"type":"string","description":"The format of the Cloud Pub/Sub messages.\n- PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent.\n- JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: [\"PROTOBUF\", \"JSON\"]","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":"Email address of the service account used for publishing Cloud Pub/Sub messages.\nThis service account needs to be in the same project as the PubsubConfig. When added,\nthe caller needs to have iam.serviceAccounts.actAs permission on this service account.\nIf unspecified, it defaults to the compute engine default service account.","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database":{"version":0,"block":{"attributes":{"database_dialect":{"type":"string","description":"The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"]","description_kind":"plain","optional":true,"computed":true},"ddl":{"type":["list","string"],"description":"An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the database. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the database,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the database will fail.\nWhen the field is set to false, deleting the database is allowed.","description_kind":"plain","optional":true},"enable_drop_protection":{"type":"bool","description":"Whether drop protection is enabled for this database. Defaults to false.\nDrop protection is different from\nthe \"deletion_protection\" attribute in the following ways:\n(1) \"deletion_protection\" only protects the database from deletions in Terraform.\nwhereas setting “enableDropProtection” to true protects the database from deletions in all interfaces.\n(2) Setting \"enableDropProtection\" to true also prevents the deletion of the parent instance containing the database.\n\"deletion_protection\" attribute does not provide protection against the deletion of the parent instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the database, which cannot be changed after\nthe instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"An explanation of the status of the database.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Fully qualified name of the KMS key to use to encrypt this database. This key must exist\nin the same location as the Spanner Database.","description_kind":"plain","required":true}},"description":"Encryption configuration for the database","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_database_iam_binding":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_member":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","required":true},"default_backup_schedule_type":{"type":"string","description":"Controls the default backup behavior for new databases within the instance.\nNote that 'AUTOMATIC' is not permitted for free instances, as backups and backup schedules are not allowed for free instances.\nif unset or NONE, no default backup schedule will be created for new databases within the instance. Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","optional":true,"computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"block_types":{"autoscaling_limits":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Specifies maximum number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to min_nodes.","description_kind":"plain","optional":true},"max_processing_units":{"type":"number","description":"Specifies maximum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000 and be greater than or equal to\nmin_processing_units.","description_kind":"plain","optional":true},"min_nodes":{"type":"number","description":"Specifies number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to 1.","description_kind":"plain","optional":true},"min_processing_units":{"type":"number","description":"Specifies minimum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000.","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events. Users can define the minimum and\nmaximum compute capacity allocated to the instance, and the autoscaler will\nonly scale within that range. Users can either use nodes or processing\nunits to specify the limits, but should use the same unit to set both the\nmin_limit and max_limit.","description_kind":"plain"},"max_items":1},"autoscaling_targets":{"nesting_mode":"list","block":{"attributes":{"high_priority_cpu_utilization_percent":{"type":"number","description":"Specifies the target high priority cpu utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization)..","description_kind":"plain","optional":true},"storage_utilization_percent":{"type":"number","description":"Specifies the target storage utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization).","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1}},"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_config":{"version":0,"block":{"attributes":{"base_config":{"type":"string","description":"Base configuration name, e.g. nam3, based on which this configuration is created.\nOnly set for user managed configurations.\nbaseConfig must refer to a configuration of type GOOGLE_MANAGED in the same project as this configuration.","description_kind":"plain","optional":true,"computed":true},"config_type":{"type":"string","description":"Output only. Whether this instance config is a Google or User Managed Configuration.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The name of this instance configuration as it appears in UIs.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance configuration. Values are of the\nform projects/\u003cproject\u003e/instanceConfigs/[a-z][-a-z0-9]*","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"replicas":{"nesting_mode":"set","block":{"attributes":{"default_leader_location":{"type":"bool","description":"If true, this location is designated as the default leader location where\nleader replicas are placed.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the serving resources, e.g. \"us-central1\".","description_kind":"plain","optional":true},"type":{"type":"string","description":"Indicates the type of replica. See the [replica types\ndocumentation](https://cloud.google.com/spanner/docs/replication#replica_types)\nfor more details. Possible values: [\"READ_WRITE\", \"READ_ONLY\", \"WITNESS\"]","description_kind":"plain","optional":true}},"description":"The geographic placement of nodes in this instance configuration and their replication properties.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","optional":true,"computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","optional":true,"computed":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","optional":true,"computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","optional":true,"sensitive":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true,"sensitive":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true}},"block_types":{"clone":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"database_names":{"type":["list","string"],"description":"(SQL Server only, use with point_in_time) clone only the specified databases from the source instance. Clone all databases if empty.","description_kind":"plain","optional":true},"point_in_time":{"type":"string","description":"The timestamp of the point in time that should be restored.","description_kind":"plain","optional":true},"preferred_zone":{"type":"string","description":"(Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance.","description_kind":"plain","optional":true},"source_instance_name":{"type":"string","description":"The name of the instance from which the point in time should be restored.","description_kind":"plain","required":true}},"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain"},"max_items":1},"replica_configuration":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM representation of the trusted CA's x509 certificate.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"PEM representation of the replica's x509 certificate.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.","description_kind":"plain","optional":true},"connect_retry_interval":{"type":"number","description":"The number of seconds between connect retries. MySQL's default is 60 seconds.","description_kind":"plain","optional":true},"dump_file_path":{"type":"string","description":"Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename.","description_kind":"plain","optional":true},"failover_target":{"type":"bool","description":"Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. Not supported for Postgres","description_kind":"plain","optional":true},"master_heartbeat_period":{"type":"number","description":"Time in ms between replication heartbeats.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the replication connection.","description_kind":"plain","optional":true,"sensitive":true},"ssl_cipher":{"type":"string","description":"Permissible ciphers for use in SSL encryption.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for replication connection.","description_kind":"plain","optional":true},"verify_server_certificate":{"type":"bool","description":"True if the master's common name value is checked during the SSL handshake.","description_kind":"plain","optional":true}},"description":"The configuration for replication.","description_kind":"plain"},"max_items":1},"restore_backup_context":{"nesting_mode":"list","block":{"attributes":{"backup_run_id":{"type":"number","description":"The ID of the backup run to restore from.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"The ID of the instance that the backup was taken from.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The full project ID of the source instance.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"The availability type of the Cloud SQL instance, high availability\n(REGIONAL) or single zone (ZONAL). For all instances, ensure that\nsettings.backup_configuration.enabled is set to true.\nFor MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true.\nFor Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled\nis set to true. Defaults to ZONAL.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The name of server instance collation.","description_kind":"plain","optional":true},"connector_enforcement":{"type":"string","description":"Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.","description_kind":"plain","optional":true,"computed":true},"deletion_protection_enabled":{"type":"bool","description":"Configuration to protect against accidental instance deletion.","description_kind":"plain","optional":true},"disk_autoresize":{"type":"bool","description":"Enables auto-resizing of the storage size. Defaults to true.","description_kind":"plain","optional":true},"disk_autoresize_limit":{"type":"number","description":"The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.","description_kind":"plain","optional":true},"enable_dataplex_integration":{"type":"bool","description":"Enables Dataplex Integration.","description_kind":"plain","optional":true},"enable_google_ml_integration":{"type":"bool","description":"Enables Vertex AI Integration.","description_kind":"plain","optional":true},"pricing_plan":{"type":"string","description":"Pricing plan for this instance, can only be PER_USE.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types.","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format.","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"A set of key/value user label pairs to assign to the instance.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"Used to make sure changes to the settings block are atomic.","description_kind":"plain","computed":true}},"block_types":{"active_directory_config":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the Active Directory for SQL Server (e.g., mydomain.com).","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. Can be 1 or 2.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"backup_configuration":{"nesting_mode":"list","block":{"attributes":{"binary_log_enabled":{"type":"bool","description":"True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"True if backup configuration is enabled.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup configuration.","description_kind":"plain","optional":true},"point_in_time_recovery_enabled":{"type":"bool","description":"True if Point-in-time recovery is enabled.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"HH:MM format time indicating when backup configuration starts.","description_kind":"plain","optional":true,"computed":true},"transaction_log_retention_days":{"type":"number","description":"The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backup_retention_settings":{"nesting_mode":"list","block":{"attributes":{"retained_backups":{"type":"number","description":"Number of backups to retain.","description_kind":"plain","required":true},"retention_unit":{"type":"string","description":"The unit that 'retainedBackups' represents. Defaults to COUNT","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"data_cache_config":{"nesting_mode":"list","block":{"attributes":{"data_cache_enabled":{"type":"bool","description":"Whether data cache is enabled for the instance.","description_kind":"plain","optional":true}},"description":"Data cache configurations.","description_kind":"plain"},"max_items":1},"database_flags":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the flag.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value of the flag.","description_kind":"plain","required":true}},"description_kind":"plain"}},"deny_maintenance_period":{"nesting_mode":"list","block":{"attributes":{"end_date":{"type":"string","description":"End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"start_date":{"type":"string","description":"Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"time":{"type":"string","description":"Time in UTC when the \"deny maintenance period\" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"insights_config":{"nesting_mode":"list","block":{"attributes":{"query_insights_enabled":{"type":"bool","description":"True if Query Insights feature is enabled.","description_kind":"plain","optional":true},"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.","description_kind":"plain","optional":true,"computed":true},"query_string_length":{"type":"number","description":"Maximum query length stored in bytes. Between 256 and 4500. Default to 1024.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"True if Query Insights will record application tags from query when enabled.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"True if Query Insights will record client address when enabled.","description_kind":"plain","optional":true}},"description":"Configuration of Query Insights.","description_kind":"plain"},"max_items":1},"ip_configuration":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"enable_private_path_for_google_cloud_services":{"type":"bool","description":"Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.","description_kind":"plain","optional":true},"ipv4_enabled":{"type":"bool","description":"Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode if it has been set too.","description_kind":"plain","deprecated":true,"optional":true},"server_ca_mode":{"type":"string","description":"Specify how the server certificate's Certificate Authority is hosted.","description_kind":"plain","optional":true,"computed":true},"ssl_mode":{"type":"string","description":"Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcement options compared to require_ssl. To change this field, also set the correspoding value in require_ssl until next major release.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"authorized_networks":{"nesting_mode":"set","block":{"attributes":{"expiration_time":{"type":"string","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true},"value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"psc_config":{"nesting_mode":"set","block":{"attributes":{"allowed_consumer_projects":{"type":["set","string"],"description":"List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).","description_kind":"plain","optional":true},"psc_enabled":{"type":"bool","description":"Whether PSC connectivity is enabled for this instance.","description_kind":"plain","optional":true}},"description":"PSC settings for a Cloud SQL instance.","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"location_preference":{"nesting_mode":"list","block":{"attributes":{"follow_gae_application":{"type":"string","description":"A Google App Engine application whose zone to remain in. Must be in the same region as this instance.","description_kind":"plain","optional":true},"secondary_zone":{"type":"string","description":"The preferred Compute Engine zone for the secondary/failover","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The preferred compute engine zone.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of week (1-7), starting on Monday","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Hour of day (0-23), ignored if day not set","description_kind":"plain","optional":true},"update_track":{"type":"string","description":"Receive updates after one week (canary) or after two weeks (stable) or after five weeks (week5) of notification.","description_kind":"plain","optional":true}},"description":"Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time.","description_kind":"plain"},"max_items":1},"password_validation_policy":{"nesting_mode":"list","block":{"attributes":{"complexity":{"type":"string","description":"Password complexity.","description_kind":"plain","optional":true},"disallow_username_substring":{"type":"bool","description":"Disallow username as a part of the password.","description_kind":"plain","optional":true},"enable_password_policy":{"type":"bool","description":"Whether the password policy is enabled or not.","description_kind":"plain","required":true},"min_length":{"type":"number","description":"Minimum number of characters allowed.","description_kind":"plain","optional":true},"password_change_interval":{"type":"string","description":"Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL.","description_kind":"plain","optional":true},"reuse_interval":{"type":"number","description":"Number of previous passwords that cannot be reused.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"sql_server_audit_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The name of the destination bucket (e.g., gs://mybucket).","description_kind":"plain","optional":true},"retention_interval":{"type":"string","description":"How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"..","description_kind":"plain","optional":true},"upload_interval":{"type":"string","description":"How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_source_representation_instance":{"version":0,"block":{"attributes":{"ca_certificate":{"type":"string","description":"The CA certificate on the external server. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The MySQL version running on your source database server. Possible values: [\"MYSQL_5_6\", \"MYSQL_5_7\", \"MYSQL_8_0\", \"POSTGRES_9_6\", \"POSTGRES_10\", \"POSTGRES_11\", \"POSTGRES_12\", \"POSTGRES_13\", \"POSTGRES_14\"]","description_kind":"plain","required":true},"dump_file_path":{"type":"string","description":"A file in the bucket that contains the data from the external server.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the source representation instance. Use any valid Cloud SQL instance name.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the replication user account.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The externally accessible port for the source database server.\nDefaults to 3306.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created instance should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description":"The replication user account on the external server.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_ssl_cert":{"version":1,"block":{"attributes":{"cert":{"type":"string","description":"The actual certificate data for this client certificate.","description_kind":"plain","computed":true,"sensitive":true},"cert_serial_number":{"type":"string","description":"The serial number extracted from the certificate data.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"The private key associated with the client certificate.","description_kind":"plain","computed":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"server_ca_cert":{"type":"string","description":"The CA cert of the server this client cert was generated from.","description_kind":"plain","computed":true,"sensitive":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 Fingerprint of the certificate.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_user":{"version":1,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the user. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they\n\t\t\t\thave been granted SQL roles. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host":{"type":"string","description":"The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the user. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to\n\t\t\t\teither CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.","description_kind":"plain","optional":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"sql_server_user_details":{"type":["list",["object",{"disabled":"bool","server_roles":["list","string"]}]],"description_kind":"plain","computed":true},"type":{"type":"string","description":"The user type. It determines the method to authenticate the user during login.\n\t\t\t\tThe default is the database's built-in user type.","description_kind":"plain","optional":true}},"block_types":{"password_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_failed_attempts":{"type":"number","description":"Number of failed attempts allowed before the user get locked.","description_kind":"plain","optional":true},"enable_failed_attempts_check":{"type":"bool","description":"If true, the check that will lock user after too many failed login attempts will be enabled.","description_kind":"plain","optional":true},"enable_password_verification":{"type":"bool","description":"If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.","description_kind":"plain","optional":true},"password_expiration_duration":{"type":"string","description":"Password expiration duration with one week grace period.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"locked":"bool","password_expiration_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket":{"version":2,"block":{"attributes":{"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","optional":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"project_number":{"type":"number","description":"The project number of the project in which the resource belongs.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","optional":true,"computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","optional":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true}},"block_types":{"autoclass":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.","description_kind":"plain","required":true},"terminal_storage_class":{"type":"string","description":"The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's autoclass configuration.","description_kind":"plain"},"max_items":1},"cors":{"nesting_mode":"list","block":{"attributes":{"max_age_seconds":{"type":"number","description":"The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.","description_kind":"plain","optional":true},"method":{"type":["list","string"],"description":"The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".","description_kind":"plain","optional":true},"origin":{"type":["list","string"],"description":"The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".","description_kind":"plain","optional":true},"response_header":{"type":["list","string"],"description":"The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.","description_kind":"plain","optional":true}},"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain"}},"custom_placement_config":{"nesting_mode":"list","block":{"attributes":{"data_locations":{"type":["set","string"],"description":"The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.","description_kind":"plain","required":true}},"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain"},"max_items":1},"encryption":{"nesting_mode":"list","block":{"attributes":{"default_kms_key_name":{"type":"string","description":"A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in. See the docs for more details.","description_kind":"plain","required":true}},"description":"The bucket's encryption configuration.","description_kind":"plain"},"max_items":1},"lifecycle_rule":{"nesting_mode":"list","block":{"block_types":{"action":{"nesting_mode":"set","block":{"attributes":{"storage_class":{"type":"string","description":"The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.","description_kind":"plain","required":true}},"description":"The Lifecycle Rule's action configuration. A single block of this type is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"condition":{"nesting_mode":"set","block":{"attributes":{"age":{"type":"number","description":"Minimum age of an object in days to satisfy this condition.","description_kind":"plain","optional":true},"created_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"custom_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"days_since_custom_time":{"type":"number","description":"Number of days elapsed since the user-specified timestamp set on an object.","description_kind":"plain","optional":true},"days_since_noncurrent_time":{"type":"number","description":"Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects.","description_kind":"plain","optional":true},"matches_prefix":{"type":["list","string"],"description":"One or more matching name prefixes to satisfy this condition.","description_kind":"plain","optional":true},"matches_storage_class":{"type":["list","string"],"description":"Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.","description_kind":"plain","optional":true},"matches_suffix":{"type":["list","string"],"description":"One or more matching name suffixes to satisfy this condition.","description_kind":"plain","optional":true},"no_age":{"type":"bool","description":"While set true, age value will be omitted.Required to set true when age is unset in the config file.","description_kind":"plain","deprecated":true,"optional":true},"noncurrent_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"num_newer_versions":{"type":"number","description":"Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.","description_kind":"plain","optional":true},"send_age_if_zero":{"type":"bool","description":"While set true, age value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the age field. It can be used alone or together with age.","description_kind":"plain","optional":true},"send_days_since_custom_time_if_zero":{"type":"bool","description":"While set true, days_since_custom_time value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the days_since_custom_time field. It can be used alone or together with days_since_custom_time.","description_kind":"plain","optional":true},"send_days_since_noncurrent_time_if_zero":{"type":"bool","description":"While set true, days_since_noncurrent_time value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the days_since_noncurrent_time field. It can be used alone or together with days_since_noncurrent_time.","description_kind":"plain","optional":true},"send_num_newer_versions_if_zero":{"type":"bool","description":"While set true, num_newer_versions value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the num_newer_versions field. It can be used alone or together with num_newer_versions.","description_kind":"plain","optional":true},"with_state":{"type":"string","description":"Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".","description_kind":"plain","optional":true,"computed":true}},"description":"The Lifecycle Rule's condition configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain"},"max_items":100},"logging":{"nesting_mode":"list","block":{"attributes":{"log_bucket":{"type":"string","description":"The bucket that will receive log objects.","description_kind":"plain","required":true},"log_object_prefix":{"type":"string","description":"The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"is_locked":{"type":"bool","description":"If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.","description_kind":"plain","optional":true},"retention_period":{"type":"number","description":"The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.","description_kind":"plain","required":true}},"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain"},"max_items":1},"soft_delete_policy":{"nesting_mode":"list","block":{"attributes":{"effective_time":{"type":"string","description":"Server-determined value that indicates the time from which the policy, or one with a greater retention, was effective. This value is in RFC 3339 format.","description_kind":"plain","computed":true},"retention_duration_seconds":{"type":"number","description":"The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800.","description_kind":"plain","optional":true}},"description":"The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"versioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, versioning is fully enabled for this bucket.","description_kind":"plain","required":true}},"description":"The bucket's Versioning configuration.","description_kind":"plain"},"max_items":1},"website":{"nesting_mode":"list","block":{"attributes":{"main_page_suffix":{"type":"string","description":"Behaves as the bucket's directory index where missing objects are treated as potential directories.","description_kind":"plain","optional":true},"not_found_page":{"type":"string","description":"The custom object to return when a requested resource is not found.","description_kind":"plain","optional":true}},"description":"Configuration if the bucket acts as a website.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n user-userId\n user-email\n group-groupId\n group-email\n domain-domain\n project-team-projectId\n allUsers\n allAuthenticatedUsers\nExamples:\n The user liz@example.com would be user-liz@example.com.\n The group example@googlegroups.com would be\n group-example@googlegroups.com.\n To refer to all members of the Google Apps for Business domain\n example.com, the entity would be domain-example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\", \"WRITER\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket it applies to.","description_kind":"plain","required":true},"default_acl":{"type":"string","description":"Configure this ACL to be the default ACL.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"predefined_acl":{"type":"string","description":"The canned GCS ACL to apply. Must be set if role_entity is not.","description_kind":"plain","optional":true},"role_entity":{"type":["list","string"],"description":"List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","optional":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","optional":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","optional":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","optional":true,"computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","optional":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","optional":true},"generation":{"type":"number","description":"The content generation of this object. Used for object versioning and soft delete.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","optional":true,"computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","optional":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","optional":true,"computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","optional":true}},"block_types":{"customer_encryption":{"nesting_mode":"list","block":{"attributes":{"encryption_algorithm":{"type":"string","description":"The encryption algorithm. Default: AES256","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"Base64 encoded customer supplied encryption key.","description_kind":"plain","required":true,"sensitive":true}},"description":"Encryption key; encoded using base64.","description_kind":"plain"},"max_items":1},"retention":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"The object retention mode. Supported values include: \"Unlocked\", \"Locked\".","description_kind":"plain","required":true},"retain_until_time":{"type":"string","description":"Time in RFC 3339 (e.g. 2030-01-01T02:03:04Z) until which object retention protects this object.","description_kind":"plain","required":true}},"description":"Object level retention configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object, if applied to an object.","description_kind":"plain","optional":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_hmac_key":{"version":0,"block":{"attributes":{"access_id":{"type":"string","description":"The access ID of the HMAC Key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"HMAC secret key material.","description_kind":"plain","computed":true,"sensitive":true},"service_account_email":{"type":"string","description":"The email address of the key's associated service account.","description_kind":"plain","required":true},"state":{"type":"string","description":"The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value: \"ACTIVE\" Possible values: [\"ACTIVE\", \"INACTIVE\"]","description_kind":"plain","optional":true},"time_created":{"type":"string","description":"'The creation time of the HMAC key in RFC 3339 format. '","description_kind":"plain","computed":true},"updated":{"type":"string","description":"'The last modification time of the HMAC key metadata in RFC 3339 format.'","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_insights_report_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The editable display name of the inventory report configuration. Has a limit of 256 characters. Can be empty.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the ReportConfig. The source and destination buckets specified in the ReportConfig\nmust be in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The UUID of the inventory report configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"The delimiter used to separate the fields in the inventory report CSV file.","description_kind":"plain","optional":true},"header_required":{"type":"bool","description":"The boolean that indicates whether or not headers are included in the inventory report CSV file.","description_kind":"plain","optional":true},"record_separator":{"type":"string","description":"The character used to separate the records in the inventory report CSV file.","description_kind":"plain","optional":true}},"description":"Options for configuring the format of the inventory report CSV file.","description_kind":"plain"},"min_items":1,"max_items":1},"frequency_options":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"The frequency in which inventory reports are generated. Values are DAILY or WEEKLY. Possible values: [\"DAILY\", \"WEEKLY\"]","description_kind":"plain","required":true}},"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to stop generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to stop generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to stop generating inventory reports","description_kind":"plain","required":true}},"description":"The date to stop generating inventory reports. For example, {\"day\": 15, \"month\": 9, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to start generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to start generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to start generating inventory reports","description_kind":"plain","required":true}},"description":"The date to start generating inventory reports. For example, {\"day\": 15, \"month\": 8, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options for configuring how inventory reports are generated.","description_kind":"plain"},"max_items":1},"object_metadata_report_options":{"nesting_mode":"list","block":{"attributes":{"metadata_fields":{"type":["list","string"],"description":"The metadata fields included in an inventory report.","description_kind":"plain","required":true}},"block_types":{"storage_destination_options":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The destination bucket that stores the generated inventory reports.","description_kind":"plain","required":true},"destination_path":{"type":"string","description":"The path within the destination bucket to store generated inventory reports.","description_kind":"plain","optional":true}},"description":"Options for where the inventory reports are stored.","description_kind":"plain"},"min_items":1,"max_items":1},"storage_filters":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The filter to use when specifying which bucket to generate inventory reports for.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Options for including metadata in an inventory report.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_managed_folder":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket that contains the managed folder.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp at which this managed folder was created.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"Allows the deletion of a managed folder even if contains\nobjects. If a non-empty managed folder is deleted, any objects\nwithin the folder will remain in a simulated folder with the\nsame name.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metageneration":{"type":"string","description":"The metadata generation of the managed folder.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the managed folder expressed as a path. Must include\ntrailing '/'. For example, 'example_dir/example_dir2/'.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which this managed folder was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_managed_folder_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_managed_folder_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_managed_folder_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_notification":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"custom_attributes":{"type":["map","string"],"description":" A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription","description_kind":"plain","optional":true},"event_types":{"type":["set","string"],"description":"List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: \"OBJECT_FINALIZE\", \"OBJECT_METADATA_UPDATE\", \"OBJECT_DELETE\", \"OBJECT_ARCHIVE\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"notification_id":{"type":"string","description":"The ID of the created notification.","description_kind":"plain","computed":true},"object_name_prefix":{"type":"string","description":"Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired content of the Payload. One of \"JSON_API_V1\" or \"NONE\".","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The Cloud Pub/Sub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object to apply the access control to.","description_kind":"plain","required":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description_kind":"plain","required":true},"predefined_acl":{"type":"string","description_kind":"plain","optional":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_transfer_agent_pool":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Specifies the client-specified AgentPool description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID of the agent pool to create.\n\nThe agentPoolId must meet the following requirements:\n* Length of 128 characters or less.\n* Not start with the string goog.\n* Start with a lowercase ASCII character, followed by:\n * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~).\n * One or more numerals or lowercase ASCII characters.\n\nAs expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies the state of the AgentPool.","description_kind":"plain","computed":true}},"block_types":{"bandwidth_limit":{"nesting_mode":"list","block":{"attributes":{"limit_mbps":{"type":"string","description":"Bandwidth rate in megabytes per second, distributed across all the agents in the pool.","description_kind":"plain","required":true}},"description":"Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_transfer_job":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the Transfer Job was created.","description_kind":"plain","computed":true},"deletion_time":{"type":"string","description":"When the Transfer Job was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Unique description to identify the Transfer Job.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modification_time":{"type":"string","description":"When the Transfer Job was last modified.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the Transfer Job.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.","description_kind":"plain","optional":true}},"block_types":{"event_stream":{"nesting_mode":"list","block":{"attributes":{"event_stream_expiration_time":{"type":"string","description":"Specifies the data and time at which Storage Transfer Service stops listening for events from this stream. After this time, any transfers in progress will complete, but no new transfers are initiated","description_kind":"plain","optional":true},"event_stream_start_time":{"type":"string","description":"Specifies the date and time that Storage Transfer Service starts listening for events from this stream. If no start time is specified or start time is in the past, Storage Transfer Service starts listening immediately","description_kind":"plain","optional":true},"name":{"type":"string","description":"Specifies a unique name of the resource such as AWS SQS ARN in the form 'arn:aws:sqs:region:account_id:queue_name', or Pub/Sub subscription resource name in the form 'projects/{project}/subscriptions/{sub}'","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"attributes":{"event_types":{"type":["set","string"],"description":"Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are \"TRANSFER_OPERATION_SUCCESS\", \"TRANSFER_OPERATION_FAILED\", \"TRANSFER_OPERATION_ABORTED\".","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired format of the notification message payloads. One of \"NONE\" or \"JSON\".","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Topic.name of the Pub/Sub topic to which to publish notifications.","description_kind":"plain","required":true}},"description":"Notification configuration.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"repeat_interval":{"type":"string","description":"Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"schedule_end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once.","description_kind":"plain"},"max_items":1},"schedule_start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day.","description_kind":"plain"},"min_items":1,"max_items":1},"start_time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","required":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","required":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","required":true}},"description":"The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone.","description_kind":"plain"},"max_items":1}},"description":"Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run.","description_kind":"plain"},"max_items":1},"transfer_spec":{"nesting_mode":"list","block":{"attributes":{"sink_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true},"source_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws_s3_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"S3 Bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"S3 Bucket path in bucket to transfer.","description_kind":"plain","optional":true},"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.","description_kind":"plain","optional":true}},"block_types":{"aws_access_key":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"AWS Key ID.","description_kind":"plain","required":true,"sensitive":true},"secret_access_key":{"type":"string","description":"AWS Secret Access Key.","description_kind":"plain","required":true,"sensitive":true}},"description":"AWS credentials block.","description_kind":"plain"},"max_items":1}},"description":"An AWS S3 data source.","description_kind":"plain"},"max_items":1},"azure_blob_storage_data_source":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container to transfer from the Azure Storage account.","description_kind":"plain","required":true},"path":{"type":"string","description":"Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.","description_kind":"plain","optional":true,"computed":true},"storage_account":{"type":"string","description":"The name of the Azure Storage account.","description_kind":"plain","required":true}},"block_types":{"azure_credentials":{"nesting_mode":"list","block":{"attributes":{"sas_token":{"type":"string","description":"Azure shared access signature.","description_kind":"plain","required":true,"sensitive":true}},"description":" Credentials used to authenticate API requests to Azure.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An Azure Blob Storage data source.","description_kind":"plain"},"max_items":1},"gcs_data_sink":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data sink.","description_kind":"plain"},"max_items":1},"gcs_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data source.","description_kind":"plain"},"max_items":1},"http_data_source":{"nesting_mode":"list","block":{"attributes":{"list_url":{"type":"string","description":"The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.","description_kind":"plain","required":true}},"description":"A HTTP URL data source.","description_kind":"plain"},"max_items":1},"object_conditions":{"nesting_mode":"list","block":{"attributes":{"exclude_prefixes":{"type":["list","string"],"description":"exclude_prefixes must follow the requirements described for include_prefixes.","description_kind":"plain","optional":true},"include_prefixes":{"type":["list","string"],"description":"If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.","description_kind":"plain","optional":true},"last_modified_before":{"type":"string","description":"If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_modified_since":{"type":"string","description":"If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"max_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.","description_kind":"plain"},"max_items":1},"posix_data_sink":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data sink.","description_kind":"plain"},"max_items":1},"posix_data_source":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data source.","description_kind":"plain"},"max_items":1},"transfer_options":{"nesting_mode":"list","block":{"attributes":{"delete_objects_from_source_after_transfer":{"type":"bool","description":"Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.","description_kind":"plain","optional":true},"delete_objects_unique_in_sink":{"type":"bool","description":"Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.","description_kind":"plain","optional":true},"overwrite_objects_already_existing_in_sink":{"type":"bool","description":"Whether overwriting objects that already exist in the sink is allowed.","description_kind":"plain","optional":true},"overwrite_when":{"type":"string","description":"When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.","description_kind":"plain","optional":true}},"description":"Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.","description_kind":"plain"},"max_items":1}},"description":"Transfer specification.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_tags_location_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagKey. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagKey.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagKey.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"Optional. A purpose cannot be changed once set.\n\nA purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: [\"GCE_FIREWALL\"]","description_kind":"plain","optional":true},"purpose_data":{"type":["map","string"],"description":"Optional. Purpose data cannot be changed once set.\n\nPurpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = \"\u003cproject-name\u003e/\u003cvpc-name\u003e\"'.","description_kind":"plain","optional":true},"short_name":{"type":"string","description":"Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace.\n\nThe short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagValue. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagValue.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey.\n\nThe short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_value_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_node":{"version":0,"block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of hardware accelerators associated with this node.","description_kind":"plain","required":true},"cidr_block":{"type":"string","description":"The CIDR block that the TPU node will use when selecting an IP\naddress. This CIDR block must be a /29 block; the Compute Engine\nnetworks API forbids a smaller block, and using a larger block would\nbe wasteful (a node can only consume one IP address).\n\nErrors will occur if the CIDR block has already been used for a\ncurrently existing TPU node, the CIDR block conflicts with any\nsubnetworks in the user's provided network, or the provided network\nis peered with another network that is using that CIDR block.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"The user-supplied description of the TPU. Maximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The immutable name of the TPU.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of a network to peer the TPU node to. It must be a\npreexisting Compute Engine network inside of the project on which\nthis API has been activated. If none is provided, \"default\" will be\nused.","description_kind":"plain","optional":true,"computed":true},"network_endpoints":{"type":["list",["object",{"ip_address":"string","port":"number"}]],"description":"The network endpoints where TPU workers can be accessed and sent work.\nIt is recommended that Tensorflow clients of the node first reach out\nto the first (index 0) entry.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used to run the tensor flow services within the\nnode. To share resources, including Google Cloud Storage data, with\nthe Tensorflow job running in the Node, this account must have\npermissions to that data.","description_kind":"plain","computed":true},"tensorflow_version":{"type":"string","description":"The version of Tensorflow running in the Node.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"use_service_networking":{"type":"bool","description":"Whether the VPC peering for the node is set up through Service Networking API.\nThe VPC Peering should be set up before provisioning the node. If this field is set,\ncidr_block field should not be specified. If the network that you want to peer the\nTPU Node to is a Shared VPC network, the node must be created with this this field enabled.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP location for the TPU. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"scheduling_config":{"nesting_mode":"list","block":{"attributes":{"preemptible":{"type":"bool","description":"Defines whether the TPU instance is preemptible.","description_kind":"plain","required":true}},"description":"Sets the scheduling options for this TPU instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_dataset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the dataset was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Dataset. This value is set by Google.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the dataset was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","optional":true}},"description":"Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_deployment_resource_pool":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of deployment resource pool. The maximum length is 63 characters, and valid characters are '/^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$/'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of deployment resource pool. eg us-central1","description_kind":"plain","optional":true}},"block_types":{"dedicated_resources":{"nesting_mode":"list","block":{"attributes":{"max_replica_count":{"type":"number","description":"The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, will use min_replica_count as the default value. The value of this field impacts the charge against Vertex CPU and GPU quotas. Specifically, you will be charged for max_replica_count * number of cores in the selected machine type) and (max_replica_count * number of GPUs per replica in the selected machine type).","description_kind":"plain","optional":true},"min_replica_count":{"type":"number","description":"The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1. If traffic against the DeployedModel increases, it may dynamically be deployed onto more replicas, and as traffic decreases, some of these extra replicas may be freed.","description_kind":"plain","required":true}},"block_types":{"autoscaling_metric_specs":{"nesting_mode":"list","block":{"attributes":{"metric_name":{"type":"string","description":"The resource metric name. Supported metrics: For Online Prediction: * 'aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle' * 'aiplatform.googleapis.com/prediction/online/cpu/utilization'","description_kind":"plain","required":true},"target":{"type":"number","description":"The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided.","description_kind":"plain","optional":true}},"description":"A list of the metric specifications that overrides a resource utilization metric.","description_kind":"plain"}},"machine_spec":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of accelerators to attach to the machine.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"The type of accelerator(s) that may be attached to the machine as per accelerator_count. See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType).","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The type of the machine. See the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types).","description_kind":"plain","optional":true}},"description":"The specification of a single machine used by the prediction","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The underlying dedicated resources that the deployment resource pool uses.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was created.","description_kind":"plain","computed":true},"deployed_models":{"type":["list",["object",{"automatic_resources":["list",["object",{"max_replica_count":"number","min_replica_count":"number"}]],"create_time":"string","dedicated_resources":["list",["object",{"autoscaling_metric_specs":["list",["object",{"metric_name":"string","target":"number"}]],"machine_spec":["list",["object",{"accelerator_count":"number","accelerator_type":"string","machine_type":"string"}]],"max_replica_count":"number","min_replica_count":"number"}]],"display_name":"string","enable_access_logging":"bool","enable_container_logging":"bool","id":"string","model":"string","model_version_id":"string","private_endpoints":["list",["object",{"explain_http_uri":"string","health_http_uri":"string","predict_http_uri":"string","service_attachment":"string"}]],"service_account":"string","shared_resources":"string"}]],"description":"Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/).","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Endpoint.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates. If not set, a blind \"overwrite\" update happens.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"model_deployment_monitoring_job":{"type":"string","description":"Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: 'projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}'","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits.","description_kind":"plain","required":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. Where '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was last updated.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: 'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature group. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. If not provided defaults to entityId.","description_kind":"plain","optional":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"input_uri":{"type":"string","description":"BigQuery URI to a table, up to 2000 characters long. For example: 'bq://projectId.bqDatasetId.bqTableId.'","description_kind":"plain","required":true}},"description":"The BigQuery source URI that points to either a BigQuery Table or View.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Indicates that features for this group come from BigQuery Table/View. By default treats the source as a sparse time series source, which is required to have an entityId and a feature_timestamp column in the source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_group":{"type":"string","description":"The name of the Feature Group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group Feature.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the feature group's region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"version_column_name":{"type":"string","description":"The name of the BigQuery Table/View column hosting data for this version. If no value is provided, will use featureId.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the feature online store was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any FeatureViews and Features for this FeatureOnlineStore will also be deleted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your feature online stores.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Online Store. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature online store. eg us-central1","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Feature Online Store. See the possible states in [this link](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores#state).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the feature online store was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"bigtable":{"nesting_mode":"list","block":{"block_types":{"auto_scaling":{"nesting_mode":"list","block":{"attributes":{"cpu_utilization_target":{"type":"number","description":"A percentage of the cluster's CPU capacity. Can be from 10% to 80%. When a cluster's CPU utilization exceeds the target that you have set, Bigtable immediately adds nodes to the cluster. When CPU utilization is substantially lower than the target, Bigtable removes nodes. If not set will default to 50%.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than or equal to minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Autoscaling config applied to Bigtable Instance.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for Cloud Bigtable instance that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"dedicated_serving_endpoint":{"nesting_mode":"list","block":{"attributes":{"public_endpoint_domain_name":{"type":"string","description":"Domain name to use for this FeatureOnlineStore","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Name of the service attachment resource. Applicable only if private service connect is enabled and after FeatureViewSync is created.","description_kind":"plain","computed":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"If set to true, customers will use private service connection to send request. Otherwise, the connection will set to public endpoint.","description_kind":"plain","required":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Private service connect config.","description_kind":"plain"},"max_items":1}},"description":"The dedicated serving endpoint for this FeatureOnlineStore, which is different from common vertex service endpoint. Only need to be set when you choose Optimized storage type or enable EmbeddingManagement. Will use public endpoint by default.","description_kind":"plain"},"max_items":1},"optimized":{"nesting_mode":"list","block":{"description":"Settings for the Optimized store that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store_featureview":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_online_store":{"type":"string","description":"The name of the FeatureOnlineStore to use for the featureview.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this FeatureView.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the FeatureView. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the featureonlinestore region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Start by supporting 1 only.","description_kind":"plain","required":true},"uri":{"type":"string","description":"The BigQuery view URI that will be materialized on each sync trigger based on FeatureView.SyncConfig.","description_kind":"plain","required":true}},"description":"Configures how data is supposed to be extracted from a BigQuery source to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"feature_registry_source":{"nesting_mode":"list","block":{"attributes":{"project_number":{"type":"string","description":"The project number of the parent project of the feature Groups.","description_kind":"plain","optional":true}},"block_types":{"feature_groups":{"nesting_mode":"list","block":{"attributes":{"feature_group_id":{"type":"string","description":"Identifier of the feature group.","description_kind":"plain","required":true},"feature_ids":{"type":["list","string"],"description":"Identifiers of features under the feature group.","description_kind":"plain","required":true}},"description":"List of features that need to be synced to Online Store.","description_kind":"plain"},"min_items":1}},"description":"Configures the features from a Feature Registry source that need to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"sync_config":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) to launch scheduled runs.\nTo explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or \"TZ=${IANA_TIME_ZONE}\".","description_kind":"plain","optional":true,"computed":true}},"description":"Configures when data is to be synced/updated for this FeatureView. At the end of the sync the latest featureValues for each entityId of this FeatureView are made ready for online serving.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any EntityTypes and Features for this Featurestore will also be deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Featurestore.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"If set, both of the online and offline data storage will be secured by this key.","description_kind":"plain"},"max_items":1},"online_serving_config":{"nesting_mode":"list","block":{"attributes":{"fixed_node_count":{"type":"number","description":"The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating.","description_kind":"plain","optional":true}},"block_types":{"scaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other.","description_kind":"plain"},"max_items":1}},"description":"Config for online serving resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the EntityType.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"featurestore":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this EntityType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the EntityType.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"categorical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING).","description_kind":"plain"},"max_items":1},"import_features_analysis":{"nesting_mode":"list","block":{"attributes":{"anomaly_detection_baseline":{"type":"string","description":"Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below:\n* LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics.\n* MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists.\n* PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below:\n* DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled.\n* ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it.\n* DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it.","description_kind":"plain","optional":true}},"description":"The config for ImportFeatures Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1},"numerical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64).","description_kind":"plain"},"max_items":1},"snapshot_analysis":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it.","description_kind":"plain","optional":true},"monitoring_interval_days":{"type":"number","description":"Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1.\nIf both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used.","description_kind":"plain","optional":true},"staleness_days":{"type":"number","description":"Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days.","description_kind":"plain","optional":true}},"description":"The config for Snapshot Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1}},"description":"The default monitoring configuration for all Features under this EntityType.\n\nIf this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the entity type was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the feature.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitytype":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the feature.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the feature","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the entity type was most recently updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"value_type":{"type":"string","description":"Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"contents_delta_uri":{"type":"string","description":"Allows inserting, updating or deleting the contents of the Matching Engine Index.\nThe string must be a valid Cloud Storage directory path. If this\nfield is set when calling IndexService.UpdateIndex, then no other\nIndex field can be also updated as part of the same call.\nThe expected structure and format of the files this URI points to is\ndescribed at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format","description_kind":"plain","required":true},"is_complete_overwrite":{"type":"bool","description":"If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex,\nthen existing content of the Index will be replaced by the data from the contentsDeltaUri.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"approximate_neighbors_count":{"type":"number","description":"The default number of neighbors to find via approximate search before exact reordering is\nperformed. Exact reordering is a procedure where results returned by an\napproximate search algorithm are reordered via a more expensive distance computation.\nRequired if tree-AH algorithm is used.","description_kind":"plain","optional":true},"dimensions":{"type":"number","description":"The number of dimensions of the input vectors.","description_kind":"plain","required":true},"distance_measure_type":{"type":"string","description":"The distance measure used in nearest neighbor search. The value must be one of the followings:\n* SQUARED_L2_DISTANCE: Euclidean (L_2) Distance\n* L1_DISTANCE: Manhattan (L_1) Distance\n* COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity.\n* DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product","description_kind":"plain","optional":true},"feature_norm_type":{"type":"string","description":"Type of normalization to be carried out on each vector. The value must be one of the followings:\n* UNIT_L2_NORM: Unit L2 normalization type\n* NONE: No normalization type is specified.","description_kind":"plain","optional":true},"shard_size":{"type":"string","description":"Index data is split into equal parts to be processed. These are called \"shards\".\nThe shard size must be specified when creating an index. The value must be one of the followings:\n* SHARD_SIZE_SMALL: Small (2GB)\n* SHARD_SIZE_MEDIUM: Medium (20GB)\n* SHARD_SIZE_LARGE: Large (50GB)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"algorithm_config":{"nesting_mode":"list","block":{"block_types":{"brute_force_config":{"nesting_mode":"list","block":{"description":"Configuration options for using brute force search, which simply implements the\nstandard linear search in the database for each query.","description_kind":"plain"},"max_items":1},"tree_ah_config":{"nesting_mode":"list","block":{"attributes":{"leaf_node_embedding_count":{"type":"number","description":"Number of embeddings on each leaf node. The default value is 1000 if not set.","description_kind":"plain","optional":true},"leaf_nodes_to_search_percent":{"type":"number","description":"The default percentage of leaf nodes that any query may be searched. Must be in\nrange 1-100, inclusive. The default value is 10 (means 10%) if not set.","description_kind":"plain","optional":true}},"description":"Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing).\nPlease refer to this paper for more details: https://arxiv.org/abs/1908.10396","description_kind":"plain"},"max_items":1}},"description":"The configuration with regard to the algorithms used for efficient search.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the Matching Engine Index.","description_kind":"plain"},"max_items":1}},"description":"An additional information about the Index","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered.\nPrivate services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network.\n[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'.\nWhere '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_endpoint_domain_name":{"type":"string","description":"If publicEndpointEnabled is true, this field will be populated with the domain name to use for this index endpoint.","description_kind":"plain","computed":true},"public_endpoint_enabled":{"type":"bool","description":"If true, the deployed index will be accessible through public endpoint.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index endpoint. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"If set to true, the IndexEndpoint is created without private service access.","description_kind":"plain","required":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for private service connect. 'network' and 'privateServiceConnectConfig' are mutually exclusive.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint_deployed_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_index_id":{"type":"string","description":"The user specified ID of the DeployedIndex. The ID can be up to 128 characters long and must start with a letter and only contain letters, numbers, and underscores. The ID must be unique within the project it is created in.","description_kind":"plain","required":true},"deployment_group":{"type":"string","description":"The deployment group can be no longer than 64 characters (eg: 'test', 'prod'). If not set, we will use the 'default' deployment group.\nCreating deployment_groups with reserved_ip_ranges is a recommended practice when the peered network has multiple peering ranges. This creates your deployments from predictable IP spaces for easier traffic administration. Also, one deployment_group (except 'default') can only be used with the same reserved_ip_ranges which means if the deployment_group has been used with reserved_ip_ranges: [a, b, c], using it with [a, b] or [d, e] is disallowed. [See the official documentation here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints#DeployedIndex.FIELDS.deployment_group).\nNote: we only support up to 5 deployment groups (not including 'default').","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","optional":true},"enable_access_logging":{"type":"bool","description":"If true, private endpoint's access logs are sent to Cloud Logging.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index":{"type":"string","description":"The name of the Index this is the deployment of.","description_kind":"plain","required":true},"index_endpoint":{"type":"string","description":"Identifies the index endpoint. Must be in the format\n'projects/{{project}}/locations/{{region}}/indexEndpoints/{{indexEndpoint}}'","description_kind":"plain","required":true},"index_sync_time":{"type":"string","description":"The DeployedIndex may depend on various data on its original Index. Additionally when certain changes to the original Index are being done (e.g. when what the Index contains is being changed) the DeployedIndex may be asynchronously updated in the background to reflect these changes. If this timestamp's value is at least the [Index.update_time](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexes#Index.FIELDS.update_time) of the original Index, it means that this DeployedIndex and the original Index are in sync. If this timestamp is older, then to see which updates this DeployedIndex already contains (and which it does not), one must [list](https://cloud.google.com/vertex-ai/docs/reference/rest/v1beta1/projects.locations.operations/list#google.longrunning.Operations.ListOperations) the operations that are running on the original Index. Only the successfully completed Operations with updateTime equal or before this sync time are contained in this DeployedIndex.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the DeployedIndex resource.","description_kind":"plain","computed":true},"private_endpoints":{"type":["list",["object",{"match_grpc_address":"string","psc_automated_endpoints":["list",["object",{"match_address":"string","network":"string","project_id":"string"}]],"service_attachment":"string"}]],"description":"Provides paths for users to send requests directly to the deployed index services running on Cloud via private services access. This field is populated if [network](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints#IndexEndpoint.FIELDS.network) is configured.","description_kind":"plain","computed":true},"reserved_ip_ranges":{"type":["list","string"],"description":"A list of reserved ip ranges under the VPC network that can be used for this DeployedIndex.\nIf set, we will deploy the index within the provided ip ranges. Otherwise, the index might be deployed to any ip ranges under the provided VPC network.\n\nThe value should be the name of the address (https://cloud.google.com/compute/docs/reference/rest/v1/addresses) Example: ['vertex-ai-ip-range'].\n\nFor more information about subnets and network IP ranges, please see https://cloud.google.com/vpc/docs/subnets#manually_created_subnet_ip_ranges.","description_kind":"plain","optional":true}},"block_types":{"automatic_resources":{"nesting_mode":"list","block":{"attributes":{"max_replica_count":{"type":"number","description":"The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If maxReplicaCount is not set, the default value is minReplicaCount. The max allowed replica count is 1000.\n\nThe maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, a no upper bound for scaling under heavy traffic will be assume, though Vertex AI may be unable to scale beyond certain replica number.","description_kind":"plain","optional":true,"computed":true},"min_replica_count":{"type":"number","description":"The minimum number of replicas this DeployedModel will be always deployed on. If minReplicaCount is not set, the default value is 2 (we don't provide SLA when minReplicaCount=1).\n\nIf traffic against it increases, it may dynamically be deployed onto more replicas up to [maxReplicaCount](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/AutomaticResources#FIELDS.max_replica_count), and as traffic decreases, some of these extra replicas may be freed. If the requested value is too large, the deployment will error.","description_kind":"plain","optional":true,"computed":true}},"description":"A description of resources that the DeployedIndex uses, which to large degree are decided by Vertex AI, and optionally allows only a modest additional configuration.","description_kind":"plain"},"max_items":1},"dedicated_resources":{"nesting_mode":"list","block":{"attributes":{"max_replica_count":{"type":"number","description":"The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If maxReplicaCount is not set, the default value is minReplicaCount","description_kind":"plain","optional":true,"computed":true},"min_replica_count":{"type":"number","description":"The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1.","description_kind":"plain","required":true}},"block_types":{"machine_spec":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The type of the machine.\n\nSee the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types)\n\nSee the [list of machine types supported for custom training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types).\n\nFor [DeployedModel](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.endpoints#DeployedModel) this field is optional, and the default value is n1-standard-2. For [BatchPredictionJob](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.batchPredictionJobs#BatchPredictionJob) or as part of [WorkerPoolSpec](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/CustomJobSpec#WorkerPoolSpec) this field is required.","description_kind":"plain","optional":true}},"description":"The minimum number of replicas this DeployedModel will be always deployed on.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A description of resources that are dedicated to the DeployedIndex, and that need a higher degree of manual configuration. The field minReplicaCount must be set to a value strictly greater than 0, or else validation will fail. We don't provide SLA when minReplicaCount=1. If maxReplicaCount is not set, the default value is minReplicaCount. The max allowed replica count is 1000.\n\nAvailable machine types for SMALL shard: e2-standard-2 and all machine types available for MEDIUM and LARGE shard.\n\nAvailable machine types for MEDIUM shard: e2-standard-16 and all machine types available for LARGE shard.\n\nAvailable machine types for LARGE shard: e2-highmem-16, n2d-standard-32.\n\nn1-standard-16 and n1-standard-32 are still available, but we recommend e2-standard-16 and e2-highmem-16 for cost efficiency.","description_kind":"plain"},"max_items":1},"deployed_index_auth_config":{"nesting_mode":"list","block":{"block_types":{"auth_provider":{"nesting_mode":"list","block":{"attributes":{"allowed_issuers":{"type":["list","string"],"description":"A list of allowed JWT issuers. Each entry must be a valid Google service account, in the following format: service-account-name@project-id.iam.gserviceaccount.com","description_kind":"plain","optional":true},"audiences":{"type":["list","string"],"description":"The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted.","description_kind":"plain","optional":true}},"description":"Defines the authentication provider that the DeployedIndex uses.","description_kind":"plain"},"max_items":1}},"description":"If set, the authentication is enabled for the private endpoint.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_tensorboard":{"version":0,"block":{"attributes":{"blob_storage_path_prefix":{"type":"string","description":"Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp of when the Tensorboard was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this Tensorboard.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User provided name of this Tensorboard.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Tensorboards.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Tensorboard.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tensorboard. eg us-central1","description_kind":"plain","optional":true,"computed":true},"run_count":{"type":"string","description":"The number of Runs stored in this Tensorboard.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Tensorboard was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nOnce the customer is created then corecount cannot be changed.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","optional":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","required":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"destination_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"external_address":{"type":"string","description":"The name of an 'ExternalAddress' resource.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain"},"min_items":1},"source_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"A single IP address.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","optional":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","optional":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","optional":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","required":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","optional":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"external_ip":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain"},"max_items":1},"internet_access":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"deletion_delay_hours":{"type":"number","description":"The number of hours to delay this request. You can set this value to an hour between 0 to 8, where setting it to 0 starts the deletion request immediately. If no value is set, a default value is set at the API Level.","description_kind":"plain","optional":true},"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","optional":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"send_deletion_delay_hours_if_zero":{"type":"bool","description":"While set true, deletion_delay_hours value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the deletion_delay_hours field. It can be used both alone and together with deletion_delay_hours.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\", \"STRETCHED\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"block_types":{"management_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The user-provided identifier of the new Cluster. The identifier must meet the following requirements:\n * Only contains 1-63 alphanumeric characters and hyphens\n * Begins with an alphabetical character\n * Ends with a non-hyphen character\n * Not formatted as a UUID\n * Complies with RFC 1034 (https://datatracker.ietf.org/doc/html/rfc1034) (section 3.5)","description_kind":"plain","required":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nThis cannot be changed once the PrivateCloud is created.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"stretched_cluster_config":{"nesting_mode":"list","block":{"attributes":{"preferred_location":{"type":"string","description":"Zone that will remain operational when connection between the two zones is lost.","description_kind":"plain","optional":true},"secondary_location":{"type":"string","description":"Additional zone for a higher level of availability and load balancing.","description_kind":"plain","optional":true}},"description":"The stretched cluster configuration for the private cloud.","description_kind":"plain"},"max_items":1}},"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain"},"min_items":1,"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"dns_server_ip":{"type":"string","description":"DNS Server IP of the Private Cloud.","description_kind":"plain","computed":true},"management_cidr":{"type":"string","description":"Management CIDR used by VMware management appliances.","description_kind":"plain","required":true},"management_ip_address_layout_version":{"type":"number","description":"The IP address layout version of the management IP address range.\nPossible versions include:\n* managementIpAddressLayoutVersion=1: Indicates the legacy IP address layout used by some existing private clouds. This is no longer supported for new private clouds\nas it does not support all features.\n* managementIpAddressLayoutVersion=2: Indicates the latest IP address layout\nused by all newly created private clouds. This version supports all current features.","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network attached to the private cloud.\nSpecify the name in the following form: projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}\nwhere {project} can either be a project number or a project ID.","description_kind":"plain","optional":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in\nthe form: projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be\nhigher than the value specified by min_instances.","description_kind":"plain","optional":true,"computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300. Refers to the expected throughput\nwhen using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by\nmin_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of\nmax_throughput is discouraged in favor of max_instances.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be\nlower than the value specified by max_instances.","description_kind":"plain","optional":true,"computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type.\nValue must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and\nmin_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true}},"block_types":{"subnet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is\nhttps://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}\"","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued.","description_kind":"plain","optional":true,"computed":true}},"description":"The subnet in which to house the connector","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Output only. Email address of entity that sent original CreateInstance request.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the Workbench Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disable_proxy_access":{"type":"bool","description":"Optional. If true, the workbench instance will not register with the proxy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_info":{"type":["list",["object",{}]],"description":"'Output only. Additional information about instance health. Example:\nhealthInfo\": { \"docker_proxy_agent_status\": \"1\", \"docker_status\": \"1\", \"jupyterlab_api_status\":\n\"-1\", \"jupyterlab_status\": \"-1\", \"updated\": \"2020-10-18 09:40:03.573409\" }'","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"Output only. Instance health_state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Required. User-defined unique ID of this instance.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"'Optional. Input only. The owner of this instance after creation. Format:\n'alias@example.com' Currently supports one owner only. If not specified, all of\nthe service account users of your VM instance''s service account can use the instance.'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Optional. Labels to apply to this instance. These can be later modified\nby the UpdateInstance method.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this workbench instance. Format: 'projects/{project_id}/locations/{location}/instances/{instance_id}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"Output only. The proxy endpoint that is used to access the Jupyter notebook.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of this instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"upgrade_history":{"type":["list",["object",{"action":"string","container_image":"string","create_time":"string","framework":"string","snapshot":"string","state":"string","target_version":"string","version":"string","vm_image":"string"}]],"description":"Output only. The upgrade history of this instance.","description_kind":"plain","computed":true}},"block_types":{"gce_setup":{"nesting_mode":"list","block":{"attributes":{"disable_public_ip":{"type":"bool","description":"Optional. If true, no external IP will be assigned to this VM instance.","description_kind":"plain","optional":true,"computed":true},"enable_ip_forwarding":{"type":"bool","description":"Optional. Flag to enable ip forwarding or not, default false/off.\nhttps://cloud.google.com/vpc/docs/using-routes#canipforward","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Optional. Custom metadata to apply to this instance.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Optional. The Compute Engine tags to add to instance (see [Tagging\ninstances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_configs":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"string","description":"Optional. Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Optional. Type of this accelerator. Possible values: [\"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_A100\", \"NVIDIA_A100_80GB\", \"NVIDIA_L4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\"]","description_kind":"plain","optional":true}},"description":"The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has\n[enough vCPUs and memory to support the 'machine_type' you have selected](https://cloud.google.com/compute/docs/gpus/#gpus-list).\nCurrently supports only one accelerator configuration.","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot and\ndata disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to the\nrecommended value of 150GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks, only\napplicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"The definition of a boot disk.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the workbench instance.","description_kind":"plain"},"max_items":1},"data_disks":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot\nand data disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the disk in GB attached to this VM instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to\n100.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Input only. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks,\nonly applicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"Data disks attached to the VM instance. Currently supports only one data disk.","description_kind":"plain"},"max_items":1},"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Optional. The name of the VPC that this VM instance is in.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"Optional. The type of vNIC to be used on this interface. This\nmay be gVNIC or VirtioNet. Possible values: [\"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"Optional. The name of the subnet that this VM instance is in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_configs":{"nesting_mode":"list","block":{"attributes":{"external_ip":{"type":"string","description":"An external IP address associated with this instance. Specify an unused\nstatic external IP address available to the project or leave this field\nundefined to use an IP from a shared ephemeral IP address pool. If you\nspecify a static external IP address, it must live in the same region as\nthe zone of the instance.","description_kind":"plain","required":true}},"description":"Optional. An array of configurations for this interface. Currently, only one access\nconfig, ONE_TO_ONE_NAT, is supported. If no accessConfigs specified, the\ninstance will have an external internet access through an ephemeral\nexternal IP address.","description_kind":"plain"}}},"description":"The network interfaces for the VM. Supports only one interface.","description_kind":"plain"}},"service_accounts":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Optional. Email address of the service account.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["list","string"],"description":"Output only. The list of scopes to be made available for this\nservice account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform","description_kind":"plain","computed":true}},"description":"The service account that serves as an identity for the VM instance. Currently supports only one service account.","description_kind":"plain"}},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether the VM instance has integrity monitoring\nenabled. Enables monitoring and attestation of the boot integrity of the VM\ninstance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image\nwhen the VM instance is created. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the VM instance has Secure Boot enabled.\nSecure Boot helps ensure that the system only runs authentic software by verifying\nthe digital signature of all boot components, and halting the boot process\nif signature verification fails. Disabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the VM instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. See [Images using supported Shielded\nVM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).\nNot all combinations are valid.","description_kind":"plain"},"max_items":1},"vm_image":{"nesting_mode":"list","block":{"attributes":{"family":{"type":"string","description":"Optional. Use this VM image family to find the image; the newest\nimage in this family will be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Optional. Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: {project_id}","description_kind":"plain","optional":true}},"description":"Definition of a custom Compute Engine virtual machine image for starting\na workbench instance with the environment installed directly on the VM.","description_kind":"plain"},"max_items":1}},"description":"The definition of how to configure a VM instance outside of Resources and Identity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_workflows_workflow":{"version":1,"block":{"attributes":{"call_log_level":{"type":"string","description":"Describes the level of platform logging to apply to calls and call responses during\nexecutions of this workflow. If both the workflow and the execution specify a logging level,\nthe execution level takes precedence. Possible values: [\"CALL_LOG_LEVEL_UNSPECIFIED\", \"LOG_ALL_CALLS\", \"LOG_ERRORS_ONLY\", \"LOG_NONE\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp of when the workflow was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"The KMS key used to encrypt workflow and execution data.\n\nFormat: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the workflow provided by the user. Must be at most 1000 unicode characters long.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Workflow.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the workflow.","description_kind":"plain","optional":true},"revision_id":{"type":"string","description":"The revision of the workflow. A new one is generated if the service account or source contents is changed.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"Name of the service account associated with the latest workflow version. This service\naccount represents the identity of the workflow and determines what permissions the workflow has.\nFormat: projects/{project}/serviceAccounts/{account} or {account}.\nUsing - as a wildcard for the {project} or not providing one at all will infer the project from the account.\nThe {account} value can be the email address or the unique_id of the service account.\nIf not provided, workflow will use the project's default service account.\nModifying this field for an existing workflow results in a new workflow revision.","description_kind":"plain","optional":true,"computed":true},"source_contents":{"type":"string","description":"Workflow code to be executed. The size limit is 128KB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the workflow deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the workflow was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"user_env_vars":{"type":["map","string"],"description":"User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS\".","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"google_access_approval_folder_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"folder_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_access_approval_organization_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_approval_project_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_active_folder":{"version":0,"block":{"attributes":{"api_method":{"type":"string","description":"Provides the REST method through which to find the folder. LIST is recommended as it is strongly consistent.","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_alloydb_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list",["object",{"display_name":"string","labels":["map","string"],"location_id":"string","metadata":["map","string"],"name":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_alloydb_supported_database_flags":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"supported_database_flags":{"type":["list",["object",{"accepts_multiple_values":"bool","flag_name":"string","integer_restrictions":["list",["object",{"max_value":"string","min_value":"string"}]],"name":"string","requires_db_restart":"bool","string_restrictions":["list",["object",{"allowed_values":["list","string"]}]],"supported_db_versions":["list","string"],"value_type":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_app_engine_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apphub_application":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Required. The Application identifier.","description_kind":"plain","required":true},"attributes":{"type":["list",["object",{"business_owners":["list",["object",{"display_name":"string","email":"string"}]],"criticality":["list",["object",{"type":"string"}]],"developer_owners":["list",["object",{"display_name":"string","email":"string"}]],"environment":["list",["object",{"type":"string"}]],"operator_owners":["list",["object",{"display_name":"string","email":"string"}]]}]],"description":"Consumer provided attributes.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. User-defined description of an Application.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User-defined name for the Application.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"scope":{"type":["list",["object",{"type":"string"}]],"description":"Scope of an application.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Application state. \n Possible values:\n STATE_UNSPECIFIED\nCREATING\nACTIVE\nDELETING","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (in UUID4 format) for the 'Application'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apphub_discovered_service":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description_kind":"plain","computed":true},"service_reference":{"type":["list",["object",{"path":"string","uri":"string"}]],"description_kind":"plain","computed":true},"service_uri":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apphub_discovered_workload":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"workload_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description_kind":"plain","computed":true},"workload_reference":{"type":["list",["object",{"uri":"string"}]],"description_kind":"plain","computed":true},"workload_uri":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_artifact_registry_docker_image":{"version":0,"block":{"attributes":{"build_time":{"type":"string","description":"The time, as a RFC 3339 string, this image was built.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_name":{"type":"string","description":"The image name to fetch.","description_kind":"plain","required":true},"image_size_bytes":{"type":"string","description":"Calculated size of the image in bytes.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The region of the artifact registry repository. For example, \"us-west1\".","description_kind":"plain","required":true},"media_type":{"type":"string","description":"Media type of this image.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully qualified name of the fetched image.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"repository_id":{"type":"string","description":"The last part of the repository name to fetch from.","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI to access the image.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"All tags associated with the image.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time, as a RFC 3339 string, this image was updated.","description_kind":"plain","computed":true},"upload_time":{"type":"string","description":"The time, as a RFC 3339 string, the image was uploaded.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policies":{"type":["set",["object",{"action":"string","condition":["list",["object",{"newer_than":"string","older_than":"string","package_name_prefixes":["list","string"],"tag_prefixes":["list","string"],"tag_state":"string","version_name_prefixes":["list","string"]}]],"id":"string","most_recent_versions":["list",["object",{"keep_count":"number","package_name_prefixes":["list","string"]}]]}]],"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain","computed":true},"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","computed":true},"docker_config":{"type":["list",["object",{"immutable_tags":"bool"}]],"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","required":true},"maven_config":{"type":["list",["object",{"allow_snapshot_overwrites":"bool","version_policy":"string"}]],"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"remote_repository_config":{"type":["list",["object",{"apt_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]],"description":"string","disable_upstream_validation":"bool","docker_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"maven_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"npm_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"python_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"upstream_credentials":["list",["object",{"username_password_credentials":["list",["object",{"password_secret_version":"string","username":"string"}]]}]],"yum_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]]}]],"description":"Configuration specific for a Remote Repository.","description_kind":"plain","computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true},"virtual_repository_config":{"type":["list",["object",{"upstream_policies":["list",["object",{"id":"string","priority":"number","repository":"string"}]]}]],"description":"Configuration specific for a Virtual Repository.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"application_endpoint":{"type":["list",["object",{"host":"string","port":"number"}]],"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain","computed":true},"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway":{"type":["list",["object",{"app_gateway":"string","ingress_port":"number","type":"string","uri":"string"}]],"description":"Gateway used by the AppConnection.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer\nto https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"principal_info":{"type":["list",["object",{"service_account":["list",["object",{"email":"string"}]]}]],"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","computed":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"access":{"type":["set",["object",{"dataset":["list",["object",{"dataset":["list",["object",{"dataset_id":"string","project_id":"string"}]],"target_types":["list","string"]}]],"domain":"string","group_by_email":"string","iam_member":"string","role":"string","routine":["list",["object",{"dataset_id":"string","project_id":"string","routine_id":"string"}]],"special_group":"string","user_by_email":"string","view":["list",["object",{"dataset_id":"string","project_id":"string","table_id":"string"}]]}]],"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain","computed":true},"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","computed":true},"default_encryption_configuration":{"type":["list",["object",{"kms_key_name":"string"}]],"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain","computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","computed":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","computed":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"external_dataset_reference":{"type":["list",["object",{"connection":"string","external_source":"string"}]],"description":"Information about the external metadata storage where the dataset is defined.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","computed":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"resource_tags":{"type":["map","string"],"description":"The tags attached to this table. Tag keys are globally unique. Tag key is expected to be\nin the namespaced format, for example \"123456789012/environment\" where 123456789012 is the\nID of the parent organization or project resource for this tag key. Tag value is expected\nto be the short name, for example \"Production\". See [Tag definitions](/iam/docs/tags-access-control#definitions)\nfor more details.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_default_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lookup_projects":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"project_ids":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_client_config":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"The OAuth2 access token used by the client to authenticate against the Google Cloud API.","description_kind":"markdown","computed":true,"sensitive":true},"default_labels":{"type":["map","string"],"description":"The default labels configured on the provider.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. It is created in a projects/{{project}}/regions/{{region}}/zones/{{zone}} format and is NOT used by the data source in requests to Google APIs.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project to apply any resources to.","description_kind":"markdown","computed":true},"region":{"type":"string","description":"The region to operate under.","description_kind":"markdown","computed":true},"zone":{"type":"string","description":"The zone to operate under.","description_kind":"markdown","computed":true}},"description":"Use this data source to access the configuration of the Google Cloud provider.","description_kind":"markdown"}},"google_client_openid_userinfo":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email of the account used by the provider to authenticate with GCP.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. Its value is the same as the `email` attribute. Do not use this field, use the `email` attribute instead.","description_kind":"markdown","computed":true}},"description":"Get OpenID userinfo about the credentials used with the Google provider, specifically the email.\nThis datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.\n\n~\u003e This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.","description_kind":"markdown"}},"google_cloud_asset_search_all_resources":{"version":0,"block":{"attributes":{"asset_types":{"type":["list","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query":{"type":"string","description_kind":"plain","optional":true},"results":{"type":["list",["object",{"asset_type":"string","create_time":"string","description":"string","display_name":"string","folders":["list","string"],"kms_keys":["list","string"],"labels":["map","string"],"location":"string","name":"string","network_tags":["list","string"],"organization":"string","parent_asset_type":"string","parent_full_resource_name":"string","project":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"scope":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_identity_group_lookup":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up Group.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity. For Google-managed entities, the id should be the email address of an existing group or user.\nFor external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements.\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group.\nIf specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source}.","description_kind":"plain","optional":true}},"description":"The EntityKey of the Group to lookup. A unique identifier for an entity in the Cloud Identity Groups API.\nAn entity can represent either a group with an optional namespace or a user without a namespace.\nThe combination of id and namespace must be unique; however, the same id can be used with different namespaces.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloud_identity_group_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"create_time":"string","group":"string","name":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"roles":["set",["object",{"expiry_detail":["list",["object",{"expire_time":"string"}]],"name":"string"}]],"type":"string","update_time":"string"}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_group_transitive_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"member":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"relation_type":"string","roles":["set",["object",{"role":"string"}]]}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_groups":{"version":0,"block":{"attributes":{"groups":{"type":["list",["object",{"additional_group_keys":["list",["object",{"id":"string","namespace":"string"}]],"create_time":"string","description":"string","display_name":"string","group_key":["list",["object",{"id":"string","namespace":"string"}]],"initial_group_config":"string","labels":["map","string"],"name":"string","parent":"string","update_time":"string"}]],"description":"List of Cloud Identity groups.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_quotas_quota_info":{"version":0,"block":{"attributes":{"container_type":{"type":"string","description_kind":"plain","computed":true},"dimensions":{"type":["list","string"],"description_kind":"plain","computed":true},"dimensions_infos":{"type":["list",["object",{"applicable_locations":["list","string"],"details":["list",["object",{"value":"string"}]],"dimensions":["map","string"]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_concurrent":{"type":"bool","description_kind":"plain","computed":true},"is_fixed":{"type":"bool","description_kind":"plain","computed":true},"is_precise":{"type":"bool","description_kind":"plain","computed":true},"metric":{"type":"string","description_kind":"plain","computed":true},"metric_display_name":{"type":"string","description_kind":"plain","computed":true},"metric_unit":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"quota_display_name":{"type":"string","description_kind":"plain","computed":true},"quota_id":{"type":"string","description_kind":"plain","required":true},"quota_increase_eligibility":{"type":["list",["object",{"ineligibility_reason":"string","is_eligible":"bool"}]],"description_kind":"plain","computed":true},"refresh_interval":{"type":"string","description_kind":"plain","computed":true},"service":{"type":"string","description_kind":"plain","required":true},"service_request_quota_uri":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_quotas_quota_infos":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"quota_infos":{"type":["list",["object",{"container_type":"string","dimensions":["list","string"],"dimensions_infos":["list",["object",{"applicable_locations":["list","string"],"details":["list",["object",{"value":"string"}]],"dimensions":["map","string"]}]],"is_concurrent":"bool","is_fixed":"bool","is_precise":"bool","metric":"string","metric_display_name":"string","metric_unit":"string","name":"string","quota_display_name":"string","quota_id":"string","quota_increase_eligibility":["list",["object",{"ineligibility_reason":"string","is_eligible":"bool"}]],"refresh_interval":"string","service":"string","service_request_quota_uri":"string"}]],"description_kind":"plain","computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"metadata":{"type":["list",["object",{"annotations":["map","string"],"effective_annotations":["map","string"],"effective_labels":["map","string"],"generation":"number","labels":["map","string"],"namespace":"string","resource_version":"string","self_link":"string","terraform_labels":["map","string"],"uid":"string"}]],"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"metadata":["list",["object",{"annotations":["map","string"],"generation":"number","labels":["map","string"],"name":"string","namespace":"string","resource_version":"string","self_link":"string","uid":"string"}]],"spec":["list",["object",{"container_concurrency":"number","containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_from":["list",["object",{"secret_key_ref":["list",["object",{"key":"string","name":"string"}]]}]]}]],"env_from":["list",["object",{"config_map_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]],"prefix":"string","secret_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string","protocol":"string"}]],"resources":["list",["object",{"limits":["map","string"],"requests":["map","string"]}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"service_account_name":"string","serving_state":"string","timeout_seconds":"number","volumes":["list",["object",{"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"key":"string","mode":"number","path":"string"}]],"secret_name":"string"}]]}]]}]]}]],"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","policy":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"labels":["map","string"],"parallelism":"number","task_count":"number","template":["list",["object",{"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"limits":["map","string"]}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","max_retries":"number","service_account":"string","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["list","string"]}]],"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]]}]],"description":"The template used to create executions for this Job.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","policy":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"depends_on":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"cpu_idle":"bool","limits":["map","string"],"startup_cpu_boost":"bool"}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","labels":["map","string"],"max_instance_request_concurrency":"number","revision":"string","scaling":["list",["object",{"max_instance_count":"number","min_instance_count":"number"}]],"service_account":"string","session_affinity":"bool","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["set","string"]}]],"gcs":["list",["object",{"bucket":"string","read_only":"bool"}]],"name":"string","nfs":["list",["object",{"path":"string","read_only":"bool","server":"string"}]],"secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]],"description":"The template used to create revisions for this Service.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string"}]],"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"approval_config":{"type":["list",["object",{"approval_required":"bool"}]],"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain","computed":true},"bitbucket_server_trigger_config":{"type":["list",["object",{"bitbucket_server_config_resource":"string","project_key":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repo_slug":"string"}]],"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain","computed":true},"build":{"type":["list",["object",{"artifacts":["list",["object",{"images":["list","string"],"maven_artifacts":["list",["object",{"artifact_id":"string","group_id":"string","path":"string","repository":"string","version":"string"}]],"npm_packages":["list",["object",{"package_path":"string","repository":"string"}]],"objects":["list",["object",{"location":"string","paths":["list","string"],"timing":["list",["object",{"end_time":"string","start_time":"string"}]]}]],"python_packages":["list",["object",{"paths":["list","string"],"repository":"string"}]]}]],"available_secrets":["list",["object",{"secret_manager":["list",["object",{"env":"string","version_name":"string"}]]}]],"images":["list","string"],"logs_bucket":"string","options":["list",["object",{"disk_size_gb":"number","dynamic_substitutions":"bool","env":["list","string"],"log_streaming_option":"string","logging":"string","machine_type":"string","requested_verify_option":"string","secret_env":["list","string"],"source_provenance_hash":["list","string"],"substitution_option":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"worker_pool":"string"}]],"queue_ttl":"string","secret":["list",["object",{"kms_key_name":"string","secret_env":["map","string"]}]],"source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","substitutions":["map","string"],"tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"string","object":"string"}]]}]],"step":["list",["object",{"allow_exit_codes":["list","number"],"allow_failure":"bool","args":["list","string"],"dir":"string","entrypoint":"string","env":["list","string"],"id":"string","name":"string","script":"string","secret_env":["list","string"],"timeout":"string","timing":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"wait_for":["list","string"]}]],"substitutions":["map","string"],"tags":["list","string"],"timeout":"string"}]],"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","computed":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","computed":true},"git_file_source":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","path":"string","repo_type":"string","repository":"string","revision":"string","uri":"string"}]],"description":"The file source describing the local or remote Build template.","description_kind":"plain","computed":true},"github":{"type":["list",["object",{"enterprise_config_resource_name":"string","name":"string","owner":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]]}]],"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","computed":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","computed":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_config":{"type":["list",["object",{"service_account_email":"string","state":"string","subscription":"string","topic":"string"}]],"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"repository_event_config":{"type":["list",["object",{"pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repository":"string"}]],"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","computed":true},"source_to_build":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","ref":"string","repo_type":"string","repository":"string","uri":"string"}]],"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","computed":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","required":true},"trigger_template":{"type":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"webhook_config":{"type":["list",["object",{"secret":"string","state":"string"}]],"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"build_config":{"type":["list",["object",{"automatic_update_policy":["list",["object",{}]],"build":"string","docker_repository":"string","entry_point":"string","environment_variables":["map","string"],"on_deploy_update_policy":["list",["object",{"runtime_version":"string"}]],"runtime":"string","service_account":"string","source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"number","object":"string"}]]}]],"worker_pool":"string"}]],"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_filters":["set",["object",{"attribute":"string","operator":"string","value":"string"}]],"event_type":"string","pubsub_topic":"string","retry_policy":"string","service_account_email":"string","trigger":"string","trigger_region":"string"}]],"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_config":{"type":["list",["object",{"all_traffic_on_latest_revision":"bool","available_cpu":"string","available_memory":"string","environment_variables":["map","string"],"gcf_uri":"string","ingress_settings":"string","max_instance_count":"number","max_instance_request_concurrency":"number","min_instance_count":"number","secret_environment_variables":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"secret_volumes":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"service":"string","service_account_email":"string","timeout_seconds":"number","uri":"string","vpc_connector":"string","vpc_connector_egress_settings":"string"}]],"description":"Describes the Service being deployed.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","computed":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","computed":true},"build_service_account":{"type":"string","description":"The fully-qualified name of the service account to be used for the build step of deploying this function","description_kind":"plain","computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","computed":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","computed":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_type":"string","failure_policy":["list",["object",{"retry":"bool"}]],"resource":"string"}]],"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain","computed":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","computed":true},"secret_environment_variables":{"type":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"description":"Secret environment variables configuration","description_kind":"plain","computed":true},"secret_volumes":{"type":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"description":"Secret volumes configuration.","description_kind":"plain","computed":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","computed":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","computed":true},"source_repository":{"type":["list",["object",{"deployed_url":"string","url":"string"}]],"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","computed":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","computed":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","computed":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"config":{"type":["list",["object",{"airflow_uri":"string","dag_gcs_prefix":"string","data_retention_config":["list",["object",{"task_logs_retention_config":["list",["object",{"storage_mode":"string"}]]}]],"database_config":["list",["object",{"machine_type":"string","zone":"string"}]],"encryption_config":["list",["object",{"kms_key_name":"string"}]],"environment_size":"string","gke_cluster":"string","maintenance_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]],"master_authorized_networks_config":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"enabled":"bool"}]],"node_config":["list",["object",{"disk_size_gb":"number","enable_ip_masq_agent":"bool","ip_allocation_policy":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"machine_type":"string","network":"string","oauth_scopes":["set","string"],"service_account":"string","subnetwork":"string","tags":["set","string"],"zone":"string"}]],"node_count":"number","private_environment_config":["list",["object",{"cloud_composer_connection_subnetwork":"string","cloud_composer_network_ipv4_cidr_block":"string","cloud_sql_ipv4_cidr_block":"string","connection_type":"string","enable_private_endpoint":"bool","enable_privately_used_public_ips":"bool","master_ipv4_cidr_block":"string","web_server_ipv4_cidr_block":"string"}]],"recovery_config":["list",["object",{"scheduled_snapshots_config":["list",["object",{"enabled":"bool","snapshot_creation_schedule":"string","snapshot_location":"string","time_zone":"string"}]]}]],"resilience_mode":"string","software_config":["list",["object",{"airflow_config_overrides":["map","string"],"env_variables":["map","string"],"image_version":"string","pypi_packages":["map","string"],"python_version":"string","scheduler_count":"number"}]],"web_server_config":["list",["object",{"machine_type":"string"}]],"web_server_network_access_control":["list",["object",{"allowed_ip_range":["set",["object",{"description":"string","value":"string"}]]}]],"workloads_config":["list",["object",{"scheduler":["list",["object",{"count":"number","cpu":"number","memory_gb":"number","storage_gb":"number"}]],"triggerer":["list",["object",{"count":"number","cpu":"number","memory_gb":"number"}]],"web_server":["list",["object",{"cpu":"number","memory_gb":"number","storage_gb":"number"}]],"worker":["list",["object",{"cpu":"number","max_count":"number","memory_gb":"number","min_count":"number","storage_gb":"number"}]]}]]}]],"description":"Configuration parameters for this environment.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true},"storage_config":{"type":["list",["object",{"bucket":"string"}]],"description":"Configuration options for storage used by Composer environment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_composer_image_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_versions":{"type":["list",["object",{"image_version_id":"string","supported_python_versions":["list","string"]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_addresses":{"version":0,"block":{"attributes":{"addresses":{"type":["list",["object",{"address":"string","address_type":"string","description":"string","name":"string","region":"string","self_link":"string","status":"string"}]],"description_kind":"plain","computed":true},"filter":{"type":"string","description":"Filter sets the optional parameter \"filter\": A filter expression that\nfilters resources listed in the response. The expression must specify\nthe field name, an operator, and the value that you want to use for\nfiltering. The value must be a string, a number, or a boolean. The\noperator must be either \"=\", \"!=\", \"\u003e\", \"\u003c\", \"\u003c=\", \"\u003e=\" or \":\". For\nexample, if you are filtering Compute Engine instances, you can\nexclude instances named \"example-instance\" by specifying \"name !=\nexample-instance\". The \":\" operator can be used with string fields to\nmatch substrings. For non-string fields it is equivalent to the \"=\"\noperator. The \":*\" comparison can be used to test whether a key has\nbeen defined. For example, to find all objects with \"owner\" label\nuse: \"\"\" labels.owner:* \"\"\" You can also filter nested fields. For\nexample, you could specify \"scheduling.automaticRestart = false\" to\ninclude instances only if they are not scheduled for automatic\nrestarts. You can use filtering on nested fields to filter based on\nresource labels. To filter on multiple expressions, provide each\nseparate expression within parentheses. For example: \"\"\"\n(scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\")\n\"\"\" By default, each expression is an \"AND\" expression. However, you\ncan include \"AND\" and \"OR\" expressions explicitly. For example: \"\"\"\n(cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\")\nAND (scheduling.automaticRestart = true) \"\"\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The google project in which addresses are listed. Defaults to provider's configuration if missing.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region that should be considered to search addresses. All regions are considered if missing.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_http_headers":["list","string"],"query_string_whitelist":["list","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"request_coalescing":"bool","serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","computed":true},"backend":{"type":["set",["object",{"balancing_mode":"string","capacity_scaler":"number","description":"string","group":"string","max_connections":"number","max_connections_per_endpoint":"number","max_connections_per_instance":"number","max_rate":"number","max_rate_per_endpoint":"number","max_rate_per_instance":"number","max_utilization":"number"}]],"description":"The set of backends that serve this BackendService.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_host":"bool","include_http_headers":["list","string"],"include_named_cookies":["list","string"],"include_protocol":"bool","include_query_string":"bool","query_string_blacklist":["set","string"],"query_string_whitelist":["set","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain","computed":true},"circuit_breakers":{"type":["list",["object",{"max_connections":"number","max_pending_requests":"number","max_requests":"number","max_requests_per_connection":"number","max_retries":"number"}]],"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","computed":true},"consistent_hash":{"type":["list",["object",{"http_cookie":["list",["object",{"name":"string","path":"string","ttl":["list",["object",{"nanos":"number","seconds":"number"}]]}]],"http_header_name":"string","minimum_ring_size":"number"}]],"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","computed":true},"iap":{"type":["list",["object",{"oauth2_client_id":"string","oauth2_client_secret":"string","oauth2_client_secret_sha256":"string"}]],"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"locality_lb_policies":{"type":["list",["object",{"custom_policy":["list",["object",{"data":"string","name":"string"}]],"policy":["list",["object",{"name":"string"}]]}]],"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain","computed":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","computed":true},"log_config":{"type":["list",["object",{"enable":"bool","sample_rate":"number"}]],"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"outlier_detection":{"type":["list",["object",{"base_ejection_time":["list",["object",{"nanos":"number","seconds":"number"}]],"consecutive_errors":"number","consecutive_gateway_failure":"number","enforcing_consecutive_errors":"number","enforcing_consecutive_gateway_failure":"number","enforcing_success_rate":"number","interval":["list",["object",{"nanos":"number","seconds":"number"}]],"max_ejection_percent":"number","success_rate_minimum_hosts":"number","success_rate_request_volume":"number","success_rate_stdev_factor":"number"}]],"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.\n\nFrom version 6.0.0 outlierDetection default terraform values will be removed to match default GCP value.\nDefault values are enforce by GCP without providing them.","description_kind":"plain","computed":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","computed":true},"security_settings":{"type":["list",["object",{"aws_v4_authentication":["list",["object",{"access_key":"string","access_key_id":"string","access_key_version":"string","origin_region":"string"}]],"client_tls_policy":"string","subject_alt_names":["list","string"]}]],"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_lb_policy":{"type":"string","description":"URL to networkservices.ServiceLbPolicy resource.\nCan only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"The backend service timeout has a different meaning depending on the type of load balancer.\nFor more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices).\nThe default is 30 seconds.\nThe full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"access_mode":{"type":"string","description":"The accessMode of the disk.\nFor example:\n* READ_WRITE_SINGLE\n* READ_WRITE_MANY\n* READ_ONLY_SINGLE","description_kind":"plain","computed":true},"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","rsa_encrypted_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"The URL of the storage pool in which the new disk is created.\nFor example:\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/storagePools/{storagePool}\n* /projects/{project}/zones/{zone}/storagePools/{storagePool}","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","computed":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","computed":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","computed":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","computed":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rule_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"rules":{"type":["list",["object",{"all_ports":"bool","allow_global_access":"bool","allow_psc_global_access":"bool","backend_service":"string","base_forwarding_rule":"string","creation_timestamp":"string","description":"string","effective_labels":["map","string"],"forwarding_rule_id":"number","ip_address":"string","ip_protocol":"string","ip_version":"string","is_mirroring_collector":"bool","label_fingerprint":"string","labels":["map","string"],"load_balancing_scheme":"string","name":"string","network":"string","network_tier":"string","no_automate_dns_zone":"bool","port_range":"string","ports":["set","string"],"project":"string","psc_connection_id":"string","psc_connection_status":"string","recreate_closed_psc":"bool","region":"string","self_link":"string","service_directory_registrations":["list",["object",{"namespace":"string","service":"string"}]],"service_label":"string","service_name":"string","source_ip_ranges":["list","string"],"subnetwork":"string","target":"string","terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","computed":true},"metadata_filters":{"type":["list",["object",{"filter_labels":["list",["object",{"name":"string","value":"string"}]],"filter_match_criteria":"string"}]],"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service_directory_region":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"gateway_ip_version":{"type":"string","description":"The IP family of the gateway IPs for the HA-VPN gateway interfaces. If not specified, IPV4 will be used. Default value: \"IPV4\" Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\", \"IPV6_ONLY\"]","description_kind":"plain","computed":true},"vpn_interfaces":{"type":["list",["object",{"id":"number","interconnect_attachment":"string","ip_address":"string"}]],"description":"A list of interfaces on this VPN gateway.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"grpc_health_check":{"type":["list",["object",{"grpc_service_name":"string","port":"number","port_name":"string","port_specification":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","computed":true},"http2_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"http_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"https_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool"}]],"description":"Configure logging on this health check.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_regions":{"type":["list","string"],"description":"The list of cloud regions from which health checks are performed. If\nany regions are specified, then exactly 3 regions should be specified.\nThe region names must be valid names of Google Cloud regions. This can\nonly be set for global health check. If this list is non-empty, then\nthere are restrictions on what other health check fields are supported\nand what other resources can use this health check:\n\n* SSL, HTTP2, and GRPC protocols are not supported.\n\n* The TCP request field is not supported.\n\n* The proxyHeader field for HTTP, HTTPS, and TCP is not supported.\n\n* The checkIntervalSec field must be at least 30.\n\n* The health check cannot be used with BackendService nor with managed\ninstance group auto-healing.","description_kind":"plain","computed":true},"ssl_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"tcp_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description_kind":"plain","computed":true},"family":{"type":"string","description_kind":"plain","optional":true,"computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"image_id":{"type":"string","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description_kind":"plain","computed":true},"source_disk_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","computed":true},"boot_disk":{"type":["list",["object",{"auto_delete":"bool","device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","initialize_params":["list",["object",{"enable_confidential_compute":"bool","image":"string","labels":["map","string"],"provisioned_iops":"number","provisioned_throughput":"number","resource_manager_tags":["map","string"],"size":"number","storage_pool":"string","type":"string"}]],"kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"The boot disk for the instance.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"confidential_instance_type":"string","enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","optional":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"The networks attached to the instance.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"params":{"type":["list",["object",{"resource_manager_tags":["map","string"]}]],"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"max_run_duration":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","on_instance_stop_action":["list",["object",{"discard_local_ssd":"bool"}]],"preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy being used by the instance.","description_kind":"plain","computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"The shielded vm config being used by the instance.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"named_port":{"type":["list",["object",{"name":"string","port":"number"}]],"description_kind":"plain","computed":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"all_instances_config":{"type":["list",["object",{"labels":["map","string"],"metadata":["map","string"]}]],"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain","computed":true},"auto_healing_policies":{"type":["list",["object",{"health_check":"string","initial_delay_sec":"number"}]],"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain","computed":true},"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_lifecycle_policy":{"type":["list",["object",{"default_action_on_failure":"string","force_update_on_repair":"string"}]],"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","optional":true},"named_port":{"type":["set",["object",{"name":"string","port":"number"}]],"description":"The named port configuration.","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","optional":true},"stateful_disk":{"type":["set",["object",{"delete_rule":"string","device_name":"string"}]],"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain","computed":true},"stateful_external_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"stateful_internal_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","computed":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","computed":true},"update_policy":{"type":["list",["object",{"max_surge_fixed":"number","max_surge_percent":"number","max_unavailable_fixed":"number","max_unavailable_percent":"number","minimal_action":"string","most_disruptive_allowed_action":"string","replacement_method":"string","type":"string"}]],"description":"The update policy for this managed instance group.","description_kind":"plain","computed":true},"version":{"type":["list",["object",{"instance_template":"string","name":"string","target_size":["list",["object",{"fixed":"number","percent":"number"}]]}]],"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain","computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","computed":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_serial_port":{"version":0,"block":{"attributes":{"contents":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"port":{"type":"number","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"confidential_instance_type":"string","enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","computed":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"max_run_duration":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","on_instance_stop_action":["list",["object",{"discard_local_ssd":"bool"}]],"preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_lb_ip_ranges":{"version":0,"block":{"attributes":{"http_ssl_tcp_internal":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_machine_types":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"machine_types":{"type":["list",["object",{"accelerators":["list",["object",{"guest_accelerator_count":"number","guest_accelerator_type":"string"}]],"deprecated":["set",["object",{"replacement":"string","state":"string"}]],"description":"string","guest_cpus":"number","is_shared_cpus":"bool","maximum_persistent_disks":"number","maximum_persistent_disks_size_gb":"number","memory_mb":"number","name":"string","self_link":"string"}]],"description":"The list of machine types","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID for this request.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the zone for this request.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_ipv4":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetworks_self_links":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","computed":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","computed":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_networks":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"networks":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_node_types":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_name":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_instance_group":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"instance":"string","named_ports":["list",["object",{"name":"string","port":"number"}]],"status":"string"}]],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"confidential_instance_type":"string","enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"max_run_duration":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","on_instance_stop_action":["list",["object",{"discard_local_ssd":"bool"}]],"preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"app_engine":{"type":["list",["object",{"service":"string","url_mask":"string","version":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_function":{"type":["list",["object",{"function":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_run":{"type":["list",["object",{"service":"string","tag":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"GCE_VM_IP_PORTMAP\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_regions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"share_settings":{"type":["list",["object",{"project_map":["set",["object",{"id":"string","project_id":"string"}]],"share_type":"string"}]],"description":"The share setting for reservations.","description_kind":"plain","computed":true},"specific_reservation":{"type":["list",["object",{"count":"number","in_use_count":"number","instance_properties":["list",["object",{"guest_accelerators":["list",["object",{"accelerator_count":"number","accelerator_type":"string"}]],"local_ssds":["list",["object",{"disk_size_gb":"number","interface":"string"}]],"machine_type":"string","min_cpu_platform":"string"}]]}]],"description":"Reservation for instances with specific machine shapes.","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","computed":true},"disk_consistency_group_policy":{"type":["list",["object",{"enabled":"bool"}]],"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain","computed":true},"group_placement_policy":{"type":["list",["object",{"availability_domain_count":"number","collocation":"string","vm_count":"number"}]],"description":"Resource policy for instances used for placement configuration.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_schedule_policy":{"type":["list",["object",{"expiration_time":"string","start_time":"string","time_zone":"string","vm_start_schedule":["list",["object",{"schedule":"string"}]],"vm_stop_schedule":["list",["object",{"schedule":"string"}]]}]],"description":"Resource policy for scheduling instance operations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_schedule_policy":{"type":["list",["object",{"retention_policy":["list",["object",{"max_retention_days":"number","on_source_disk_delete":"string"}]],"schedule":["list",["object",{"daily_schedule":["list",["object",{"days_in_cycle":"number","start_time":"string"}]],"hourly_schedule":["list",["object",{"hours_in_cycle":"number","start_time":"string"}]],"weekly_schedule":["list",["object",{"day_of_weeks":["set",["object",{"day":"string","start_time":"string"}]]}]]}]],"snapshot_properties":["list",["object",{"chain_name":"string","guest_flush":"bool","labels":["map","string"],"storage_locations":["set","string"]}]]}]],"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"bgp":{"type":["list",["object",{"advertise_mode":"string","advertised_groups":["list","string"],"advertised_ip_ranges":["list",["object",{"description":"string","range":"string"}]],"asn":"number","identifier_range":"string","keepalive_interval":"number"}]],"description":"BGP information specific to this router.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"auto_network_tier":{"type":"string","description":"The network tier to use when automatically reserving NAT IP addresses.\nMust be one of: PREMIUM, STANDARD. If not specified, then the current\nproject-level default tier is used. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","computed":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","computed":true},"endpoint_types":{"type":["list","string"],"description":"Specifies the endpoint Types supported by the NAT Gateway.\nSupported values include:\n 'ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG',\n 'ENDPOINT_TYPE_MANAGED_PROXY_LB'.","description_kind":"plain","computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool","filter":"string"}]],"description":"Configuration for logging on NAT","description_kind":"plain","computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","computed":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","computed":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"rules":{"type":["set",["object",{"action":["list",["object",{"source_nat_active_ips":["set","string"],"source_nat_drain_ips":["set","string"]}]],"description":"string","match":"string","rule_number":"number"}]],"description":"A list of rules associated with this NAT.","description_kind":"plain","computed":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","computed":true},"subnetwork":{"type":["set",["object",{"name":"string","secondary_ip_range_names":["set","string"],"source_ip_ranges_to_nat":["set","string"]}]],"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain","computed":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","computed":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","computed":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","computed":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_status":{"version":0,"block":{"attributes":{"best_routes":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes for this router's network.","description_kind":"plain","computed":true},"best_routes_for_router":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes learned by this router.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the router to query.","description_kind":"plain","required":true},"network":{"type":"string","description":"URI of the network to which this router belongs.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the target router.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of the target router.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"adaptive_protection_config":{"type":["list",["object",{"layer_7_ddos_defense_config":["list",["object",{"enable":"bool","rule_visibility":"string"}]]}]],"description":"Adaptive Protection Config of this security policy.","description_kind":"plain","computed":true},"advanced_options_config":{"type":["list",["object",{"json_custom_config":["list",["object",{"content_types":["set","string"]}]],"json_parsing":"string","log_level":"string","user_ip_request_headers":["set","string"]}]],"description":"Advanced Options Config of this security policy.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"recaptcha_options_config":{"type":["list",["object",{"redirect_site_key":"string"}]],"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain","computed":true},"rule":{"type":["set",["object",{"action":"string","description":"string","header_action":["list",["object",{"request_headers_to_adds":["list",["object",{"header_name":"string","header_value":"string"}]]}]],"match":["list",["object",{"config":["list",["object",{"src_ip_ranges":["set","string"]}]],"expr":["list",["object",{"expression":"string"}]],"expr_options":["list",["object",{"recaptcha_options":["list",["object",{"action_token_site_keys":["list","string"],"session_token_site_keys":["list","string"]}]]}]],"versioned_expr":"string"}]],"preview":"bool","priority":"number","rate_limit_options":["list",["object",{"ban_duration_sec":"number","ban_threshold":["list",["object",{"count":"number","interval_sec":"number"}]],"conform_action":"string","enforce_on_key":"string","enforce_on_key_name":"string","exceed_action":"string","exceed_redirect_options":["list",["object",{"target":"string","type":"string"}]],"rate_limit_threshold":["list",["object",{"count":"number","interval_sec":"number"}]]}]],"redirect_options":["list",["object",{"target":"string","type":"string"}]]}]],"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","computed":true},"source_disk_encryption_key":{"type":["list",["object",{"kms_key_service_account":"string","raw_key":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"network":{"type":"string","description_kind":"plain","computed":true},"private_ip_google_access":{"type":"bool","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_subnetworks":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"subnetworks":{"type":["list",["object",{"description":"string","ip_cidr_range":"string","name":"string","network":"string","network_self_link":"string","private_ip_google_access":"bool","self_link":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_attached_install_manifest":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"manifest":{"type":"string","description_kind":"plain","computed":true},"platform_version":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_container_attached_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_aws_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_azure_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"addons_config":{"type":["list",["object",{"cloudrun_config":["list",["object",{"disabled":"bool","load_balancer_type":"string"}]],"config_connector_config":["list",["object",{"enabled":"bool"}]],"dns_cache_config":["list",["object",{"enabled":"bool"}]],"gce_persistent_disk_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcp_filestore_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcs_fuse_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gke_backup_agent_config":["list",["object",{"enabled":"bool"}]],"horizontal_pod_autoscaling":["list",["object",{"disabled":"bool"}]],"http_load_balancing":["list",["object",{"disabled":"bool"}]],"network_policy_config":["list",["object",{"disabled":"bool"}]],"ray_operator_config":["list",["object",{"enabled":"bool","ray_cluster_logging_config":["list",["object",{"enabled":"bool"}]],"ray_cluster_monitoring_config":["list",["object",{"enabled":"bool"}]]}]],"stateful_ha_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The configuration for addons supported by GKE.","description_kind":"plain","computed":true},"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","computed":true},"authenticator_groups_config":{"type":["list",["object",{"security_group":"string"}]],"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"enabled":"bool","evaluation_mode":"string"}]],"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain","computed":true},"cluster_autoscaling":{"type":["list",["object",{"auto_provisioning_defaults":["list",["object",{"boot_disk_kms_key":"string","disk_size":"number","disk_type":"string","image_type":"string","management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool","upgrade_options":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]]}]],"min_cpu_platform":"string","oauth_scopes":["list","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]]}]],"auto_provisioning_locations":["list","string"],"autoscaling_profile":"string","enabled":"bool","resource_limits":["list",["object",{"maximum":"number","minimum":"number","resource_type":"string"}]]}]],"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain","computed":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","computed":true},"confidential_nodes":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain","computed":true},"cost_management_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Cost management configuration for the cluster.","description_kind":"plain","computed":true},"database_encryption":{"type":["list",["object",{"key_name":"string","state":"string"}]],"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain","computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","computed":true},"default_snat_status":{"type":["list",["object",{"disabled":"bool"}]],"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the cluster will fail. When the field is set to false, deleting the cluster is allowed.","description_kind":"plain","computed":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","computed":true},"dns_config":{"type":["list",["object",{"cluster_dns":"string","cluster_dns_domain":"string","cluster_dns_scope":"string"}]],"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain","computed":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","computed":true},"enable_cilium_clusterwide_network_policy":{"type":"bool","description":"Whether Cilium cluster-wide network policy is enabled on this cluster.","description_kind":"plain","computed":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","computed":true},"enable_k8s_beta_apis":{"type":["list",["object",{"enabled_apis":["set","string"]}]],"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain","computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","computed":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","computed":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","computed":true},"enable_multi_networking":{"type":"bool","description":"Whether multi-networking is enabled for this cluster.","description_kind":"plain","computed":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","computed":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string","membership_id":"string","membership_location":"string","pre_registered":"bool","project":"string"}]],"description":"Fleet configuration of the cluster.","description_kind":"plain","computed":true},"gateway_api_config":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration for GKE Gateway API controller.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_service_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain","computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","computed":true},"ip_allocation_policy":{"type":["list",["object",{"additional_pod_ranges_config":["list",["object",{"pod_range_names":["set","string"]}]],"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"services_ipv4_cidr_block":"string","services_secondary_range_name":"string","stack_type":"string"}]],"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true},"logging_config":{"type":["list",["object",{"enable_components":["list","string"]}]],"description":"Logging configuration for the cluster.","description_kind":"plain","computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"daily_maintenance_window":["list",["object",{"duration":"string","start_time":"string"}]],"maintenance_exclusion":["set",["object",{"end_time":"string","exclusion_name":"string","exclusion_options":["list",["object",{"scope":"string"}]],"start_time":"string"}]],"recurring_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]]}]],"description":"The maintenance policy to use for the cluster.","description_kind":"plain","computed":true},"master_auth":{"type":["list",["object",{"client_certificate":"string","client_certificate_config":["list",["object",{"issue_client_certificate":"bool"}]],"client_key":"string","cluster_ca_certificate":"string"}]],"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain","computed":true},"master_authorized_networks_config":{"type":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"gcp_public_cidrs_access_enabled":"bool"}]],"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain","computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"mesh_certificates":{"type":["list",["object",{"enable_certificates":"bool"}]],"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","computed":true},"monitoring_config":{"type":["list",["object",{"advanced_datapath_observability_config":["list",["object",{"enable_metrics":"bool","enable_relay":"bool","relay_mode":"string"}]],"enable_components":["list","string"],"managed_prometheus":["list",["object",{"enabled":"bool"}]]}]],"description":"Monitoring configuration for the cluster.","description_kind":"plain","computed":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","computed":true},"network_policy":{"type":["list",["object",{"enabled":"bool","provider":"string"}]],"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain","computed":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","computed":true},"node_config":{"type":["list",["object",{"advanced_machine_features":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"containerd_config":["list",["object",{"private_registry_access_config":["list",["object",{"certificate_authority_domain_config":["list",["object",{"fqdns":["list","string"],"gcp_secret_manager_certificate_config":["list",["object",{"secret_uri":"string"}]]}]],"enabled":"bool"}]]}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","insecure_kubelet_readonly_port_enabled":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"secondary_boot_disks":["list",["object",{"disk_image":"string","mode":"string"}]],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"description":"The configuration of the nodepool","description_kind":"plain","computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","computed":true},"node_pool":{"type":["list",["object",{"autoscaling":["list",["object",{"location_policy":"string","max_node_count":"number","min_node_count":"number","total_max_node_count":"number","total_min_node_count":"number"}]],"initial_node_count":"number","instance_group_urls":["list","string"],"managed_instance_group_urls":["list","string"],"management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool"}]],"max_pods_per_node":"number","name":"string","name_prefix":"string","network_config":["list",["object",{"additional_node_network_configs":["list",["object",{"network":"string","subnetwork":"string"}]],"additional_pod_network_configs":["list",["object",{"max_pods_per_node":"number","secondary_pod_range":"string","subnetwork":"string"}]],"create_pod_range":"bool","enable_private_nodes":"bool","network_performance_config":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"pod_ipv4_cidr_block":"string","pod_range":"string"}]],"node_config":["list",["object",{"advanced_machine_features":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"containerd_config":["list",["object",{"private_registry_access_config":["list",["object",{"certificate_authority_domain_config":["list",["object",{"fqdns":["list","string"],"gcp_secret_manager_certificate_config":["list",["object",{"secret_uri":"string"}]]}]],"enabled":"bool"}]]}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","insecure_kubelet_readonly_port_enabled":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"secondary_boot_disks":["list",["object",{"disk_image":"string","mode":"string"}]],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"node_count":"number","node_locations":["set","string"],"placement_policy":["list",["object",{"policy_name":"string","tpu_topology":"string","type":"string"}]],"queued_provisioning":["list",["object",{"enabled":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]],"version":"string"}]],"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain","computed":true},"node_pool_auto_config":{"type":["list",["object",{"network_tags":["list",["object",{"tags":["list","string"]}]],"node_kubelet_config":["list",["object",{"insecure_kubelet_readonly_port_enabled":"string"}]],"resource_manager_tags":["map","string"]}]],"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain","computed":true},"node_pool_defaults":{"type":["list",["object",{"node_config_defaults":["list",["object",{"containerd_config":["list",["object",{"private_registry_access_config":["list",["object",{"certificate_authority_domain_config":["list",["object",{"fqdns":["list","string"],"gcp_secret_manager_certificate_config":["list",["object",{"secret_uri":"string"}]]}]],"enabled":"bool"}]]}]],"insecure_kubelet_readonly_port_enabled":"string","logging_variant":"string"}]]}]],"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain","computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","computed":true},"notification_config":{"type":["list",["object",{"pubsub":["list",["object",{"enabled":"bool","filter":["list",["object",{"event_type":["list","string"]}]],"topic":"string"}]]}]],"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_cluster_config":{"type":["list",["object",{"enable_private_endpoint":"bool","enable_private_nodes":"bool","master_global_access_config":["list",["object",{"enabled":"bool"}]],"master_ipv4_cidr_block":"string","peering_name":"string","private_endpoint":"string","private_endpoint_subnetwork":"string","public_endpoint":"string"}]],"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"release_channel":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain","computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","computed":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","computed":true},"resource_usage_export_config":{"type":["list",["object",{"bigquery_destination":["list",["object",{"dataset_id":"string"}]],"enable_network_egress_metering":"bool","enable_resource_consumption_metering":"bool"}]],"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain","computed":true},"security_posture_config":{"type":["list",["object",{"mode":"string","vulnerability_mode":"string"}]],"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"service_external_ips_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true},"vertical_pod_autoscaling":{"type":["list",["object",{"enabled":"bool"}]],"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"workload_pool":"string"}]],"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_engine_versions":{"version":0,"block":{"attributes":{"default_cluster_version":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_master_version":{"type":"string","description_kind":"plain","computed":true},"latest_node_version":{"type":"string","description_kind":"plain","computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel_default_version":{"type":["map","string"],"description_kind":"plain","computed":true},"release_channel_latest_version":{"type":["map","string"],"description_kind":"plain","computed":true},"valid_master_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_node_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"version_prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_image":{"version":0,"block":{"attributes":{"digest":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_url":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"tag":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"repository_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_policy":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_policy":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_config":{"type":["list",["object",{"kms_key":"string"}]],"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"hive_metastore_config":{"type":["list",["object",{"auxiliary_versions":["set",["object",{"config_overrides":["map","string"],"key":"string","version":"string"}]],"config_overrides":["map","string"],"endpoint_protocol":"string","kerberos_config":["list",["object",{"keytab":["list",["object",{"cloud_secret":"string"}]],"krb5_config_gcs_uri":"string","principal":"string"}]],"version":"string"}]],"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","required":true},"maintenance_window":{"type":["list",["object",{"day_of_week":"string","hour_of_day":"number"}]],"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain","computed":true},"metadata_integration":{"type":["list",["object",{"data_catalog_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","computed":true},"network_config":{"type":["list",["object",{"consumers":["list",["object",{"endpoint_uri":"string","subnetwork":"string"}]]}]],"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","computed":true},"scaling_config":{"type":["list",["object",{"instance_size":"string","scaling_factor":"number"}]],"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain","computed":true},"scheduled_backup":{"type":["list",["object",{"backup_location":"string","cron_schedule":"string","enabled":"bool","time_zone":"string"}]],"description":"The configuration of scheduled backup for the metastore service.","description_kind":"plain","computed":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"telemetry_config":{"type":["list",["object",{"log_format":"string"}]],"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_datastream_static_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"static_ips":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"ds_record":"string","id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description_kind":"plain","computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"dns_name":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"managed_zone_id":{"type":"number","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"visibility":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_managed_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","computed":true},"managed_zones":{"type":["list",["object",{"description":"string","dns_name":"string","id":"string","managed_zone_id":"number","name":"string","name_servers":["list","string"],"project":"string","visibility":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","computed":true},"ttl":{"type":"number","description_kind":"plain","computed":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"file_shares":{"type":["list",["object",{"capacity_gb":"number","name":"string","nfs_export_options":["list",["object",{"access_mode":"string","anon_gid":"number","anon_uid":"number","ip_ranges":["list","string"],"squash_mode":"string"}]],"source_backup":"string"}]],"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"networks":{"type":["list",["object",{"connect_mode":"string","ip_addresses":["list","string"],"modes":["list","string"],"network":"string","reserved_ip_range":"string"}]],"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"folder_id":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"lookup_organization":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folders":{"version":0,"block":{"attributes":{"folders":{"type":["list",["object",{"create_time":"string","delete_time":"string","display_name":"string","etag":"string","name":"string","parent":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the MembershipBinding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the MembershipBinding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Membership binding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the membership","description_kind":"plain","required":true},"membership_binding_id":{"type":"string","description":"The client-provided identifier of the membership binding.","description_kind":"plain","required":true},"membership_id":{"type":"string","description":"Id of the membership","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the membershipbinding itself","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A Workspace resource name in the format\n'projects/*/locations/*/scopes/*'.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the membership binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the MembershipBinding was updated in UTC.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"audit_config":{"nesting_mode":"set","block":{"attributes":{"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"audit_log_configs":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description_kind":"plain","optional":true},"log_type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"binding":{"nesting_mode":"set","block":{"attributes":{"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"included_permissions":{"type":["list","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"stage":{"type":"string","description_kind":"plain","computed":true},"title":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_testable_permissions":{"version":0,"block":{"attributes":{"custom_support_level":{"type":"string","description_kind":"plain","optional":true},"full_resource_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permissions":{"type":["list",["object",{"api_disabled":"bool","custom_support_level":"string","name":"string","stage":"string","title":"string"}]],"description_kind":"plain","computed":true},"stages":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_policy":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"crypto_key_backend":{"type":"string","description":"The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.\nThe resource name is in the format \"projects/*/locations/*/ekmConnections/*\" and only applies to \"EXTERNAL_VPC\" keys.","description_kind":"plain","computed":true},"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 30 days.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","computed":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","computed":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion\nor 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version_template":{"type":["list",["object",{"algorithm":"string","protection_level":"string"}]],"description":"A template describing settings for new crypto key versions.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"protection_level":{"type":"string","description_kind":"plain","computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"state":{"type":"string","description_kind":"plain","computed":true},"version":{"type":"number","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_crypto_keys":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"\n\t\t\t\t\tThe filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}.\n\t\t\t\t\tExample values:\n\t\t\t\t\t\n\t\t\t\t\t* \"name:my-key-\" will retrieve keys that contain \"my-key-\" anywhere in their name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.\n\t\t\t\t\t* \"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1\" will only retrieve a key with that exact name.\n\t\t\t\t\t\n\t\t\t\t\t[See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)\n\t\t\t\t","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.","description_kind":"plain","required":true},"keys":{"type":["list",["object",{"crypto_key_backend":"string","destroy_scheduled_duration":"string","effective_labels":["map","string"],"id":"string","import_only":"bool","key_ring":"string","labels":["map","string"],"name":"string","primary":["list",["object",{"name":"string","state":"string"}]],"purpose":"string","rotation_period":"string","skip_initial_version_creation":"bool","terraform_labels":["map","string"],"version_template":["list",["object",{"algorithm":"string","protection_level":"string"}]]}]],"description":"A list of all the retrieved keys from the provided key ring","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_key_rings":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"\n\t\t\t\t\tThe filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}.\n\t\t\t\t\tExample values:\n\t\t\t\t\t\n\t\t\t\t\t* \"name:my-key-\" will retrieve key rings that contain \"my-key-\" anywhere in their name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}.\n\t\t\t\t\t* \"name=projects/my-project/locations/global/keyRings/my-key-ring\" will only retrieve a key ring with that exact name.\n\t\t\t\t\t\n\t\t\t\t\t[See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)\n\t\t\t\t","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_rings":{"type":["list",["object",{"id":"string","name":"string"}]],"description":"A list of all the retrieved key rings","description_kind":"plain","computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_secret":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description_kind":"plain","optional":true},"ciphertext":{"type":"string","description_kind":"plain","required":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"ciphertext":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain","deprecated":true}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_log_view_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_cmek_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","optional":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\n\t\t\t\tFor example:\n\t\t\t\t\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\n\t\t\t\tThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_sink":{"version":0,"block":{"attributes":{"bigquery_options":{"type":["list",["object",{"use_partitioned_tables":"bool"}]],"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","computed":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","computed":true},"exclusions":{"type":["list",["object",{"description":"string","disabled":"bool","filter":"string","name":"string"}]],"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","computed":true},"id":{"type":"string","description":"Required. An identifier for the resource in format: \"projects/[PROJECT_ID]/sinks/[SINK_NAME]\", \"organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME]\", \"billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_NAME]\", \"folders/[FOLDER_ID]/sinks/[SINK_NAME]\"","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","computed":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_app_engine_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"module_id":{"type":"string","description":"The ID of the App Engine module underlying this service. \nCorresponds to the 'moduleId' resource label for a 'gae_app'\nmonitored resource(see https://cloud.google.com/monitoring/api/resources#tag_gae_app)","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_cluster_istio_service":{"version":0,"block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the clusterName resource label in k8s_cluster resources.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the location resource label in k8s_cluster resources.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service. \n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_istio_canonical_service":{"version":0,"block":{"attributes":{"canonical_service":{"type":"string","description":"The name of the canonical service underlying this service.. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"canonical_service_namespace":{"type":"string","description":"The namespace of the canonical service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the Istio mesh in which this canonical service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_mesh_istio_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the mesh in which this Istio service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"sensitive_labels":{"type":["list",["object",{"auth_token":"string","password":"string","service_key":"string"}]],"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_uptime_check_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uptime_check_ips":{"type":["list",["object",{"ip_address":"string","location":"string","region":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_netblock_ip_ranges":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv4":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv6":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"range_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"directory_customer_id":{"type":"string","description_kind":"plain","computed":true},"domain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"org_id":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","optional":true},"config":{"type":["list",["object",{"subject_config":["list",["object",{"subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_config":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number","non_ca":"bool","zero_max_issuer_path_length":"bool"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the CertificateAuthority.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the CertificateAuthority will fail.\nWhen the field is set to false, deleting the CertificateAuthority is allowed.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"key_spec":{"type":["list",["object",{"algorithm":"string","cloud_kms_key_version":"string"}]],"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","computed":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"subordinate_config":{"type":["list",["object",{"certificate_authority":"string","pem_issuer_chain":["list",["object",{"pem_certificates":["list","string"]}]]}]],"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","computed":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the Project. Setting PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"PREVENT\", \"ABANDON\", \"DELETE\"","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","computed":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","optional":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"(ReadOnly) The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","computed":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_projects":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["list",["object",{"create_time":"string","labels":["map","string"],"lifecycle_state":"string","name":"string","number":"string","parent":["map","string"],"project_id":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","computed":true},"bigquery_config":{"type":["list",["object",{"drop_unknown_fields":"bool","service_account_email":"string","table":"string","use_table_schema":"bool","use_topic_schema":"bool","write_metadata":"bool"}]],"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"cloud_storage_config":{"type":["list",["object",{"avro_config":["list",["object",{"write_metadata":"bool"}]],"bucket":"string","filename_datetime_format":"string","filename_prefix":"string","filename_suffix":"string","max_bytes":"number","max_duration":"string","service_account_email":"string","state":"string"}]],"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"dead_letter_policy":{"type":["list",["object",{"dead_letter_topic":"string","max_delivery_attempts":"number"}]],"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","computed":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","computed":true},"expiration_policy":{"type":["list",["object",{"ttl":"string"}]],"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"push_config":{"type":["list",["object",{"attributes":["map","string"],"no_wrapper":["list",["object",{"write_metadata":"bool"}]],"oidc_token":["list",["object",{"audience":"string","service_account_email":"string"}]],"push_endpoint":"string"}]],"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain","computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","computed":true},"retry_policy":{"type":["list",["object",{"maximum_backoff":"string","minimum_backoff":"string"}]],"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingestion_data_source_settings":{"type":["list",["object",{"aws_kinesis":["list",["object",{"aws_role_arn":"string","consumer_arn":"string","gcp_service_account":"string","stream_arn":"string"}]]}]],"description":"Settings for ingestion from a data source into this topic.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","computed":true},"message_storage_policy":{"type":["list",["object",{"allowed_persistence_regions":["list","string"]}]],"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"schema_settings":{"type":["list",["object",{"encoding":"string","schema":"string"}]],"description":"Settings for validating messages published against a schema.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","computed":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"create_time":"string","description":"string","update_time":"string","weekly_maintenance_window":["list",["object",{"day":"string","duration":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]]}]],"description":"Maintenance policy for an instance.","description_kind":"plain","computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"The self service update maintenance version.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_config":{"type":["list",["object",{"persistence_mode":"string","rdb_next_snapshot_time":"string","rdb_snapshot_period":"string","rdb_snapshot_start_time":"string"}]],"description":"Persistence configuration for an instance.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","computed":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"replication":{"type":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain","computed":true},"rotation":{"type":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain","computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topics":{"type":["list",["object",{"name":"string"}]],"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","computed":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"destroy_time":{"type":"string","description_kind":"plain","computed":true},"enabled":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_version_access":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secrets":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"Filter string, adhering to the rules in List-operation filtering (https://cloud.google.com/secret-manager/docs/filtering).\nList only secrets matching the filter. If filter is empty, all secrets are listed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secrets":{"type":["list",["object",{"annotations":["map","string"],"create_time":"string","effective_annotations":["map","string"],"effective_labels":["map","string"],"expire_time":"string","labels":["map","string"],"name":"string","project":"string","replication":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"rotation":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"secret_id":"string","terraform_labels":["map","string"],"topics":["list",["object",{"name":"string"}]],"ttl":"string","version_aliases":["map","string"],"version_destroy_ttl":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description_kind":"plain","required":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_account_access_token":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifetime":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["set","string"],"description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_id_token":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"include_email":{"type":"bool","description_kind":"plain","optional":true},"target_audience":{"type":"string","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_account_jwt":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"expires_in":{"type":"number","description":"Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expires_in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwt":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"payload":{"type":"string","description":"A JSON-encoded JWT claims set that will be included in the signed JWT.","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description_kind":"plain","computed":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_site_verification_token":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier":{"type":"string","description":"The site identifier. If the type is set to SITE, the identifier is a URL. If the type is\nset to INET_DOMAIN, the identifier is a domain name.","description_kind":"plain","required":true},"token":{"type":"string","description":"The returned token for use in subsequent verification steps.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of resource to be verified, either a domain or a web site. Possible values: [\"INET_DOMAIN\", \"SITE\"]","description_kind":"plain","required":true},"verification_method":{"type":"string","description":"The verification method for the Site Verification system to use to verify\nthis site or domain. Possible values: [\"ANALYTICS\", \"DNS_CNAME\", \"DNS_TXT\", \"FILE\", \"META\", \"TAG_MANAGER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_configs":{"type":["set",["object",{"message_format":"string","service_account_email":"string","topic":"string"}]],"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"autoscaling_config":{"type":["list",["object",{"autoscaling_limits":["list",["object",{"max_nodes":"number","max_processing_units":"number","min_nodes":"number","min_processing_units":"number"}]],"autoscaling_targets":["list",["object",{"high_priority_cpu_utilization_percent":"number","storage_utilization_percent":"number"}]]}]],"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain","computed":true},"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","optional":true},"default_backup_schedule_type":{"type":"string","description":"Controls the default backup behavior for new databases within the instance.\nNote that 'AUTOMATIC' is not permitted for free instances, as backups and backup schedules are not allowed for free instances.\nif unset or NONE, no default backup schedule will be created for new databases within the instance. Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","required":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_backup_run":{"version":0,"block":{"attributes":{"backup_id":{"type":"number","description":"The identifier for this backup run. Unique only for a specific Cloud SQL instance. If left empty and multiple backups exist for the instance, most_recent must be set to true.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"Name of the database instance.","description_kind":"plain","required":true},"location":{"type":"string","description":"Location of the backups.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description":"Toggles use of the most recent backup run if multiple backups exist for a Cloud SQL instance.","description_kind":"plain","optional":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time the backup operation actually started in UTC timezone in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of this run.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_ca_certs":{"version":0,"block":{"attributes":{"active_version":{"type":"string","description_kind":"plain","computed":true},"certs":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"clone":{"type":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","computed":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","computed":true},"replica_configuration":{"type":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"description":"The configuration for replication.","description_kind":"plain","computed":true},"restore_backup_context":{"type":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"description_kind":"plain","computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true},"settings":{"type":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","enable_dataplex_integration":"bool","enable_google_ml_integration":"bool","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","server_ca_mode":"string","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]],"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance_latest_recovery_time":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"latest_recovery_time":{"type":"string","description":"Timestamp, identifies the latest recovery time of the source instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database_instances":{"version":0,"block":{"attributes":{"database_version":{"type":"string","description":"To filter out the database instances which are of the specified database version.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"available_maintenance_versions":["list","string"],"clone":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"connection_name":"string","database_version":"string","deletion_protection":"bool","dns_name":"string","encryption_key_name":"string","first_ip_address":"string","instance_type":"string","ip_address":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"maintenance_version":"string","master_instance_name":"string","name":"string","private_ip_address":"string","project":"string","psc_service_attachment_link":"string","public_ip_address":"string","region":"string","replica_configuration":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"restore_backup_context":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"root_password":"string","self_link":"string","server_ca_cert":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"service_account_email_address":"string","settings":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","enable_dataplex_integration":"bool","enable_google_ml_integration":"bool","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","server_ca_mode":"string","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project that contains the instances.","description_kind":"plain","optional":true},"region":{"type":"string","description":"To filter out the database instances which are located in this specified region.","description_kind":"plain","optional":true},"state":{"type":"string","description":"To filter out the database instances based on the current state of the database instance, valid values include : \"SQL_INSTANCE_STATE_UNSPECIFIED\", \"RUNNABLE\", \"SUSPENDED\", \"PENDING_DELETE\", \"PENDING_CREATE\", \"MAINTENANCE\" and \"FAILED\".","description_kind":"plain","optional":true},"tier":{"type":"string","description":"To filter out the database instances based on the machine type.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"To filter out the database instances which are located in this specified zone.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_databases":{"version":0,"block":{"attributes":{"databases":{"type":["list",["object",{"charset":"string","collation":"string","deletion_policy":"string","instance":"string","name":"string","project":"string","self_link":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL database instance in which the database belongs.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_tiers":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project ID of the project for which to list tiers.","description_kind":"plain","optional":true,"computed":true},"tiers":{"type":["list",["object",{"disk_quota":"number","ram":"number","region":["list","string"],"tier":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket":{"version":2,"block":{"attributes":{"autoclass":{"type":["list",["object",{"enabled":"bool","terminal_storage_class":"string"}]],"description":"The bucket's autoclass configuration.","description_kind":"plain","computed":true},"cors":{"type":["list",["object",{"max_age_seconds":"number","method":["list","string"],"origin":["list","string"],"response_header":["list","string"]}]],"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain","computed":true},"custom_placement_config":{"type":["list",["object",{"data_locations":["set","string"]}]],"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain","computed":true},"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","computed":true},"encryption":{"type":["list",["object",{"default_kms_key_name":"string"}]],"description":"The bucket's encryption configuration.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","computed":true},"lifecycle_rule":{"type":["list",["object",{"action":["set",["object",{"storage_class":"string","type":"string"}]],"condition":["set",["object",{"age":"number","created_before":"string","custom_time_before":"string","days_since_custom_time":"number","days_since_noncurrent_time":"number","matches_prefix":["list","string"],"matches_storage_class":["list","string"],"matches_suffix":["list","string"],"no_age":"bool","noncurrent_time_before":"string","num_newer_versions":"number","send_age_if_zero":"bool","send_days_since_custom_time_if_zero":"bool","send_days_since_noncurrent_time_if_zero":"bool","send_num_newer_versions_if_zero":"bool","with_state":"string"}]]}]],"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","computed":true},"logging":{"type":["list",["object",{"log_bucket":"string","log_object_prefix":"string"}]],"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"project_number":{"type":"number","description":"The project number of the project in which the resource belongs.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","computed":true},"retention_policy":{"type":["list",["object",{"is_locked":"bool","retention_period":"number"}]],"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain","computed":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"soft_delete_policy":{"type":["list",["object",{"effective_time":"string","retention_duration_seconds":"number"}]],"description":"The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true},"versioning":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's Versioning configuration.","description_kind":"plain","computed":true},"website":{"type":["list",["object",{"main_page_suffix":"string","not_found_page":"string"}]],"description":"Configuration if the bucket acts as a website.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","optional":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","computed":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of this object. Used for object versioning and soft delete.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","optional":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object_content":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of this object. Used for object versioning and soft delete.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_objects":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"bucket_objects":{"type":["list",["object",{"content_type":"string","media_link":"string","name":"string","self_link":"string","storage_class":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_glob":{"type":"string","description_kind":"plain","optional":true},"prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_buckets":{"version":0,"block":{"attributes":{"buckets":{"type":["list",["object",{"labels":["map","string"],"location":"string","name":"string","self_link":"string","storage_class":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_managed_folder_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_object_signed_url":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"content_md5":{"type":"string","description_kind":"plain","optional":true},"content_type":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"duration":{"type":"string","description_kind":"plain","optional":true},"extension_headers":{"type":["map","string"],"description_kind":"plain","optional":true},"http_method":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description_kind":"plain","required":true},"signed_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_project_service_account":{"version":0,"block":{"attributes":{"email_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"user_project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_transfer_project_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subject_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keys":{"type":["list",["object",{"create_time":"string","description":"string","name":"string","namespaced_name":"string","parent":"string","purpose":"string","purpose_data":["map","string"],"short_name":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_values":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"values":{"type":["list",["object",{"create_time":"string","description":"string","name":"string","namespaced_name":"string","parent":"string","short_name":"string","update_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tpu_tensorflow_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"versions":{"type":["list","string"],"description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"metadata":{"type":["list",["object",{"config":["list",["object",{"algorithm_config":["list",["object",{"brute_force_config":["list",["object",{}]],"tree_ah_config":["list",["object",{"leaf_node_embedding_count":"number","leaf_nodes_to_search_percent":"number"}]]}]],"approximate_neighbors_count":"number","dimensions":"number","distance_measure_type":"string","feature_norm_type":"string","shard_size":"string"}]],"contents_delta_uri":"string","is_complete_overwrite":"bool"}]],"description":"An additional information about the Index","description_kind":"plain","computed":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"node_type_configs":{"type":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","computed":true},"destination_ip_ranges":{"type":["list",["object",{"external_address":"string","ip_address_range":"string"}]],"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain","computed":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list",["object",{"ip_address":"string","ip_address_range":"string"}]],"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain","computed":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","computed":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","computed":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","computed":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","computed":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","computed":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","computed":true},"external_ip":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internet_access":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_nsx_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains NSX.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"deletion_delay_hours":{"type":"number","description":"The number of hours to delay this request. You can set this value to an hour between 0 to 8, where setting it to 0 starts the deletion request immediately. If no value is set, a default value is set at the API Level.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","computed":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"management_cluster":{"type":["list",["object",{"cluster_id":"string","node_type_configs":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"stretched_cluster_config":["list",["object",{"preferred_location":"string","secondary_location":"string"}]]}]],"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"network_config":{"type":["list",["object",{"dns_server_ip":"string","management_cidr":"string","management_ip_address_layout_version":"number","vmware_engine_network":"string","vmware_engine_network_canonical":"string"}]],"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain","computed":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"send_deletion_delay_hours_if_zero":{"type":"bool","description":"While set true, deletion_delay_hours value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the deletion_delay_hours field. It can be used both alone and together with deletion_delay_hours.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\", \"STRETCHED\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_vcenter_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains vcenter.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be\nhigher than the value specified by min_instances.","description_kind":"plain","computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300. Refers to the expected throughput\nwhen using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by\nmin_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of\nmax_throughput is discouraged in favor of max_instances.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be\nlower than the value specified by max_instances.","description_kind":"plain","computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type.\nValue must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and\nmin_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true},"subnet":{"type":["list",["object",{"name":"string","project_id":"string"}]],"description":"The subnet in which to house the connector","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}}}}}} +{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/google":{"provider":{"version":0,"block":{"attributes":{"access_approval_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_context_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_token":{"type":"string","description_kind":"plain","optional":true},"active_directory_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"add_terraform_attribution_label":{"type":"bool","description_kind":"plain","optional":true},"alloydb_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apigee_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apikeys_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"app_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apphub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"artifact_registry_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"assured_workloads_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"backup_dr_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"beyondcorp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"big_query_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"biglake_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_analytics_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_connection_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_data_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_datapolicy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_reservation_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigtable_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_project":{"type":"string","description_kind":"plain","optional":true},"binary_authorization_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"blockchain_node_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"certificate_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_asset_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_worker_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_functions_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_identity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_ids_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_quotas_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_scheduler_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_tasks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudbuildv2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddeploy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddomains_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudfunctions2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"composer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"compute_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_analysis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_attached_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_aws_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_azure_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"core_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true},"data_catalog_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_fusion_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_loss_prevention_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_pipeline_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"database_migration_service_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataplex_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_gdc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_metastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastream_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"default_labels":{"type":["map","string"],"description_kind":"plain","optional":true},"deployment_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"developer_connect_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_cx_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"discovery_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dns_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_warehouse_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgecontainer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgenetwork_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"essential_contacts_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"eventarc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"filestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebase_app_check_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebaserules_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_backup_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkehub_feature_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkeonprem_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"healthcare_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam3_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_beta_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_credentials_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_workforce_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iap_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"identity_platform_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account_delegates":{"type":["list","string"],"description_kind":"plain","optional":true},"integration_connectors_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"integrations_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"kms_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"logging_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"looker_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"managed_kafka_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"memcache_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"memorystore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"migration_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"ml_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"monitoring_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"netapp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_connectivity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_security_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_services_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"notebooks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"oracle_database_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"org_policy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_config_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_login_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"parallelstore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privateca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privileged_access_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_ca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_lite_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"recaptcha_enterprise_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"redis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"request_reason":{"type":"string","description_kind":"plain","optional":true},"request_timeout":{"type":"string","description_kind":"plain","optional":true},"resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"resource_manager_v3_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description_kind":"plain","optional":true},"secret_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"secret_manager_regional_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"secure_source_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"securityposture_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_networking_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_usage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"site_verification_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"source_repo_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"spanner_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"sql_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_insights_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_location_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"terraform_attribution_label_addition_strategy":{"type":"string","description_kind":"plain","optional":true},"tpu_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"transcoder_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"universe_domain":{"type":"string","description_kind":"plain","optional":true},"user_project_override":{"type":"bool","description_kind":"plain","optional":true},"vertex_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vmwareengine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vpc_access_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workbench_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workflows_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"zone":{"type":"string","description_kind":"plain","optional":true}},"block_types":{"batching":{"nesting_mode":"list","block":{"attributes":{"enable_batching":{"type":"bool","description_kind":"plain","optional":true},"send_after":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"resource_schemas":{"google_access_context_manager_access_level":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true},"require_verified_chrome_os":{"type":"bool","description":"If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.","description_kind":"plain","optional":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_level_condition":{"version":0,"block":{"attributes":{"access_level":{"type":"string","description":"The name of the Access Level to add this condition to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_levels":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"access_levels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1}},"description":"The desired Access Levels that should replace all existing Access Levels in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the AccessPolicy. Format: '{{policy_id}}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of this AccessPolicy in the Cloud Resource Hierarchy.\nFormat: 'organizations/{{organization_id}}'","description_kind":"plain","required":true},"scopes":{"type":["list","string"],"description":"Folder or project on which this policy is applicable.\nFormat: 'folders/{{folder_id}}' or 'projects/{{project_number}}'","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Does not affect behavior.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_authorized_orgs_desc":{"version":0,"block":{"attributes":{"asset_type":{"type":"string","description":"The type of entities that need to use the authorization relationship during\nevaluation, such as a device. Valid values are \"ASSET_TYPE_DEVICE\" and\n\"ASSET_TYPE_CREDENTIAL_STRENGTH\". Possible values: [\"ASSET_TYPE_DEVICE\", \"ASSET_TYPE_CREDENTIAL_STRENGTH\"]","description_kind":"plain","optional":true},"authorization_direction":{"type":"string","description":"The direction of the authorization relationship between this organization\nand the organizations listed in the \"orgs\" field. The valid values for this\nfield include the following:\n\nAUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic\nin the organizations listed in the 'orgs' field.\n\nAUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the 'orgs'\nfield to evaluate the traffic in this organization.\n\nFor the authorization relationship to take effect, all of the organizations\nmust authorize and specify the appropriate relationship direction. For\nexample, if organization A authorized organization B and C to evaluate its\ntraffic, by specifying \"AUTHORIZATION_DIRECTION_TO\" as the authorization\ndirection, organizations B and C must specify\n\"AUTHORIZATION_DIRECTION_FROM\" as the authorization direction in their\n\"AuthorizedOrgsDesc\" resource. Possible values: [\"AUTHORIZATION_DIRECTION_TO\", \"AUTHORIZATION_DIRECTION_FROM\"]","description_kind":"plain","optional":true},"authorization_type":{"type":"string","description":"A granular control type for authorization levels. Valid value is \"AUTHORIZATION_TYPE_TRUST\". Possible values: [\"AUTHORIZATION_TYPE_TRUST\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the 'AuthorizedOrgsDesc'. Format:\n'accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}'.\nThe 'authorized_orgs_desc' component must begin with a letter, followed by\nalphanumeric characters or '_'.\nAfter you create an 'AuthorizedOrgsDesc', you cannot change its 'name'.","description_kind":"plain","required":true},"orgs":{"type":["list","string"],"description":"The list of organization ids in this AuthorizedOrgsDesc.\nFormat: 'organizations/\u003corg_number\u003e'\nExample: 'organizations/123456'","description_kind":"plain","optional":true},"parent":{"type":"string","description":"Required. Resource name for the access policy which owns this 'AuthorizedOrgsDesc'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_egress_policy":{"version":0,"block":{"attributes":{"egress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_gcp_user_access_binding":{"version":0,"block":{"attributes":{"access_levels":{"type":["list","string"],"description":"Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\"","description_kind":"plain","required":true},"group_key":{"type":"string","description":"Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\"","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","description_kind":"plain","computed":true},"organization_id":{"type":"string","description":"Required. ID of the parent organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"Identities can be an individual user, service account, Google group,\nor third-party identity. For third-party identity, only single identities\nare supported and other identity types are not supported.The v1 identities\nthat have the prefix user, group and serviceAccount in\nhttps://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"Identities can be an individual user, service account, Google group,\nor third-party identity. For third-party identity, only single identities\nare supported and other identity types are not supported.The v1 identities\nthat have the prefix user, group and serviceAccount in\nhttps://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects and VPCs are allowed.\nProject format: 'projects/{projectNumber}'\nVPC network format:\n'//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}'.\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_dry_run_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"Identities can be an individual user, service account, Google group,\nor third-party identity. For third-party identity, only single identities\nare supported and other identity types are not supported.The v1 identities\nthat have the prefix user, group and serviceAccount in\nhttps://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_dry_run_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"Identities can be an individual user, service account, Google group,\nor third-party identity. For third-party identity, only single identities\nare supported and other identity types are not supported.The v1 identities\nthat have the prefix user, group and serviceAccount in\nhttps://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_dry_run_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"Identities can be an individual user, service account, Google group,\nor third-party identity. For third-party identity, only single identities\nare supported and other identity types are not supported.The v1 identities\nthat have the prefix user, group and serviceAccount in\nhttps://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"Identities can be an individual user, service account, Google group,\nor third-party identity. For third-party identity, only single identities\nare supported and other identity types are not supported.The v1 identities\nthat have the prefix user, group and serviceAccount in\nhttps://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects and VPCs are allowed.\nProject format: 'projects/{projectNumber}'\nVPC network format:\n'//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}'.\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeters":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"service_perimeters":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"Identities can be an individual user, service account, Google group,\nor third-party identity. For third-party identity, only single identities\nare supported and other identity types are not supported.The v1 identities\nthat have the prefix user, group and serviceAccount in\nhttps://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"set","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1}},"description":"The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain":{"version":0,"block":{"attributes":{"admin":{"type":"string","description":"The name of delegated administrator account used to perform Active Directory operations.\nIf not specified, setupadmin will be used.","description_kind":"plain","optional":true},"authorized_networks":{"type":["set","string"],"description":"The full names of the Google Compute Engine networks the domain instance is connected to. The domain is only available on networks listed in authorizedNetworks.\nIf CIDR subnets overlap between networks, domain creation will fail.","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the domain. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the domain,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the domain will fail.\nWhen the field is set to false, deleting the domain is allowed.","description_kind":"plain","optional":true},"domain_name":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions\nof https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"fqdn":{"type":"string","description":"The fully-qualified domain name of the exposed domain used by clients to connect to the service.\nSimilar to what would be chosen for an Active Directory set up on an internal network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels that can contain user-provided metadata\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"locations":{"type":["list","string"],"description":"Locations where domain needs to be provisioned. [regions][compute/docs/regions-zones/]\ne.g. us-west1 or us-east4 Service supports up to 4 locations at once. Each location will use a /26 block.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique name of the domain using the format: 'projects/{project}/locations/global/domains/{domainName}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger.\nRanges must be unique and non-overlapping with existing subnets in authorizedNetworks","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain_trust":{"version":0,"block":{"attributes":{"domain":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions\nof https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selective_authentication":{"type":"bool","description":"Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.","description_kind":"plain","optional":true},"target_dns_ip_addresses":{"type":["set","string"],"description":"The target DNS server IP addresses which can resolve the remote domain involved in the trust.","description_kind":"plain","required":true},"target_domain_name":{"type":"string","description":"The fully qualified target domain name which will be in trust with the current domain.","description_kind":"plain","required":true},"trust_direction":{"type":"string","description":"The trust direction, which decides if the current domain is trusted, trusting, or both. Possible values: [\"INBOUND\", \"OUTBOUND\", \"BIDIRECTIONAL\"]","description_kind":"plain","required":true},"trust_handshake_secret":{"type":"string","description":"The trust secret used for the handshake with the target domain. This will not be stored.","description_kind":"plain","required":true,"sensitive":true},"trust_type":{"type":"string","description":"The type of trust represented by the trust resource. Possible values: [\"FOREST\", \"EXTERNAL\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_backup":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_id":{"type":"string","description":"The ID of the alloydb backup.","description_kind":"plain","required":true},"cluster_name":{"type":"string","description":"The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).","description_kind":"plain","required":true},"cluster_uid":{"type":"string","description":"Output only. The system-generated UID of the cluster which was used to create this resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Delete time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the backup.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Backup.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"expiry_quantity":{"type":["list",["object",{"retention_count":"number","total_retention_count":"number"}]],"description":"Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy.\nOnce the expiry quantity is over retention, the backup is eligible to be garbage collected.","description_kind":"plain","computed":true},"expiry_time":{"type":"string","description":"Output only. The time at which after the backup is eligible to be garbage collected.\nIt is the duration specified by the backup's retention policy, added to the backup's createTime.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb backup. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb backup should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"size_bytes":{"type":"string","description":"Output only. The size of the backup in bytes.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the backup.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The backup type, which suggests the trigger for the backup. Possible values: [\"TYPE_UNSPECIFIED\", \"ON_DEMAND\", \"AUTOMATED\", \"CONTINUOUS\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_source":{"type":["list",["object",{"backup_name":"string"}]],"description":"Cluster created from backup.","description_kind":"plain","computed":true},"cluster_id":{"type":"string","description":"The ID of the alloydb cluster.","description_kind":"plain","required":true},"cluster_type":{"type":"string","description":"The type of cluster. If not set, defaults to PRIMARY. Default value: \"PRIMARY\" Possible values: [\"PRIMARY\", \"SECONDARY\"]","description_kind":"plain","optional":true},"continuous_backup_info":{"type":["list",["object",{"earliest_restorable_time":"string","enabled_time":"string","encryption_info":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"schedule":["list","string"]}]],"description":"ContinuousBackupInfo describes the continuous backup properties of a cluster.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the cluster should be deleted forcefully.\nDeleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster.\nDeleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = \"FORCE\" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.\nPossible values: DEFAULT, FORCE","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb cluster should reside.","description_kind":"plain","required":true},"migration_source":{"type":["list",["object",{"host_port":"string","reference_id":"string","source_type":"string"}]],"description":"Cluster created via DMS migration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster resource.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation).\nSet to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current serving state of the cluster.","description_kind":"plain","computed":true},"subscription_type":{"type":"string","description":"The subscrition type of cluster. Possible values: [\"TRIAL\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"trial_metadata":{"type":["list",["object",{"end_time":"string","grace_end_time":"string","start_time":"string","upgrade_time":"string"}]],"description":"Contains information and all metadata related to TRIAL clusters.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"list","block":{"attributes":{"backup_window":{"type":"string","description":"The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"enabled":{"type":"bool","description":"Whether automated backups are enabled.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to backups created using this configuration.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"quantity_based_retention":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of backups to retain.","description_kind":"plain","optional":true}},"description":"Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"time_based_retention":{"nesting_mode":"list","block":{"attributes":{"retention_period":{"type":"string","description":"The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"block_types":{"start_times":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).","description_kind":"plain"},"min_items":1}},"description":"Weekly schedule for the Backup.","description_kind":"plain"},"max_items":1}},"description":"The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.","description_kind":"plain"},"max_items":1},"continuous_backup_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether continuous backup recovery is enabled. If not set, defaults to true.","description_kind":"plain","optional":true},"recovery_window_days":{"type":"number","description":"The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1}},"description":"The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","optional":true}},"description":"Initial user to setup during cluster creation.","description_kind":"plain"},"max_items":1},"maintenance_update_policy":{"nesting_mode":"list","block":{"block_types":{"maintenance_windows":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Preferred windows to perform maintenance. Currently limited to 1.","description_kind":"plain"}}},"description":"MaintenanceUpdatePolicy defines the policy for system updates.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated IP range for the private IP AlloyDB cluster. For example: \"google-managed-services-default\".\nIf set, the instance IPs for this cluster will be created in the allocated range.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: \"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true}},"description":"Metadata related to network configuration.","description_kind":"plain"},"max_items":1},"psc_config":{"nesting_mode":"list","block":{"attributes":{"psc_enabled":{"type":"bool","description":"Create an instance that allows connections from Private Service Connect endpoints to the instance.","description_kind":"plain","optional":true}},"description":"Configuration for Private Service Connect (PSC) for the cluster.","description_kind":"plain"},"max_items":1},"restore_backup_source":{"nesting_mode":"list","block":{"attributes":{"backup_name":{"type":"string","description":"The name of the backup that this cluster is restored from.","description_kind":"plain","required":true}},"description":"The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"restore_continuous_backup_source":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The name of the source cluster that this cluster is restored from.","description_kind":"plain","required":true},"point_in_time":{"type":"string","description":"The point in time that this cluster is restored to, in RFC 3339 format.","description_kind":"plain","required":true}},"description":"The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"secondary_config":{"nesting_mode":"list","block":{"attributes":{"primary_cluster_name":{"type":"string","description":"Name of the primary cluster must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true}},"description":"Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_instance":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"]","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"database_flags":{"type":["map","string"],"description":"Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Instance.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gce_zone":{"type":"string","description":"The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The ID of the alloydb instance.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"The type of the instance.\nIf the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the 'depends_on' meta-data attribute.\nIf the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY.\nExample: {instance_type = google_alloydb_cluster.\u003csecondary_cluster_name\u003e.cluster_type} instead of {instance_type = SECONDARY}\nIf the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead.\nUse deletion_policy = \"FORCE\" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.\nUsers can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. Possible values: [\"PRIMARY\", \"READ_POOL\", \"SECONDARY\"]","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb instance.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance resource.","description_kind":"plain","computed":true},"outbound_public_ip_addresses":{"type":["list","string"],"description":"The outbound public IP addresses for the instance. This is available ONLY when\nnetworkConfig.enableOutboundPublicIp is set to true. These IP addresses are used\nfor outbound connections.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"The public IP addresses for the Instance. This is available ONLY when\nnetworkConfig.enablePublicIp is set to true. This is the connection\nendpoint for an end-user application.","description_kind":"plain","computed":true},"reconciling":{"type":"bool","description":"Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the alloydb instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"client_connection_config":{"nesting_mode":"list","block":{"attributes":{"require_connectors":{"type":"bool","description":"Configuration to enforce connectors only (ex: AuthProxy) connections to the database.","description_kind":"plain","optional":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ssl_mode":{"type":"string","description":"SSL mode. Specifies client-server SSL/TLS connection behavior. Possible values: [\"ENCRYPTED_ONLY\", \"ALLOW_UNENCRYPTED_AND_ENCRYPTED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"SSL config option for this instance.","description_kind":"plain"},"max_items":1}},"description":"Client connection specific configurations.","description_kind":"plain"},"max_items":1},"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","optional":true,"computed":true}},"description":"Configurations for the machines that host the underlying database engine.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"enable_outbound_public_ip":{"type":"bool","description":"Enabling outbound public ip for the instance.","description_kind":"plain","optional":true},"enable_public_ip":{"type":"bool","description":"Enabling public ip for the instance. If a user wishes to disable this,\nplease also clear the list of the authorized external networks set on\nthe same instance.","description_kind":"plain","optional":true}},"block_types":{"authorized_external_networks":{"nesting_mode":"list","block":{"attributes":{"cidr_range":{"type":"string","description":"CIDR range for one authorized network of the instance.","description_kind":"plain","optional":true}},"description":"A list of external networks authorized to access this instance. This\nfield is only allowed to be set when 'enable_public_ip' is set to\ntrue.","description_kind":"plain"}}},"description":"Instance level network configuration.","description_kind":"plain"},"max_items":1},"psc_instance_config":{"nesting_mode":"list","block":{"attributes":{"allowed_consumer_projects":{"type":["list","string"],"description":"List of consumer projects that are allowed to create PSC endpoints to service-attachments to this instance.\nThese should be specified as project numbers only.","description_kind":"plain","optional":true},"psc_dns_name":{"type":"string","description":"The DNS name of the instance for PSC connectivity.\nName convention: \u003cuid\u003e.\u003cuid\u003e.\u003cregion\u003e.alloydb-psc.goog","description_kind":"plain","computed":true},"service_attachment_link":{"type":"string","description":"The service attachment created when Private Service Connect (PSC) is enabled for the instance.\nThe name of the resource will be in the format of\n'projects/\u003calloydb-tenant-project-number\u003e/regions/\u003cregion-name\u003e/serviceAttachments/\u003cservice-attachment-name\u003e'","description_kind":"plain","computed":true}},"description":"Configuration for Private Service Connect (PSC) for the instance.","description_kind":"plain"},"max_items":1},"query_insights_config":{"nesting_mode":"list","block":{"attributes":{"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.","description_kind":"plain","optional":true},"query_string_length":{"type":"number","description":"Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"Record application tags for an instance. This flag is turned \"on\" by default.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"Record client address for an instance. Client address is PII information. This flag is turned \"on\" by default.","description_kind":"plain","optional":true}},"description":"Configuration for query insights.","description_kind":"plain"},"max_items":1},"read_pool_config":{"nesting_mode":"list","block":{"attributes":{"node_count":{"type":"number","description":"Read capacity, i.e. number of nodes in a read pool instance.","description_kind":"plain","optional":true}},"description":"Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_user":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"database_roles":{"type":["list","string"],"description":"List of database roles this database user has.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Password for this database user.","description_kind":"plain","optional":true},"user_id":{"type":"string","description":"The database role name of the user.","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The type of this user. Possible values: [\"ALLOYDB_BUILT_IN\", \"ALLOYDB_IAM_USER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_addons_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"advanced_api_ops_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"api_security_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"connectors_platform_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"integration_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"monetization_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1}},"description":"Addon configurations of the Apigee organization.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_api":{"version":0,"block":{"attributes":{"config_bundle":{"type":"string","description":"Path to the config zip bundle","description_kind":"plain","required":true},"detect_md5hash":{"type":"string","description":"A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_revision_id":{"type":"string","description":"The id of the most recently created revision for this API proxy.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded config bundle.","description_kind":"plain","computed":true},"meta_data":{"type":["list",["object",{"created_at":"string","last_modified_at":"string","sub_type":"string"}]],"description":"Metadata describing the API proxy.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the API proxy. This field only accepts the following characters: A-Za-z0-9._-.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee instance.","description_kind":"plain","required":true},"revision":{"type":["list","string"],"description":"A list of revisions of this API proxy.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_app_group":{"version":0,"block":{"attributes":{"app_group_id":{"type":"string","description":"Internal identifier that cannot be edited","description_kind":"plain","computed":true},"channel_id":{"type":"string","description":"Channel identifier identifies the owner maintaining this grouping.","description_kind":"plain","optional":true},"channel_uri":{"type":"string","description":"A reference to the associated storefront/marketplace.","description_kind":"plain","optional":true},"created_at":{"type":"string","description":"Created time as milliseconds since epoch.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"App group name displayed in the UI","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modified_at":{"type":"string","description":"Modified time as milliseconds since epoch.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the AppGroup. Characters you can use in the name are restricted to: A-Z0-9._-$ %.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee app group,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"organization":{"type":"string","description":"App group name displayed in the UI","description_kind":"plain","computed":true},"status":{"type":"string","description":"Valid values are active or inactive. Note that the status of the AppGroup should be updated via UpdateAppGroupRequest by setting the action as active or inactive. Possible values: [\"active\", \"inactive\"]","description_kind":"plain","optional":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Key of the attribute","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the attribute","description_kind":"plain","optional":true}},"description":"A list of attributes","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_developer":{"version":0,"block":{"attributes":{"created_at":{"type":"string","description":"Time at which the developer was created in milliseconds since epoch.","description_kind":"plain","computed":true},"email":{"type":"string","description":"Email address of the developer. This value is used to uniquely identify the developer in Apigee hybrid. Note that the email address has to be in lowercase only..","description_kind":"plain","required":true},"first_name":{"type":"string","description":"First name of the developer.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modified_at":{"type":"string","description":"Time at which the developer was last modified in milliseconds since epoch.","description_kind":"plain","computed":true},"last_name":{"type":"string","description":"Last name of the developer.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"organizatio_name":{"type":"string","description":"Name of the Apigee organization in which the developer resides.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Status of the developer. Valid values are active and inactive.","description_kind":"plain","computed":true},"user_name":{"type":"string","description":"User name of the developer. Not used by Apigee hybrid.","description_kind":"plain","required":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Key of the attribute","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the attribute","description_kind":"plain","optional":true}},"description":"Developer attributes (name/value pairs). The custom attribute limit is 18.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_endpoint_attachment":{"version":0,"block":{"attributes":{"connection_state":{"type":"string","description":"State of the endpoint attachment connection to the service attachment.","description_kind":"plain","computed":true},"endpoint_attachment_id":{"type":"string","description":"ID of the endpoint attachment.","description_kind":"plain","required":true},"host":{"type":"string","description":"Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the endpoint attachment.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Endpoint Attachment in the following format:\norganizations/{organization}/endpointAttachments/{endpointAttachment}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"service_attachment":{"type":"string","description":"Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_keystore":{"version":0,"block":{"attributes":{"aliases":{"type":["list","string"],"description":"Aliases in this keystore.","description_kind":"plain","computed":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created keystore.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_references":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Optional. A human-readable description of this reference.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"refers":{"type":"string","description":"Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup":{"version":0,"block":{"attributes":{"hostnames":{"type":["list","string"],"description":"Hostnames of the environment group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment group.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment group,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup_attachment":{"version":0,"block":{"attributes":{"envgroup_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'.","description_kind":"plain","required":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment":{"version":0,"block":{"attributes":{"api_proxy_type":{"type":"string","description":"Optional. API Proxy type supported by the environment. The type can be set when creating\nthe Environment and cannot be changed. Possible values: [\"API_PROXY_TYPE_UNSPECIFIED\", \"PROGRAMMABLE\", \"CONFIGURABLE\"]","description_kind":"plain","optional":true,"computed":true},"deployment_type":{"type":"string","description":"Optional. Deployment type supported by the environment. The deployment type can be\nset when creating the environment and cannot be changed. When you enable archive\ndeployment, you will be prevented from performing a subset of actions within the\nenvironment, including:\nManaging the deployment of API proxy or shared flow revisions;\nCreating, updating, or deleting resource files;\nCreating, updating, or deleting target servers. Possible values: [\"DEPLOYMENT_TYPE_UNSPECIFIED\", \"PROXY\", \"ARCHIVE\"]","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the environment.","description_kind":"plain","optional":true},"forward_proxy_uri":{"type":"string","description":"Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of \"http\" or \"https\", and the port must be supplied.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"type":{"type":"string","description":"Types that can be selected for an Environment. Each of the types are\nlimited by capability and capacity. Refer to Apigee's public documentation\nto understand about each of these types in details.\nAn Apigee org can support heterogeneous Environments. Possible values: [\"ENVIRONMENT_TYPE_UNSPECIFIED\", \"BASE\", \"INTERMEDIATE\", \"COMPREHENSIVE\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_config":{"nesting_mode":"list","block":{"attributes":{"current_aggregate_node_count":{"type":"string","description":"The current total number of gateway nodes that each environment currently has across\nall instances.","description_kind":"plain","computed":true},"max_node_count":{"type":"string","description":"The maximum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended maximum number of nodes for that gateway.","description_kind":"plain","optional":true},"min_node_count":{"type":"string","description":"The minimum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended minimum number of nodes for that gateway.","description_kind":"plain","optional":true}},"description":"NodeConfig for setting the min/max number of nodes associated with the environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_iam_binding":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_member":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apigee_environment_keyvaluemaps":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. ID of the key value map.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_keyvaluemaps_entries":{"version":0,"block":{"attributes":{"env_keyvaluemap_id":{"type":"string","description":"The Apigee environment keyvalumaps Id associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}/keyvaluemaps/{{keyvaluemap_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. Resource URI that can be used to identify the scope of the key value map entries.","description_kind":"plain","required":true},"value":{"type":"string","description":"Required. Data or payload that is being retrieved and associated with the unique key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_flowhook":{"version":0,"block":{"attributes":{"continue_on_error":{"type":"bool","description":"Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the flow hook.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"flow_hook_point":{"type":"string","description":"Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the environment","description_kind":"plain","required":true},"sharedflow":{"type":"string","description":"Id of the Sharedflow attaching to a flowhook point.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance":{"version":0,"block":{"attributes":{"consumer_accept_list":{"type":["list","string"],"description":"Optional. Customer accept list represents the list of projects (id/number) on customer\nside that can privately connect to the service attachment. It is an optional field\nwhich the customers can provide during the instance creation. By default, the customer\nproject associated with the Apigee organization will be included to the list.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the instance.","description_kind":"plain","optional":true},"disk_encryption_key_name":{"type":"string","description":"Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the instance.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_range":{"type":"string","description":"IP range represents the customer-provided CIDR block of length 22 that will be used for\nthe Apigee instance creation. This optional range, if provided, should be freely\navailable as part of larger named range the customer has allocated to the Service\nNetworking peering. If this is not provided, Apigee will automatically request for any\navailable /22 CIDR block from Service Networking. The customer should use this CIDR block\nfor configuring their firewall needs to allow traffic from Apigee.\nInput format: \"a.b.c.d/22\"","description_kind":"plain","optional":true},"location":{"type":"string","description":"Required. Compute Engine location where the instance resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource ID of the instance.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"peering_cidr_range":{"type":"string","description":"The size of the CIDR block range that will be reserved by the instance. For valid values,\nsee [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"string","description":"Output only. Port number of the exposed Apigee endpoint.","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Output only. Resource name of the service attachment created for the instance in\nthe format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately\nforward traffic to this service attachment using the PSC endpoints.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance_attachment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_key_cert_file":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"cert":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Private Key content, omit if uploading to truststore","description_kind":"plain","optional":true,"sensitive":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"certs_info":{"nesting_mode":"list","block":{"block_types":{"cert_info":{"nesting_mode":"list","block":{"attributes":{"basic_constraints":{"type":"string","description":"X.509 basic constraints extension.","description_kind":"plain","optional":true,"computed":true},"expiry_date":{"type":"string","description":"X.509 notAfter validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"is_valid":{"type":"string","description":"Flag that specifies whether the certificate is valid. \nFlag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"X.509 issuer.","description_kind":"plain","optional":true,"computed":true},"public_key":{"type":"string","description":"Public key component of the X.509 subject public key info.","description_kind":"plain","optional":true,"computed":true},"serial_number":{"type":"string","description":"X.509 serial number.","description_kind":"plain","optional":true,"computed":true},"sig_alg_name":{"type":"string","description":"X.509 signatureAlgorithm.","description_kind":"plain","optional":true,"computed":true},"subject":{"type":"string","description":"X.509 subject.","description_kind":"plain","optional":true,"computed":true},"subject_alternative_names":{"type":["list","string"],"description":"X.509 subject alternative names (SANs) extension.","description_kind":"plain","optional":true,"computed":true},"valid_from":{"type":"string","description":"X.509 notBefore validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"X.509 version.","description_kind":"plain","optional":true,"computed":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Chain of certificates under this alias.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_pkcs12":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"file":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"filehash":{"type":"string","description":"Hash of the pkcs file","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_self_signed_cert":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias for the key/certificate pair. Values must match the regular expression [\\w\\s-.]{1,255}.\nThis must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either\nthis parameter or the JSON body.","description_kind":"plain","required":true},"cert_validity_in_days":{"type":"number","description":"Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.","description_kind":"plain","optional":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The Apigee environment name","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"string","description":"Key size. Default and maximum value is 2048 bits.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"The Apigee keystore name associated in an Apigee environment","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee environment","description_kind":"plain","required":true},"sig_alg":{"type":"string","description":"Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA","description_kind":"plain","required":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"Common name of the organization. Maximum length is 64 characters.","description_kind":"plain","optional":true},"country_code":{"type":"string","description":"Two-letter country code. Example, IN for India, US for United States of America.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address. Max 255 characters.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"City or town name. Maximum length is 128 characters.","description_kind":"plain","optional":true},"org":{"type":"string","description":"Organization name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"org_unit":{"type":"string","description":"Organization team name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State or district name. Maximum length is 128 characters.","description_kind":"plain","optional":true}},"description":"Subject details.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alternative_dns_names":{"nesting_mode":"list","block":{"attributes":{"subject_alternative_name":{"type":"string","description":"Subject Alternative Name","description_kind":"plain","optional":true}},"description":"List of alternative host names. Maximum length is 255 characters for each value.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_nat_address":{"version":0,"block":{"attributes":{"activate":{"type":"bool","description":"Flag that specifies whether the reserved NAT address should be activate.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The allocated NAT IP address.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource ID of the NAT address.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the NAT IP address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_organization":{"version":0,"block":{"attributes":{"analytics_region":{"type":"string","description":"Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).","description_kind":"plain","optional":true},"api_consumer_data_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting API consumer data.","description_kind":"plain","optional":true},"api_consumer_data_location":{"type":"string","description":"This field is needed only for customers using non-default data residency regions.\nApigee stores some control plane data only in single region.\nThis field determines which single region Apigee should use.","description_kind":"plain","optional":true},"apigee_project_id":{"type":"string","description":"Output only. Project ID of the Apigee Tenant Project.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"Compute Engine network used for Service Networking to be peered with Apigee runtime instances.\nSee [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).\nValid only when 'RuntimeType' is set to CLOUD. The value can be updated only when there are no runtime instances. For example: \"default\".","description_kind":"plain","optional":true},"billing_type":{"type":"string","description":"Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).","description_kind":"plain","optional":true,"computed":true},"ca_certificate":{"type":"string","description":"Output only. Base64-encoded public certificate for the root CA of the Apigee organization.\nValid only when 'RuntimeType' is CLOUD. A base64-encoded string.","description_kind":"plain","computed":true},"control_plane_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting control plane data that is stored in a multi region.\nOnly used for the data residency region \"US\" or \"EU\".","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the Apigee organization.","description_kind":"plain","optional":true},"disable_vpc_peering":{"type":"bool","description":"Flag that specifies whether the VPC Peering through Private Google Access should be\ndisabled between the consumer network and Apigee. Required if an 'authorizedNetwork'\non the consumer project is not provided, in which case the flag should be set to 'true'.\nValid only when 'RuntimeType' is set to CLOUD. The value must be set before the creation\nof any Apigee runtime instance and can be updated only when there are no runtime instances.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Apigee organization.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Name of the Apigee organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID associated with the Apigee organization.","description_kind":"plain","required":true},"retention":{"type":"string","description":"Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType\nis not EVALUATION). It controls how long Organization data will be retained after the initial delete\noperation completes. During this period, the Organization may be restored to its last known state.\nAfter this period, the Organization will no longer be able to be restored. Default value: \"DELETION_RETENTION_UNSPECIFIED\" Possible values: [\"DELETION_RETENTION_UNSPECIFIED\", \"MINIMUM\"]","description_kind":"plain","optional":true},"runtime_database_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.\nUpdate is not allowed after the organization is created.\nIf not specified, a Google-Managed encryption key will be used.\nValid only when 'RuntimeType' is CLOUD. For example: 'projects/foo/locations/us/keyRings/bar/cryptoKeys/baz'.","description_kind":"plain","optional":true},"runtime_type":{"type":"string","description":"Runtime type of the Apigee organization based on the Apigee subscription purchased. Default value: \"CLOUD\" Possible values: [\"CLOUD\", \"HYBRID\"]","description_kind":"plain","optional":true},"subscription_type":{"type":"string","description":"Output only. Subscription type of the Apigee organization.\nValid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"block_types":{"property":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the property.","description_kind":"plain","optional":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Properties defined in the Apigee organization profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow":{"version":0,"block":{"attributes":{"config_bundle":{"type":"string","description":"Path to the config zip bundle","description_kind":"plain","required":true},"detect_md5hash":{"type":"string","description":"A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_revision_id":{"type":"string","description":"The id of the most recently created revision for this shared flow.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded config bundle.","description_kind":"plain","computed":true},"meta_data":{"type":["list",["object",{"created_at":"string","last_modified_at":"string","sub_type":"string"}]],"description":"Metadata describing the shared flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the shared flow.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee instance.","description_kind":"plain","required":true},"revision":{"type":["list","string"],"description":"A list of revisions of this shared flow.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow_deployment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance","description_kind":"plain","required":true},"revision":{"type":"string","description":"Revision of the Sharedflow to be deployed.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com.","description_kind":"plain","optional":true},"sharedflow_id":{"type":"string","description":"Id of the Sharedflow to be deployed.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sync_authorization":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other.\nUsed internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identities":{"type":["list","string"],"description":"Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'.\n\nThe 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com\n\nYou might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.\n\nThe service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts).","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_target_server":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of this TargetServer.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"host":{"type":"string","description":"The host name this target connects to. Value must be a valid hostname as described by RFC-1123.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_enabled":{"type":"bool","description":"Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive.","description_kind":"plain","required":true},"protocol":{"type":"string","description":"Immutable. The protocol used by this TargetServer. Possible values: [\"HTTP\", \"HTTP2\", \"GRPC_TARGET\", \"GRPC\", \"EXTERNAL_CALLOUT\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"s_sl_info":{"nesting_mode":"list","block":{"attributes":{"ciphers":{"type":["list","string"],"description":"The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3.","description_kind":"plain","optional":true},"client_auth_enabled":{"type":"bool","description":"Enables two-way TLS.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables TLS. If false, neither one-way nor two-way TLS will be enabled.","description_kind":"plain","required":true},"ignore_validation_errors":{"type":"bool","description":"If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails.","description_kind":"plain","optional":true},"key_alias":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert.","description_kind":"plain","optional":true},"key_store":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID of the keystore.","description_kind":"plain","optional":true},"protocols":{"type":["list","string"],"description":"The TLS versioins to be used.","description_kind":"plain","optional":true},"trust_store":{"type":"string","description":"The resource ID of the truststore.","description_kind":"plain","optional":true}},"block_types":{"common_name":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The TLS Common Name string of the certificate.","description_kind":"plain","optional":true},"wildcard_match":{"type":"bool","description":"Indicates whether the cert should be matched against as a wildcard cert.","description_kind":"plain","optional":true}},"description":"The TLS Common Name of the certificate.","description_kind":"plain"},"max_items":1}},"description":"Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apikeys_key":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human-readable display name of this API key. Modifiable by user.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_string":{"type":"string","description":"Output only. An encrypted and signed value held by this key. This field can be accessed only through the `GetKeyString` method.","description_kind":"plain","computed":true,"sensitive":true},"name":{"type":"string","description":"The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. Unique id in UUID4 format.","description_kind":"plain","computed":true}},"block_types":{"restrictions":{"nesting_mode":"list","block":{"block_types":{"android_key_restrictions":{"nesting_mode":"list","block":{"block_types":{"allowed_applications":{"nesting_mode":"list","block":{"attributes":{"package_name":{"type":"string","description":"The package name of the application.","description_kind":"plain","required":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter.","description_kind":"plain","required":true}},"description":"A list of Android applications that are allowed to make API calls with this key.","description_kind":"plain"},"min_items":1}},"description":"The Android apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"api_targets":{"nesting_mode":"list","block":{"attributes":{"methods":{"type":["list","string"],"description":"Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.","description_kind":"plain","required":true}},"description":"A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed.","description_kind":"plain"}},"browser_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_referrers":{"type":["list","string"],"description":"A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The HTTP referrers (websites) that are allowed to use the key.","description_kind":"plain"},"max_items":1},"ios_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_bundle_ids":{"type":["list","string"],"description":"A list of bundle IDs that are allowed when making API calls with this key.","description_kind":"plain","required":true}},"description":"The iOS apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"server_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_ips":{"type":["list","string"],"description":"A list of the caller IP addresses that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The IP addresses of callers that are allowed to use the key.","description_kind":"plain"},"max_items":1}},"description":"Key restrictions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"Identifier of the app.","description_kind":"plain","computed":true},"auth_domain":{"type":"string","description":"The domain to authenticate users with when using App Engine's User API.","description_kind":"plain","optional":true,"computed":true},"code_bucket":{"type":"string","description":"The GCS bucket code is being stored in for this app.","description_kind":"plain","computed":true},"database_type":{"type":"string","description_kind":"plain","optional":true,"computed":true},"default_bucket":{"type":"string","description":"The GCS bucket content is being stored in for this app.","description_kind":"plain","computed":true},"default_hostname":{"type":"string","description":"The default hostname for this app.","description_kind":"plain","computed":true},"gcr_domain":{"type":"string","description":"The GCR domain used for storing managed Docker images for this app.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location_id":{"type":"string","description":"The location to serve the app from.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique name of the app.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID to create the application under.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"The serving status of the app.","description_kind":"plain","optional":true,"computed":true},"url_dispatch_rule":{"type":["list",["object",{"domain":"string","path":"string","service":"string"}]],"description":"A list of dispatch rule blocks. Each block has a domain, path, and service field.","description_kind":"plain","computed":true}},"block_types":{"feature_settings":{"nesting_mode":"list","block":{"attributes":{"split_health_checks":{"type":"bool","description_kind":"plain","required":true}},"description":"A block of optional settings to configure specific App Engine features:","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Adapted for use with the app","description_kind":"plain","optional":true},"oauth2_client_id":{"type":"string","description":"OAuth2 client ID to use for the authentication flow.","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"Hex-encoded SHA-256 hash of the client secret.","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application_url_dispatch_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dispatch_rules":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name to match against. The wildcard \"*\" is supported if specified before a period: \"*.\".\nDefaults to matching all domains: \"*\".","description_kind":"plain","optional":true},"path":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true},"service":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true}},"description":"Rules to match an HTTP request and dispatch that request to a service.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_domain_mapping":{"version":0,"block":{"attributes":{"domain_name":{"type":"string","description":"Relative name of the domain serving the application. Example: example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com.","description_kind":"plain","computed":true},"override_strategy":{"type":"string","description":"Whether the domain creation should override any existing mappings for this domain.\nBy default, overrides are rejected. Default value: \"STRICT\" Possible values: [\"STRICT\", \"OVERRIDE\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_records":{"type":["list",["object",{"name":"string","rrdata":"string","type":"string"}]],"description":"The resource records required to configure this domain mapping. These records must be added to the domain's DNS\nconfiguration in order to serve the application via this domain mapping.","description_kind":"plain","computed":true}},"block_types":{"ssl_settings":{"nesting_mode":"list","block":{"attributes":{"certificate_id":{"type":"string","description":"ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will\nremove SSL support.\nBy default, a managed certificate is automatically created for every domain mapping. To omit SSL support\nor to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be\nauthorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource.\nExample: 12345.","description_kind":"plain","optional":true,"computed":true},"pending_managed_certificate_id":{"type":"string","description":"ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new\nmanaged certificate has been successfully provisioned, the previous SSL state will be preserved. Once the\nprovisioning process completes, the 'certificateId' field will reflect the new managed certificate and this\nfield will be left empty. To remove SSL support while there is still a pending managed certificate, clear the\n'certificateId' field with an update request.","description_kind":"plain","computed":true},"ssl_management_type":{"type":"string","description":"SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned.\nIf 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: [\"AUTOMATIC\", \"MANUAL\"]","description_kind":"plain","required":true}},"description":"SSL configuration for this domain. If unconfigured, this domain will not serve with SSL.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_firewall_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to take if this rule matches. Possible values: [\"UNSPECIFIED_ACTION\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional string description of this rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"A positive integer that defines the order of rule evaluation.\nRules with the lowest priority are evaluated first.\n\nA default rule at priority Int32.MaxValue matches all IPv4 and\nIPv6 traffic when no previous rule matches. Only the action of\nthis rule can be modified by the user.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_range":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_flexible_app_version":{"version":0,"block":{"attributes":{"beta_settings":{"type":["map","string"],"description":"Metadata settings that are supplied to this version to enable beta runtime features.","description_kind":"plain","optional":true},"default_expiration":{"type":"string","description":"Duration that static files should be cached by web proxies and browsers.\nOnly applicable if the corresponding StaticFilesHandler does not specify its own expiration time.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application. As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nManualScaling: B1, B2, B4, B8, B4_1G\nDefaults to F1 for AutomaticScaling and B1 for ManualScaling.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"nobuild_files_regex":{"type":"string","description":"Files that match this pattern will not be built into this version. Only applicable for Go runtimes.","description_kind":"plain","optional":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true,"computed":true},"runtime_channel":{"type":"string","description":"The channel of the runtime to use. Only available for some runtimes.","description_kind":"plain","optional":true},"runtime_main_executable_path":{"type":"string","description":"The path or name of the app's main executable.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource. Can contain numbers, letters, and hyphens.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as\ndefault if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value: \"SERVING\" Possible values: [\"SERVING\", \"STOPPED\"]","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens.\nReserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"api_config":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Action to take when users access resources that require authentication. Default value: \"AUTH_FAIL_ACTION_REDIRECT\" Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Level of login required to access this resource. Default value: \"LOGIN_OPTIONAL\" Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"script":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL to serve the endpoint at.","description_kind":"plain","optional":true}},"description":"Serving configuration for Google Cloud Endpoints.","description_kind":"plain"},"max_items":1},"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The time period that the Autoscaler should wait before it starts collecting information from a new instance.\nThis prevents the autoscaler from collecting information when the instance is initializing,\nduring which the collected usage would not be reliable. Default: 120s","description_kind":"plain","optional":true},"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true,"computed":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"max_total_instances":{"type":"number","description":"Maximum number of instances that should be started to handle requests for this version. Default: 20","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"min_total_instances":{"type":"number","description":"Minimum number of running instances that should be maintained for this version. Default: 2","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"aggregation_window_length":{"type":"string","description":"Period of time over which CPU utilization is calculated.","description_kind":"plain","optional":true},"target_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1.","description_kind":"plain","required":true}},"description":"Target scaling by CPU usage.","description_kind":"plain"},"min_items":1,"max_items":1},"disk_utilization":{"nesting_mode":"list","block":{"attributes":{"target_read_bytes_per_second":{"type":"number","description":"Target bytes read per second.","description_kind":"plain","optional":true},"target_read_ops_per_second":{"type":"number","description":"Target ops read per seconds.","description_kind":"plain","optional":true},"target_write_bytes_per_second":{"type":"number","description":"Target bytes written per second.","description_kind":"plain","optional":true},"target_write_ops_per_second":{"type":"number","description":"Target ops written per second.","description_kind":"plain","optional":true}},"description":"Target scaling by disk usage.","description_kind":"plain"},"max_items":1},"network_utilization":{"nesting_mode":"list","block":{"attributes":{"target_received_bytes_per_second":{"type":"number","description":"Target bytes received per second.","description_kind":"plain","optional":true},"target_received_packets_per_second":{"type":"number","description":"Target packets received per second.","description_kind":"plain","optional":true},"target_sent_bytes_per_second":{"type":"number","description":"Target bytes sent per second.","description_kind":"plain","optional":true},"target_sent_packets_per_second":{"type":"number","description":"Target packets sent per second.","description_kind":"plain","optional":true}},"description":"Target scaling by network usage.","description_kind":"plain"},"max_items":1},"request_utilization":{"nesting_mode":"list","block":{"attributes":{"target_concurrent_requests":{"type":"number","description":"Target number of concurrent requests.","description_kind":"plain","optional":true},"target_request_count_per_second":{"type":"string","description":"Target requests per second.","description_kind":"plain","optional":true}},"description":"Target scaling by request utilization.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"cloud_build_options":{"nesting_mode":"list","block":{"attributes":{"app_yaml_path":{"type":"string","description":"Path to the yaml file used in deployment, used to determine runtime configuration details.","description_kind":"plain","required":true},"cloud_build_timeout":{"type":"string","description":"The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly.","description_kind":"plain"},"max_items":1},"container":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest.\nExamples: \"gcr.io/my-project/image:tag\" or \"gcr.io/my-project/image@digest\"","description_kind":"plain","required":true}},"description":"The Docker image for the container that runs the version.","description_kind":"plain"},"max_items":1},"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"endpoints_api_service":{"nesting_mode":"list","block":{"attributes":{"config_id":{"type":"string","description":"Endpoints service configuration ID as specified by the Service Management API. For example \"2016-09-19r1\".\n\nBy default, the rollout strategy for Endpoints is \"FIXED\". This means that Endpoints starts up with a particular configuration ID.\nWhen a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID\nand is required in this case.\n\nEndpoints also has a rollout strategy called \"MANAGED\". When using this, Endpoints fetches the latest configuration and does not need\nthe configuration ID. In this case, configId must be omitted.","description_kind":"plain","optional":true},"disable_trace_sampling":{"type":"bool","description":"Enable or disable trace sampling. By default, this is set to false for enabled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Endpoints service name which is the name of the \"service\" resource in the Service Management API.\nFor example \"myapi.endpoints.myproject.cloud.goog\"","description_kind":"plain","required":true},"rollout_strategy":{"type":"string","description":"Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value: \"FIXED\" Possible values: [\"FIXED\", \"MANAGED\"]","description_kind":"plain","optional":true}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"max_items":1},"flexible_runtime_settings":{"nesting_mode":"list","block":{"attributes":{"operating_system":{"type":"string","description":"Operating System of the application runtime.","description_kind":"plain","optional":true},"runtime_version":{"type":"string","description":"The runtime version of an App Engine flexible application.","description_kind":"plain","optional":true}},"description":"Runtime settings for App Engine flexible environment.","description_kind":"plain"},"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are\nuploaded as static data and are only served to end users; they cannot be read by the application. If enabled,\nuploads are charged against both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".\nDefault is '0s'","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory.\nThe path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files.\nStatic file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"liveness_check":{"nesting_mode":"list","block":{"attributes":{"check_interval":{"type":"string","description":"Interval between health checks.","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"initial_delay":{"type":"string","description":"The initial delay before starting to execute the checks. Default: \"300s\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before considering the VM healthy. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances.","description_kind":"plain"},"min_items":1,"max_items":1},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"forwarded_ports":{"type":["list","string"],"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain","optional":true},"instance_tag":{"type":"string","description":"Tag to apply to the instance during creation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path.","description_kind":"plain","required":true},"session_affinity":{"type":"bool","description":"Enable session affinity.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path.\n\nIf the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range.\nIf the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network.\nIf the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork.\nIf specified, the subnetwork must exist in the same region as the App Engine flexible environment application.","description_kind":"plain","optional":true}},"description":"Extra network settings","description_kind":"plain"},"max_items":1},"readiness_check":{"nesting_mode":"list","block":{"attributes":{"app_start_timeout":{"type":"string","description":"A maximum time limit on application initialization, measured from moment the application successfully\nreplies to a healthcheck until it is ready to serve traffic. Default: \"300s\"","description_kind":"plain","optional":true},"check_interval":{"type":"string","description":"Interval between health checks. Default: \"5s\".","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before removing traffic. Default: 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before receiving traffic. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation.","description_kind":"plain"},"min_items":1,"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"Number of CPU cores needed.","description_kind":"plain","optional":true},"disk_gb":{"type":"number","description":"Disk size (GB) needed.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) needed.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Unique name for the volume.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Volume size in gigabytes.","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"Underlying volume type, e.g. 'tmpfs'.","description_kind":"plain","required":true}},"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain"}}},"description":"Machine resources for a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_app_engine_service_network_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"network_settings":{"nesting_mode":"list","block":{"attributes":{"ingress_traffic_allowed":{"type":"string","description":"The ingress settings for version or service. Default value: \"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\" Possible values: [\"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\", \"INGRESS_TRAFFIC_ALLOWED_ALL\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB\"]","description_kind":"plain","optional":true}},"description":"Ingress settings for this service. Will apply to all versions.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_service_split_traffic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"migrate_traffic":{"type":"bool","description":"If set to true traffic will be migrated to this version.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"split":{"nesting_mode":"list","block":{"attributes":{"allocations":{"type":["map","string"],"description":"Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.","description_kind":"plain","required":true},"shard_by":{"type":"string","description":"Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values: [\"UNSPECIFIED\", \"COOKIE\", \"IP\", \"RANDOM\"]","description_kind":"plain","optional":true}},"description":"Mapping that defines fractional HTTP traffic diversion to different versions within the service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_standard_app_version":{"version":0,"block":{"attributes":{"app_engine_apis":{"type":"bool","description":"Allows App Engine second generation runtimes to access the legacy bundled services.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nBasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8\nDefaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"threadsafe":{"type":"bool","description":"Whether multiple requests can be dispatched to this version at once.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"standard_scheduler_settings":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances to run for this version. Set to zero to disable minInstances configuration.","description_kind":"plain","optional":true},"target_cpu_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true},"target_throughput_utilization":{"type":"number","description":"Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true}},"description":"Scheduler settings for standard environment.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"basic_scaling":{"nesting_mode":"list","block":{"attributes":{"idle_timeout":{"type":"string","description":"Duration of time after the last request that an instance must wait before the instance is shut down.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum number of instances to create for this version. Must be in the range [1.0, 200.0].","description_kind":"plain","required":true}},"description":"Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"min_items":1,"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"min_items":1,"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as\nstatic data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged\nagainst both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"libraries":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the library. Example \"django\".","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of the library to select, or \"latest\".","description_kind":"plain","optional":true}},"description":"Configuration for third-party Python runtime libraries that are required by the application.","description_kind":"plain"}},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"egress_setting":{"type":"string","description":"The egress setting for the connector, controlling what traffic is diverted through it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apphub_application":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Required. The Application identifier.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. User-defined description of an Application.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-defined name for the Application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Application state. \n Possible values:\n STATE_UNSPECIFIED\nCREATING\nACTIVE\nDELETING","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (in UUID4 format) for the 'Application'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"scope":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Required. Scope Type. \n Possible values:\nREGIONAL\nGLOBAL Possible values: [\"REGIONAL\", \"GLOBAL\"]","description_kind":"plain","required":true}},"description":"Scope of an application.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_service":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-defined description of a Service.","description_kind":"plain","optional":true},"discovered_service":{"type":"string","description":"Immutable. The resource name of the original discovered service.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User-defined name for the Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of a Service. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}/services/{service-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The Service identifier.","description_kind":"plain","required":true},"service_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description":"Properties of an underlying cloud resource that can comprise a Service.","description_kind":"plain","computed":true},"service_reference":{"type":["list",["object",{"uri":"string"}]],"description":"Reference to an underlying networking resource that can comprise a Service.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Service state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (UUID) for the 'Service' in the UUID4\nformat.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_service_project_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"\"Identifier. The resource name of a ServiceProjectAttachment. Format:\\\"projects/{host-project-id}/locations/global/serviceProjectAttachments/{service-project-id}.\\\"\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"\"Immutable. Service project name in the format: \\\"projects/abc\\\"\nor \\\"projects/123\\\". As input, project name with either project id or number\nare accepted. As output, this field will contain project number.\"","description_kind":"plain","optional":true},"service_project_attachment_id":{"type":"string","description":"Required. The service project attachment identifier must contain the project_id of the service project specified in the service_project_attachment.service_project field. Hint: \"projects/{project_id}\"","description_kind":"plain","required":true},"state":{"type":"string","description":"ServiceProjectAttachment state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier (in UUID4 format) for the 'ServiceProjectAttachment'.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_workload":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-defined description of a Workload.","description_kind":"plain","optional":true},"discovered_workload":{"type":"string","description":"Immutable. The resource name of the original discovered workload.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User-defined name for the Workload.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of the Workload. Format:\"projects/{host-project-id}/locations/{location}/applications/{application-id}/workloads/{workload-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Workload state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (UUID) for the 'Workload' in the UUID4 format.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true},"workload_id":{"type":"string","description":"The Workload identifier.","description_kind":"plain","required":true},"workload_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description":"Properties of an underlying compute resource represented by the Workload.","description_kind":"plain","computed":true},"workload_reference":{"type":["list",["object",{"uri":"string"}]],"description":"Reference of an underlying compute resource represented by the Workload.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are 'asia', 'europe', and 'us'.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\n[google_artifact_registry_locations](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/artifact_registry_locations)\ndata source for possible values.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"cleanup_policies":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Policy action. Possible values: [\"DELETE\", \"KEEP\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"newer_than":{"type":"string","description":"Match versions newer than a duration.","description_kind":"plain","optional":true},"older_than":{"type":"string","description":"Match versions older than a duration.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_prefixes":{"type":["list","string"],"description":"Match versions by tag prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_state":{"type":"string","description":"Match versions by tag status. Default value: \"ANY\" Possible values: [\"TAGGED\", \"UNTAGGED\", \"ANY\"]","description_kind":"plain","optional":true},"version_name_prefixes":{"type":["list","string"],"description":"Match versions by version name prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for matching versions.","description_kind":"plain"},"max_items":1},"most_recent_versions":{"nesting_mode":"list","block":{"attributes":{"keep_count":{"type":"number","description":"Minimum number of versions to keep.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for retaining a minimum number of versions. May only be\nspecified with a Keep action.","description_kind":"plain"},"max_items":1}},"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain"}},"docker_config":{"nesting_mode":"list","block":{"attributes":{"immutable_tags":{"type":"bool","description":"The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.","description_kind":"plain","optional":true}},"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain"},"max_items":1},"maven_config":{"nesting_mode":"list","block":{"attributes":{"allow_snapshot_overwrites":{"type":"bool","description":"The repository with this flag will allow publishing the same\nsnapshot versions.","description_kind":"plain","optional":true},"version_policy":{"type":"string","description":"Version policy defines the versions that the registry will accept. Default value: \"VERSION_POLICY_UNSPECIFIED\" Possible values: [\"VERSION_POLICY_UNSPECIFIED\", \"RELEASE\", \"SNAPSHOT\"]","description_kind":"plain","optional":true}},"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain"},"max_items":1},"remote_repository_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the remote source.","description_kind":"plain","optional":true},"disable_upstream_validation":{"type":"bool","description":"If true, the remote repository upstream and upstream credentials will\nnot be validated.","description_kind":"plain","optional":true}},"block_types":{"apt_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Apt, e.g. '\"debian/dists/buster\"' Possible values: [\"DEBIAN\", \"UBUNTU\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base.","description_kind":"plain","required":true}},"description":"One of the publicly available Apt repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Apt remote repository.","description_kind":"plain"},"max_items":1},"common_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"One of:\na. Artifact Registry Repository resource, e.g. 'projects/UPSTREAM_PROJECT_ID/locations/REGION/repositories/UPSTREAM_REPOSITORY'\nb. URI to the registry, e.g. '\"https://registry-1.docker.io\"'\nc. URI to Artifact Registry Repository, e.g. '\"https://REGION-docker.pkg.dev/UPSTREAM_PROJECT_ID/UPSTREAM_REPOSITORY\"'","description_kind":"plain","required":true}},"description":"Specific settings for an Artifact Registory remote repository.","description_kind":"plain"},"max_items":1},"docker_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"DOCKER_HUB\" Possible values: [\"DOCKER_HUB\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://registry-1.docker.io\"'","description_kind":"plain","optional":true}},"description":"[Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Docker remote repository.","description_kind":"plain"},"max_items":1},"maven_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"MAVEN_CENTRAL\" Possible values: [\"MAVEN_CENTRAL\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://repo.maven.apache.org/maven2\"'","description_kind":"plain","optional":true}},"description":"[Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Maven remote repository.","description_kind":"plain"},"max_items":1},"npm_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"NPMJS\" Possible values: [\"NPMJS\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://registry.npmjs.org\"'","description_kind":"plain","optional":true}},"description":"[Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Npm remote repository.","description_kind":"plain"},"max_items":1},"python_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"PYPI\" Possible values: [\"PYPI\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://pypi.io\"'","description_kind":"plain","optional":true}},"description":"[Deprecated, please use commonRepository instead] Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Python remote repository.","description_kind":"plain"},"max_items":1},"upstream_credentials":{"nesting_mode":"list","block":{"block_types":{"username_password_credentials":{"nesting_mode":"list","block":{"attributes":{"password_secret_version":{"type":"string","description":"The Secret Manager key version that holds the password to access the\nremote repository. Must be in the format of\n'projects/{project}/secrets/{secret}/versions/{version}'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to access the remote repository.","description_kind":"plain","optional":true}},"description":"Use username and password to access the remote repository.","description_kind":"plain"},"max_items":1}},"description":"The credentials used to access the remote repository.","description_kind":"plain"},"max_items":1},"yum_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Yum. Possible values: [\"CENTOS\", \"CENTOS_DEBUG\", \"CENTOS_VAULT\", \"CENTOS_STREAM\", \"ROCKY\", \"EPEL\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base, e.g. '\"pub/rocky/9/BaseOS/x86_64/os\"'","description_kind":"plain","required":true}},"description":"One of the publicly available Yum repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Yum remote repository.","description_kind":"plain"},"max_items":1}},"description":"Configuration specific for a Remote Repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_repository_config":{"nesting_mode":"list","block":{"block_types":{"upstream_policies":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The user-provided ID of the upstream policy.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"Entries with a greater priority value take precedence in the pull order.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"A reference to the repository resource, for example:\n\"projects/p1/locations/us-central1/repository/repo1\".","description_kind":"plain","optional":true}},"description":"Policies that configure the upstream artifacts distributed by the Virtual\nRepository. Upstream policies cannot be set on a standard repository.","description_kind":"plain"}}},"description":"Configuration specific for a Virtual Repository.","description_kind":"plain"},"max_items":1},"vulnerability_scanning_config":{"nesting_mode":"list","block":{"attributes":{"enablement_config":{"type":"string","description":"This configures whether vulnerability scanning is automatically performed for artifacts pushed to this repository. Possible values: [\"INHERITED\", \"DISABLED\"]","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"This field returns whether scanning is active for this repository.","description_kind":"plain","computed":true},"enablement_state_reason":{"type":"string","description":"This provides an explanation for the state of scanning on this repository.","description_kind":"plain","computed":true}},"description":"Configuration for vulnerability scanning of artifacts stored in this repository.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_assured_workloads_workload":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.","description_kind":"plain","optional":true},"compliance_regime":{"type":"string","description":"Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075","description_kind":"plain","required":true},"compliance_status":{"type":["list",["object",{"acknowledged_violation_count":["list","number"],"active_violation_count":["list","number"]}]],"description":"Output only. Count of active Violations in the Workload.","description_kind":"plain","computed":true},"compliant_but_disallowed_services":{"type":["list","string"],"description":"Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Immutable. The Workload creation timestamp.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"ekm_provisioning_response":{"type":["list",["object",{"ekm_provisioning_error_domain":"string","ekm_provisioning_error_mapping":"string","ekm_provisioning_state":"string"}]],"description":"Optional. Represents the Ekm Provisioning State of the given workload.","description_kind":"plain","computed":true},"enable_sovereign_controls":{"type":"bool","description":"Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kaj_enrollment_state":{"type":"string","description":"Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels applied to the workload.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workload.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for the resource","description_kind":"plain","required":true},"partner":{"type":"string","description":"Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN, SOVEREIGN_CONTROLS_BY_CNTXT, SOVEREIGN_CONTROLS_BY_CNTXT_NO_EKM","description_kind":"plain","optional":true},"partner_services_billing_account":{"type":"string","description":"Optional. Input only. Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC.","description_kind":"plain","optional":true},"provisioned_resources_parent":{"type":"string","description":"Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}","description_kind":"plain","optional":true},"resources":{"type":["list",["object",{"resource_id":"number","resource_type":"string"}]],"description":"Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.","description_kind":"plain","computed":true},"saa_enrollment_response":{"type":["list",["object",{"setup_errors":["list","string"],"setup_status":"string"}]],"description":"Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"violation_notifications_enabled":{"type":"bool","description":"Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"kms_settings":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.","description_kind":"plain","required":true},"rotation_period":{"type":"string","description":"Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.","description_kind":"plain","required":true}},"description":"**DEPRECATED** Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.","description_kind":"plain"},"max_items":1},"partner_permissions":{"nesting_mode":"list","block":{"attributes":{"assured_workloads_monitoring":{"type":"bool","description":"Optional. Allow partner to view violation alerts.","description_kind":"plain","optional":true},"data_logs_viewer":{"type":"bool","description":"Allow the partner to view inspectability logs and monitoring violations.","description_kind":"plain","optional":true},"service_access_approver":{"type":"bool","description":"Optional. Allow partner to view access approval logs.","description_kind":"plain","optional":true}},"description":"Optional. Permissions granted to the AW Partner SA account for the customer workload","description_kind":"plain"},"max_items":1},"resource_settings":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"User-assigned resource display name. If not empty it will be used to create a resource with the specified name.","description_kind":"plain","optional":true},"resource_id":{"type":"string","description":"Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER","description_kind":"plain","optional":true}},"description":"Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"workload_options":{"nesting_mode":"list","block":{"attributes":{"kaj_enrollment_type":{"type":"string","description":"Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF","description_kind":"plain","optional":true}},"description":"Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_backup_dr_backup_vault":{"version":0,"block":{"attributes":{"access_restriction":{"type":"string","description":"Access restriction for the backup vault. Default value is 'WITHIN_ORGANIZATION' if not provided during creation. Default value: \"WITHIN_ORGANIZATION\" Possible values: [\"ACCESS_RESTRICTION_UNSPECIFIED\", \"WITHIN_PROJECT\", \"WITHIN_ORGANIZATION\", \"UNRESTRICTED\", \"WITHIN_ORG_BUT_UNRESTRICTED_FOR_BA\"]","description_kind":"plain","optional":true},"allow_missing":{"type":"bool","description":"Allow idempotent deletion of backup vault. The request will still succeed in case the backup vault does not exist.","description_kind":"plain","optional":true},"annotations":{"type":["map","string"],"description":"Optional. User annotations. See https://google.aip.dev/128#annotations\nStores small amounts of arbitrary data. \n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_count":{"type":"string","description":"Output only. The number of backups in this backup vault.","description_kind":"plain","computed":true},"backup_minimum_enforced_retention_duration":{"type":"string","description":"Required. The default and minimum enforced retention for each backup within the backup vault. The enforced retention for each backup can be extended.","description_kind":"plain","required":true},"backup_vault_id":{"type":"string","description":"Required. ID of the requesting object.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time when the instance was created.","description_kind":"plain","computed":true},"deletable":{"type":"bool","description":"Output only. Set to true when there are no backups nested under this resource.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The description of the BackupVault instance (2048 characters or less).","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_time":{"type":"string","description":"Optional. Time after which the BackupVault resource is locked.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"Optional. Server specified ETag for the backup vault resource to prevent simultaneous updates from overwiting each other.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If set, the following restrictions against deletion of the backup vault instance can be overridden:\n * deletion of a backup vault instance containing no backups, but still containing empty datasources.\n * deletion of a backup vault instance that is being referenced by an active backup plan.","description_kind":"plain","deprecated":true,"optional":true},"force_update":{"type":"bool","description":"If set, allow update to extend the minimum enforced retention for backup vault. This overrides\n the restriction against conflicting retention periods. This conflict may occur when the\n expiration schedule defined by the associated backup plan is shorter than the minimum\n retention set by the backup vault.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_backup_plan_references":{"type":"bool","description":"If set, the following restrictions against deletion of the backup vault instance can be overridden:\n * deletion of a backup vault instance that is being referenced by an active backup plan.","description_kind":"plain","optional":true},"ignore_inactive_datasources":{"type":"bool","description":"If set, the following restrictions against deletion of the backup vault instance can be overridden:\n * deletion of a backup vault instance containing no backups, but still containing empty datasources.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Optional. Resource labels to represent user provided metadata. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The GCP location for the backup vault.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Identifier. The resource name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Output only. Service account used by the BackupVault Service for this BackupVault. The user should grant this account permissions in their workload project to enable the service to run backups and restores there.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The BackupVault resource instance state. \n Possible values:\n STATE_UNSPECIFIED\n CREATING\n ACTIVE\n DELETING\n ERROR","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"total_stored_bytes":{"type":"string","description":"Output only. Total size of the storage used by all backup resources.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Output only Immutable after resource creation until resource deletion.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the instance was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer\nto https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","optional":true}},"block_types":{"application_endpoint":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Hostname or IP address of the remote application endpoint.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port of the remote application endpoint.","description_kind":"plain","required":true}},"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain"},"min_items":1,"max_items":1},"gateway":{"nesting_mode":"list","block":{"attributes":{"app_gateway":{"type":"string","description":"AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.","description_kind":"plain","required":true},"ingress_port":{"type":"number","description":"Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of hosting used by the gateway. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1\nfor a list of possible values.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description":"Gateway used by the AppConnection.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"principal_info":{"nesting_mode":"list","block":{"block_types":{"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Email address of the service account.","description_kind":"plain","required":true}},"description":"ServiceAccount represents a GCP service account.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_security_gateway":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Timestamp when the resource was created.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. An arbitrary user-provided name for the SecurityGateway.\nCannot exceed 64 characters.","description_kind":"plain","optional":true},"external_ips":{"type":["list","string"],"description":"Output only. IP addresses that will be used for establishing\nconnection to the endpoints.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. It identifies the resource within its parent collection as described in https://google.aip.dev/122.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. Name of the resource.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_gateway_id":{"type":"string","description":"Optional. User-settable SecurityGateway resource ID.\n* Must start with a letter.\n* Must contain between 4-63 characters from '/a-z-/'.\n* Must end with a number or letter.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The operational state of the SecurityGateway.\nPossible values:\nSTATE_UNSPECIFIED\nCREATING\nUPDATING\nDELETING\nRUNNING\nDOWN\nERROR","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Timestamp when the resource was last modified.","description_kind":"plain","computed":true}},"block_types":{"hubs":{"nesting_mode":"set","block":{"attributes":{"region":{"type":"string","description_kind":"plain","required":true}},"block_types":{"internet_gateway":{"nesting_mode":"list","block":{"attributes":{"assigned_ips":{"type":["list","string"],"description":"Output only. List of IP addresses assigned to the Cloud NAT.","description_kind":"plain","computed":true}},"description":"Internet Gateway configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Map of Hubs that represents regional data path deployment with GCP region\nas a key.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_catalog":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the catalog. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the catalog. Only set after the catalog\nis deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this catalog is considered expired. Only set\nafter the catalog is deleted. Only set after the catalog is deleted.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the Catalog should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the Catalog. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last modification time of the catalog. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_database":{"version":0,"block":{"attributes":{"catalog":{"type":"string","description":"The parent catalog.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation time of the database. A timestamp in RFC3339\nUTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the database. Only set after the\ndatabase is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this database is considered expired. Only set\nafter the database is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the database.","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The last modification time of the database. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"location_uri":{"type":"string","description":"Cloud Storage folder URI where the database data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Stores user supplied Hive database parameters. An object containing a\nlist of\"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true}},"description":"Options of a Hive database.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_table":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the table. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"database":{"type":"string","description":"The id of the parent database.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the table. Only set after the\ntable is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The checksum of a table object computed by the server based on the value\nof other fields. It may be sent on update requests to ensure the client\nhas an up-to-date value before proceeding. It is only checked for update\ntable operations.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this table is considered expired. Only set\nafter the table is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The name of the Table. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId}","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type. Possible values: [\"HIVE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last modification time of the table. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"parameters":{"type":["map","string"],"description":"Stores user supplied Hive table parameters. An object containing a\nlist of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"table_type":{"type":"string","description":"Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE.","description_kind":"plain","optional":true}},"block_types":{"storage_descriptor":{"nesting_mode":"list","block":{"attributes":{"input_format":{"type":"string","description":"The fully qualified Java class name of the input format.","description_kind":"plain","optional":true},"location_uri":{"type":"string","description":"Cloud Storage folder URI where the table data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The fully qualified Java class name of the output format.","description_kind":"plain","optional":true}},"description":"Stores physical storage information on the data.","description_kind":"plain"},"max_items":1}},"description":"Options of a Hive table.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the data exchange.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the data exchange.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the data exchange.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_count":{"type":"number","description":"Number of listings contained in the data exchange.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this data exchange.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the data exchange, for example:\n\"projects/myproject/locations/US/dataExchanges/123\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the data exchange.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"sharing_environment_config":{"nesting_mode":"list","block":{"block_types":{"dcr_exchange_config":{"nesting_mode":"list","block":{"description":"Data Clean Room (DCR), used for privacy-safe and secured data sharing.","description_kind":"plain"},"max_items":1},"default_exchange_config":{"nesting_mode":"list","block":{"description":"Default Analytics Hub data exchange, used for secured data sharing.","description_kind":"plain"},"max_items":1}},"description":"Configurable data sharing environment option for a data exchange.\nThis field is required for data clean room exchanges.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"Categories of the listing. Up to two categories are allowed.","description_kind":"plain","optional":true},"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (\u0026) and can't start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the listing.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the listing.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description":"The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"location":{"type":"string","description":"The name of the location this data exchange listing.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the listing. e.g. \"projects/myproject/locations/US/dataExchanges/123/listings/456\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the listing.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_access":{"type":"string","description":"Email or URL of the request access of the listing. Subscribers can use this reference to request access.","description_kind":"plain","optional":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset":{"type":"string","description":"Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123","description_kind":"plain","required":true}},"block_types":{"selected_resources":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Format: For table: projects/{projectId}/datasets/{datasetId}/tables/{tableId} Example:\"projects/test_project/datasets/test_dataset/tables/test_table\"","description_kind":"plain","optional":true}},"description":"Resource in this dataset that is selectively shared. This field is required for data clean room exchanges.","description_kind":"plain"}}},"description":"Shared dataset i.e. BigQuery dataset source.","description_kind":"plain"},"min_items":1,"max_items":1},"data_provider":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the data provider.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the data provider.","description_kind":"plain","optional":true}},"description":"Details of the data provider who owns the source data.","description_kind":"plain"},"max_items":1},"publisher":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the listing publisher.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the listing publisher.","description_kind":"plain","optional":true}},"description":"Details of the publisher who owns the listing and who can share the source data.","description_kind":"plain"},"max_items":1},"restricted_export_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, enable restricted export.","description_kind":"plain","optional":true},"restrict_direct_table_access":{"type":"bool","description":"If true, restrict direct table access(read api/tabledata.list) on linked table.","description_kind":"plain","computed":true},"restrict_query_result":{"type":"bool","description":"If true, restrict export of query result derived from restricted linked dataset table.","description_kind":"plain","optional":true}},"description":"If set, restricted export configuration will be propagated and enforced on the linked dataset.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_bi_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"LOCATION_DESCRIPTION","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the singleton BI reservation. Reservation names have the form 'projects/{projectId}/locations/{locationId}/biReservation'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"Size of a reservation, in bytes.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The last update timestamp of a reservation.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"preferred_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset in the above project.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The assigned project ID of the project.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"The ID of the table in the above dataset.","description_kind":"plain","optional":true}},"description":"Preferred tables to use BI capacity for.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_capacity_commitment":{"version":0,"block":{"attributes":{"capacity_commitment_id":{"type":"string","description":"The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is\nempty. This field must only contain lower case alphanumeric characters or dashes. The first and last character\ncannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split\nor merged.","description_kind":"plain","optional":true},"commitment_end_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"commitment_start_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true},"enforce_single_admin_project_per_org":{"type":"string","description":"If true, fail the request if another project in the organization has a capacity commitment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123","description_kind":"plain","computed":true},"plan":{"type":"string","description":"Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"renewal_plan":{"type":"string","description":"The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans.","description_kind":"plain","optional":true},"slot_count":{"type":"number","description":"Number of slots in this commitment.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the commitment","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description":"Optional connection id that should be assigned to the created connection.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A descriptive description for the connection","description_kind":"plain","optional":true},"friendly_name":{"type":"string","description":"A descriptive name for the connection","description_kind":"plain","optional":true},"has_credential":{"type":"bool","description":"True if the connection has credential assigned.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key that is used for encryption.\n\nExample: projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key]","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the connection should reside.\nCloud SQL instance must be in the same location as the connection\nwith following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU.\nExamples: US, EU, asia-northeast1, us-central1, europe-west1.\nSpanner Connections same as spanner region\nAWS allowed regions are aws-us-east-1\nAzure allowed regions are azure-eastus2","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the connection in the form of:\n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"block_types":{"access_role":{"nesting_mode":"list","block":{"attributes":{"iam_role_id":{"type":"string","description":"The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection.","description_kind":"plain","required":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role.","description_kind":"plain","computed":true}},"description":"Authentication using Google owned service account to assume into customer's AWS IAM Role.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to Amazon Web Services.","description_kind":"plain"},"max_items":1},"azure":{"nesting_mode":"list","block":{"attributes":{"application":{"type":"string","description":"The name of the Azure Active Directory Application.","description_kind":"plain","computed":true},"client_id":{"type":"string","description":"The client id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"customer_tenant_id":{"type":"string","description":"The id of customer's directory that host the data.","description_kind":"plain","required":true},"federated_application_client_id":{"type":"string","description":"The Azure Application (client) ID where the federated credentials will be hosted.","description_kind":"plain","optional":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"redirect_uri":{"type":"string","description":"The URL user will be redirected to after granting consent during connection setup.","description_kind":"plain","computed":true}},"description":"Container for connection properties specific to Azure.","description_kind":"plain"},"max_items":1},"cloud_resource":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"description":"Container for connection properties for delegation of access to GCP resources.","description_kind":"plain"},"max_items":1},"cloud_spanner":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Cloud Spanner database in the form 'project/instance/database'.","description_kind":"plain","required":true},"database_role":{"type":"string","description":"Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as 'SELECT' and 'INSERT'. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about.","description_kind":"plain","optional":true},"max_parallelism":{"type":"number","description":"Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. 'useParallelism' and 'useDataBoost' must be set when setting max parallelism.","description_kind":"plain","optional":true},"use_data_boost":{"type":"bool","description":"If set, the request will be executed via Spanner independent compute resources. 'use_parallelism' must be set when using data boost.","description_kind":"plain","optional":true},"use_parallelism":{"type":"bool","description":"If parallelism should be used when reading from Cloud Spanner.","description_kind":"plain","optional":true},"use_serverless_analytics":{"type":"bool","description":"If the serverless analytics service should be used to read data from Cloud Spanner. 'useParallelism' must be set when using serverless analytics.","description_kind":"plain","deprecated":true,"optional":true}},"description":"Connection properties specific to Cloud Spanner","description_kind":"plain"},"max_items":1},"cloud_sql":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"Cloud SQL instance ID in the form project:location:instance.","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of the Cloud SQL database. Possible values: [\"DATABASE_TYPE_UNSPECIFIED\", \"POSTGRES\", \"MYSQL\"]","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password for database.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"Username for database.","description_kind":"plain","required":true}},"description":"Cloud SQL properties.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to the Cloud SQL.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"block_types":{"metastore_service_config":{"nesting_mode":"list","block":{"attributes":{"metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId].","description_kind":"plain","optional":true}},"description":"Dataproc Metastore Service configuration for the connection.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name].","description_kind":"plain","optional":true}},"description":"Spark History Server configuration for the connection.","description_kind":"plain"},"max_items":1}},"description":"Container for connection properties to execute stored procedures for Apache Spark. resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection_iam_binding":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_member":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_data_transfer_config":{"version":0,"block":{"attributes":{"data_refresh_window_days":{"type":"number","description":"The number of days to look back to automatically refresh the data.\nFor example, if dataRefreshWindowDays = 10, then every day BigQuery\nreingests data for [today-10, today-1], rather than ingesting data for\njust [today-1]. Only valid if the data source supports the feature.\nSet the value to 0 to use the default value.","description_kind":"plain","optional":true},"data_source_id":{"type":"string","description":"The data source id. Cannot be changed once the transfer config is created.","description_kind":"plain","required":true},"destination_dataset_id":{"type":"string","description":"The BigQuery target dataset id.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"When set to true, no runs are scheduled for a given transfer.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The user specified display name for the transfer config.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the transfer config. Transfer config names have the\nform projects/{projectId}/locations/{location}/transferConfigs/{configId}\nor projects/{projectId}/transferConfigs/{configId},\nwhere configId is usually a uuid, but this is not required.\nThe name is ignored when creating a transfer config.","description_kind":"plain","computed":true},"notification_pubsub_topic":{"type":"string","description":"Pub/Sub topic where notifications will be sent after transfer runs\nassociated with this transfer config finish.","description_kind":"plain","optional":true},"params":{"type":["map","string"],"description":"Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer'\nsection for each data source. For example the parameters for Cloud Storage transfers are listed here:\nhttps://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq\n\n**NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Data transfer schedule. If the data source does not support a custom\nschedule, this should be empty. If it is empty, the default value for\nthe data source will be used. The specified times are in UTC. Examples\nof valid format: 1st,3rd monday of month 15:30, every wed,fri of jan,\njun 13:15, and first sunday of quarter 00:00. See more explanation\nabout the format here:\nhttps://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format\nNOTE: The minimum interval time between recurring transfers depends\non the data source; refer to the documentation for your data source.","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"Service account email. If this field is set, transfer config will\nbe created with this service account credentials. It requires that\nrequesting user calling this API has permissions to act as this service account.","description_kind":"plain","optional":true}},"block_types":{"email_preferences":{"nesting_mode":"list","block":{"attributes":{"enable_failure_email":{"type":"bool","description":"If true, email notifications will be sent on transfer run failures.","description_kind":"plain","required":true}},"description":"Email notifications will be sent according to these preferences to the\nemail address of the user who owns this transfer config.","description_kind":"plain"},"max_items":1},"encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The name of the KMS key used for encrypting BigQuery data.","description_kind":"plain","required":true}},"description":"Represents the encryption configuration for a transfer.","description_kind":"plain"},"max_items":1},"schedule_options":{"nesting_mode":"list","block":{"attributes":{"disable_auto_scheduling":{"type":"bool","description":"If true, automatic scheduling of data transfer runs for this\nconfiguration will be disabled. The runs can be started on ad-hoc\nbasis using transferConfigs.startManualRuns API. When automatic\nscheduling is disabled, the TransferConfig.schedule field will\nbe ignored.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Defines time to stop scheduling transfer runs. A transfer run cannot be\nscheduled at or after the end time. The end time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Specifies time to start scheduling transfer runs. The first run will be\nscheduled at or after the start time according to a recurrence pattern\ndefined in the schedule string. The start time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true}},"description":"Options customizing the data transfer schedule.","description_kind":"plain"},"max_items":1},"sensitive_params":{"nesting_mode":"list","block":{"attributes":{"secret_access_key":{"type":"string","description":"The Secret Access Key of the AWS account transferring data from.","description_kind":"plain","required":true,"sensitive":true}},"description":"Different parameters are configured primarily using the the 'params' field on this\nresource. This block contains the parameters which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key\nin the 'params' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description":"User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.","description_kind":"plain","required":true},"data_policy_type":{"type":"string","description":"The enrollment level of the service. Possible values: [\"COLUMN_LEVEL_SECURITY_POLICY\", \"DATA_MASKING_POLICY\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location of the data policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description":"Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_masking_policy":{"nesting_mode":"list","block":{"attributes":{"predefined_expression":{"type":"string","description":"The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values: [\"SHA256\", \"ALWAYS_NULL\", \"DEFAULT_MASKING_VALUE\", \"LAST_FOUR_CHARACTERS\", \"FIRST_FOUR_CHARACTERS\", \"EMAIL_MASK\", \"DATE_YEAR_MASK\"]","description_kind":"plain","optional":true},"routine":{"type":"string","description":"The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.","description_kind":"plain","optional":true}},"description":"The data masking policy that specifies the data masking rule to use.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_binding":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_member":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","optional":true,"computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","optional":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","optional":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","optional":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_tags":{"type":["map","string"],"description":"The tags attached to this table. Tag keys are globally unique. Tag key is expected to be\nin the namespaced format, for example \"123456789012/environment\" where 123456789012 is the\nID of the parent organization or project resource for this tag key. Tag value is expected\nto be the short name, for example \"Production\". See [Tag definitions](/iam/docs/tags-access-control#definitions)\nfor more details.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access":{"nesting_mode":"set","block":{"attributes":{"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles\nare supported. Predefined roles that have equivalent basic roles\nare swapped by the API to their basic counterparts. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n* 'projectOwners': Owners of the enclosing project.\n* 'projectReaders': Readers of the enclosing project.\n* 'projectWriters': Writers of the enclosing project.\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Condition for the binding. If CEL expression in this field is true, this\naccess binding will be considered.","description_kind":"plain"},"max_items":1},"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain"}},"default_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination\nBigQuery table. The BigQuery Service Account associated with your project requires\naccess to this encryption key.","description_kind":"plain","required":true}},"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain"},"max_items":1},"external_dataset_reference":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"The connection id that is used to access the externalSource.\nFormat: projects/{projectId}/locations/{locationId}/connections/{connectionId}","description_kind":"plain","required":true},"external_source":{"type":"string","description":"External source that backs this dataset.","description_kind":"plain","required":true}},"description":"Information about the external metadata storage where the dataset is defined.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_dataset_access":{"version":0,"block":{"attributes":{"api_updated_member":{"type":"bool","description":"If true, represents that that the iam_member in the config was translated to a different member type by the API, and is stored in state as a different member type","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles are\nsupported. Predefined roles that have equivalent basic roles are\nswapped by the API to their basic counterparts, and will show a diff\npost-create. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n* 'projectOwners': Owners of the enclosing project.\n* 'projectReaders': Readers of the enclosing project.\n* 'projectWriters': Writers of the enclosing project.\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Condition for the binding. If CEL expression in this field is true, this\naccess binding will be considered.","description_kind":"plain"},"max_items":1},"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_job":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description":"The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"job_timeout_ms":{"type":"string","description":"Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job.","description_kind":"plain","optional":true},"job_type":{"type":"string","description":"The type of the job.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this job. You can use these to organize and group your jobs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location of the job. The default value is US.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"error_result":["list",["object",{"location":"string","message":"string","reason":"string"}]],"errors":["list",["object",{"location":"string","message":"string","reason":"string"}]],"state":"string"}]],"description":"The status of this job. Examine this value when polling an asynchronous job to see if the job is complete.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"user_email":{"type":"string","description":"Email address of the user who ran the job.","description_kind":"plain","computed":true}},"block_types":{"copy":{"nesting_mode":"list","block":{"attributes":{"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table.","description_kind":"plain"},"max_items":1},"source_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Source tables to copy.","description_kind":"plain"},"min_items":1}},"description":"Copies a table.","description_kind":"plain"},"max_items":1},"extract":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE.\nThe default value is NONE. DEFLATE and SNAPPY are only supported for Avro.","description_kind":"plain","optional":true},"destination_format":{"type":"string","description":"The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models.\nThe default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV.\nThe default value for models is SAVED_MODEL.","description_kind":"plain","optional":true,"computed":true},"destination_uris":{"type":["list","string"],"description":"A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written.","description_kind":"plain","required":true},"field_delimiter":{"type":"string","description":"When extracting data in CSV format, this defines the delimiter to use between fields in the exported data.\nDefault is ','","description_kind":"plain","optional":true,"computed":true},"print_header":{"type":"bool","description":"Whether to print out a header row in the results. Default is true.","description_kind":"plain","optional":true},"use_avro_logical_types":{"type":"bool","description":"Whether to use logical types when extracting to AVRO format.","description_kind":"plain","optional":true}},"block_types":{"source_model":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this model.","description_kind":"plain","required":true},"model_id":{"type":"string","description":"The ID of the model.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this model.","description_kind":"plain","required":true}},"description":"A reference to the model being exported.","description_kind":"plain"},"max_items":1},"source_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"A reference to the table being exported.","description_kind":"plain"},"max_items":1}},"description":"Configures an extract job.","description_kind":"plain"},"max_items":1},"load":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Accept rows that are missing trailing optional columns. The missing values are treated as nulls.\nIf false, records with missing trailing columns are treated as bad records, and if there are too many bad records,\nan invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file.\nThe default value is false.","description_kind":"plain","optional":true},"autodetect":{"type":"bool","description":"Indicates if we should automatically infer the options and schema for CSV and JSON sources.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.\nThe default value is UTF-8. BigQuery decodes the data after the raw, binary data\nhas been split using the values of the quote and fieldDelimiter properties.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character.\nTo use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts\nthe string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the\ndata in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator.\nThe default value is a comma (',').","description_kind":"plain","optional":true,"computed":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema.\nIf true, the extra values are ignored. If false, records with extra columns are treated as bad records,\nand if there are too many bad records, an invalid error is returned in the job result.\nThe default value is false. The sourceFormat property determines what BigQuery treats as an extra value:\nCSV: Trailing columns\nJSON: Named values that don't match any column names","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON.\nFor a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited\nGeoJSON: set to GEOJSON.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value,\nan invalid error is returned in the job result. The default value is 0, which requires that all records are valid.","description_kind":"plain","optional":true},"null_marker":{"type":"string","description":"Specifies a string that represents a null value in a CSV file. For example, if you specify \"\\N\", BigQuery interprets \"\\N\" as a null value\nwhen loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an\nempty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as\nan empty value.","description_kind":"plain","optional":true},"projection_fields":{"type":["list","string"],"description":"If sourceFormat is set to \"DATASTORE_BACKUP\", indicates which entity properties to load into BigQuery from a Cloud Datastore backup.\nProperty names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties.\nIf any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding,\nand then uses the first byte of the encoded string to split the data in its raw, binary state.\nThe default value is a double-quote ('\"'). If your data does not contain quoted sections, set the property value to an empty string.\nIf your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true.","description_kind":"plain","optional":true,"computed":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or\nsupplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators.\nFor normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when loading the data.\nThe default value is 0. This property is useful if you have header rows in the file that should be skipped.\nWhen autodetect is on, the behavior is the following:\nskipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected,\nthe row is read as data. Otherwise data is read starting from the second row.\nskipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row.\nskipLeadingRows = N \u003e 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected,\nrow N is just skipped. Otherwise row N is used to extract column names for the detected schema.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"The format of the data files. For CSV files, specify \"CSV\". For datastore backups, specify \"DATASTORE_BACKUP\".\nFor newline-delimited JSON, specify \"NEWLINE_DELIMITED_JSON\". For Avro, specify \"AVRO\". For parquet, specify \"PARQUET\".\nFor orc, specify \"ORC\". [Beta] For Bigtable, specify \"BIGTABLE\".\nThe default value is CSV.","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"The fully-qualified URIs that point to your data in Google Cloud.\nFor Google Cloud Storage URIs: Each URI can contain one '\\*' wildcard character\nand it must come after the 'bucket' name. Size limits related to load jobs apply\nto external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be\nspecified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table.\nFor Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\\*' wildcard character is not allowed.","description_kind":"plain","required":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table to load the data into.","description_kind":"plain"},"min_items":1,"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Parquet Options for load and make external tables.","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value.","description_kind":"plain","optional":true},"field":{"type":"string","description":"If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field.\nThe field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED.\nA wrapper is used here because an empty string is an invalid value.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error,\nbut in OnePlatform the field will be treated as unset.","description_kind":"plain","required":true}},"description":"Time-based partitioning specification for the destination table.","description_kind":"plain"},"max_items":1}},"description":"Configures a load job.","description_kind":"plain"},"max_items":1},"query":{"nesting_mode":"list","block":{"attributes":{"allow_large_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance.\nRequires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed.\nHowever, you must still set destinationTable when result size exceeds the allowed maximum response size.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"flatten_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results.\nallowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened.","description_kind":"plain","optional":true},"maximum_billing_tier":{"type":"number","description":"Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"maximum_bytes_billed":{"type":"string","description":"Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"parameter_mode":{"type":"string","description":"Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"Specifies a priority for the query. Default value: \"INTERACTIVE\" Possible values: [\"INTERACTIVE\", \"BATCH\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL.\n*NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language)\n('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = \"\"' and 'write_disposition = \"\"'.","description_kind":"plain","required":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the query job.\nSchema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table,\nspecified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema.\nOne or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true.\nIf set to false, the query will use BigQuery's standard SQL.","description_kind":"plain","optional":true},"use_query_cache":{"type":"bool","description":"Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever\ntables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified.\nThe default value is true.","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"default_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset. Can be specified '{{dataset_id}}' if 'project_id' is also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}' if not.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names.","description_kind":"plain"},"max_items":1},"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Describes the table where the query results should be stored.\nThis property must be set for large results that exceed the maximum response size.\nFor queries that produce anonymous (cached) results, this field will be populated by BigQuery.","description_kind":"plain"},"max_items":1},"script_options":{"nesting_mode":"list","block":{"attributes":{"key_result_statement":{"type":"string","description":"Determines which statement in the script represents the \"key result\",\nused to populate the schema and query results of the script job. Possible values: [\"LAST\", \"FIRST_SELECT\"]","description_kind":"plain","optional":true},"statement_byte_budget":{"type":"string","description":"Limit on the number of bytes billed per statement. Exceeding this budget results in an error.","description_kind":"plain","optional":true},"statement_timeout_ms":{"type":"string","description":"Timeout period for each statement in a script.","description_kind":"plain","optional":true}},"description":"Options controlling the execution of scripts.","description_kind":"plain"},"max_items":1},"user_defined_function_resources":{"nesting_mode":"list","block":{"attributes":{"inline_code":{"type":"string","description":"An inline resource that contains code for a user-defined function (UDF).\nProviding a inline code resource is equivalent to providing a URI for a file containing the same code.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"A code resource to load from a Google Cloud Storage URI (gs://bucket/path).","description_kind":"plain","optional":true}},"description":"Describes user-defined function resources used in the query.","description_kind":"plain"}}},"description":"Configures a query job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation":{"version":0,"block":{"attributes":{"concurrency":{"type":"number","description":"Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_idle_slots":{"type":"bool","description":"If false, any query using this reservation will use idle slots from other reservations within\nthe same admin project. If true, a query using this reservation will execute with the slot\ncapacity specified above at most.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the reservation. This field must only contain alphanumeric characters or dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"slot_capacity":{"type":"number","description":"Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the\nunit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false.","description_kind":"plain","required":true}},"block_types":{"autoscale":{"nesting_mode":"list","block":{"attributes":{"current_slots":{"type":"number","description":"The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots].","description_kind":"plain","computed":true},"max_slots":{"type":"number","description":"Number of slots to be scaled when needed.","description_kind":"plain","optional":true}},"description":"The configuration parameters for the auto scaling feature.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation_assignment":{"version":0,"block":{"attributes":{"assignee":{"type":"string","description":"The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_type":{"type":"string","description":"Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The resource name of the assignment.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reservation":{"type":"string","description":"The reservation for the resource","description_kind":"plain","required":true},"state":{"type":"string","description":"Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active.\nPossible values: STATE_UNSPECIFIED, PENDING, ACTIVE","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_routine":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this routine was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"data_governance_type":{"type":"string","description":"If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask Possible values: [\"DATA_MASKING\"]","description_kind":"plain","optional":true},"dataset_id":{"type":"string","description":"The ID of the dataset containing this routine","description_kind":"plain","required":true},"definition_body":{"type":"string","description":"The body of the routine. For functions, this is the expression in the AS clause.\nIf language=SQL, it is the substring inside (but excluding) the parentheses.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the routine if defined.","description_kind":"plain","optional":true},"determinism_level":{"type":"string","description":"The determinism level of the JavaScript UDF if defined. Possible values: [\"DETERMINISM_LEVEL_UNSPECIFIED\", \"DETERMINISTIC\", \"NOT_DETERMINISTIC\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_libraries":{"type":["list","string"],"description":"Optional. If language = \"JAVASCRIPT\", this field stores the path of the\nimported JAVASCRIPT libraries.","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language of the routine. Possible values: [\"SQL\", \"JAVASCRIPT\", \"PYTHON\", \"JAVA\", \"SCALA\"]","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this routine was modified, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"return_table_type":{"type":"string","description":"Optional. Can be set only if routineType = \"TABLE_VALUED_FUNCTION\".\n\nIf absent, the return table type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the columns in the evaluated table result will\nbe cast to match the column types specificed in return table type, at query time.","description_kind":"plain","optional":true},"return_type":{"type":"string","description":"A JSON schema for the return type. Optional if language = \"SQL\"; required otherwise.\nIf absent, the return type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the evaluated result will be cast to\nthe specified returned type at query time. ~\u003e**NOTE**: Because this field expects a JSON\nstring, any changes to the string will create a diff, even if the JSON itself hasn't\nchanged. If the API returns a different value for the same schema, e.g. it switche\nd the order of values or replaced STRUCT field type with RECORD field type, we currently\ncannot suppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"routine_id":{"type":"string","description":"The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters.","description_kind":"plain","required":true},"routine_type":{"type":"string","description":"The type of routine. Possible values: [\"SCALAR_FUNCTION\", \"PROCEDURE\", \"TABLE_VALUED_FUNCTION\"]","description_kind":"plain","required":true}},"block_types":{"arguments":{"nesting_mode":"list","block":{"attributes":{"argument_kind":{"type":"string","description":"Defaults to FIXED_TYPE. Default value: \"FIXED_TYPE\" Possible values: [\"FIXED_TYPE\", \"ANY_TYPE\"]","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"A JSON schema for the data type. Required unless argumentKind = ANY_TYPE.\n~\u003e**NOTE**: Because this field expects a JSON string, any changes to the string\nwill create a diff, even if the JSON itself hasn't changed. If the API returns\na different value for the same schema, e.g. it switched the order of values\nor replaced STRUCT field type with RECORD field type, we currently cannot\nsuppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"mode":{"type":"string","description":"Specifies whether the argument is input or output. Can be set for procedures only. Possible values: [\"IN\", \"OUT\", \"INOUT\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this argument. Can be absent for function return argument.","description_kind":"plain","optional":true}},"description":"Input/output argument of a function or a stored procedure.","description_kind":"plain"}},"remote_function_options":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"Fully qualified name of the user-provided connection object which holds\nthe authentication information to send requests to the remote service.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Endpoint of the user-provided remote service, e.g.\n'https://us-east1-my_gcf_project.cloudfunctions.net/remote_add'","description_kind":"plain","optional":true},"max_batching_rows":{"type":"string","description":"Max number of rows in each batch sent to the remote service. If absent or if 0,\nBigQuery dynamically decides the number of rows in a batch.","description_kind":"plain","optional":true},"user_defined_context":{"type":["map","string"],"description":"User-defined context as a set of key/value pairs, which will be sent as function\ninvocation context together with batched arguments in the requests to the remote\nservice. The total number of bytes of keys and values must be less than 8KB.\n\nAn object containing a list of \"key\": value pairs. Example:\n'{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote function specific options.","description_kind":"plain"},"max_items":1},"spark_options":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"connection":{"type":"string","description":"Fully qualified name of the user-provided Spark connection object.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"container_image":{"type":"string","description":"Custom container image for the runtime environment.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"jar_uris":{"type":["list","string"],"description":"JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"main_class":{"type":"string","description":"The fully qualified name of a class in jarUris, for example, com.example.wordcount.\nExactly one of mainClass and main_jar_uri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"main_file_uri":{"type":"string","description":"The main file/jar URI of the Spark application.\nExactly one of the definitionBody field and the mainFileUri field must be set for Python.\nExactly one of mainClass and mainFileUri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Configuration properties as a set of key/value pairs, which will be passed on to the Spark application.\nFor more information, see Apache Spark and the procedure option list.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"py_file_uris":{"type":["list","string"],"description":"Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"runtime_version":{"type":"string","description":"Runtime version. If not specified, the default runtime version is used.","description_kind":"plain","optional":true}},"description":"Optional. If language is one of \"PYTHON\", \"JAVA\", \"SCALA\", this field stores the options for spark stored procedure.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_table":{"version":0,"block":{"attributes":{"clustering":{"type":["list","string"],"description":"Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order.","description_kind":"plain","optional":true},"creation_time":{"type":"number","description":"The time when this table was created, in milliseconds since the epoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The dataset ID to create the table in. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the instance. When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the table will fail. When the field is set to false, deleting the table is allowed.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The field description.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"expiration_time":{"type":"number","description":"The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed.","description_kind":"plain","optional":true,"computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the table.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this table was last modified, in milliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"max_staleness":{"type":"string","description":"The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of [SQL IntervalValue type](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-types#interval_type).","description_kind":"plain","optional":true},"num_bytes":{"type":"number","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"num_long_term_bytes":{"type":"number","description":"The number of bytes in the table that are considered \"long-term storage\".","description_kind":"plain","computed":true},"num_rows":{"type":"number","description":"The number of rows of data in this table, excluding any data in the streaming buffer.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"resource_tags":{"type":["map","string"],"description":"The tags attached to this table. Tag keys are globally unique. Tag key is expected to be in the namespaced format, for example \"123456789012/environment\" where 123456789012 is the ID of the parent organization or project resource for this tag key. Tag value is expected to be the short name, for example \"Production\".","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the table.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"table_id":{"type":"string","description":"A unique ID for the resource. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Describes the table type.","description_kind":"plain","computed":true}},"block_types":{"biglake_configuration":{"nesting_mode":"list","block":{"attributes":{"connection_id":{"type":"string","description":"The connection specifying the credentials to be used to read and write to external storage, such as Cloud Storage. The connection_id can have the form \"\u0026lt;project\\_id\u0026gt;.\u0026lt;location\\_id\u0026gt;.\u0026lt;connection\\_id\u0026gt;\" or \"projects/\u0026lt;project\\_id\u0026gt;/locations/\u0026lt;location\\_id\u0026gt;/connections/\u0026lt;connection\\_id\u0026gt;\".","description_kind":"plain","required":true},"file_format":{"type":"string","description":"The file format the data is stored in.","description_kind":"plain","required":true},"storage_uri":{"type":"string","description":"The fully qualified location prefix of the external folder where table data is stored. The '*' wildcard character is not allowed. The URI should be in the format \"gs://bucket/path_to_table/\"","description_kind":"plain","required":true},"table_format":{"type":"string","description":"The table format the metadata only snapshots are stored in.","description_kind":"plain","required":true}},"description":"Specifies the configuration of a BigLake managed table.","description_kind":"plain"},"max_items":1},"encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The self link or full name of a key which should be used to encrypt this table. Note that the default bigquery service account will need to have encrypt/decrypt permissions on this key - you may want to see the google_bigquery_default_service_account datasource and the google_kms_crypto_key_iam_binding resource.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"The self link or full name of the kms key version used to encrypt this table.","description_kind":"plain","computed":true}},"description":"Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user.","description_kind":"plain"},"max_items":1},"external_data_configuration":{"nesting_mode":"list","block":{"attributes":{"autodetect":{"type":"bool","description":"Let BigQuery try to autodetect the schema and format of the table.","description_kind":"plain","required":true},"compression":{"type":"string","description":"The compression type of the data source. Valid values are \"NONE\" or \"GZIP\".","description_kind":"plain","optional":true},"connection_id":{"type":"string","description":"The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form \"\u003cproject\u003e.\u003clocation\u003e.\u003cconnection_id\u003e\" or \"projects/\u003cproject\u003e/locations/\u003clocation\u003e/connections/\u003cconnection_id\u003e\".","description_kind":"plain","optional":true},"file_set_spec_type":{"type":"string","description":"Specifies how source URIs are interpreted for constructing the file set to load. By default source URIs are expanded against the underlying storage. Other options include specifying manifest files. Only applicable to object storage systems.","description_kind":"plain","optional":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false.","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"Load option to be used together with sourceFormat newline-delimited JSON to indicate that a variant of JSON is being loaded. To load newline-delimited GeoJSON, specify GEOJSON (and sourceFormat must be set to NEWLINE_DELIMITED_JSON).","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when reading data.","description_kind":"plain","optional":true},"metadata_cache_mode":{"type":"string","description":"Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source.","description_kind":"plain","optional":true},"object_metadata":{"type":"string","description":"Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If ObjectMetadata is set, sourceFormat should be omitted.","description_kind":"plain","optional":true},"reference_file_schema_uri":{"type":"string","description":"When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":"Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use \"GOOGLE_SHEETS\" the scopes must include \"googleapis.com/auth/drive.readonly\".","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"A list of the fully-qualified URIs that point to your data in Google Cloud.","description_kind":"plain","required":true}},"block_types":{"avro_options":{"nesting_mode":"list","block":{"attributes":{"use_avro_logical_types":{"type":"bool","description":"If sourceFormat is set to \"AVRO\", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER).","description_kind":"plain","required":true}},"description":"Additional options if source_format is set to \"AVRO\"","description_kind":"plain"},"max_items":1},"bigtable_options":{"nesting_mode":"list","block":{"attributes":{"ignore_unspecified_column_families":{"type":"bool","description":"If field is true, then the column families that are not specified in columnFamilies list are not exposed in the table schema. Otherwise, they are read with BYTES type values. The default value is false.","description_kind":"plain","optional":true},"output_column_families_as_json":{"type":"bool","description":"If field is true, then each column family will be read as a single JSON column. Otherwise they are read as a repeated cell structure containing timestamp/value tuples. The default value is false.","description_kind":"plain","optional":true},"read_rowkey_as_string":{"type":"bool","description":"If field is true, then the rowkey column families will be read and converted to string. Otherwise they are read with BYTES type values and users need to manually cast them with CAST if necessary. The default value is false.","description_kind":"plain","optional":true}},"block_types":{"column_family":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. This can be overridden for a specific column by listing that column in 'columns' and specifying an encoding for it.","description_kind":"plain","optional":true},"family_id":{"type":"string","description":"Identifier of the column family.","description_kind":"plain","optional":true},"only_read_latest":{"type":"bool","description":"If this is set only the latest version of value are exposed for all columns in this column family. This can be overridden for a specific column by listing that column in 'columns' and specifying a different setting for that column.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type to convert the value in cells of this column family. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): \"BYTES\", \"STRING\", \"INTEGER\", \"FLOAT\", \"BOOLEAN\", \"JSON\". Default type is BYTES. This can be overridden for a specific column by listing that column in 'columns' and specifying a type for it.","description_kind":"plain","optional":true}},"block_types":{"column":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of the values when the type is not STRING. Acceptable encoding values are: TEXT - indicates values are alphanumeric text strings. BINARY - indicates values are encoded using HBase Bytes.toBytes family of functions. 'encoding' can also be set at the column family level. However, the setting at this level takes precedence if 'encoding' is set at both levels.","description_kind":"plain","optional":true},"field_name":{"type":"string","description":"If the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as the column field name and is used as field name in queries.","description_kind":"plain","optional":true},"only_read_latest":{"type":"bool","description":"If this is set, only the latest version of value in this column are exposed. 'onlyReadLatest' can also be set at the column family level. However, the setting at this level takes precedence if 'onlyReadLatest' is set at both levels.","description_kind":"plain","optional":true},"qualifier_encoded":{"type":"string","description":"Qualifier of the column. Columns in the parent column family that has this exact qualifier are exposed as . field. If the qualifier is valid UTF-8 string, it can be specified in the qualifierString field. Otherwise, a base-64 encoded value must be set to qualifierEncoded. The column field name is the same as the column qualifier. However, if the qualifier is not a valid BigQuery field identifier i.e. does not match [a-zA-Z][a-zA-Z0-9_]*, a valid identifier must be provided as fieldName.","description_kind":"plain","optional":true},"qualifier_string":{"type":"string","description":"Qualifier string.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type to convert the value in cells of this column. The values are expected to be encoded using HBase Bytes.toBytes function when using the BINARY encoding value. Following BigQuery types are allowed (case-sensitive): \"BYTES\", \"STRING\", \"INTEGER\", \"FLOAT\", \"BOOLEAN\", \"JSON\", Default type is \"BYTES\". 'type' can also be set at the column family level. However, the setting at this level takes precedence if 'type' is set at both levels.","description_kind":"plain","optional":true}},"description":"A List of columns that should be exposed as individual fields as opposed to a list of (column name, value) pairs. All columns whose qualifier matches a qualifier in this list can be accessed as Other columns can be accessed as a list through column field","description_kind":"plain"}}},"description":"A list of column families to expose in the table schema along with their types. This list restricts the column families that can be referenced in queries and specifies their value types. You can use this list to do type conversions - see the 'type' field for more details. If you leave this list empty, all column families are present in the table schema and their values are read as BYTES. During a query only the column families referenced in that query are read from Bigtable.","description_kind":"plain"}}},"description":"Additional options if sourceFormat is set to BIGTABLE.","description_kind":"plain"},"max_items":1},"csv_options":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Indicates if BigQuery should accept rows that are missing trailing optional columns.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allow_quoted_newlines property to true. The API-side default is \", specified in Terraform escaped as \\\". Due to limitations with Terraform default values, this value is required to be explicitly set.","description_kind":"plain","required":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when reading the data.","description_kind":"plain","optional":true}},"description":"Additional properties to set if source_format is set to \"CSV\".","description_kind":"plain"},"max_items":1},"google_sheets_options":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: \"sheet_name!top_left_cell_id:bottom_right_cell_id\" For example: \"sheet1!A1:B20","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set.","description_kind":"plain","optional":true}},"description":"Additional options if source_format is set to \"GOOGLE_SHEETS\".","description_kind":"plain"},"max_items":1},"hive_partitioning_options":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"When set, what mode of hive partitioning to use when reading data.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"source_uri_prefix":{"type":"string","description":"When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins.","description_kind":"plain","optional":true}},"description":"When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to JSON.","description_kind":"plain"},"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"Indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to PARQUET.","description_kind":"plain"},"max_items":1}},"description":"Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table.","description_kind":"plain"},"max_items":1},"materialized_view":{"nesting_mode":"list","block":{"attributes":{"allow_non_incremental_definition":{"type":"bool","description":"Allow non incremental materialized view definition. The default value is false.","description_kind":"plain","optional":true},"enable_refresh":{"type":"bool","description":"Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true.","description_kind":"plain","optional":true},"query":{"type":"string","description":"A query whose result is persisted.","description_kind":"plain","required":true},"refresh_interval_ms":{"type":"number","description":"Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000.","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a materialized view.","description_kind":"plain"},"max_items":1},"range_partitioning":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The field used to determine how to create a range-based partition.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"end":{"type":"number","description":"End of the range partitioning, exclusive.","description_kind":"plain","required":true},"interval":{"type":"number","description":"The width of each range within the partition.","description_kind":"plain","required":true},"start":{"type":"number","description":"Start of the range partitioning, inclusive.","description_kind":"plain","required":true}},"description":"Information required to partition based on ranges. Structure is documented below.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If specified, configures range-based partitioning for this table.","description_kind":"plain"},"max_items":1},"table_constraints":{"nesting_mode":"list","block":{"block_types":{"foreign_keys":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Set only if the foreign key constraint is named.","description_kind":"plain","optional":true}},"block_types":{"column_references":{"nesting_mode":"list","block":{"attributes":{"referenced_column":{"type":"string","description":"The column in the primary key that are referenced by the referencingColumn.","description_kind":"plain","required":true},"referencing_column":{"type":"string","description":"The column that composes the foreign key.","description_kind":"plain","required":true}},"description":"The pair of the foreign key column and primary key column.","description_kind":"plain"},"min_items":1,"max_items":1},"referenced_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. Certain operations allow suffixing of the table ID with a partition decorator, such as sample_table$20190123.","description_kind":"plain","required":true}},"description":"The table that holds the primary key and is referenced by this foreign key.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Present only if the table has a foreign key. The foreign key is not enforced.","description_kind":"plain"}},"primary_key":{"nesting_mode":"list","block":{"attributes":{"columns":{"type":["list","string"],"description":"The columns that are composed of the primary key constraint.","description_kind":"plain","required":true}},"description":"Represents a primary key constraint on a table's columns. Present only if the table has a primary key. The primary key is not enforced.","description_kind":"plain"},"max_items":1}},"description":"Defines the primary key and foreign keys.","description_kind":"plain"},"max_items":1},"table_replication_info":{"nesting_mode":"list","block":{"attributes":{"replication_interval_ms":{"type":"number","description":"The interval at which the source materialized view is polled for updates. The default is 300000.","description_kind":"plain","optional":true},"source_dataset_id":{"type":"string","description":"The ID of the source dataset.","description_kind":"plain","required":true},"source_project_id":{"type":"string","description":"The ID of the source project.","description_kind":"plain","required":true},"source_table_id":{"type":"string","description":"The ID of the source materialized view.","description_kind":"plain","required":true}},"description":"Replication info of a table created using \"AS REPLICA\" DDL like: \"CREATE MATERIALIZED VIEW mv1 AS REPLICA OF src_mv\".","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"number","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true,"computed":true},"field":{"type":"string","description":"The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","deprecated":true,"optional":true},"type":{"type":"string","description":"The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively.","description_kind":"plain","required":true}},"description":"If specified, configures time-based partitioning for this table.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"query":{"type":"string","description":"A query that BigQuery executes when the view is referenced.","description_kind":"plain","required":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a view.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_app_profile":{"version":0,"block":{"attributes":{"app_profile_id":{"type":"string","description":"The unique name of the app profile in the form '[_a-zA-Z0-9][-_.a-zA-Z0-9]*'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Long form description of the use case for this app profile.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"If true, ignore safety checks when deleting/updating the app profile.","description_kind":"plain","optional":true},"instance":{"type":"string","description":"The name of the instance to create the app profile within.","description_kind":"plain","optional":true},"multi_cluster_routing_cluster_ids":{"type":["list","string"],"description":"The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible.","description_kind":"plain","optional":true},"multi_cluster_routing_use_any":{"type":"bool","description":"If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available\nin the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes\nconsistency to improve availability.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique name of the requested app profile. Values are of the form 'projects/\u003cproject\u003e/instances/\u003cinstance\u003e/appProfiles/\u003cappProfileId\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"row_affinity":{"type":"bool","description":"Must be used with multi-cluster routing. If true, then this app profile will use row affinity sticky routing. With row affinity, Bigtable will route single row key requests based on the row key, rather than randomly. Instead, each row key will be assigned to a cluster by Cloud Bigtable, and will stick to that cluster. Choosing this option improves read-your-writes consistency for most requests under most circumstances, without sacrificing availability. Consistency is not guaranteed, as requests may still fail over between clusters in the event of errors or latency.","description_kind":"plain","optional":true}},"block_types":{"data_boost_isolation_read_only":{"nesting_mode":"list","block":{"attributes":{"compute_billing_owner":{"type":"string","description":"The Compute Billing Owner for this Data Boost App Profile. Possible values: [\"HOST_PAYS\"]","description_kind":"plain","required":true}},"description":"Specifies that this app profile is intended for read-only usage via the Data Boost feature.","description_kind":"plain"},"max_items":1},"single_cluster_routing":{"nesting_mode":"list","block":{"attributes":{"allow_transactional_writes":{"type":"bool","description":"If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile.\nIt is unsafe to send these requests to the same table/row/column in multiple clusters.","description_kind":"plain","optional":true},"cluster_id":{"type":"string","description":"The cluster to which read/write requests should be routed.","description_kind":"plain","required":true}},"description":"Use a single-cluster routing policy.","description_kind":"plain"},"max_items":1},"standard_isolation":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"string","description":"The priority of requests sent using this app profile. Possible values: [\"PRIORITY_LOW\", \"PRIORITY_MEDIUM\", \"PRIORITY_HIGH\"]","description_kind":"plain","required":true}},"description":"The standard options used for isolating this app profile's traffic from other use cases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_authorized_view":{"version":0,"block":{"attributes":{"deletion_protection":{"type":"string","description":"A field to make the authorized view protected against data loss i.e. when set to PROTECTED, deleting the authorized view, the table containing the authorized view, and the instance containing the authorized view would be prohibited.\nIf not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value. Note this field configs the deletion protection provided by the API in the backend, and should not be confused with Terraform-side deletion protection.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance in which the authorized view belongs.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the authorized view. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table_name":{"type":"string","description":"The name of the Bigtable table in which the authorized view belongs.","description_kind":"plain","required":true}},"block_types":{"subset_view":{"nesting_mode":"list","block":{"attributes":{"row_prefixes":{"type":["set","string"],"description":"Base64-encoded row prefixes to be included in the authorized view. To provide access to all rows, include the empty string as a prefix (\"\").","description_kind":"plain","optional":true}},"block_types":{"family_subsets":{"nesting_mode":"set","block":{"attributes":{"family_name":{"type":"string","description":"Name of the column family to be included in the authorized view.","description_kind":"plain","required":true},"qualifier_prefixes":{"type":["set","string"],"description":"Base64-encoded prefixes for qualifiers of the column family to be included in the authorized view. Every qualifier starting with one of these prefixes is included in the authorized view. To provide access to all qualifiers, include the empty string as a prefix (\"\").","description_kind":"plain","optional":true},"qualifiers":{"type":["set","string"],"description":"Base64-encoded individual exact column qualifiers of the column family to be included in the authorized view.","description_kind":"plain","optional":true}},"description":"Subsets of column families to be included in the authorized view.","description_kind":"plain"}}},"description":"An AuthorizedView permitting access to an explicit subset of a Table.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_gc_policy":{"version":0,"block":{"attributes":{"column_family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true},"deletion_policy":{"type":"string","description":"The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"gc_rules":{"type":"string","description":"Serialized JSON string for garbage collection policy. Conflicts with \"mode\", \"max_age\" and \"max_version\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"Allows ignoring warnings when updating the GC policy. This can be used\n\t\t\t\tto increase the gc policy on replicated clusters. Doing this may make clusters be\n\t\t\t\tinconsistent for a longer period of time, before using this make sure you understand\n\t\t\t\tthe risks listed at https://cloud.google.com/bigtable/docs/garbage-collection#increasing","description_kind":"plain","optional":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"block_types":{"max_age":{"nesting_mode":"list","block":{"attributes":{"days":{"type":"number","description":"Number of days before applying GC policy.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"duration":{"type":"string","description":"Duration before applying GC policy","description_kind":"plain","optional":true,"computed":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.","description_kind":"plain"},"max_items":1},"max_version":{"nesting_mode":"list","block":{"attributes":{"number":{"type":"number","description":"Number of version before applying the GC policy.","description_kind":"plain","required":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance":{"version":1,"block":{"attributes":{"deletion_protection":{"type":"bool","description":"When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the instance will fail. When the field is set to false, deleting the instance is allowed.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable display name of the Bigtable instance. Defaults to the instance name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a BigTable instance, this boolean option will delete all backups within the instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"PRODUCTION\".","description_kind":"plain","deprecated":true,"optional":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name (also called Instance Id in the Cloud Console) of the Cloud Bigtable instance. Must be 6-33 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the cluster","description_kind":"plain","computed":true},"storage_type":{"type":"string","description":"The storage type to use. One of \"SSD\" or \"HDD\". Defaults to \"SSD\".","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"cpu_target":{"type":"number","description":"The target CPU utilization for autoscaling. Value must be between 10 and 80.","description_kind":"plain","required":true},"max_nodes":{"type":"number","description":"The maximum number of nodes for autoscaling.","description_kind":"plain","required":true},"min_nodes":{"type":"number","description":"The minimum number of nodes for autoscaling.","description_kind":"plain","required":true},"storage_target":{"type":"number","description":"The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.","description_kind":"plain","optional":true,"computed":true}},"description":"A list of Autoscaling configurations. Only one element is used and allowed.","description_kind":"plain"},"max_items":1}},"description":"A block of cluster configuration options. This can be specified at least once.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table":{"version":0,"block":{"attributes":{"change_stream_retention":{"type":"string","description":"Duration to retain change stream data for the table. Set to 0 to disable. Must be between 1 and 7 days.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"string","description":"A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the table. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"split_keys":{"type":["list","string"],"description":"A list of predefined keys to split the table on. !\u003e Warning: Modifying the split_keys of an existing table will cause Terraform to delete/recreate the entire google_bigtable_table resource.","description_kind":"plain","optional":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"set","block":{"attributes":{"frequency":{"type":"string","description":"How frequently automated backups should occur.","description_kind":"plain","optional":true,"computed":true},"retention_period":{"type":"string","description":"How long the automated backups should be retained.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines an automated backup policy for a table, specified by Retention Period and Frequency. To disable, set both Retention Period and Frequency to 0.","description_kind":"plain"},"max_items":1},"column_family":{"nesting_mode":"set","block":{"attributes":{"family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the column family.","description_kind":"plain","optional":true}},"description":"A group of columns within a table which share a common configuration. This can be specified multiple times.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_table_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account_iam_binding":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_member":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_budget":{"version":1,"block":{"attributes":{"billing_account":{"type":"string","description":"ID of the billing account to set a budget on.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User data for display name in UI. Must be \u003c= 60 chars.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the budget. The resource name\nimplies the scope of a budget. Values are of the form\nbillingAccounts/{billingAccountId}/budgets/{budgetId}.","description_kind":"plain","computed":true},"ownership_scope":{"type":"string","description":"The ownership scope of the budget. The ownership scope and users'\nIAM permissions determine who has full access to the budget's data. Possible values: [\"OWNERSHIP_SCOPE_UNSPECIFIED\", \"ALL_USERS\", \"BILLING_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"all_updates_rule":{"nesting_mode":"list","block":{"attributes":{"disable_default_iam_recipients":{"type":"bool","description":"Boolean. When set to true, disables default notifications sent\nwhen a threshold is exceeded. Default recipients are\nthose with Billing Account Administrators and Billing\nAccount Users IAM roles for the target account.","description_kind":"plain","optional":true},"enable_project_level_recipients":{"type":"bool","description":"When set to true, and when the budget has a single project configured,\nnotifications will be sent to project level recipients of that project.\nThis field will be ignored if the budget has multiple or no project configured.\n\nCurrently, project level recipients are the users with Owner role on a cloud project.","description_kind":"plain","optional":true},"monitoring_notification_channels":{"type":["list","string"],"description":"The full resource name of a monitoring notification\nchannel in the form\nprojects/{project_id}/notificationChannels/{channel_id}.\nA maximum of 5 channels are allowed.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of the Cloud Pub/Sub topic where budget related\nmessages will be published, in the form\nprojects/{project_id}/topics/{topic_id}. Updates are sent\nat regular intervals to the topic.","description_kind":"plain","optional":true},"schema_version":{"type":"string","description":"The schema version of the notification. Only \"1.0\" is\naccepted. It represents the JSON schema as defined in\nhttps://cloud.google.com/billing/docs/how-to/budgets#notification_format.","description_kind":"plain","optional":true}},"description":"Defines notifications that are sent on every update to the\nbilling account's spend, regardless of the thresholds defined\nusing threshold rules.","description_kind":"plain"},"max_items":1},"amount":{"nesting_mode":"list","block":{"attributes":{"last_period_amount":{"type":"bool","description":"Configures a budget amount that is automatically set to 100% of\nlast period's spend.\nBoolean. Set value to true to use. Do not set to false, instead\nuse the 'specified_amount' block.","description_kind":"plain","optional":true}},"block_types":{"specified_amount":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The 3-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true,"computed":true},"nanos":{"type":"number","description":"Number of nano (10^-9) units of the amount.\nThe value must be between -999,999,999 and +999,999,999\ninclusive. If units is positive, nanos must be positive or\nzero. If units is zero, nanos can be positive, zero, or\nnegative. If units is negative, nanos must be negative or\nzero. For example $-1.75 is represented as units=-1 and\nnanos=-750,000,000.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode\nis \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"A specified amount to use as the budget. currencyCode is\noptional. If specified, it must match the currency of the\nbilling account. The currencyCode is provided on output.","description_kind":"plain"},"max_items":1}},"description":"The budgeted amount for each usage period.","description_kind":"plain"},"min_items":1,"max_items":1},"budget_filter":{"nesting_mode":"list","block":{"attributes":{"calendar_period":{"type":"string","description":"A CalendarPeriod represents the abstract concept of a recurring time period that has a\ncanonical start. Grammatically, \"the start of the current CalendarPeriod\".\nAll calendar times begin at 12 AM US and Canadian Pacific Time (UTC-8).\n\nExactly one of 'calendar_period', 'custom_period' must be provided. Possible values: [\"MONTH\", \"QUARTER\", \"YEAR\", \"CALENDAR_PERIOD_UNSPECIFIED\"]","description_kind":"plain","optional":true},"credit_types":{"type":["list","string"],"description":"Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS,\nthis is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values.\nIf creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an empty array in the config.","description_kind":"plain","optional":true,"computed":true},"credit_types_treatment":{"type":"string","description":"Specifies how credits should be treated when determining spend\nfor threshold calculations. Default value: \"INCLUDE_ALL_CREDITS\" Possible values: [\"INCLUDE_ALL_CREDITS\", \"EXCLUDE_ALL_CREDITS\", \"INCLUDE_SPECIFIED_CREDITS\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A single label and value pair specifying that usage from only\nthis set of labeled resources should be included in the budget.","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["set","string"],"description":"A set of projects of the form projects/{project_number},\nspecifying that usage from only this set of projects should be\nincluded in the budget. If omitted, the report will include\nall usage for the billing account, regardless of which project\nthe usage occurred on.","description_kind":"plain","optional":true},"resource_ancestors":{"type":["set","string"],"description":"A set of folder and organization names of the form folders/{folderId} or organizations/{organizationId},\nspecifying that usage from only this set of folders and organizations should be included in the budget.\nIf omitted, the budget includes all usage that the billing account pays for. If the folder or organization\ncontains projects that are paid for by a different Cloud Billing account, the budget doesn't apply to those projects.","description_kind":"plain","optional":true},"services":{"type":["list","string"],"description":"A set of services of the form services/{service_id},\nspecifying that usage from only this set of services should be\nincluded in the budget. If omitted, the report will include\nusage for all the services. The service names are available\nthrough the Catalog API:\nhttps://cloud.google.com/billing/v1/how-tos/catalog-api.","description_kind":"plain","optional":true,"computed":true},"subaccounts":{"type":["list","string"],"description":"A set of subaccounts of the form billingAccounts/{account_id},\nspecifying that usage from only this set of subaccounts should\nbe included in the budget. If a subaccount is set to the name of\nthe parent account, usage from the parent account will be included.\nIf the field is omitted, the report will include usage from the parent\naccount and all subaccounts, if they exist.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an empty array in the config.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"Optional. The end date of the time period. Budgets with elapsed end date won't be processed.\nIf unset, specifies to track all usage incurred since the startDate.","description_kind":"plain"},"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"A start date is required. The start date must be after January 1, 2017.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies to track usage from any start date (required) to any end date (optional).\nThis time period is static, it does not recur.\n\nExactly one of 'calendar_period', 'custom_period' must be provided.","description_kind":"plain"},"max_items":1}},"description":"Filters that define which resources are used to compute the actual\nspend against the budget.","description_kind":"plain"},"max_items":1},"threshold_rules":{"nesting_mode":"list","block":{"attributes":{"spend_basis":{"type":"string","description":"The type of basis used to determine if spend has passed\nthe threshold. Default value: \"CURRENT_SPEND\" Possible values: [\"CURRENT_SPEND\", \"FORECASTED_SPEND\"]","description_kind":"plain","optional":true},"threshold_percent":{"type":"number","description":"Send an alert when this threshold is exceeded. This is a\n1.0-based percentage, so 0.5 = 50%. Must be \u003e= 0.","description_kind":"plain","required":true}},"description":"Rules that trigger alerts (notifications of thresholds being\ncrossed) when spend exceeds the specified percentages of the\nbudget.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_project_info":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The ID of the billing account associated with the project, if\nany. Set to empty string to disable billing for the project.\nFor example, '\"012345-567890-ABCDEF\"' or '\"\"'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_subaccount":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"master_billing_account":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment. This field may be updated. The field may be\ndisplayed in chooser dialogs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"attestation_authority_note":{"nesting_mode":"list","block":{"attributes":{"delegation_service_account_email":{"type":"string","description":"This field will contain the service account email address that\nthis Attestor will use as the principal when querying Container\nAnalysis. Attestor administrators must grant this service account\nthe IAM role needed to read attestations from the noteReference in\nContainer Analysis (containeranalysis.notes.occurrences.viewer).\nThis email address is fixed for the lifetime of the Attestor, but\ncallers should not make any other assumptions about the service\naccount email; future versions may use an email based on a\ndifferent naming pattern.","description_kind":"plain","computed":true},"note_reference":{"type":"string","description":"The resource name of a ATTESTATION_AUTHORITY Note, created by the\nuser. If the Note is in a different project from the Attestor, it\nshould be specified in the format 'projects/*/notes/*' (or the legacy\n'providers/*/notes/*'). This field may not be updated.\nAn attestation by this attestor is stored as a Container Analysis\nATTESTATION_AUTHORITY Occurrence that names a container image\nand that links to this Note.","description_kind":"plain","required":true}},"block_types":{"public_keys":{"nesting_mode":"list","block":{"attributes":{"ascii_armored_pgp_public_key":{"type":"string","description":"ASCII-armored representation of a PGP public key, as the\nentire output by the command\n'gpg --export --armor foo@example.com' (either LF or CRLF\nline endings). When using this field, id should be left\nblank. The BinAuthz API handlers will calculate the ID\nand fill it in automatically. BinAuthz computes this ID\nas the OpenPGP RFC4880 V4 fingerprint, represented as\nupper-case hex. If id is provided by the caller, it will\nbe overwritten by the API-calculated ID.","description_kind":"plain","optional":true},"comment":{"type":"string","description":"A descriptive comment. This field may be updated.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The ID of this public key. Signatures verified by BinAuthz\nmust include the ID of the public key that can be used to\nverify them, and that ID must match the contents of this\nfield exactly. Additional restrictions on this field can\nbe imposed based on which public key type is encapsulated.\nSee the documentation on publicKey cases below for details.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pkix_public_key":{"nesting_mode":"list","block":{"attributes":{"public_key_pem":{"type":"string","description":"A PEM-encoded public key, as described in\n'https://tools.ietf.org/html/rfc7468#section-13'","description_kind":"plain","optional":true},"signature_algorithm":{"type":"string","description":"The signature algorithm used to verify a message against\na signature using this key. These signature algorithm must\nmatch the structure and any object identifiers encoded in\npublicKeyPem (i.e. this algorithm must match that of the\npublic key).","description_kind":"plain","optional":true}},"description":"A raw PKIX SubjectPublicKeyInfo format public key.\n\nNOTE: id may be explicitly provided by the caller when using this\ntype of public key, but it MUST be a valid RFC3986 URI. If id is left\nblank, a default one will be computed based on the digest of the DER\nencoding of the public key.","description_kind":"plain"},"max_items":1}},"description":"Public keys that verify attestations signed by this attestor. This\nfield may be updated.\nIf this field is non-empty, one of the specified public keys must\nverify that an attestation was signed by this attestor for the\nimage specified in the admission request.\nIf this field is empty, this attestor always returns that no valid\nattestations exist.","description_kind":"plain"}}},"description":"A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_binding":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_member":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_binary_authorization_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment.","description_kind":"plain","optional":true},"global_policy_evaluation_mode":{"type":"string","description":"Controls the evaluation of a Google-maintained global admission policy\nfor common system-level images. Images not covered by the global\npolicy will be subject to the project admission policy. Possible values: [\"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"admission_whitelist_patterns":{"nesting_mode":"list","block":{"attributes":{"name_pattern":{"type":"string","description":"An image name pattern to whitelist, in the form\n'registry/path/to/image'. This supports a trailing * as a\nwildcard, but this is allowed only in text after the registry/\npart.","description_kind":"plain","required":true}},"description":"A whitelist of image patterns to exclude from admission rules. If an\nimage's name matches a whitelist pattern, the image's admission\nrequests will always be permitted regardless of your admission rules.","description_kind":"plain"}},"cluster_admission_rules":{"nesting_mode":"set","block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Per-cluster admission rules. An admission rule specifies either that\nall container images used in a pod creation request must be attested\nto by one or more attestors, that all pod creations will be allowed,\nor that all pod creations will be denied. There can be at most one\nadmission rule per cluster spec.\n\n\nIdentifier format: '{{location}}.{{clusterId}}'.\nA location is either a compute zone (e.g. 'us-central1-a') or a region\n(e.g. 'us-central1').","description_kind":"plain"}},"default_admission_rule":{"nesting_mode":"list","block":{"attributes":{"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Default admission rule for a cluster without a per-cluster admission\nrule.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_blockchain_node_engine_blockchain_nodes":{"version":0,"block":{"attributes":{"blockchain_node_id":{"type":"string","description":"ID of the requesting object.","description_kind":"plain","required":true},"blockchain_type":{"type":"string","description":"User-provided key-value pairs Possible values: [\"ETHEREUM\"]","description_kind":"plain","optional":true},"connection_info":{"type":["list",["object",{"endpoint_info":["list",["object",{"json_rpc_api_endpoint":"string","websockets_api_endpoint":"string"}]],"service_attachment":"string"}]],"description":"The connection information through which to interact with a blockchain node.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp at which the blockchain node was first created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-provided key-value pairs\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of Blockchain Node being created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The fully qualified name of the blockchain node. e.g. projects/my-project/locations/us-central1/blockchainNodes/my-node.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which the blockchain node was last updated.","description_kind":"plain","computed":true}},"block_types":{"ethereum_details":{"nesting_mode":"list","block":{"attributes":{"additional_endpoints":{"type":["list",["object",{"beacon_api_endpoint":"string","beacon_prometheus_metrics_api_endpoint":"string","execution_client_prometheus_metrics_api_endpoint":"string"}]],"description":"User-provided key-value pairs","description_kind":"plain","computed":true},"api_enable_admin":{"type":"bool","description":"Enables JSON-RPC access to functions in the admin namespace. Defaults to false.","description_kind":"plain","optional":true},"api_enable_debug":{"type":"bool","description":"Enables JSON-RPC access to functions in the debug namespace. Defaults to false.","description_kind":"plain","optional":true},"consensus_client":{"type":"string","description":"The consensus client Possible values: [\"CONSENSUS_CLIENT_UNSPECIFIED\", \"LIGHTHOUSE\"]","description_kind":"plain","optional":true},"execution_client":{"type":"string","description":"The execution client Possible values: [\"EXECUTION_CLIENT_UNSPECIFIED\", \"GETH\", \"ERIGON\"]","description_kind":"plain","optional":true},"network":{"type":"string","description":"The Ethereum environment being accessed. Possible values: [\"MAINNET\", \"TESTNET_GOERLI_PRATER\", \"TESTNET_SEPOLIA\"]","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"The type of Ethereum node. Possible values: [\"LIGHT\", \"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"block_types":{"geth_details":{"nesting_mode":"list","block":{"attributes":{"garbage_collection_mode":{"type":"string","description":"Blockchain garbage collection modes. Only applicable when NodeType is FULL or ARCHIVE. Possible values: [\"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"validator_config":{"nesting_mode":"list","block":{"attributes":{"mev_relay_urls":{"type":["list","string"],"description":"URLs for MEV-relay services to use for block building. When set, a managed MEV-boost service is configured on the beacon client.","description_kind":"plain","optional":true}},"description":"Configuration for validator-related parameters on the beacon client, and for any managed validator client.","description_kind":"plain"},"max_items":1}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Certificate resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate. Certificate names must be unique\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"san_dnsnames":{"type":["list","string"],"description":"The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6)","description_kind":"plain","computed":true},"scope":{"type":"string","description":"The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.\nSee https://cloud.google.com/vpc/docs/edge-locations.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nSee https://cloud.google.com/compute/docs/regions-zones","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"authorization_attempt_info":{"type":["list",["object",{"details":"string","domain":"string","failure_reason":"string","state":"string"}]],"description":"Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.","description_kind":"plain","computed":true},"dns_authorizations":{"type":["list","string"],"description":"Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"domains":{"type":["list","string"],"description":"The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution","description_kind":"plain","optional":true},"issuance_config":{"type":"string","description":"The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"provisioning_issue":{"type":["list",["object",{"details":"string","reason":"string"}]],"description":"Information about issues with provisioning this Managed Certificate.","description_kind":"plain","computed":true},"state":{"type":"string","description":"A state of this Managed Certificate.","description_kind":"plain","computed":true}},"description":"Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.","description_kind":"plain"},"max_items":1},"self_managed":{"nesting_mode":"list","block":{"attributes":{"certificate_pem":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true},"pem_certificate":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","optional":true},"pem_private_key":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","optional":true,"sensitive":true},"private_key_pem":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true}},"description":"Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_issuance_config":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a CertificateIssuanceConfig.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description":"Key algorithm to use when generating the private key. Possible values: [\"RSA_2048\", \"ECDSA_P256\"]","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"'Set of label tags associated with the CertificateIssuanceConfig resource.\n An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'.\nExample: \"1814400s\". Valid values are from 21 days (1814400s) to 30 days (2592000s)","description_kind":"plain","required":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate issuance config.\nCertificateIssuanceConfig names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rotation_window_percentage":{"type":"number","description":"It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate.\nMust be a number between 1-99, inclusive.\nYou must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after\nthe certificate has been issued and at least 7 days before it expires.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"certificate_authority_config":{"nesting_mode":"list","block":{"block_types":{"certificate_authority_service_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue a certificate.\nThe CA pool string has a relative resource path following the form\n\"projects/{project}/locations/{location}/caPools/{caPool}\".","description_kind":"plain","required":true}},"description":"Defines a CertificateAuthorityServiceConfig.","description_kind":"plain"},"max_items":1}},"description":"The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map_entry":{"version":0,"block":{"attributes":{"certificates":{"type":["list","string"],"description":"A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map Entry.\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"map":{"type":"string","description":"A map entry that is inputted into the cetrificate map","description_kind":"plain","required":true},"matcher":{"type":"string","description":"A predefined matcher for particular cases, other than SNI selection","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map Entry. Certificate Map Entry\nnames must be unique globally and match pattern\n'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"A serving state of this Certificate Map Entry.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_dns_authorization":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"dns_resource_record":{"type":["list",["object",{"data":"string","name":"string","type":"string"}]],"description":"The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.","description_kind":"plain","computed":true},"domain":{"type":"string","description":"A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the DNS Authorization resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"type of DNS authorization. If unset during the resource creation, FIXED_RECORD will\nbe used for global resources, and PER_PROJECT_RECORD will be used for other locations.\n\nFIXED_RECORD DNS authorization uses DNS-01 validation method\n\nPER_PROJECT_RECORD DNS authorization allows for independent management\nof Google-managed certificates with DNS authorization across multiple\nprojects. Possible values: [\"FIXED_RECORD\", \"PER_PROJECT_RECORD\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_trust_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a trust config.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the trust config.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The trust config location.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the trust config. Trust config names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"allowlisted_certificates":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.","description_kind":"plain","required":true}},"description":"Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as\nthe certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trust_stores":{"nesting_mode":"list","block":{"block_types":{"intermediate_cas":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM intermediate certificate used for building up paths for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"Set of intermediate CA certificates used for the path building phase of chain validation.\nThe field is currently not supported if trust config is used for the workload certificate feature.","description_kind":"plain"}},"trust_anchors":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM root certificate of the PKI used for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"List of Trust Anchors to be used while performing validation against a given TrustStore.","description_kind":"plain"}}},"description":"Set of trust stores to perform validation against.\nThis field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_folder_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder this feed should be created in.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The ID of the folder where this feed has been created. Both [FOLDER_NUMBER]\nand folders/[FOLDER_NUMBER] are accepted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_organization_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The organization this feed should be created in.","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_project_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing. If not specified, the resource's\nproject will be used.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group":{"version":0,"block":{"attributes":{"additional_group_keys":{"type":["list",["object",{"id":"string","namespace":"string"}]],"description":"Additional group keys associated with the Group","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the Group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An extended description to help users determine the purpose of a Group.\nMust not be longer than 4,096 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_group_config":{"type":"string","description":"The initial configuration options for creating a Group.\n\nSee the\n[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)\nfor possible values. Default value: \"EMPTY\" Possible values: [\"INITIAL_GROUP_CONFIG_UNSPECIFIED\", \"WITH_INITIAL_OWNER\", \"EMPTY\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.\n\nGoogle Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.\n\nExisting Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.\n\nDynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.\n\nIdentity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the Group in the format: groups/{group_id}, where group_id\nis the unique ID assigned to the Group.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the Group was last updated.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the Group.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group_membership":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the Membership was created.","description_kind":"plain","computed":true},"group":{"type":"string","description":"The name of the Group to create this membership in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the membership.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the Membership was last updated.","description_kind":"plain","computed":true}},"block_types":{"preferred_member_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the member.","description_kind":"plain"},"max_items":1},"roles":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values: [\"OWNER\", \"MANAGER\", \"MEMBER\"]","description_kind":"plain","required":true}},"block_types":{"expiry_detail":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time at which the MembershipRole will expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.\n\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"The MembershipRole expiry details, only supported for MEMBER role.\nOther roles cannot be accompanied with MEMBER role having expiry.","description_kind":"plain"},"max_items":1}},"description":"The MembershipRoles that apply to the Membership.\nMust not contain duplicate MembershipRoles with the same name.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_ids_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC 3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the endpoint.","description_kind":"plain","optional":true},"endpoint_forwarding_rule":{"type":"string","description":"URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"Internal IP address of the endpoint's network entry point.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like \"src-net\") or the full URL to the network (like \"projects/{project_id}/global/networks/src-net\").","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The minimum alert severity level that is reported by the endpoint. Possible values: [\"INFORMATIONAL\", \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\"]","description_kind":"plain","required":true},"threat_exceptions":{"type":["list","string"],"description":"Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Last update timestamp in RFC 3339 text format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_quotas_quota_preference":{"version":0,"block":{"attributes":{"contact_email":{"type":"string","description":"An email address that can be used for quota related communication between the Google Cloud and the user in case the Google Cloud needs further information to make a decision on whether the user preferred quota can be granted.\n\nThe Google account for the email address must have quota update permission for the project, folder or organization this quota preference is for.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time stamp.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dimensions":{"type":["map","string"],"description":"The dimensions that this quota preference applies to. The key of the map entry is the name of a dimension, such as \"region\", \"zone\", \"network_id\", and the value of the map entry is the dimension value. If a dimension is missing from the map of dimensions, the quota preference applies to all the dimension values except for those that have other quota preferences configured for the specific value.\n\nNOTE: QuotaPreferences can only be applied across all values of \"user\" and \"resource\" dimension. Do not set values for \"user\" or \"resource\" in the dimension map.\n\nExample: '{\"provider\": \"Foo Inc\"}' where \"provider\" is a service specific dimension.","description_kind":"plain","optional":true,"computed":true},"etag":{"type":"string","description":"The current etag of the quota preference. If an etag is provided on update and does not match the current server's etag of the quota preference, the request will be blocked and an ABORTED error will be returned. See https://google.aip.dev/134#etags for more details on etags.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_safety_checks":{"type":"string","description":"The list of quota safety checks to be ignored. Default value: \"QUOTA_SAFETY_CHECK_UNSPECIFIED\" Possible values: [\"QUOTA_SAFETY_CHECK_UNSPECIFIED\", \"QUOTA_DECREASE_BELOW_USAGE\", \"QUOTA_DECREASE_PERCENTAGE_TOO_HIGH\"]","description_kind":"plain","optional":true},"justification":{"type":"string","description":"The reason / justification for this quota preference.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the quota preference. Required except in the CREATE requests.","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The parent of the quota preference. Allowed parents are \"projects/[project-id / number]\" or \"folders/[folder-id / number]\" or \"organizations/[org-id / number]\".","description_kind":"plain","optional":true,"computed":true},"quota_id":{"type":"string","description":"The id of the quota to which the quota preference is applied. A quota id is unique in the service.\nExample: 'CPUS-per-project-region'.","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Is the quota preference pending Google Cloud approval and fulfillment.","description_kind":"plain","computed":true},"service":{"type":"string","description":"The name of the service to which the quota preference is applied.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Update time stamp.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true}},"block_types":{"quota_config":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"The annotations map for clients to store small amounts of arbitrary data. Do not put PII or other sensitive information here. See https://google.aip.dev/128#annotations.\n\nAn object containing a list of \"key: value\" pairs. Example: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"granted_value":{"type":"string","description":"Granted quota value.","description_kind":"plain","computed":true},"preferred_value":{"type":"string","description":"The preferred value. Must be greater than or equal to -1. If set to -1, it means the value is \"unlimited\".","description_kind":"plain","required":true},"request_origin":{"type":"string","description":"The origin of the quota preference request.","description_kind":"plain","computed":true},"state_detail":{"type":"string","description":"Optional details about the state of this quota preference.","description_kind":"plain","computed":true},"trace_id":{"type":"string","description":"The trace id that the Google Cloud uses to provision the requested quota. This trace id may be used by the client to contact Cloud support to track the state of a quota preference request. The trace id is only produced for increase requests and is unique for each request. The quota decrease requests do not have a trace id.","description_kind":"plain","computed":true}},"description":"The preferred quota configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_domain_mapping":{"version":1,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"mapped_route_name":"string","observed_generation":"number","resource_records":["list",["object",{"name":"string","rrdata":"string","type":"string"}]]}]],"description":"The current status of the DomainMapping.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","required":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.\n\nMore info:\nhttps://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.\n\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids","description_kind":"plain","computed":true}},"description":"Metadata associated with this DomainMapping.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"certificate_mode":{"type":"string","description":"The mode of the certificate. Default value: \"AUTOMATIC\" Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true},"force_override":{"type":"bool","description":"If set, the mapping will override any mapping set before this spec was set.\nIt is recommended that the user leaves this empty to receive an error\nwarning about a potential conflict and only set it once the respective UI\nhas given such a warning.","description_kind":"plain","optional":true},"route_name":{"type":"string","description":"The name of the Cloud Run Service that this DomainMapping applies to.\nThe route must exist.","description_kind":"plain","required":true}},"description":"The spec for this DomainMapping.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Service:\n\n- 'run.googleapis.com/binary-authorization-breakglass' sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass).\n- 'run.googleapis.com/binary-authorization' sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization).\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/custom-audiences' sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences)\n that can be used in the audience field of ID token for authenticated requests.\n- 'run.googleapis.com/description' sets a user defined description for the Service.\n- 'run.googleapis.com/ingress' sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress)\n for the Service. For example, '\"run.googleapis.com/ingress\" = \"all\"'.\n- 'run.googleapis.com/launch-stage' sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation)\n when a preview feature is used. For example, '\"run.googleapis.com/launch-stage\": \"BETA\"'\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Revision template:\n\n- 'autoscaling.knative.dev/maxScale' sets the [maximum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run.\n- 'autoscaling.knative.dev/minScale' sets the [minimum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run.\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/cloudsql-instances' sets the [Cloud SQL\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to.\n- 'run.googleapis.com/cpu-throttling' sets whether to throttle the CPU when the container is not actively serving\n requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling.\n- 'run.googleapis.com/encryption-key-shutdown-hours' sets the number of hours to wait before an automatic shutdown\n server after CMEK key revocation is detected.\n- 'run.googleapis.com/encryption-key' sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek)\n reference to encrypt the container with.\n- 'run.googleapis.com/execution-environment' sets the [execution\n environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment)\n where the application will run.\n- 'run.googleapis.com/post-key-revocation-action-type' sets the\n [action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type)\n after CMEK key revocation.\n- 'run.googleapis.com/secrets' sets a list of key-value pairs to set as\n [secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml).\n- 'run.googleapis.com/sessionAffinity' sets whether to enable\n [session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity)\n for connections to the Revision.\n- 'run.googleapis.com/startup-cpu-boost' sets whether to allocate extra CPU to containers on startup.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost.\n- 'run.googleapis.com/vpc-access-connector' sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1)\n for the Revision.\n- 'run.googleapis.com/vpc-access-egress' sets the outbound traffic to send through the VPC connector for this resource.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress.","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number. It will default to the resource's project.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Optional metadata for this Revision, including labels and annotations.\nName will be generated by the Configuration. To set minimum instances\nfor this revision, use the \"autoscaling.knative.dev/minScale\" annotation\nkey. To set maximum instances for this revision, use the\n\"autoscaling.knative.dev/maxScale\" annotation key. To set Cloud SQL\nconnections for the revision, use the \"run.googleapis.com/cloudsql-instances\"\nannotation key.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"container_concurrency":{"type":"number","description":"ContainerConcurrency specifies the maximum allowed in-flight (concurrent)\nrequests per container of the Revision. If not specified or 0, defaults to 80 when\nrequested CPU \u003e= 1 and defaults to 1 when requested CPU \u003c 1.","description_kind":"plain","optional":true,"computed":true},"service_account_name":{"type":"string","description":"Email address of the IAM service account associated with the revision of the\nservice. The service account represents the identity of the running revision,\nand determines what permissions the revision has. If not provided, the revision\nwill use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"serving_state":{"type":"string","description":"ServingState holds a value describing the state the resources\nare in for this Revision.\nIt is expected\nthat the system will manipulate this based on routability and load.","description_kind":"plain","deprecated":true,"computed":true},"timeout_seconds":{"type":"number","description":"TimeoutSeconds holds the max duration the instance is allowed for responding to a request.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint.\nThe docker image's CMD is used if this is not provided.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell.\nThe docker image's ENTRYPOINT is used if this is not provided.","description_kind":"plain","optional":true},"image":{"type":"string","description":"Docker image name. This is most often a reference to a container located\nin the container registry, such as gcr.io/cloudrun/hello","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container","description_kind":"plain","optional":true,"computed":true},"working_dir":{"type":"string","description":"Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.","description_kind":"plain","deprecated":true,"optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Defaults to \"\".","description_kind":"plain","optional":true}},"block_types":{"value_from":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud Secret Manager secret version. Must be 'latest' for the latest\nversion or an integer for a specific version.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form: :projects/{project-id|project-number}/secrets/.\nIf multiple alias definitions are needed, they must be separated by commas.\nThe alias definitions must be set on the run.googleapis.com/secrets annotation.","description_kind":"plain","required":true}},"description":"Selects a key (version) of a secret in Secret Manager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Source for the environment variable's value. Only supports secret_key_ref.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"env_from":{"nesting_mode":"list","block":{"attributes":{"prefix":{"type":"string","description":"An optional identifier to prepend to each key in the ConfigMap.","description_kind":"plain","optional":true}},"block_types":{"config_map_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the ConfigMap must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1},"secret_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the Secret must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"List of sources to populate environment variables in the container.\nAll invalid keys will be reported as an event when the container is starting.\nWhen a key exists in multiple sources, the value associated with the last source will\ntake precedence. Values defined by an Env with a duplicate key will take\nprecedence.","description_kind":"plain","deprecated":true}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 3600.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 3600.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than period_seconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails.","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to \"8080\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" (HTTP/1) and \"h2c\" (HTTP/2 end-to-end). Defaults to \"http1\".","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"Protocol for port. Must be \"TCP\". Defaults to \"TCP\".","description_kind":"plain","optional":true}},"description":"List of open ports in the container.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Limits describes the maximum amount of compute resources allowed.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"requests":{"type":["map","string"],"description":"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is\nexplicitly specified, otherwise to an implementation-defined value.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true}},"description":"Compute Resources required by this container. Used to set values such as max memory","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 240.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 240.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than periodSeconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TcpSocket specifies an action involving a TCP port.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container.\nAll other probes are disabled if a startup probe is provided, until it\nsucceeds. Container will not be added to service endpoints if the probe fails.","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must\nnot contain ':'.","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.\nOnly supports SecretVolumeSources.","description_kind":"plain"}}},"description":"Containers defines the unit of execution for this Revision.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"csi":{"nesting_mode":"list","block":{"attributes":{"driver":{"type":"string","description":"Unique name representing the type of file system to be created. Cloud Run supports the following values:\n * gcsfuse.run.googleapis.com: Mount a Google Cloud Storage bucket using GCSFuse. This driver requires the\n run.googleapis.com/execution-environment annotation to be unset or set to \"gen2\"","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, all mounts created from this volume will be read-only.","description_kind":"plain","optional":true,"computed":true},"volume_attributes":{"type":["map","string"],"description":"Driver-specific attributes. The following options are supported for available drivers:\n * gcsfuse.run.googleapis.com\n * bucketName: The name of the Cloud Storage Bucket that backs this volume. The Cloud Run Service identity must have access to this bucket.","description_kind":"plain","optional":true}},"description":"A filesystem specified by the Container Storage Interface (CSI).","description_kind":"plain"},"max_items":1},"empty_dir":{"nesting_mode":"list","block":{"attributes":{"medium":{"type":"string","description":"The medium on which the data is stored. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory.","description_kind":"plain","optional":true},"size_limit":{"type":"string","description":"Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.","description_kind":"plain","optional":true}},"description":"Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).","description_kind":"plain"},"max_items":1},"nfs":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path exported by the NFS server","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the NFS volume as read only in all mounts. Defaults to false.","description_kind":"plain","optional":true},"server":{"type":"string","description":"IP address or hostname of the NFS server","description_kind":"plain","required":true}},"description":"A filesystem backed by a Network File System share. This filesystem requires the\nrun.googleapis.com/execution-environment annotation to be unset or set to \"gen2\"","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Mode bits to use on created files by default. Must be a value between 0000\nand 0777. Defaults to 0644. Directories within the path are not affected by\nthis setting. This might be in conflict with other options that affect the\nfile mode, like fsGroup, and the result can be other mode bits set.","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret\nis assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form:\n{alias}:projects/{project-id|project-number}/secrets/{secret-name}.\nIf multiple alias definitions are needed, they must be separated by\ncommas.\nThe alias definitions must be set on the run.googleapis.com/secrets\nannotation.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The Cloud Secret Manager secret version.\nCan be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true},"mode":{"type":"number","description":"Mode bits to use on this file, must be a value between 0000 and 0777. If\nnot specified, the volume defaultMode will be used. This might be in\nconflict with other options that affect the file mode, like fsGroup, and\nthe result can be other mode bits set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the\nsecret_name.\nIf specified, the key will be used as the version to fetch from Cloud\nSecret Manager and the path will be the name of the file exposed in the\nvolume. When items are defined, they must specify a key and a path.","description_kind":"plain"}}},"description":"The secret's value will be presented as the content of a file whose\nname is defined in the item path. If no items are defined, the name of\nthe file is the secret_name.","description_kind":"plain"},"max_items":1}},"description":"Volume represents a named volume in a container.","description_kind":"plain"}}},"description":"RevisionSpec holds the desired state of the Revision (from the client).","description_kind":"plain"},"max_items":1}},"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"latest_revision":{"type":"bool","description":"LatestRevision may be optionally provided to indicate that the latest ready\nRevision of the Configuration should be used for this traffic target. When\nprovided LatestRevision must be true if RevisionName is empty; it must be\nfalse when RevisionName is non-empty.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Percent specifies percent of the traffic to this Revision or Configuration.","description_kind":"plain","required":true},"revision_name":{"type":"string","description":"RevisionName of a specific revision to which to send this portion of traffic.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Tag is optionally used to expose a dedicated url for referencing this target exclusively.","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL displays the URL for accessing tagged traffic targets. URL is displayed in status,\nand is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,\nbut may not contain anything else (e.g. basic auth, url path, etc.)","description_kind":"plain","computed":true}},"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the job. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the job,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the job will fail.\nWhen the field is set to false, deleting the job is allowed.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permanently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 ExecutionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter,\nor break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or\nhttps://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 ExecutionTemplate.","description_kind":"plain","optional":true},"parallelism":{"type":"number","description":"Specifies the maximum desired number of tasks the execution should run at given time. Must be \u003c= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.","description_kind":"plain","optional":true,"computed":true},"task_count":{"type":"number","description":"Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/","description_kind":"plain","optional":true,"computed":true}},"block_types":{"template":{"nesting_mode":"list","block":{"attributes":{"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The execution environment being used to host this Task. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true,"computed":true},"max_retries":{"type":"number","description":"Number of retries allowed per Task, before marking this Task failed.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"timeout":{"type":"string","description":"Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Literal value of the environment variable. Defaults to \"\" and the maximum allowed length is 32768 characters. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the single container that defines the unit of execution for this task.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["list","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"empty_dir":{"nesting_mode":"list","block":{"attributes":{"medium":{"type":"string","description":"The different types of medium supported for EmptyDir. Default value: \"MEMORY\" Possible values: [\"MEMORY\"]","description_kind":"plain","optional":true},"size_limit":{"type":"string","description":"Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.","description_kind":"plain","optional":true}},"description":"Ephemeral storage used as a shared volume.","description_kind":"plain"},"max_items":1},"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Name of the cloud storage bucket to back the volume. The resource service account must have permission to access the bucket.","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount this volume as read-only in all mounts. If false, mount this volume as read-write.","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket mounted as a volume using GCSFuse.","description_kind":"plain"},"max_items":1},"nfs":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path that is exported by the NFS server.","description_kind":"plain","optional":true},"read_only":{"type":"bool","description":"If true, mount this volume as read-only in all mounts.","description_kind":"plain","optional":true},"server":{"type":"string","description":"Hostname or IP address of the NFS server.","description_kind":"plain","required":true}},"description":"NFS share mounted as a volume.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run job.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"Describes the task(s) that will be created when executing an execution","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The template used to create executions for this Job.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the service. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the service,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the service will fail.\nWhen the field is set to false, deleting the service is allowed.","description_kind":"plain","optional":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permanently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","optional":true,"computed":true},"invoker_iam_disabled":{"type":"bool","description":"Disables IAM permission check for run.routes.invoke for callers of this service. This feature is available by invitation only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true},"urls":{"type":["list","string"],"description":"All URLs serving traffic for this Service.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"scaling":{"nesting_mode":"list","block":{"attributes":{"min_instance_count":{"type":"number","description":"Minimum number of instances for the service, to be divided among all revisions receiving traffic.","description_kind":"plain","optional":true}},"description":"Scaling settings that apply to the whole service","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 RevisionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The sandbox environment to host this Revision. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc.\nFor more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 RevisionTemplate.","description_kind":"plain","optional":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of requests that each serving instance can receive.\nIf not specified or 0, defaults to 80 when requested CPU \u003e= 1 and defaults to 1 when requested CPU \u003c 1.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"session_affinity":{"type":"bool","description":"Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Max allowed time for an instance to respond to a request.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"depends_on":{"type":["list","string"],"description":"Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy.","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and may not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Literal value of the environment variable. Defaults to \"\" and the maximum allowed length is 32768 characters. Variable references are not supported in Cloud Run.","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","optional":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the exposed port of the container, which\nis the value of container.ports[0].containerPort.","description_kind":"plain","required":true}},"description":"TCPSocketAction describes an action based on opening a socket","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true,"computed":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu_idle":{"type":"bool","description":"Determines whether CPU is only allocated during requests. True by default if the parent 'resources' field is not set. However, if\n'resources' is set, this field must be explicitly set to true to preserve the default behavior.","description_kind":"plain","optional":true},"limits":{"type":["map","string"],"description":"Only memory, CPU, and nvidia.com/gpu are supported. Use key 'cpu' for CPU limit, 'memory' for memory limit, 'nvidia.com/gpu' for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"startup_cpu_boost":{"type":"bool","description":"Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.","description_kind":"plain","optional":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the containers that define the unit of execution for this Service.","description_kind":"plain"}},"scaling":{"nesting_mode":"list","block":{"attributes":{"max_instance_count":{"type":"number","description":"Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate\na default value based on the project's available container instances quota in the region and specified instance size.","description_kind":"plain","optional":true},"min_instance_count":{"type":"number","description":"Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count.","description_kind":"plain","optional":true}},"description":"Scaling settings for this Revision.","description_kind":"plain"},"max_items":1},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["set","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"empty_dir":{"nesting_mode":"list","block":{"attributes":{"medium":{"type":"string","description":"The different types of medium supported for EmptyDir. Default value: \"MEMORY\" Possible values: [\"MEMORY\"]","description_kind":"plain","optional":true},"size_limit":{"type":"string","description":"Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.","description_kind":"plain","optional":true}},"description":"Ephemeral storage used as a shared volume.","description_kind":"plain"},"max_items":1},"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"GCS Bucket name","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the GCS bucket as read-only","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment.","description_kind":"plain"},"max_items":1},"nfs":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path that is exported by the NFS server.","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the NFS volume as read only","description_kind":"plain","optional":true},"server":{"type":"string","description":"Hostname or IP address of the NFS server","description_kind":"plain","required":true}},"description":"Represents an NFS mount.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","optional":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run service.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"The template used to create revisions for this Service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"percent":{"type":"number","description":"Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"Revision to which to send this portion of traffic, if traffic allocation is by revision.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Indicates a string to be part of the URI to exclusively reference this target.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The allocation type for this traffic target. Possible values: [\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\", \"TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION\"]","description_kind":"plain","optional":true}},"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_scheduler_job":{"version":0,"block":{"attributes":{"attempt_deadline":{"type":"string","description":"The deadline for job attempts. If the request handler does not respond by this deadline then the request is\ncancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in\nexecution logs. Cloud Scheduler will retry the job according to the RetryConfig.\nThe allowed duration for this deadline is:\n* For HTTP targets, between 15 seconds and 30 minutes.\n* For App Engine HTTP targets, between 15 seconds and 24 hours.\n* **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human-readable description for the job.\nThis string must not contain more than 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the job.","description_kind":"plain","required":true},"paused":{"type":"bool","description":"Sets the job to a paused state. Jobs default to being enabled when this property is not set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the scheduler job resides. If it is not provided, Terraform will use the provider default.","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Describes the schedule on which the job will be executed.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the job.","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting schedule.\nThe value of this field must be a time zone name from the tz database.","description_kind":"plain","optional":true}},"block_types":{"app_engine_http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST or PUT.\nIt will result in invalid argument error to set a body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"HTTP request headers.\nThis map contains the header field names and values.\nHeaders can be set when the job is created.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"relative_uri":{"type":"string","description":"The relative URI.\nThe relative URL must begin with \"/\" and must be a valid HTTP relative URL.\nIt can contain a path, query string arguments, and \\# fragments.\nIf the relative URL is empty, then the root path \"/\" will be used.\nNo spaces are allowed, and the maximum length allowed is 2083 characters","description_kind":"plain","required":true}},"block_types":{"app_engine_routing":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"App instance.\nBy default, the job is sent to an instance which is available when the job is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\nBy default, the job is sent to the service which is the default service when the job is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\nBy default, the job is sent to the version which is the default version when the job is attempted.","description_kind":"plain","optional":true}},"description":"App Engine Routing setting for the job.","description_kind":"plain"},"max_items":1}},"description":"App Engine HTTP target.\nIf the job providers a App Engine HTTP target the cron will\nsend a request to the service instance","description_kind":"plain"},"max_items":1},"http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST, PUT, or PATCH.\nIt is an error to set body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"This map contains the header field names and values.\nRepeated headers are not supported, but a header value can contain commas.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The full URI path that the request will be sent to.","description_kind":"plain","required":true}},"block_types":{"oauth_token":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"OAuth scope to be used for generating OAuth access token. If not specified,\n\"https://www.googleapis.com/auth/cloud-platform\" will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OAuth token.\nThis type of authorization should be used when sending requests to a GCP endpoint.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. If not specified,\nthe URI specified in target will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OpenID Connect token.\nThis type of authorization should be used when sending requests to third party endpoints or Cloud Run.","description_kind":"plain"},"max_items":1}},"description":"HTTP target.\nIf the job providers a http_target the cron will\nsend a request to the targeted url","description_kind":"plain"},"max_items":1},"pubsub_target":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Attributes for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.","description_kind":"plain","optional":true},"data":{"type":"string","description":"The message payload for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.\n\n A base64-encoded string.","description_kind":"plain","optional":true},"topic_name":{"type":"string","description":"The full resource name for the Cloud Pub/Sub topic to which\nmessages will be published when a job is delivered. ~\u003e**NOTE:**\nThe topic name must be in the same format as required by PubSub's\nPublishRequest.name, e.g. 'projects/my-project/topics/my-topic'.","description_kind":"plain","required":true}},"description":"Pub/Sub target\nIf the job providers a Pub/Sub target the cron will publish\na message to the provided topic","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_backoff_duration":{"type":"string","description":"The maximum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\nA job's retry interval starts at minBackoffDuration,\nthen doubles maxDoublings times, then increases linearly,\nand finally retries retries at intervals of maxBackoffDuration up to retryCount times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"The time limit for retrying a failed job, measured from time when an execution was first attempted.\nIf specified with retryCount, the job will be retried until both limits are reached.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"min_backoff_duration":{"type":"string","description":"The minimum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"retry_count":{"type":"number","description":"The number of attempts that the system will make to run a\njob using the exponential backoff procedure described by maxDoublings.\nValues greater than 5 and negative values are not allowed.","description_kind":"plain","optional":true,"computed":true}},"description":"By default, if a job does not complete successfully,\nmeaning that an acknowledgement is not received from the handler,\nthen it will be retried with exponential backoff according to the settings","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the queue","description_kind":"plain","required":true},"name":{"type":"string","description":"The queue name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"app_engine_routing_override":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The host that the task is sent to.","description_kind":"plain","computed":true},"instance":{"type":"string","description":"App instance.\n\nBy default, the task is sent to an instance which is available when the task is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\n\nBy default, the task is sent to the service which is the default service when the task is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\n\nBy default, the task is sent to the version which is the default version when the task is attempted.","description_kind":"plain","optional":true}},"description":"Overrides for task-level appEngineRouting. These settings apply only\nto App Engine tasks in this queue","description_kind":"plain"},"max_items":1},"http_target":{"nesting_mode":"list","block":{"attributes":{"http_method":{"type":"string","description":"The HTTP method to use for the request.\n\nWhen specified, it overrides HttpRequest for the task.\nNote that if the value is set to GET the body of the task will be ignored at execution time. Possible values: [\"HTTP_METHOD_UNSPECIFIED\", \"POST\", \"GET\", \"HEAD\", \"PUT\", \"DELETE\", \"PATCH\", \"OPTIONS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"header_overrides":{"nesting_mode":"list","block":{"block_types":{"header":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The Key of the header.","description_kind":"plain","required":true},"value":{"type":"string","description":"The Value of the header.","description_kind":"plain","required":true}},"description":"Header embodying a key and a value.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"HTTP target headers.\n\nThis map contains the header field names and values.\nHeaders will be set when running the CreateTask and/or BufferTask.\n\nThese headers represent a subset of the headers that will be configured for the task's HTTP request.\nSome HTTP request headers will be ignored or replaced.\n\nHeaders which can have multiple values (according to RFC2616) can be specified using comma-separated values.\n\nThe size of the headers must be less than 80KB. Queue-level headers to override headers of all the tasks in the queue.","description_kind":"plain"}},"oauth_token":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"OAuth scope to be used for generating OAuth access token.\nIf not specified, \"https://www.googleapis.com/auth/cloud-platform\" will be used.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the queue.\nThe caller must have iam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, an OAuth token is generated and attached as the Authorization header in the HTTP request.\n\nThis type of authorization should generally be used only when calling Google APIs hosted on *.googleapis.com.\nNote that both the service account email and the scope MUST be specified when using the queue-level authorization override.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OIDC token.\nThe service account must be within the same project as the queue.\nThe caller must have iam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, an OIDC token is generated and attached as an Authorization header in the HTTP request.\n\nThis type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself.\nNote that both the service account email and the audience MUST be specified when using the queue-level authorization override.","description_kind":"plain"},"max_items":1},"uri_override":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Host override.\n\nWhen specified, replaces the host part of the task URL.\nFor example, if the task URL is \"https://www.google.com\", and host value\nis set to \"example.net\", the overridden URI will be changed to \"https://example.net\".\nHost value cannot be an empty string (INVALID_ARGUMENT).","description_kind":"plain","optional":true},"port":{"type":"string","description":"Port override.\n\nWhen specified, replaces the port part of the task URI.\nFor instance, for a URI http://www.google.com/foo and port=123, the overridden URI becomes http://www.google.com:123/foo.\nNote that the port value must be a positive integer.\nSetting the port to 0 (Zero) clears the URI port.","description_kind":"plain","optional":true},"scheme":{"type":"string","description":"Scheme override.\n\nWhen specified, the task URI scheme is replaced by the provided value (HTTP or HTTPS). Possible values: [\"HTTP\", \"HTTPS\"]","description_kind":"plain","optional":true,"computed":true},"uri_override_enforce_mode":{"type":"string","description":"URI Override Enforce Mode\n\nWhen specified, determines the Target UriOverride mode. If not specified, it defaults to ALWAYS. Possible values: [\"ALWAYS\", \"IF_NOT_EXISTS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"path_override":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The URI path (e.g., /users/1234). Default is an empty string.","description_kind":"plain","optional":true,"computed":true}},"description":"URI path.\n\nWhen specified, replaces the existing path of the task URL.\nSetting the path value to an empty string clears the URI path segment.","description_kind":"plain"},"max_items":1},"query_override":{"nesting_mode":"list","block":{"attributes":{"query_params":{"type":"string","description":"The query parameters (e.g., qparam1=123\u0026qparam2=456). Default is an empty string.","description_kind":"plain","optional":true,"computed":true}},"description":"URI query.\n\nWhen specified, replaces the query part of the task URI. Setting the query value to an empty string clears the URI query segment.","description_kind":"plain"},"max_items":1}},"description":"URI override.\n\nWhen specified, overrides the execution URI for all the tasks in the queue.","description_kind":"plain"},"max_items":1}},"description":"Modifies HTTP target for HTTP tasks.","description_kind":"plain"},"max_items":1},"rate_limits":{"nesting_mode":"list","block":{"attributes":{"max_burst_size":{"type":"number","description":"The max burst size.\n\nMax burst size limits how fast tasks in queue are processed when many tasks are\nin the queue and the rate is high. This field allows the queue to have a high\nrate so processing starts shortly after a task is enqueued, but still limits\nresource usage when many tasks are enqueued in a short period of time.","description_kind":"plain","computed":true},"max_concurrent_dispatches":{"type":"number","description":"The maximum number of concurrent tasks that Cloud Tasks allows to\nbe dispatched for this queue. After this threshold has been\nreached, Cloud Tasks stops dispatching tasks until the number of\nconcurrent requests decreases.","description_kind":"plain","optional":true,"computed":true},"max_dispatches_per_second":{"type":"number","description":"The maximum rate at which tasks are dispatched from this queue.\n\nIf unspecified when the queue is created, Cloud Tasks will pick the default.","description_kind":"plain","optional":true,"computed":true}},"description":"Rate limits for task dispatches.\n\nThe queue's actual dispatch rate is the result of:\n\n* Number of tasks in the queue\n* User-specified throttling: rateLimits, retryConfig, and the queue's state.\n* System throttling due to 429 (Too Many Requests) or 503 (Service\n Unavailable) responses from the worker, high error rates, or to\n smooth sudden large traffic spikes.","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_attempts":{"type":"number","description":"Number of attempts per task.\n\nCloud Tasks will attempt the task maxAttempts times (that is, if\nthe first attempt fails, then there will be maxAttempts - 1\nretries). Must be \u003e= -1.\n\nIf unspecified when the queue is created, Cloud Tasks will pick\nthe default.\n\n-1 indicates unlimited attempts.","description_kind":"plain","optional":true,"computed":true},"max_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\n\nA task's retry interval starts at minBackoff, then doubles maxDoublings times,\nthen increases linearly, and finally retries retries at intervals of maxBackoff\nup to maxAttempts times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"If positive, maxRetryDuration specifies the time limit for\nretrying a failed task, measured from when the task was first\nattempted. Once maxRetryDuration time has passed and the task has\nbeen attempted maxAttempts times, no further attempts will be\nmade and the task will be deleted.\n\nIf zero, then the task age is unlimited.","description_kind":"plain","optional":true,"computed":true},"min_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings that determine the retry behavior.","description_kind":"plain"},"max_items":1},"stackdriver_logging_config":{"nesting_mode":"list","block":{"attributes":{"sampling_ratio":{"type":"number","description":"Specifies the fraction of operations to write to Stackdriver Logging.\nThis field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the\ndefault and means that no operations are logged.","description_kind":"plain","required":true}},"description":"Configuration options for writing logs to Stackdriver Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_bitbucket_server_config":{"version":0,"block":{"attributes":{"api_key":{"type":"string","description":"Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true},"config_id":{"type":"string","description":"The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name.","description_kind":"plain","required":true},"host_uri":{"type":"string","description":"Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed.\nIf you need to change it, please create another BitbucketServerConfig.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of this bitbucket server config.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the config.","description_kind":"plain","computed":true},"peered_network":{"type":"string","description":"The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection.\nThis should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty,\nno network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format\nprojects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username of the account Cloud Build will use on Bitbucket Server.","description_kind":"plain","required":true},"webhook_key":{"type":"string","description":"Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config.","description_kind":"plain","computed":true}},"block_types":{"connected_repositories":{"nesting_mode":"set","block":{"attributes":{"project_key":{"type":"string","description":"Identifier for the project storing the repository.","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Identifier for the repository.","description_kind":"plain","required":true}},"description":"Connected Bitbucket Server repositories for this config.","description_kind":"plain"}},"secrets":{"nesting_mode":"list","block":{"attributes":{"admin_access_token_version_name":{"type":"string","description":"The resource name for the admin access token's secret version.","description_kind":"plain","required":true},"read_access_token_version_name":{"type":"string","description":"The resource name for the read access token's secret version.","description_kind":"plain","required":true},"webhook_secret_version_name":{"type":"string","description":"Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true}},"description":"Secret Manager secrets needed by the config.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","optional":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","optional":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","optional":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","computed":true}},"block_types":{"approval_config":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether or not approval is needed. If this is set on a build, it will become pending when run,\nand will need to be explicitly approved to start.","description_kind":"plain","optional":true}},"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain"},"max_items":1},"bitbucket_server_trigger_config":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config_resource":{"type":"string","description":"The Bitbucket server config resource that this trigger config maps to.","description_kind":"plain","required":true},"project_key":{"type":"string","description":"Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is \"TEST\".","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL.\nFor example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo.","description_kind":"plain","required":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Filter to match changes in pull requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the gitRef regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"Filter to match changes in refs like branches, tags.","description_kind":"plain"},"max_items":1}},"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain"},"max_items":1},"build":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\nThe images are pushed using the builder service account's credentials.\nThe digests of the pushed images will be stored in the Build resource's results field.\nIf any of the images fail to be pushed, the build status is marked FAILURE.","description_kind":"plain","optional":true},"logs_bucket":{"type":"string","description":"Google Cloud Storage bucket where logs should be written.\nLogs file names will be of the format ${logsBucket}/log-${build_id}.txt.","description_kind":"plain","optional":true},"queue_ttl":{"type":"string","description":"TTL in queue for this build. If provided and the build is enqueued longer than this value,\nthe build will expire and the build status will be EXPIRED.\nThe TTL starts ticking from createTime.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a Build. These are not docker tags.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Amount of time that this build should be allowed to run, to second granularity.\nIf this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.\nThis timeout must be equal to or greater than the sum of the timeouts for build steps within the build.\nThe expected format is the number of seconds followed by s.\nDefault time is ten minutes (600s).","description_kind":"plain","optional":true}},"block_types":{"artifacts":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\n\nThe images will be pushed using the builder service account's credentials.\n\nThe digests of the pushed images will be stored in the Build resource's results field.\n\nIf any of the images fail to be pushed, the build is marked FAILURE.","description_kind":"plain","optional":true}},"block_types":{"maven_artifacts":{"nesting_mode":"list","block":{"attributes":{"artifact_id":{"type":"string","description":"Maven artifactId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"Maven groupId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY\"\n\nArtifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Maven version value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true}},"description":"A Maven artifact to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"npm_packages":{"nesting_mode":"list","block":{"attributes":{"package_path":{"type":"string","description":"Path to the package.json. e.g. workspace/path/to/package","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY\"\n\nNpm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Npm package to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"objects":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\".\n\nFiles in the workspace matching any path pattern will be uploaded to Cloud Storage with\nthis location as a prefix.","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace.","description_kind":"plain","optional":true},"timing":{"type":["list",["object",{"end_time":"string","start_time":"string"}]],"description":"Output only. Stores timing information for pushing all artifact objects.","description_kind":"plain","computed":true}},"description":"A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.\n\nFiles in the workspace matching specified paths globs will be uploaded to the\nCloud Storage location using the builder service account's credentials.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"},"max_items":1},"python_packages":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY\"\n\nFiles in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}}},"description":"Artifacts produced by the build that should be uploaded upon successful completion of all build steps.","description_kind":"plain"},"max_items":1},"available_secrets":{"nesting_mode":"list","block":{"block_types":{"secret_manager":{"nesting_mode":"list","block":{"attributes":{"env":{"type":"string","description":"Environment variable name to associate with the secret. Secret environment\nvariables must be unique across all of a build's secrets, and must be used\nby at least one build step.","description_kind":"plain","required":true},"version_name":{"type":"string","description":"Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*","description_kind":"plain","required":true}},"description":"Pairs a secret environment variable with a SecretVersion in Secret Manager.","description_kind":"plain"},"min_items":1}},"description":"Secrets and secret environment variables.","description_kind":"plain"},"max_items":1},"options":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Requested disk size for the VM that runs the build. Note that this is NOT \"disk free\";\nsome of the space will be used by the operating system and build utilities.\nAlso note that this is the minimum disk size that will be allocated for the build --\nthe build may run with a larger disk than requested. At present, the maximum disk size\nis 1000GB; builds that request more than the maximum are rejected with an error.","description_kind":"plain","optional":true},"dynamic_substitutions":{"type":"bool","description":"Option to specify whether or not to apply bash style string operations to the substitutions.\n\nNOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file.","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of global environment variable definitions that will exist for all build steps\nin this build. If a variable is defined in both globally and in a build step,\nthe variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"log_streaming_option":{"type":"string","description":"Option to define build log streaming behavior to Google Cloud Storage. Possible values: [\"STREAM_DEFAULT\", \"STREAM_ON\", \"STREAM_OFF\"]","description_kind":"plain","optional":true},"logging":{"type":"string","description":"Option to specify the logging mode, which determines if and where build logs are stored. Possible values: [\"LOGGING_UNSPECIFIED\", \"LEGACY\", \"GCS_ONLY\", \"STACKDRIVER_ONLY\", \"CLOUD_LOGGING_ONLY\", \"NONE\"]","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Compute Engine machine type on which to run the build.","description_kind":"plain","optional":true},"requested_verify_option":{"type":"string","description":"Requested verifiability options. Possible values: [\"NOT_VERIFIED\", \"VERIFIED\"]","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of global environment variables, which are encrypted using a Cloud Key Management\nService crypto key. These values must be specified in the build's Secret. These variables\nwill be available to all build steps in this build.","description_kind":"plain","optional":true},"source_provenance_hash":{"type":["list","string"],"description":"Requested hash for SourceProvenance. Possible values: [\"NONE\", \"SHA256\", \"MD5\"]","description_kind":"plain","optional":true},"substitution_option":{"type":"string","description":"Option to specify behavior when there is an error in the substitution checks.\n\nNOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden\nin the build configuration file. Possible values: [\"MUST_MATCH\", \"ALLOW_LOOSE\"]","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool}\n\nThis field is experimental.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for Docker volumes.\nEach named volume must be used by at least two build steps.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on the same\nbuild step or with certain reserved volume paths.","description_kind":"plain","optional":true}},"description":"Global list of volumes to mount for ALL build steps\n\nEach volume is created as an empty volume prior to starting the build process.\nUpon completion of the build, volumes and their contents are discarded. Global\nvolume names and paths cannot conflict with the volumes defined a build step.\n\nUsing a global volume in a build with only one step is not valid as it is indicative\nof a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"Special options for this build.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Cloud KMS key name to use to decrypt these envs.","description_kind":"plain","required":true},"secret_env":{"type":["map","string"],"description":"Map of environment variable name to its encrypted value.\nSecret environment variables must be unique across all of a build's secrets,\nand must be used by at least one build step. Values can be at most 64 KB in size.\nThere can be at most 100 secret values across all of a build's secrets.","description_kind":"plain","optional":true}},"description":"Secrets to decrypt using Cloud Key Management Service.","description_kind":"plain"}},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\nThis must be a relative path. If a step's dir is specified and is an absolute path,\nthis value is ignored for that step's execution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository.\nIf omitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","required":true},"substitutions":{"type":["map","string"],"description":"Substitutions to use in a triggered build. Should only be used with triggers.run","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Location of the source in a Google Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source.","description_kind":"plain","required":true},"generation":{"type":"string","description":"Google Cloud Storage generation for the object.\nIf the generation is omitted, the latest generation will be used","description_kind":"plain","optional":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.\nThis object must be a gzipped archive file (.tar.gz) containing source to build.","description_kind":"plain","required":true}},"description":"Location of the source in an archive file in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the source files to build.\n\nOne of 'storageSource' or 'repoSource' must be provided.","description_kind":"plain"},"max_items":1},"step":{"nesting_mode":"list","block":{"attributes":{"allow_exit_codes":{"type":["list","number"],"description":"Allow this build step to fail without failing the entire build if and\nonly if the exit code is one of the specified codes.\n\nIf 'allowFailure' is also specified, this field will take precedence.","description_kind":"plain","optional":true},"allow_failure":{"type":"bool","description":"Allow this build step to fail without failing the entire build.\nIf false, the entire build will fail if this step fails. Otherwise, the\nbuild will succeed, but this step will still have a failure status.\nError information will be reported in the 'failureDetail' field.\n\n'allowExitCodes' takes precedence over this field.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"A list of arguments that will be presented to the step when it is started.\n\nIf the image used to run the step's container has an entrypoint, the args\nare used as arguments to that entrypoint. If the image does not define an\nentrypoint, the first element in args is used as the entrypoint, and the\nremainder will be used as arguments.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Working directory to use when running this step's container.\n\nIf this value is a relative path, it is relative to the build's working\ndirectory. If this value is absolute, it may be outside the build's working\ndirectory, in which case the contents of the path may not be persisted\nacross build step executions, unless a 'volume' for that path is specified.\n\nIf the build specifies a 'RepoSource' with 'dir' and a step with a\n'dir',\nwhich specifies an absolute path, the 'RepoSource' 'dir' is ignored\nfor the step's execution.","description_kind":"plain","optional":true},"entrypoint":{"type":"string","description":"Entrypoint to be used instead of the build step image's\ndefault entrypoint.\nIf unset, the image's default entrypoint is used","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of environment variable definitions to be used when\nrunning a step.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable\n\"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"id":{"type":"string","description":"Unique identifier for this build step, used in 'wait_for' to\nreference this build step as a dependency.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the container image that will run this particular build step.\n\nIf the image is available in the host's Docker daemon's cache, it will be\nrun directly. If not, the host will attempt to pull the image first, using\nthe builder service account's credentials if necessary.\n\nThe Docker daemon's cache will already have the latest versions of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders\nfor images and examples).\nThe Docker daemon will also have cached many of the layers for some popular\nimages, like \"ubuntu\", \"debian\", but they will be refreshed at the time\nyou attempt to use them.\n\nIf you built an image in a previous build step, it will be stored in the\nhost's Docker daemon's cache and is available to use as the name for a\nlater build step.","description_kind":"plain","required":true},"script":{"type":"string","description":"A shell script to be executed in the step.\nWhen script is provided, the user cannot specify the entrypoint or args.","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of environment variables which are encrypted using\na Cloud Key\nManagement Service crypto key. These values must be specified in\nthe build's 'Secret'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time limit for executing this build step. If not defined,\nthe step has no\ntime limit and will be allowed to continue to run until either it\ncompletes or the build itself times out.","description_kind":"plain","optional":true},"timing":{"type":"string","description":"Output only. Stores timing information for executing this\nbuild step.","description_kind":"plain","optional":true},"wait_for":{"type":["list","string"],"description":"The ID(s) of the step(s) that this build step depends on.\n\nThis build step will not start until all the build steps in 'wait_for'\nhave completed successfully. If 'wait_for' is empty, this build step\nwill start when all previous build steps in the 'Build.Steps' list\nhave completed successfully.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for\nDocker volumes. Each named volume must be used by at least two build steps.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on\nthe same build step or with certain reserved volume paths.","description_kind":"plain","required":true}},"description":"List of volumes to mount into the build step.\n\nEach volume is created as an empty volume prior to execution of the\nbuild step. Upon completion of the build, volumes and their contents\nare discarded.\n\nUsing a named volume in only one step is not valid as it is\nindicative of a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"The operations to be performed on the workspace.","description_kind":"plain"},"min_items":1}},"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain"},"max_items":1},"git_file_source":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the file, with the repo root as the root of the path.","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.\nIf unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true},"revision":{"type":"string","description":"The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the\nfilename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions\nIf unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo (optional). If unspecified, the repo from which the trigger\ninvocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true}},"description":"The file source describing the local or remote Build template.","description_kind":"plain"},"max_items":1},"github":{"nesting_mode":"list","block":{"attributes":{"enterprise_config_resource_name":{"type":"string","description":"The resource name of the github enterprise config that should be applied to this installation.\nFor example: \"projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}\"","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the repository. For example: The name for\nhttps://github.com/googlecloudplatform/cloud-builders is \"cloud-builders\".","description_kind":"plain","optional":true},"owner":{"type":"string","description":"Owner of the repository. For example: The owner for\nhttps://github.com/googlecloudplatform/cloud-builders is \"googlecloudplatform\".","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Whether to block builds on a \"/gcbrun\" comment from a repository owner or collaborator. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1}},"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain"},"max_items":1},"pubsub_config":{"nesting_mode":"list","block":{"attributes":{"service_account_email":{"type":"string","description":"Service account that will make the push request.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true},"subscription":{"type":"string","description":"Output only. Name of the subscription.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The name of the topic from which this subscription is receiving messages.","description_kind":"plain","required":true}},"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"repository_event_config":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The resource name of the Repo API resource.","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment '/gcbrun'. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching Pull Requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching git pushes.","description_kind":"plain"},"max_items":1}},"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain"},"max_items":1},"source_to_build":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"The branch or tag to use. Must start with \"refs/\" (required).","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The qualified resource name of the Repo API repository.\nEither uri or repository can be specified and is required.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo.","description_kind":"plain","optional":true}},"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_template":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\n\nThis must be a relative path. If a step's dir is specified and\nis an absolute path, this value is ignored for that step's\nexecution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If\nomitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true,"computed":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository. If omitted, the name \"default\" is assumed.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true}},"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"webhook_config":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"Resource name for the secret required as a URL parameter.","description_kind":"plain","required":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true}},"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuild_worker_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User specified annotations. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the request to create the `WorkerPool` was received.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Time at which the request to delete the `WorkerPool` was received.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-specified, human-readable name for the `WorkerPool`. If provided, this value must be 1-63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"User-defined name of the `WorkerPool`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. `WorkerPool` state. Possible values: STATE_UNSPECIFIED, PENDING, APPROVED, REJECTED, CANCELLED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A unique identifier for the `WorkerPool`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the request to update the `WorkerPool` was received.","description_kind":"plain","computed":true}},"block_types":{"network_config":{"nesting_mode":"list","block":{"attributes":{"peered_network":{"type":"string","description":"Required. Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See [Understanding network configuration options](https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)","description_kind":"plain","required":true},"peered_network_ip_range":{"type":"string","description":"Optional. Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.","description_kind":"plain","optional":true}},"description":"Network configuration for the `WorkerPool`.","description_kind":"plain"},"max_items":1},"private_service_connect":{"nesting_mode":"list","block":{"attributes":{"network_attachment":{"type":"string","description":"Required. Immutable. The network attachment that the worker network interface is connected to. Must be in the format `projects/{project}/regions/{region}/networkAttachments/{networkAttachment}`. The region of network attachment must be the same as the worker pool. See [Network Attachments](https://cloud.google.com/vpc/docs/about-network-attachments)","description_kind":"plain","required":true},"route_all_traffic":{"type":"bool","description":"Immutable. Route all traffic through PSC interface. Enable this if you want full control of traffic in the private pool. Configure Cloud NAT for the subnet of network attachment if you need to access public Internet. If false, Only route private IPs, e.g. 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 through PSC interface.","description_kind":"plain","optional":true}},"description":"Private Service Connect configuration for the pool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Size of the disk attached to the worker, in GB. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If `0` is specified, Cloud Build will use a standard disk size.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of a worker, such as `n1-standard-1`. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use `n1-standard-1`.","description_kind":"plain","optional":true},"no_external_ip":{"type":"bool","description":"If true, workers are created without any public address, which prevents network egress to public IPs.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration to be used for a creating workers in the `WorkerPool`.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"installation_state":{"type":["list",["object",{"action_uri":"string","message":"string","stage":"string"}]],"description":"Output only. Installation state of the Connection.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the connection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the background.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"bitbucket_cloud_config":{"nesting_mode":"list","block":{"attributes":{"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"workspace":{"type":"string","description":"The Bitbucket Cloud Workspace ID to be connected to Google Cloud Platform.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. An access token with the 'webhook', 'repository', 'repository:admin' and 'pullrequest' scope access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate these credentials.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. An access token with the 'repository' access. It can be either a workspace, project or repository access token. It's recommended to use a system account to generate the credentials.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for connections to Bitbucket Cloud.","description_kind":"plain"},"max_items":1},"bitbucket_data_center_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the Bitbucket Data Center host this connection is for.","description_kind":"plain","required":true},"server_version":{"type":"string","description":"Output only. Version of the Bitbucket Data Center running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to the Bitbucket Data Center.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret used to verify webhook events, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A http access token with the 'REPO_ADMIN' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A http access token with the 'REPO_READ' access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a Bitbucket Data Center. This should only be set if the Bitbucket Data Center is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the Bitbucket Data Center will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to Bitbucket Data Center.","description_kind":"plain"},"max_items":1},"github_config":{"nesting_mode":"list","block":{"attributes":{"app_installation_id":{"type":"number","description":"GitHub App installation id.","description_kind":"plain","optional":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"oauth_token_secret_version":{"type":"string","description":"A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to github.com.","description_kind":"plain"},"max_items":1},"github_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"app_id":{"type":"number","description":"Id of the GitHub App created from the manifest.","description_kind":"plain","optional":true},"app_installation_id":{"type":"number","description":"ID of the installation of the GitHub App.","description_kind":"plain","optional":true},"app_slug":{"type":"string","description":"The URL-friendly name of the GitHub App.","description_kind":"plain","optional":true},"host_uri":{"type":"string","description":"Required. The URI of the GitHub Enterprise host this connection is for.","description_kind":"plain","required":true},"private_key_secret_version":{"type":"string","description":"SecretManager resource containing the private key of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitHub Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"SecretManager resource containing the webhook secret of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true}},"block_types":{"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitHub Enterprise.","description_kind":"plain"},"max_items":1},"gitlab_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.","description_kind":"plain","optional":true,"computed":true},"server_version":{"type":"string","description":"Output only. Version of the GitLab Enterprise server running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitLab Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the 'api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the minimum 'read_api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to gitlab.com or an instance of GitLab Enterprise.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_repository":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the repository.","description_kind":"plain","required":true},"parent_connection":{"type":"string","description":"The connection for the resource","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remote_uri":{"type":"string","description":"Required. Git Clone HTTPS URI.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_automation":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. Annotations must meet the following constraints: * Annotations are key/value pairs. * Valid annotation keys have two segments: an optional prefix and name, separated by a slash ('/'). * The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character ('[a-z0-9A-Z]') with dashes ('-'), underscores ('_'), dots ('.'), and alphanumerics between. * The prefix is optional. If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots('.'), not longer than 253 characters in total, followed by a slash ('/'). See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set for more details.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"delivery_pipeline":{"type":"string","description":"The delivery_pipeline for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the 'Automation'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The weak etag of the 'Automation' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 63 characters.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'Automation'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Required. Email address of the user-managed IAM service account that creates Cloud Deploy release and rollout resources.","description_kind":"plain","required":true},"suspended":{"type":"bool","description":"Optional. When Suspended, automation is deactivated from execution.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the 'Automation'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"block_types":{"advance_rollout_rule":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"source_phases":{"type":["list","string"],"description":"Optional. Proceeds only after phase name matched any one in the list. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: '^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$'.","description_kind":"plain","optional":true},"wait":{"type":"string","description":"Optional. How long to wait after a rollout is finished.","description_kind":"plain","optional":true}},"description":"Optional. The 'AdvanceRolloutRule' will automatically advance a successful Rollout.","description_kind":"plain"},"max_items":1},"promote_release_rule":{"nesting_mode":"list","block":{"attributes":{"destination_phase":{"type":"string","description":"Optional. The starting phase of the rollout created by this operation. Default to the first phase.","description_kind":"plain","optional":true},"destination_target_id":{"type":"string","description":"Optional. The ID of the stage in the pipeline to which this 'Release' is deploying. If unspecified, default it to the next stage in the promotion flow. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine if the target is one of the stages in the promotion sequence defined in the pipeline. * \"@next\", the next target in the promotion sequence.","description_kind":"plain","optional":true},"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"wait":{"type":"string","description":"Optional. How long the release need to be paused until being promoted to the next target.","description_kind":"plain","optional":true}},"description":"Optional. 'PromoteReleaseRule' will automatically promote a release from the current target to a specified target.","description_kind":"plain"},"max_items":1}},"description":"Required. List of Automation rules associated with the Automation resource. Must have at least one rule and limited to 250 rules per Delivery Pipeline. Note: the order of the rules here is not the same as the order of execution.","description_kind":"plain"},"min_items":1},"selector":{"nesting_mode":"list","block":{"block_types":{"targets":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"ID of the 'Target'. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine which target is being referred to * \"*\", all targets in a location.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Target labels.","description_kind":"plain","optional":true,"computed":true}},"description":"Contains attributes about a target.","description_kind":"plain"},"min_items":1}},"description":"Required. Selected resources to which the automation will be applied.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time at which the 'CustomTargetType' was created.","description_kind":"plain","computed":true},"custom_target_type_id":{"type":"string","description":"Resource id of the 'CustomTargetType'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the 'CustomTargetType'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The weak etag of the 'CustomTargetType' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the source.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'CustomTargetType'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Unique identifier of the 'CustomTargetType'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time at which the 'CustomTargetType' was updated.","description_kind":"plain","computed":true}},"block_types":{"custom_actions":{"nesting_mode":"list","block":{"attributes":{"deploy_action":{"type":"string","description":"The Skaffold custom action responsible for deploy operations.","description_kind":"plain","required":true},"render_action":{"type":"string","description":"The Skaffold custom action responsible for render operations. If not provided then Cloud Deploy will perform the render operations via 'skaffold render'.","description_kind":"plain","optional":true}},"block_types":{"include_skaffold_modules":{"nesting_mode":"list","block":{"attributes":{"configs":{"type":["list","string"],"description":"The Skaffold Config modules to use from the specified source.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the repository root to the Skaffold file.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"Git ref the package should be cloned from.","description_kind":"plain","optional":true},"repo":{"type":"string","description":"Git repository the package should be cloned from.","description_kind":"plain","required":true}},"description":"Remote git repository containing the Skaffold Config modules.","description_kind":"plain"},"max_items":1},"google_cloud_build_repo":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the repository root to the Skaffold file.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"Branch or tag to use when cloning the repository.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Cloud Build 2nd gen repository in the format of 'projects/\u003cproject\u003e/locations/\u003clocation\u003e/connections/\u003cconnection\u003e/repositories/\u003crepository\u003e'.","description_kind":"plain","required":true}},"description":"Cloud Build 2nd gen repository containing the Skaffold Config modules.","description_kind":"plain"},"max_items":1},"google_cloud_storage":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the source to the Skaffold file.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Cloud Storage source paths to copy recursively. For example, providing 'gs://my-bucket/dir/configs/*' will result in Skaffold copying all files within the 'dir/configs' directory in the bucket 'my-bucket'.","description_kind":"plain","required":true}},"description":"Cloud Storage bucket containing Skaffold Config modules.","description_kind":"plain"},"max_items":1}},"description":"List of Skaffold modules Cloud Deploy will include in the Skaffold Config as required before performing diagnose.","description_kind":"plain"}}},"description":"Configures render and deploy for the 'CustomTargetType' using Skaffold custom actions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"condition":{"type":["list",["object",{"pipeline_ready_condition":["list",["object",{"status":"bool","update_time":"string"}]],"targets_present_condition":["list",["object",{"missing_targets":["list","string"],"status":"bool","update_time":"string"}]],"targets_type_condition":["list",["object",{"error_details":"string","status":"bool"}]]}]],"description":"Output only. Information around the state of the Delivery Pipeline.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Time at which the pipeline was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the `DeliveryPipeline`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `DeliveryPipeline`. Format is `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"suspended":{"type":"bool","description":"When suspended, no new releases or rollouts can be created, but in-progress ones will complete.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `DeliveryPipeline`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the pipeline was updated.","description_kind":"plain","computed":true}},"block_types":{"serial_pipeline":{"nesting_mode":"list","block":{"block_types":{"stages":{"nesting_mode":"list","block":{"attributes":{"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this stage's `Target`.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"The target_id to which this stage points. This field refers exclusively to the last segment of a target name. For example, this field would just be `my-target` (rather than `projects/project/locations/location/targets/my-target`). The location of the `Target` is inferred to be the same as the location of the `DeliveryPipeline` that contains this `Stage`.","description_kind":"plain","optional":true}},"block_types":{"deploy_parameters":{"nesting_mode":"list","block":{"attributes":{"match_target_labels":{"type":["map","string"],"description":"Optional. Deploy parameters are applied to targets with match labels. If unspecified, deploy parameters are applied to all targets (including child targets of a multi-target).","description_kind":"plain","optional":true},"values":{"type":["map","string"],"description":"Required. Values are deploy parameters in key-value pairs.","description_kind":"plain","required":true}},"description":"Optional. The deploy parameters to use for the target in this stage.","description_kind":"plain"}},"strategy":{"nesting_mode":"list","block":{"block_types":{"canary":{"nesting_mode":"list","block":{"block_types":{"canary_deployment":{"nesting_mode":"list","block":{"attributes":{"percentages":{"type":["list","number"],"description":"Required. The percentage based deployments that will occur as a part of a `Rollout`. List is expected in ascending order and each integer n is 0 \u003c= n \u003c 100.","description_kind":"plain","required":true},"verify":{"type":"bool","description":"Whether to run verify tests after each percentage deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of the last phase. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of the first phase. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Configures the progressive based deployment for a Target.","description_kind":"plain"},"max_items":1},"custom_canary_deployment":{"nesting_mode":"list","block":{"block_types":{"phase_configs":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"Required. Percentage deployment for the phase.","description_kind":"plain","required":true},"phase_id":{"type":"string","description":"Required. The ID to assign to the `Rollout` phase. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`.","description_kind":"plain","required":true},"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this phase. These are in addition to the profiles list specified in the `DeliveryPipeline` stage.","description_kind":"plain","optional":true},"verify":{"type":"bool","description":"Whether to run verify tests after the deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of this phase. If this is not configured, postdeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of this phase. If this is not configured, predeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1}},"description":"Required. Configuration for each phase in the canary deployment in the order executed.","description_kind":"plain"},"min_items":1}},"description":"Configures the progressive based deployment for a Target, but allows customizing at the phase level where a phase represents each of the percentage deployments.","description_kind":"plain"},"max_items":1},"runtime_config":{"nesting_mode":"list","block":{"block_types":{"cloud_run":{"nesting_mode":"list","block":{"attributes":{"automatic_traffic_control":{"type":"bool","description":"Whether Cloud Deploy should update the traffic stanza in a Cloud Run Service on the user's behalf to facilitate traffic splitting. This is required to be true for CanaryDeployments, but optional for CustomCanaryDeployments.","description_kind":"plain","optional":true},"canary_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the canary revision while the canary phase is in progress.","description_kind":"plain","optional":true},"prior_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the prior revision while the canary phase is in progress.","description_kind":"plain","optional":true},"stable_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the final stable revision when the stable phase is applied.","description_kind":"plain","optional":true}},"description":"Cloud Run runtime configuration.","description_kind":"plain"},"max_items":1},"kubernetes":{"nesting_mode":"list","block":{"block_types":{"gateway_service_mesh":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified HTTPRoute and Service.","description_kind":"plain","required":true},"http_route":{"type":"string","description":"Required. Name of the Gateway API HTTPRoute.","description_kind":"plain","required":true},"pod_selector_label":{"type":"string","description":"Optional. The label to use when selecting Pods for the Deployment and Service resources. This label must already be present in both resources.","description_kind":"plain","optional":true},"route_update_wait_time":{"type":"string","description":"Optional. The time to wait for route updates to propagate. The maximum configurable time is 3 hours, in seconds format. If unspecified, there is no wait time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true},"stable_cutback_duration":{"type":"string","description":"Optional. The amount of time to migrate traffic back from the canary Service to the original Service during the stable phase deployment. If specified, must be between 15s and 3600s. If unspecified, there is no cutback time.","description_kind":"plain","optional":true}},"block_types":{"route_destinations":{"nesting_mode":"list","block":{"attributes":{"destination_ids":{"type":["list","string"],"description":"Required. The clusters where the Gateway API HTTPRoute resource will be deployed to. Valid entries include the associated entities IDs configured in the Target resource and \"@self\" to include the Target cluster.","description_kind":"plain","required":true},"propagate_service":{"type":"bool","description":"Optional. Whether to propagate the Kubernetes Service to the route destination clusters. The Service will always be deployed to the Target cluster even if the HTTPRoute is not. This option may be used to facilitiate successful DNS lookup in the route destination clusters. Can only be set to true if destinations are specified.","description_kind":"plain","optional":true}},"description":"Optional. Route destinations allow configuring the Gateway API HTTPRoute to be deployed to additional clusters. This option is available for multi-cluster service mesh set ups that require the route to exist in the clusters that call the service. If unspecified, the HTTPRoute will only be deployed to the Target cluster.","description_kind":"plain"},"max_items":1}},"description":"Kubernetes Gateway API service mesh configuration.","description_kind":"plain"},"max_items":1},"service_networking":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified Service.","description_kind":"plain","required":true},"disable_pod_overprovisioning":{"type":"bool","description":"Optional. Whether to disable Pod overprovisioning. If Pod overprovisioning is disabled then Cloud Deploy will limit the number of total Pods used for the deployment strategy to the number of Pods the Deployment has on the cluster.","description_kind":"plain","optional":true},"pod_selector_label":{"type":"string","description":"Optional. The label to use when selecting Pods for the Deployment resource. This label must already be present in the Deployment.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true}},"description":"Kubernetes Service networking configuration.","description_kind":"plain"},"max_items":1}},"description":"Kubernetes runtime configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Runtime specific configurations for the deployment strategy. The runtime configuration is used to determine how Cloud Deploy will split traffic to enable a progressive deployment.","description_kind":"plain"},"max_items":1}},"description":"Canary deployment strategy provides progressive percentage based deployments to a Target.","description_kind":"plain"},"max_items":1},"standard":{"nesting_mode":"list","block":{"attributes":{"verify":{"type":"bool","description":"Whether to verify a deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Standard deployment strategy executes a single deploy and allows verifying the deployment.","description_kind":"plain"},"max_items":1}},"description":"Optional. The strategy to use for a `Rollout` to this stage.","description_kind":"plain"},"max_items":1}},"description":"Each stage specifies configuration for a `Target`. The ordering of this list defines the promotion flow.","description_kind":"plain"}}},"description":"SerialPipeline defines a sequential set of stages for a `DeliveryPipeline`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the `Target` was created.","description_kind":"plain","computed":true},"deploy_parameters":{"type":["map","string"],"description":"Optional. The deploy parameters to use for this target.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Optional. Description of the `Target`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `Target`. Format is `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"require_approval":{"type":"bool","description":"Optional. Whether or not the `Target` requires approval.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"Output only. Resource id of the `Target`.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `Target`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the `Target` was updated.","description_kind":"plain","computed":true}},"block_types":{"anthos_cluster":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is `projects/{project}/locations/{location}/memberships/{membership_name}`.","description_kind":"plain","optional":true}},"description":"Information specifying an Anthos Cluster.","description_kind":"plain"},"max_items":1},"associated_entities":{"nesting_mode":"set","block":{"attributes":{"entity_id":{"type":"string","description":"The name for the key in the map for which this object is mapped to in the API","description_kind":"plain","required":true}},"block_types":{"anthos_clusters":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Optional. Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is `projects/{project}/locations/{location}/memberships/{membership_name}`.","description_kind":"plain","optional":true}},"description":"Optional. Information specifying Anthos clusters as associated entities.","description_kind":"plain"}},"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Optional. Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}`.","description_kind":"plain","optional":true},"internal_ip":{"type":"bool","description":"Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).","description_kind":"plain","optional":true},"proxy_url":{"type":"string","description":"Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server.","description_kind":"plain","optional":true}},"description":"Optional. Information specifying GKE clusters as associated entities.","description_kind":"plain"}}},"description":"Optional. Map of entity IDs to their associated entities. Associated entities allows specifying places other than the deployment target for specific features. For example, the Gateway API canary can be configured to deploy the HTTPRoute to a different cluster(s) than the deployment cluster using associated entities. An entity ID must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`.","description_kind":"plain"}},"custom_target":{"nesting_mode":"list","block":{"attributes":{"custom_target_type":{"type":"string","description":"Required. The name of the CustomTargetType. Format must be `projects/{project}/locations/{location}/customTargetTypes/{custom_target_type}`.","description_kind":"plain","required":true}},"description":"Optional. Information specifying a Custom Target.","description_kind":"plain"},"max_items":1},"execution_configs":{"nesting_mode":"list","block":{"attributes":{"artifact_storage":{"type":"string","description":"Optional. Cloud Storage location in which to store execution outputs. This can either be a bucket (\"gs://my-bucket\") or a path within a bucket (\"gs://my-bucket/my-dir\"). If unspecified, a default bucket located in the same region will be used.","description_kind":"plain","optional":true,"computed":true},"execution_timeout":{"type":"string","description":"Optional. Execution timeout for a Cloud Build Execution. This must be between 10m and 24h in seconds format. If unspecified, a default timeout of 1h is used.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. Google service account to use for execution. If unspecified, the project execution service account (-compute@developer.gserviceaccount.com) is used.","description_kind":"plain","optional":true,"computed":true},"usages":{"type":["list","string"],"description":"Required. Usages when this configuration should be applied.","description_kind":"plain","required":true},"verbose":{"type":"bool","description":"Optional. If true, additional logging will be enabled when running builds in this execution environment.","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Optional. The resource name of the `WorkerPool`, with the format `projects/{project}/locations/{location}/workerPools/{worker_pool}`. If this optional field is unspecified, the default Cloud Build pool will be used.","description_kind":"plain","optional":true}},"description":"Configurations for all execution that relates to this `Target`. Each `ExecutionEnvironmentUsage` value may only be used in a single configuration; using the same value multiple times is an error. When one or more configurations are specified, they must include the `RENDER` and `DEPLOY` `ExecutionEnvironmentUsage` values. When no configurations are specified, execution will use the default specified in `DefaultPool`.","description_kind":"plain"}},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}.","description_kind":"plain","optional":true},"internal_ip":{"type":"bool","description":"Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).","description_kind":"plain","optional":true},"proxy_url":{"type":"string","description":"Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server.","description_kind":"plain","optional":true}},"description":"Information specifying a GKE Cluster.","description_kind":"plain"},"max_items":1},"multi_target":{"nesting_mode":"list","block":{"attributes":{"target_ids":{"type":["list","string"],"description":"Required. The target_ids of this multiTarget.","description_kind":"plain","required":true}},"description":"Information specifying a multiTarget.","description_kind":"plain"},"max_items":1},"run":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Required. The location where the Cloud Run Service should be located. Format is `projects/{project}/locations/{location}`.","description_kind":"plain","required":true}},"description":"Information specifying a Cloud Run deployment target.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_target_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddomains_registration":{"version":0,"block":{"attributes":{"contact_notices":{"type":["list","string"],"description":"The list of contact notices that the caller acknowledges. Possible value is PUBLIC_CONTACT_DATA_ACKNOWLEDGEMENT","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"domain_name":{"type":"string","description":"Required. The domain name. Unicode domain names must be expressed in Punycode format.","description_kind":"plain","required":true},"domain_notices":{"type":["list","string"],"description":"The list of domain notices that you acknowledge. Possible value is HSTS_PRELOADED","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issues":{"type":["list","string"],"description":"Output only. The set of issues with the Registration that require attention.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the Registration.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the Registration resource, in the format projects/*/locations/*/registrations/\u003cdomain_name\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"register_failure_reason":{"type":"string","description":"Output only. The reason the domain registration failed. Only set for domains in REGISTRATION_FAILED state.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the Registration.","description_kind":"plain","computed":true},"supported_privacy":{"type":["list","string"],"description":"Output only. Set of options for the contactSettings.privacy field that this Registration supports.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"contact_settings":{"nesting_mode":"list","block":{"attributes":{"privacy":{"type":"string","description":"Required. Privacy setting for the contacts associated with the Registration.\nValues are PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, and REDACTED_CONTACT_DATA","description_kind":"plain","required":true}},"block_types":{"admin_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"registrant_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"technical_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Settings for contact information linked to the Registration.","description_kind":"plain"},"min_items":1,"max_items":1},"dns_settings":{"nesting_mode":"list","block":{"block_types":{"custom_dns":{"nesting_mode":"list","block":{"attributes":{"name_servers":{"type":["list","string"],"description":"Required. A list of name servers that store the DNS zone for this domain. Each name server is a domain\nname, with Unicode domain names expressed in Punycode format.","description_kind":"plain","required":true}},"block_types":{"ds_records":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm used to generate the referenced DNSKEY.","description_kind":"plain","optional":true},"digest":{"type":"string","description":"The digest generated from the referenced DNSKEY.","description_kind":"plain","optional":true},"digest_type":{"type":"string","description":"The hash function used to generate the digest of the referenced DNSKEY.","description_kind":"plain","optional":true},"key_tag":{"type":"number","description":"The key tag of the record. Must be set in range 0 -- 65535.","description_kind":"plain","optional":true}},"description":"The list of DS records for this domain, which are used to enable DNSSEC. The domain's DNS provider can provide\nthe values to set here. If this field is empty, DNSSEC is disabled.","description_kind":"plain"}}},"description":"Configuration for an arbitrary DNS provider.","description_kind":"plain"},"max_items":1},"glue_records":{"nesting_mode":"list","block":{"attributes":{"host_name":{"type":"string","description":"Required. Domain name of the host in Punycode format.","description_kind":"plain","required":true},"ipv4_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true},"ipv6_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true}},"description":"The list of glue records for this Registration. Commonly empty.","description_kind":"plain"}}},"description":"Settings controlling the DNS configuration of the Registration.","description_kind":"plain"},"max_items":1},"management_settings":{"nesting_mode":"list","block":{"attributes":{"preferred_renewal_method":{"type":"string","description":"The desired renewal method for this Registration. The actual renewalMethod is automatically updated to reflect this choice.\nIf unset or equal to RENEWAL_METHOD_UNSPECIFIED, the actual renewalMethod is treated as if it were set to AUTOMATIC_RENEWAL.\nYou cannot use RENEWAL_DISABLED during resource creation, and you can update the renewal status only when the Registration\nresource has state ACTIVE or SUSPENDED.\n\nWhen preferredRenewalMethod is set to AUTOMATIC_RENEWAL, the actual renewalMethod can be set to RENEWAL_DISABLED in case of\nproblems with the billing account or reported domain abuse. In such cases, check the issues field on the Registration. After\nthe problem is resolved, the renewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","optional":true,"computed":true},"renewal_method":{"type":"string","description":"Output only. The actual renewal method for this Registration. When preferredRenewalMethod is set to AUTOMATIC_RENEWAL,\nthe actual renewalMethod can be equal to RENEWAL_DISABLED—for example, when there are problems with the billing account\nor reported domain abuse. In such cases, check the issues field on the Registration. After the problem is resolved, the\nrenewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","computed":true},"transfer_lock_state":{"type":"string","description":"Controls whether the domain can be transferred to another registrar. Values are UNLOCKED or LOCKED.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings for management of the Registration, including renewal, billing, and transfer","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"yearly_price":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The three-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode is \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from\nregistrations.retrieveRegisterParameters or registrations.searchDomains calls.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"block_types":{"build_config":{"nesting_mode":"list","block":{"attributes":{"build":{"type":"string","description":"The Cloud Build name of the latest successful\ndeployment of the function.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key.","description_kind":"plain","optional":true,"computed":true},"entry_point":{"type":"string","description":"The name of the function (as defined in source code) that will be executed.\nDefaults to the resource name suffix, if not specified. For backward\ncompatibility, if function with given name is not found, then the system\nwill try to use function named \"function\". For Node.js this is name of a\nfunction exported by the module specified in source_location.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"User-provided build-time environment variables for the function.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which to run the function. Required when deploying a new\nfunction, optional when updating an existing function.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The fully-qualified name of the service account to be used for building the container.","description_kind":"plain","optional":true,"computed":true},"worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true}},"block_types":{"automatic_update_policy":{"nesting_mode":"list","block":{"description":"Security patches are applied automatically to the runtime without requiring\nthe function to be redeployed.","description_kind":"plain"},"max_items":1},"on_deploy_update_policy":{"nesting_mode":"list","block":{"attributes":{"runtime_version":{"type":"string","description":"The runtime version which was used during latest function deployment.","description_kind":"plain","computed":true}},"description":"Security patches are only applied when a function is redeployed.","description_kind":"plain"},"max_items":1},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does\nNOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If omitted, the\nproject ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in a Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source","description_kind":"plain","optional":true},"generation":{"type":"number","description":"Google Cloud Storage generation for the object. If the generation\nis omitted, the latest generation will be used.","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the function source code.","description_kind":"plain"},"max_items":1}},"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain"},"max_items":1},"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"Required. The type of event to observe.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of a Pub/Sub topic in the same project that will be used\nas the transport topic for the event delivery.","description_kind":"plain","optional":true,"computed":true},"retry_policy":{"type":"string","description":"Describes the retry policy in case of function's execution failure.\nRetried execution is charged as any other execution. Possible values: [\"RETRY_POLICY_UNSPECIFIED\", \"RETRY_POLICY_DO_NOT_RETRY\", \"RETRY_POLICY_RETRY\"]","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Optional. The email of the trigger's service account. The service account\nmust have permission to invoke Cloud Run services. If empty, defaults to the\nCompute Engine default service account: {project_number}-compute@developer.gserviceaccount.com.","description_kind":"plain","optional":true,"computed":true},"trigger":{"type":"string","description":"Output only. The resource name of the Eventarc trigger.","description_kind":"plain","computed":true},"trigger_region":{"type":"string","description":"The region that the trigger will be in. The trigger will only receive\nevents originating in this region. It can be the same\nregion as the function, a different region or multi-region, or the global\nregion. If not provided, defaults to the same region as the function.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_filters":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"'Required. The name of a CloudEvents attribute.\nCurrently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes.\nDo not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of\nthe filter. If not specified, only events that have an exact key-value\npair specified in the filter are matched.\nThe only allowed value is 'match-path-pattern'.\n[See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute.\nIf the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value.","description_kind":"plain","required":true}},"description":"Criteria used to filter events.","description_kind":"plain"}}},"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain"},"max_items":1},"service_config":{"nesting_mode":"list","block":{"attributes":{"all_traffic_on_latest_revision":{"type":"bool","description":"Whether 100% of traffic is routed to the latest revision. Defaults to true.","description_kind":"plain","optional":true},"available_cpu":{"type":"string","description":"The number of CPUs used in a single container instance. Default value is calculated from available memory.","description_kind":"plain","optional":true,"computed":true},"available_memory":{"type":"string","description":"The amount of memory available for a function.\nDefaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is\nsupplied the value is interpreted as bytes.","description_kind":"plain","optional":true,"computed":true},"environment_variables":{"type":["map","string"],"description":"Environment variables that shall be available during function execution.","description_kind":"plain","optional":true,"computed":true},"gcf_uri":{"type":"string","description":"URIs of the Service deployed","description_kind":"plain","computed":true},"ingress_settings":{"type":"string","description":"Available ingress settings. Defaults to \"ALLOW_ALL\" if unspecified. Default value: \"ALLOW_ALL\" Possible values: [\"ALLOW_ALL\", \"ALLOW_INTERNAL_ONLY\", \"ALLOW_INTERNAL_AND_GCLB\"]","description_kind":"plain","optional":true},"max_instance_count":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true,"computed":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.","description_kind":"plain","optional":true,"computed":true},"min_instance_count":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Name of the service associated with a Function.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"The email of the service account for this function.","description_kind":"plain","optional":true,"computed":true},"timeout_seconds":{"type":"number","description":"The function execution timeout. Execution is considered failed and\ncan be terminated if the function is not completed at the end of the\ntimeout period. Defaults to 60 seconds.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the Service deployed.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The Serverless VPC Access connector that this cloud function can connect to.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"Available egress settings. Possible values: [\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\", \"PRIVATE_RANGES_ONLY\", \"ALL_TRAFFIC\"]","description_kind":"plain","optional":true}},"block_types":{"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration.","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.'","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}}},"description":"Describes the Service being deployed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","optional":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","optional":true},"build_service_account":{"type":"string","description":"The fully-qualified name of the service account to be used for the build step of deploying this function","description_kind":"plain","optional":true,"computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","optional":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.","description_kind":"plain","optional":true,"computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","optional":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true,"computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","optional":true,"computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","optional":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","optional":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","optional":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"The type of event to observe. For example: \"google.storage.object.finalize\". See the documentation on calling Cloud Functions for a full reference of accepted triggers.","description_kind":"plain","required":true},"resource":{"type":"string","description":"The name or partial URI of the resource from which to observe events. For example, \"myBucket\" or \"projects/my-project/topics/my-topic\"","description_kind":"plain","required":true}},"block_types":{"failure_policy":{"nesting_mode":"list","block":{"attributes":{"retry":{"type":"bool","description":"Whether the function should be retried on failure. Defaults to false.","description_kind":"plain","required":true}},"description":"Specifies policy for failed executions","description_kind":"plain"},"max_items":1}},"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain"},"max_items":1},"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mount_path as \"/etc/secrets\" would mount the secret value files under the \"/etc/secrets\" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: \"/etc/secrets\" Restricted mount paths: \"/cloudsql\", \"/dev/log\", \"/pod\", \"/proc\", \"/var/log\".","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as \"/etc/secrets\" and path as \"/secret_foo\" would mount the secret value file at \"/etc/secrets/secret_foo\".","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is preferable to use \"latest\" version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the \"latest\" version of the secret will be made available in a file named after the secret under the mount point.","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}},"source_repository":{"nesting_mode":"list","block":{"attributes":{"deployed_url":{"type":"string","description":"The URL pointing to the hosted repository where the function was defined at the time of deployment.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The URL pointing to the hosted repository where the function is defined.","description_kind":"plain","required":true}},"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"airflow_uri":{"type":"string","description":"The URI of the Apache Airflow Web UI hosted within this environment.","description_kind":"plain","computed":true},"dag_gcs_prefix":{"type":"string","description":"The Cloud Storage prefix of the DAGs for this environment. Although Cloud Storage objects reside in a flat namespace, a hierarchical file tree can be simulated using '/'-delimited object name prefixes. DAG objects for this environment reside in a simulated directory with this prefix.","description_kind":"plain","computed":true},"enable_private_builds_only":{"type":"bool","description":"Optional. If true, builds performed during operations that install Python packages have only private connectivity to Google services. If false, the builds also have access to the internet.","description_kind":"plain","optional":true,"computed":true},"enable_private_environment":{"type":"bool","description":"Optional. If true, a private Composer environment will be created.","description_kind":"plain","optional":true,"computed":true},"environment_size":{"type":"string","description":"The size of the Cloud Composer environment. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"gke_cluster":{"type":"string","description":"The Kubernetes Engine cluster used to run this environment.","description_kind":"plain","computed":true},"node_count":{"type":"number","description":"The number of nodes in the Kubernetes Engine cluster that will be used to run this environment. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"resilience_mode":{"type":"string","description":"Whether high resilience is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.1.15-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_retention_config":{"nesting_mode":"list","block":{"block_types":{"airflow_metadata_retention_config":{"nesting_mode":"list","block":{"attributes":{"retention_days":{"type":"number","description":"How many days data should be retained for. This field is supported for Cloud Composer environments in composer 3 and newer.","description_kind":"plain","optional":true,"computed":true},"retention_mode":{"type":"string","description":"Whether database retention is enabled or not. This field is supported for Cloud Composer environments in composer 3 and newer.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. The configuration setting for database retention.","description_kind":"plain"}},"task_logs_retention_config":{"nesting_mode":"list","block":{"attributes":{"storage_mode":{"type":"string","description":"Whether logs in cloud logging only is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4 and newer.","description_kind":"plain","optional":true}},"description":"Optional. The configuration setting for Task Logs.","description_kind":"plain"}}},"description":"The configuration setting for Airflow data retention mechanism. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4. or newer","description_kind":"plain"},"max_items":1},"database_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. If not specified, db-n1-standard-2 will be used.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. Cloud SQL database preferred zone.","description_kind":"plain","optional":true}},"description":"The configuration of Cloud SQL instance that is used by the Apache Airflow software. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Optional. Customer-managed Encryption Key available through Google's Key Management Service. Cannot be updated.","description_kind":"plain","required":true}},"description":"The encryption options for the Composer environment and its dependencies.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"Maintenance window end time. It is used only to calculate the duration of the maintenance window. The value for end-time must be in the future, relative to 'start_time'.","description_kind":"plain","required":true},"recurrence":{"type":"string","description":"Maintenance window recurrence. Format is a subset of RFC-5545 (https://tools.ietf.org/html/rfc5545) 'RRULE'. The only allowed values for 'FREQ' field are 'FREQ=DAILY' and 'FREQ=WEEKLY;BYDAY=...'. Example values: 'FREQ=WEEKLY;BYDAY=TU,WE', 'FREQ=DAILY'.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Start time of the first recurrence of the maintenance window.","description_kind":"plain","required":true}},"description":"The configuration for Cloud Composer maintenance window.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not master authorized networks is enabled.","description_kind":"plain","required":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"cidr_block must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"display_name is a field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"cidr_blocks define up to 50 external networks that could access Kubernetes master through HTTPS.","description_kind":"plain"}}},"description":"Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"composer_internal_ipv4_cidr_block":{"type":"string","description":"IPv4 cidr range that will be used by Composer internal components.","description_kind":"plain","optional":true,"computed":true},"composer_network_attachment":{"type":"string","description":"PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment and point Cloud Composer environment to use. It is possible to share network attachment among many environments, provided enough IP addresses are available.","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"number","description":"The disk size in GB used for node VMs. Minimum size is 20GB. If unspecified, defaults to 100GB. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"enable_ip_masq_agent":{"type":"bool","description":"Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. The network must belong to the environment's project. If unspecified, the \"default\" network ID in the environment's project is used. If a Custom Subnet Network is provided, subnetwork must also be provided.","description_kind":"plain","optional":true,"computed":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all node VMs. Cannot be updated. If empty, defaults to [\"https://www.googleapis.com/auth/cloud-platform\"]. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the \"default\" Compute Engine service account is used. Cannot be updated. If given, note that the service account must have roles/composer.worker for any GCP resources created under the Cloud Composer Environment.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The Compute Engine subnetwork to be used for machine communications, specified as a self-link, relative resource name (e.g. \"projects/{project}/regions/{region}/subnetworks/{subnetwork}\"), or by name. If subnetwork is provided, network must also be provided and the subnetwork must belong to the enclosing environment's project and region.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to all node VMs. Tags are used to identify valid sources or targets for network firewalls. Each tag within the list must comply with RFC1035. Cannot be updated.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine zone in which to deploy the VMs running the Apache Airflow software, specified as the zone name or relative resource name (e.g. \"projects/{project}/zones/{zone}\"). Must belong to the enclosing environment's project and region. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"ip_allocation_policy":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_block":{"type":"string","description":"The IP address range used to allocate IP addresses to pods in the cluster. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when use_ip_aliases is true. Set to blank to have GKE choose a range with the default size. Set to /netmask (e.g. /14) to have GKE choose a range with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. Specify either cluster_secondary_range_name or cluster_ipv4_cidr_block but not both.","description_kind":"plain","optional":true},"cluster_secondary_range_name":{"type":"string","description":"The name of the cluster's secondary range used to allocate IP addresses to pods. Specify either cluster_secondary_range_name or cluster_ipv4_cidr_block but not both. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when use_ip_aliases is true.","description_kind":"plain","optional":true},"services_ipv4_cidr_block":{"type":"string","description":"The IP address range used to allocate IP addresses in this cluster. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when use_ip_aliases is true. Set to blank to have GKE choose a range with the default size. Set to /netmask (e.g. /14) to have GKE choose a range with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use. Specify either services_secondary_range_name or services_ipv4_cidr_block but not both.","description_kind":"plain","optional":true},"services_secondary_range_name":{"type":"string","description":"The name of the services' secondary range used to allocate IP addresses to the cluster. Specify either services_secondary_range_name or services_ipv4_cidr_block but not both. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when use_ip_aliases is true.","description_kind":"plain","optional":true},"use_ip_aliases":{"type":"bool","description":"Whether or not to enable Alias IPs in the GKE cluster. If true, a VPC-native cluster is created. Defaults to true if the ip_allocation_policy block is present in config. This field is only supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use VPC-native GKE clusters.","description_kind":"plain","optional":true}},"description":"Configuration for controlling how IPs are allocated in the GKE cluster. Cannot be updated.","description_kind":"plain"},"max_items":1}},"description":"The configuration used for the Kubernetes Engine cluster.","description_kind":"plain"},"max_items":1},"private_environment_config":{"nesting_mode":"list","block":{"attributes":{"cloud_composer_connection_subnetwork":{"type":"string","description":"When specified, the environment will use Private Service Connect instead of VPC peerings to connect to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP address from this subnetwork. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_composer_network_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for Cloud Composer Network in tenant project will be reserved. Needs to be disjoint from private_cluster_config.master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_sql_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"connection_type":{"type":"string","description":"Mode of internal communication within the Composer environment. Must be one of \"VPC_PEERING\" or \"PRIVATE_SERVICE_CONNECT\".","description_kind":"plain","optional":true,"computed":true},"enable_private_endpoint":{"type":"bool","description":"If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true},"enable_privately_used_public_ips":{"type":"bool","description":"When enabled, IPs from public (non-RFC1918) ranges can be used for ip_allocation_policy.cluster_ipv4_cidr_block and ip_allocation_policy.service_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.","description_kind":"plain","optional":true,"computed":true},"web_server_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Private IP Cloud Composer environment.","description_kind":"plain"},"max_items":1},"recovery_config":{"nesting_mode":"list","block":{"block_types":{"scheduled_snapshots_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket.","description_kind":"plain","required":true},"snapshot_creation_schedule":{"type":"string","description":"Snapshot schedule, in the unix-cron format.","description_kind":"plain","optional":true},"snapshot_location":{"type":"string","description":"the URI of a bucket folder where to save the snapshot.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"A time zone for the schedule. This value is a time offset and does not take into account daylight saving time changes. Valid values are from UTC-12 to UTC+12. Examples: UTC, UTC-01, UTC+03.","description_kind":"plain","optional":true}},"description":"The configuration settings for scheduled snapshots.","description_kind":"plain"},"max_items":1}},"description":"The recovery configuration settings for the Cloud Composer environment","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"airflow_config_overrides":{"type":["map","string"],"description":"Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example \"core-dags_are_paused_at_creation\". Section names must not contain hyphens (\"-\"), opening square brackets (\"[\"), or closing square brackets (\"]\"). The property name must not be empty and cannot contain \"=\" or \";\". Section and property names cannot contain characters: \".\" Apache Airflow configuration property names must be written in snake_case. Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are blacklisted, and cannot be overridden.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+), and they cannot match any of the following reserved names: AIRFLOW_HOME C_FORCE_ROOT CONTAINER_NAME DAGS_FOLDER GCP_PROJECT GCS_BUCKET GKE_CLUSTER_NAME SQL_DATABASE SQL_INSTANCE SQL_PASSWORD SQL_PROJECT SQL_REGION SQL_USER.","description_kind":"plain","optional":true},"image_version":{"type":"string","description":"The version of the software running in the environment. This encapsulates both the version of Cloud Composer functionality and the version of Apache Airflow. It must match the regular expression composer-([0-9]+(\\.[0-9]+\\.[0-9]+(-preview\\.[0-9]+)?)?|latest)-airflow-([0-9]+(\\.[0-9]+(\\.[0-9]+)?)?). The Cloud Composer portion of the image version is a full semantic version, or an alias in the form of major version number or 'latest'. The Apache Airflow portion of the image version is a full semantic version that points to one of the supported Apache Airflow versions, or an alias in the form of only major or major.minor versions specified. See documentation for more details and version list.","description_kind":"plain","optional":true,"computed":true},"pypi_packages":{"type":["map","string"],"description":"Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. \"numpy\"). Values are the lowercase extras and version specifier (e.g. \"==1.12.0\", \"[devel,gcp_api]\", \"[devel]\u003e=1.8.2, \u003c1.9.2\"). To specify a package without pinning it to a version specifier, use the empty string as the value.","description_kind":"plain","optional":true},"python_version":{"type":"string","description":"The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '2'. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3.","description_kind":"plain","optional":true,"computed":true},"scheduler_count":{"type":"number","description":"The number of schedulers for Airflow. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-2.*.*.","description_kind":"plain","optional":true,"computed":true},"web_server_plugins_mode":{"type":"string","description":"Should be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. Used in Composer 3.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cloud_data_lineage_integration":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not Cloud Data Lineage integration is enabled.","description_kind":"plain","required":true}},"description":"The configuration for Cloud Data Lineage integration. Supported for Cloud Composer environments in versions composer-2.1.2-airflow-*.*.* and newer","description_kind":"plain"},"max_items":1}},"description":"The configuration settings for software inside the environment.","description_kind":"plain"},"max_items":1},"web_server_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or composer-n1-webserver-8. If not specified, composer-n1-webserver-2 will be used. Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values.","description_kind":"plain","required":true}},"description":"The configuration settings for the Airflow web server App Engine instance. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"web_server_network_access_control":{"nesting_mode":"list","block":{"block_types":{"allowed_ip_range":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of this ip range.","description_kind":"plain","optional":true},"value":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to. Examples: 192.168.1.1 or 192.168.0.0/16 or 2001:db8::/32 or 2001:0db8:0000:0042:0000:8a2e:0370:7334. IP range prefixes should be properly truncated. For example, 1.2.3.4/24 should be truncated to 1.2.3.0/24. Similarly, for IPv6, 2001:db8::1/32 should be truncated to 2001:db8::/32.","description_kind":"plain","required":true}},"description":"A collection of allowed IP ranges with descriptions.","description_kind":"plain"}}},"description":"Network-level access control policy for the Airflow web server.","description_kind":"plain"},"max_items":1},"workloads_config":{"nesting_mode":"list","block":{"block_types":{"dag_processor":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of DAG processors.","description_kind":"plain","optional":true,"computed":true},"cpu":{"type":"number","description":"CPU request and limit for DAG processor.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for DAG processor.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for DAG processor.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by DAG processor.","description_kind":"plain"},"max_items":1},"scheduler":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of schedulers.","description_kind":"plain","optional":true,"computed":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow scheduler replica","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow schedulers.","description_kind":"plain"},"max_items":1},"triggerer":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of triggerers.","description_kind":"plain","required":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true}},"description":"Configuration for resources used by Airflow triggerers.","description_kind":"plain"},"max_items":1},"web_server":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow web server.","description_kind":"plain"},"max_items":1},"worker":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"max_count":{"type":"number","description":"Maximum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"min_count":{"type":"number","description":"Minimum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow workers.","description_kind":"plain"},"max_items":1}},"description":"The workloads configuration settings for the GKE cluster associated with the Cloud Composer environment. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain"},"max_items":1}},"description":"Configuration parameters for this environment.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Optional. Name of an existing Cloud Storage bucket to be used by the environment.","description_kind":"plain","required":true}},"description":"Configuration options for storage used by Composer environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_composer_user_workloads_config_map":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"The \"data\" field of Kubernetes ConfigMap, organized in key-value pairs.\nFor details see: https://kubernetes.io/docs/concepts/configuration/configmap/","description_kind":"plain","optional":true},"environment":{"type":"string","description":"Environment where the Kubernetes ConfigMap will be stored and used.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Kubernetes ConfigMap.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_composer_user_workloads_secret":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"A map of the secret data.","description_kind":"plain","optional":true,"sensitive":true},"environment":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the secret.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The static external IP address represented by this resource.\nThe IP address must be inside the specified subnetwork,\nif any. Set by the API if undefined.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of address to reserve.\nNote: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: \"EXTERNAL\" Possible values: [\"INTERNAL\", \"EXTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"ipv6_endpoint_type":{"type":"string","description":"The endpoint type of this address, which should be VM or NETLB. This is\nused for deciding which type of endpoint this address can be used after\nthe external IPv6 address reservation. Possible values: [\"VM\", \"NETLB\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this address. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the address. This field\ncan only be used with INTERNAL type with the VPC_PEERING and\nIPSEC_INTERCONNECT purposes.","description_kind":"plain","optional":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this address. If this field is not\nspecified, it is assumed to be PREMIUM.\nThis argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"prefix_length":{"type":"number","description":"The prefix length if the resource represents an IP range.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of this resource, which can be one of the following values.\n\n* GCE_ENDPOINT for addresses that are used by VM instances, alias IP\nranges, load balancers, and similar resources.\n\n* SHARED_LOADBALANCER_VIP for an address that can be used by multiple\ninternal load balancers.\n\n* VPC_PEERING for addresses that are reserved for VPC peer networks.\n\n* IPSEC_INTERCONNECT for addresses created from a private IP range that\nare reserved for a VLAN attachment in an HA VPN over Cloud Interconnect\nconfiguration. These addresses are regional resources.\n\n* PRIVATE_SERVICE_CONNECT for a private network address that is used to\nconfigure Private Service Connect. Only global internal addresses can use\nthis purpose.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The URL of the subnetwork in which to reserve the address. If an IP\naddress is specified, it must be within the subnetwork's IP range.\nThis field can only be used with INTERNAL type with\nGCE_ENDPOINT/DNS_RESOLVER purposes.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"The URLs of the resources that are using this address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_attached_disk":{"version":0,"block":{"attributes":{"device_name":{"type":"string","description":"Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine.","description_kind":"plain","optional":true,"computed":true},"disk":{"type":"string","description":"name or self_link of the disk that will be attached.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"name or self_link of the compute instance that the disk will be attached to. If the self_link is provided then zone and project are extracted from the self link. If only the name is used then zone and project must be defined as properties on the resource or provider.","description_kind":"plain","required":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME. (This field is only used for specific cases, please don't specify this field without advice from Google.)","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project that the referenced compute instance is a part of. If instance is referenced by its self_link the project defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone that the referenced compute instance is located within. If instance is referenced by its self_link the zone defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true},"zone":{"type":"string","description":"URL of the zone where the instance group resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","required":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"request_coalescing":{"type":"bool","description":"If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.","description_kind":"plain","optional":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request will\nbe considered fresh. After this time period,\nthe response will be revalidated before being served.\nWhen serving responses to signed URL requests,\nCloud CDN will internally behave as though\nall responses from this backend had a \"Cache-Control: public,\nmax-age=[TTL]\" header, regardless of any existing Cache-Control\nheader. The actual headers served in responses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","optional":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"},"max_items":5},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys.\nDefault parameters are always included. '\u0026' and '=' will\nbe percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket_signed_url_key":{"version":0,"block":{"attributes":{"backend_bucket":{"type":"string","description":"The backend bucket this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","optional":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address_selection_policy":{"type":"string","description":"Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values: [\"IPV4_ONLY\", \"PREFER_IPV6\", \"IPV6_ONLY\"]","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. Only applicable to loadBalancingScheme\n EXTERNAL. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\nlocality_lb_policy is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\nIf session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_lb_policy":{"type":"string","description":"URL to networkservices.ServiceLbPolicy resource.\nCan only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.","description_kind":"plain","optional":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"STRONG_COOKIE_AFFINITY\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"The backend service timeout has a different meaning depending on the type of load balancer.\nFor more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices).\nThe default is 30 seconds.\nThe full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nFor global HTTP(S) or TCP/SSL load balancing, the default is\nUTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))\nand CONNECTION (for TCP/SSL).\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\nDefault value is 1, which means the group will serve up to 100%\nof its configured capacity (depending on balancingMode). A\nsetting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either\nmaxConnections or maxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. For RATE mode, either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].","description_kind":"plain","optional":true,"computed":true}},"description":"The set of backends that serve this BackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","required":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.\nThe cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"}},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the serving infrastructure will authenticate and authorize all incoming requests.","description_kind":"plain","required":true},"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","optional":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","optional":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"locality_lb_policies":{"nesting_mode":"list","block":{"block_types":{"custom_policy":{"nesting_mode":"list","block":{"attributes":{"data":{"type":"string","description":"An optional, arbitrary JSON object with configuration data, understood\nby a locally installed custom policy implementation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifies the custom policy.\n\nThe value should match the type the custom implementation is registered\nwith on the gRPC clients. It should follow protocol buffer\nmessage naming conventions and include the full path (e.g.\nmyorg.CustomLbPolicy). The maximum length is 256 characters.\n\nNote that specifying the same custom policy more than once for a\nbackend is not a valid configuration and will be rejected.","description_kind":"plain","required":true}},"description":"The configuration for a custom policy implemented by the user and\ndeployed with the client.","description_kind":"plain"},"max_items":1},"policy":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a locality load balancer policy to be used. The value\nshould be one of the predefined ones as supported by localityLbPolicy,\nalthough at the moment only ROUND_ROBIN is supported.\n\nThis field should only be populated when the customPolicy field is not\nused.\n\nNote that specifying the same policy more than once for a backend is\nnot a valid configuration and will be rejected.\n\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\"]","description_kind":"plain","required":true}},"description":"The configuration for a built-in load balancing policy.","description_kind":"plain"},"max_items":1}},"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain"},"max_items":1},"security_settings":{"nesting_mode":"list","block":{"attributes":{"client_tls_policy":{"type":"string","description":"ClientTlsPolicy is a resource that specifies how a client should authenticate\nconnections to backends of a service. This resource itself does not affect\nconfiguration unless it is attached to a backend service resource.","description_kind":"plain","optional":true},"subject_alt_names":{"type":["list","string"],"description":"A list of alternate names to verify the subject identity in the certificate.\nIf specified, the client will verify that the server certificate's subject\nalt name matches one of the specified values.","description_kind":"plain","optional":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key":{"type":"string","description":"The access key used for s3 bucket authentication.\nRequired for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.","description_kind":"plain","optional":true,"sensitive":true},"access_key_id":{"type":"string","description":"The identifier of an access key used for s3 bucket authentication.","description_kind":"plain","optional":true},"access_key_version":{"type":"string","description":"The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.","description_kind":"plain","optional":true},"origin_region":{"type":"string","description":"The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin.\nFor example, \"us-east-1\" for AWS or \"us-ashburn-1\" for OCI.","description_kind":"plain","optional":true}},"description":"The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication.\nAllowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.","description_kind":"plain"},"max_items":1}},"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"strong_session_affinity_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service_signed_url_key":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"The backend service this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"access_mode":{"type":"string","description":"The accessMode of the disk.\nFor example:\n* READ_WRITE_SINGLE\n* READ_WRITE_MANY\n* READ_ONLY_SINGLE","description_kind":"plain","optional":true,"computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"The URL or the name of the storage pool in which the new disk is created.\nFor example:\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/storagePools/{storagePool}\n* /projects/{project}/zones/{zone}/storagePools/{storagePool}\n* /zones/{zone}/storagePools/{storagePool}\n* /{storagePool}","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"rsa_encrypted_key":{"type":"string","description":"Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit\ncustomer-supplied encryption key to either encrypt or decrypt\nthis resource. You can provide either the rawKey or the rsaEncryptedKey.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options.","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_async_replication":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"primary_disk":{"type":"string","description":"Primary disk for asynchronous replication.","description_kind":"plain","required":true}},"block_types":{"secondary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Secondary disk for asynchronous replication.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output-only. Status of replication on the secondary disk.","description_kind":"plain","computed":true}},"description":"Secondary disk for asynchronous replication.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_external_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for the external VPN gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redundancy_type":{"type":"string","description":"Indicates the redundancy type of this external VPN gateway Possible values: [\"FOUR_IPS_REDUNDANCY\", \"SINGLE_IP_INTERNALLY_REDUNDANT\", \"TWO_IPS_REDUNDANCY\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"interface":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID for this interface. Allowed values are based on the redundancy type\nof this external VPN gateway\n* '0 - SINGLE_IP_INTERNALLY_REDUNDANT'\n* '0, 1 - TWO_IPS_REDUNDANCY'\n* '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IP address of the interface in the external VPN gateway.\nOnly IPv4 is supported. This IP address can be either from\nyour on-premise gateway or another Cloud provider's VPN gateway,\nit cannot be an IP address from Google Compute Engine.","description_kind":"plain","optional":true},"ipv6_address":{"type":"string","description":"IPv6 address of the interface in the external VPN gateway. This IPv6\naddress can be either from your on-premise gateway or another Cloud\nprovider's VPN gateway, it cannot be an IP address from Google Compute\nEngine. Must specify an IPv6 address (not IPV4-mapped) using any format\ndescribed in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format\nis RFC 5952 format (e.g. 2001:db8::2d9:51:0:0).","description_kind":"plain","optional":true}},"description":"A list of interfaces on this external VPN gateway.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall":{"version":1,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"destination_ranges":{"type":["set","string"],"description":"If destination ranges are specified, the firewall will apply only to\ntraffic that has destination IP address in these ranges. These ranges\nmust be expressed in CIDR format. IPv4 or IPv6 ranges are supported.","description_kind":"plain","optional":true,"computed":true},"direction":{"type":"string","description":"Direction of traffic to which this firewall applies; default is\nINGRESS. Note: For INGRESS traffic, one of 'source_ranges',\n'source_tags' or 'source_service_accounts' is required. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","optional":true,"computed":true},"disabled":{"type":"bool","description":"Denotes whether the firewall rule is disabled, i.e not applied to the\nnetwork it is associated with. When set to true, the firewall rule is\nnot enforced and the network behaves as if it did not exist. If this\nis unspecified, the firewall rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the network to attach this firewall to.","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority for this rule. This is an integer between 0 and 65535, both\ninclusive. When not specified, the value assumed is 1000. Relative\npriorities determine precedence of conflicting rules. Lower value of\npriority implies higher precedence (eg, a rule with priority 0 has\nhigher precedence than a rule with priority 1). DENY rules take\nprecedence over ALLOW rules having equal priority.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ranges":{"type":["set","string"],"description":"If source ranges are specified, the firewall will apply only to\ntraffic that has source IP address in these ranges. These ranges must\nbe expressed in CIDR format. One or both of sourceRanges and\nsourceTags may be set. If both properties are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP that belongs to a tag listed in the sourceTags property. The\nconnection does not need to match both properties for the firewall to\napply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of\n'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_service_accounts":{"type":["set","string"],"description":"If source service accounts are specified, the firewall will apply only\nto traffic originating from an instance with a service account in this\nlist. Source service accounts cannot be used to control traffic to an\ninstance's external IP address because service accounts are associated\nwith an instance, not an IP address. sourceRanges can be set at the\nsame time as sourceServiceAccounts. If both are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP belongs to an instance with service account listed in\nsourceServiceAccount. The connection does not need to match both\nproperties for the firewall to apply. sourceServiceAccounts cannot be\nused at the same time as sourceTags or targetTags. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_tags":{"type":["set","string"],"description":"If source tags are specified, the firewall will apply only to traffic\nwith source IP that belongs to a tag listed in source tags. Source\ntags cannot be used to control traffic to an instance's external IP\naddress. Because tags are associated with an instance, not an IP\naddress. One or both of sourceRanges and sourceTags may be set. If\nboth properties are set, the firewall will apply to traffic that has\nsource IP address within sourceRanges OR the source IP that belongs to\na tag listed in the sourceTags property. The connection does not need\nto match both properties for the firewall to apply. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["set","string"],"description":"A list of service accounts indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\ntargetServiceAccounts cannot be used at the same time as targetTags or\nsourceTags. If neither targetServiceAccounts nor targetTags are\nspecified, the firewall rule applies to all instances on the specified\nnetwork.","description_kind":"plain","optional":true},"target_tags":{"type":["set","string"],"description":"A list of instance tags indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\nIf no targetTags are specified, the firewall rule applies to all\ninstances on the specified network.","description_kind":"plain","optional":true}},"block_types":{"allow":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [22], [80, 443], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of ALLOW rules specified by this firewall. Each rule\nspecifies a protocol and port-range tuple that describes a permitted\nconnection.","description_kind":"plain"}},"deny":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [22], [80, 443], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of DENY rules specified by this firewall. Each rule specifies\na protocol and port-range tuple that describes a denied connection.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"This field denotes whether to include or exclude metadata for firewall logs. Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\"]","description_kind":"plain","required":true}},"description":"This field denotes the logging options for a particular firewall rule.\nIf defined, logging is enabled, and logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the firewall policy.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true},"short_name":{"type":"string","description":"User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\", \"goto_next\" and \"apply_security_profile_group\".","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled.\nWhen set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist.\nIf this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule.\nIf logging is enabled, logs will be exported to the configured export destination in Stackdriver.\nLogs may be exported to BigQuery or Pub/Sub.\nNote: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always 'compute#firewallPolicyRule' for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list.\nThe priority must be a positive value between 0 and 2147483647.\nRules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"security_profile_group":{"type":"string","description":"A fully-qualified URL of a SecurityProfile resource instance.\nExample: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group\nMust be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.","description_kind":"plain","optional":true},"target_resources":{"type":["list","string"],"description":"A list of network resource URLs to which this rule applies.\nThis field allows you to control which network's VMs get this rule.\nIf this field is left blank, all VMs within the organization will receive the rule.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true},"tls_inspect":{"type":"bool","description":"Boolean flag indicating if the traffic should be TLS decrypted.\nCan be set only if action = 'apply_security_profile_group' and cannot be set for other actions.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of dest region codes allowed is 5000.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of source region codes allowed is 5000.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule.\nThis value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.\nExample inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","optional":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","optional":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","optional":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","optional":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rule_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true,"computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true,"computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service Directory service to register the forwarding rule under.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The IP address or beginning of the address range represented by this\nresource. This can be supplied as an input to reserve a specific\naddress or omitted to allow GCP to choose a valid one for you.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of the address to reserve.\n\n* EXTERNAL indicates public/external single IP address.\n* INTERNAL indicates internal IP ranges belonging to some network. Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this address. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the IP range. The IP range\nmust be in RFC1918 space. The network cannot be deleted if there are\nany reserved IP ranges referring to it.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true},"prefix_length":{"type":"number","description":"The prefix length of the IP range. If not present, it means the\naddress field is a single IP address.\n\nThis field is not applicable to addresses with addressType=INTERNAL\nwhen purpose=PRIVATE_SERVICE_CONNECT","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. Possible values include:\n\n* VPC_PEERING - for peer networks\n\n* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rule_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of\nfilterLabels contribute towards the overall metadataFilter match.\n\nMATCH_ANY - At least one of the filterLabels must have a matching\nlabel in the provided metadata.\nMATCH_ALL - All filterLabels must have matching labels in the\nprovided metadata. Possible values: [\"MATCH_ANY\", \"MATCH_ALL\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the metadata label. The length must be between\n1 and 1024 characters, inclusive.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that the label must match. The value has a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the\nprovided metadata based on filterMatchCriteria\n\nThis list must not be empty and can have at the most 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service_directory_region":{"type":"string","description":"[Optional] Service Directory region to register this global forwarding rule under.\nDefault to \"us-central1\". Only used for PSC for Google APIs. All PSC for\nGoogle APIs Forwarding Rules on the same network should use the same Service\nDirectory region.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"global_network_endpoint_group":{"type":"string","description":"The global network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of the external endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Possible values: [\"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_ip_version":{"type":"string","description":"The IP family of the gateway IPs for the HA-VPN gateway interfaces. If not specified, IPV4 will be used. Default value: \"IPV4\" Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\", \"IPV6_ONLY\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpn_interfaces":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID of this VPN gateway interface.","description_kind":"plain","optional":true},"interconnect_attachment":{"type":"string","description":"URL of the interconnect attachment resource. When the value\nof this field is present, the VPN Gateway will be used for\nIPsec-encrypted Cloud Interconnect; all Egress or Ingress\ntraffic for this VPN Gateway interface will go through the\nspecified interconnect attachment resource.\n\nNot currently available publicly.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The external IP address for this VPN gateway interface.","description_kind":"plain","computed":true}},"description":"A list of interfaces on this VPN gateway.","description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_regions":{"type":["list","string"],"description":"The list of cloud regions from which health checks are performed. If\nany regions are specified, then exactly 3 regions should be specified.\nThe region names must be valid names of Google Cloud regions. This can\nonly be set for global health check. If this list is non-empty, then\nthere are restrictions on what other health check fields are supported\nand what other resources can use this health check:\n\n* SSL, HTTP2, and GRPC protocols are not supported.\n\n* The TCP request field is not supported.\n\n* The proxyHeader field for HTTP, HTTPS, and TCP is not supported.\n\n* The checkIntervalSec field must be at least 30.\n\n* The health check cannot be used with BackendService nor with managed\ninstance group auto-healing.","description_kind":"plain","optional":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n - Empty serviceName means the overall status of all services at the backend.\n - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_http_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTP health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_https_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTPS health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description":"Size of the image tar.gz archive stored in Google Cloud Storage (in\nbytes).","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the image when restored onto a persistent disk (in GB).","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"family":{"type":"string","description":"The name of the image family to which this image belongs. You can\ncreate disks by specifying an image family instead of a specific\nimage name. The image family always returns its latest image that is\nnot deprecated. The name of the image family must comply with\nRFC1035.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Image.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk to create this image based on.\nYou must provide either this property or the\nrawDisk.source property but not both to create an image.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"URL of the source image used to create this image. In order to create an image, you must provide the full or partial\nURL of one of the following:\n\n* The selfLink URL\n* This property\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"URL of the source snapshot used to create this image.\n\nIn order to create an image, you must provide the full or partial URL of one of the following:\n\n* The selfLink URL\n* This property\n* The sourceImage URL\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the image\n(regional or multi-regional).\nReference link: https://cloud.google.com/compute/docs/reference/rest/v1/images","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"IDPF\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\", \"SEV_LIVE_MIGRATABLE_V2\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable images.","description_kind":"plain"}},"image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud\nKMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service\naccount is used.","description_kind":"plain","optional":true}},"description":"Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must\nprovide the same key if you use the image later (e.g. to create a\ndisk from the image)","description_kind":"plain"},"max_items":1},"raw_disk":{"nesting_mode":"list","block":{"attributes":{"container_type":{"type":"string","description":"The format used to encode and transmit the block device, which\nshould be TAR. This is just a container and transmission format\nand not a runtime format. Provided by the client when the disk\nimage is created. Default value: \"TAR\" Possible values: [\"TAR\"]","description_kind":"plain","optional":true},"sha1":{"type":"string","description":"An optional SHA1 checksum of the disk image before unpackaging.\nThis is provided by the client when the disk image is created.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The full Google Cloud Storage URL where disk storage is stored\nYou must provide either this property or the sourceDisk property\nbut not both.","description_kind":"plain","required":true}},"description":"The parameters of the raw disk image.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\", \"SUSPENDED\" or \"TERMINATED\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"key_revocation_action_type":{"type":"string","description":"Action to be taken when a customer's encryption key is revoked. Supports \"STOP\" and \"NONE\", with \"NONE\" being the default.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"enable_uefi_networking":{"type":"bool","description":"Whether to enable UEFI networking for the instance.","description_kind":"plain","optional":true},"performance_monitoring_unit":{"type":"string","description":"The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are \"STANDARD\", \"ENHANCED\", and \"ARCHITECTURAL\".","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"turbo_mode":{"type":"string","description":"Turbo frequency mode to use for the instance. Currently supported modes is \"ALL_CORE_MAX\".","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"attached_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","required":true}},"description":"List of disks attached to the instance","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME. (This field is shared with attached_disk and only used for specific cases, please don't specify this field without advice from Google.)","description_kind":"plain","optional":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"The URL of the storage pool in which the new disk is created","description_kind":"plain","optional":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"min_items":1,"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tThe confidential computing technology the instance uses.\n\t\t\t\t\t\t\t\tSEV is an AMD feature. TDX is an Intel feature. One of the following\n\t\t\t\t\t\t\t\tvalues is required: SEV, SEV_SNP, TDX. If SEV_SNP, min_cpu_platform =\n\t\t\t\t\t\t\t\t\"AMD Milan\" is currently required.","description_kind":"plain","optional":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release","description_kind":"plain","optional":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource exposed to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET, IDPF","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that is be 1:1 mapped to the instance's network ip.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance. One of PREMIUM or STANDARD.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.","description_kind":"plain","optional":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"},"min_items":1},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true},"availability_domain":{"type":"number","description":"Specifies the availability domain, which this instance should be scheduled on.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"scratch_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME.","description_kind":"plain","required":true},"size":{"type":"number","description":"The size of the disk in gigabytes. One of 375 or 3000.","description_kind":"plain","optional":true}},"description":"The scratch disks attached to the instance.","description_kind":"plain"}},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes.","description_kind":"plain","required":true}},"description":"The service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_from_template":{"version":0,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true,"computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true,"computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true,"computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\", \"SUSPENDED\" or \"TERMINATED\".","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"key_revocation_action_type":{"type":"string","description":"Action to be taken when a customer's encryption key is revoked. Supports \"STOP\" and \"NONE\", with \"NONE\" being the default.","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true,"computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"source_instance_template":{"type":"string","description":"Name or self link of an instance template to create the instance based on.","description_kind":"plain","required":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true,"computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true,"computed":true},"enable_uefi_networking":{"type":"bool","description":"Whether to enable UEFI networking for the instance.","description_kind":"plain","optional":true,"computed":true},"performance_monitoring_unit":{"type":"string","description":"The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are \"STANDARD\", \"ENHANCED\", and \"ARCHITECTURAL\".","description_kind":"plain","optional":true,"computed":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true,"computed":true},"turbo_mode":{"type":"string","description":"Turbo frequency mode to use for the instance. Currently supported modes is \"ALL_CORE_MAX\".","description_kind":"plain","optional":true,"computed":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true,"computed":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"attached_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","required":true}},"description":"List of disks attached to the instance","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME. (This field is shared with attached_disk and only used for specific cases, please don't specify this field without advice from Google.)","description_kind":"plain","optional":true,"computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"The URL of the storage pool in which the new disk is created","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tThe confidential computing technology the instance uses.\n\t\t\t\t\t\t\t\tSEV is an AMD feature. TDX is an Intel feature. One of the following\n\t\t\t\t\t\t\t\tvalues is required: SEV, SEV_SNP, TDX. If SEV_SNP, min_cpu_platform =\n\t\t\t\t\t\t\t\t\"AMD Milan\" is currently required.","description_kind":"plain","optional":true,"computed":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release","description_kind":"plain","optional":true,"computed":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource exposed to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET, IDPF","description_kind":"plain","optional":true,"computed":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that is be 1:1 mapped to the instance's network ip.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance. One of PREMIUM or STANDARD.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.","description_kind":"plain","optional":true,"computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.","description_kind":"plain","optional":true,"computed":true}},"description":"An array of alias IP ranges for this network interface.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true,"computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true,"computed":true},"availability_domain":{"type":"number","description":"Specifies the availability domain, which this instance should be scheduled on.","description_kind":"plain","optional":true,"computed":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true,"computed":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true,"computed":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true,"computed":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"scratch_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME.","description_kind":"plain","required":true},"size":{"type":"number","description":"The size of the disk in gigabytes. One of 375 or 3000.","description_kind":"plain","optional":true,"computed":true}},"description":"The scratch disks attached to the instance.","description_kind":"plain"}},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes.","description_kind":"plain","required":true}},"description":"The service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true,"computed":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description":"An optional textual description of the instance group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"The list of instances in the group, in self_link format. When adding instances they must all be in the same network and zone as the instance group.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance group. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network the instance group is in. If this is different from the network where the instances are in, the creation fails. Defaults to the network where the instances are in (if neither network nor instances is specified, this field will be blank).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The number of instances in the group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that this instance group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"named_port":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name which the port will be mapped to.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number to map the name to.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_group_manager_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"target_stopped_size":{"type":"number","description":"The target number of stopped instances for this managed instance group.","description_kind":"plain","optional":true,"computed":true},"target_suspended_size":{"type":"number","description":"The target number of suspended instances for this managed instance group.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"default_action_on_failure":{"type":"string","description":"Default behavior for all instance or health check failures.","description_kind":"plain","optional":true},"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"standby_policy":{"nesting_mode":"list","block":{"attributes":{"initial_delay_sec":{"type":"number","description":"Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. The default mode is \"MANUAL\".","description_kind":"plain","optional":true,"computed":true}},"description":"Standby policy for stopped and suspended instances.","description_kind":"plain"},"max_items":1},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"max_surge_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer. Conflicts with max_surge_percent. Both cannot be 0","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_instance_group_membership":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"An instance being added to the InstanceGroup","description_kind":"plain","required":true},"instance_group":{"type":"string","description":"Represents an Instance Group resource name that the instance belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the instance group resides.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_named_port":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the instance group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for this named port. The name must be 1-63 characters\nlong, and comply with RFC1035.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number, which can be a value between 1 and 65535.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone of the instance group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_settings":{"version":0,"block":{"attributes":{"fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"items":{"type":["map","string"],"description":"A metadata key/value items map. The total size of all keys and values must be less than 512KB","description_kind":"plain","optional":true}},"description":"The metadata key/value pairs assigned to all the instances in the corresponding scope.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"key_revocation_action_type":{"type":"string","description":"Action to be taken when a customer's encryption key is revoked. Supports \"STOP\" and \"NONE\", with \"NONE\" being the default.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name. Max length is 54 characters. Prefixes with lengths longer than 37 characters will use a shortened UUID that will be more prone to collisions.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description":"A special URI of the created resource that uniquely identifies this instance template.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"enable_uefi_networking":{"type":"bool","description":"Whether to enable UEFI networking or not.","description_kind":"plain","optional":true},"performance_monitoring_unit":{"type":"string","description":"The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are \"STANDARD\", \"ENHANCED\", and \"ARCHITECTURAL\".","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"turbo_mode":{"type":"string","description":"Turbo frequency mode to use for the instance. Currently supported modes is \"ALL_CORE_MAX\".","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tThe confidential computing technology the instance uses.\n\t\t\t\t\t\t\t\tSEV is an AMD feature. TDX is an Intel feature. One of the following\n\t\t\t\t\t\t\t\tvalues is required: SEV, SEV_SNP, TDX. If SEV_SNP, min_cpu_platform =\n\t\t\t\t\t\t\t\t\"AMD Milan\" is currently required.","description_kind":"plain","optional":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release.","description_kind":"plain","optional":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk) or the [Hyperdisk documentation](https://cloud.google.com/compute/docs/disks/hyperdisks) depending on the selected disk_type.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk, in MB/s. This sets the amount of data that can be read or written from the disk per second. Values must greater than or equal to 1. For more details, see the [Hyperdisk documentation](https://cloud.google.com/compute/docs/disks/hyperdisks).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"availability_domain":{"type":"number","description":"Specifies the availability domain, which this instance should be scheduled on.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Administrative status of the interconnect. When this is set to true, the Interconnect is\nfunctional and can carry traffic. When set to false, no packets can be carried over the\ninterconnect and no BGP routes are exchanged over it. By default, the status is set to true.","description_kind":"plain","optional":true},"available_features":{"type":["list","string"],"description":"interconnects.list of features available for this Interconnect connection. Can take the value:\nMACSEC. If present then the Interconnect connection is provisioned on MACsec capable hardware\nports. If not present then the Interconnect connection is provisioned on non-MACsec capable\nports and MACsec isn't supported and enabling MACsec fails).","description_kind":"plain","computed":true},"circuit_infos":{"type":["list",["object",{"customer_demarc_id":"string","google_circuit_id":"string","google_demarc_id":"string"}]],"description":"A list of CircuitInfo objects, that describe the individual circuits in this LAG.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_name":{"type":"string","description":"Customer name, to put in the Letter of Authorization as the party authorized to request a\ncrossconnect. This field is required for Dedicated and Partner Interconnect, should not be specified\nfor cross-cloud interconnect.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expected_outages":{"type":["list",["object",{"affected_circuits":["list","string"],"description":"string","end_time":"string","issue_type":"string","name":"string","source":"string","start_time":"string","state":"string"}]],"description":"A list of outages expected for this Interconnect.","description_kind":"plain","computed":true},"google_ip_address":{"type":"string","description":"IP address configured on the Google side of the Interconnect link.\nThis can be used only for ping tests.","description_kind":"plain","computed":true},"google_reference_id":{"type":"string","description":"Google reference ID to be used when raising support tickets with Google or otherwise to debug\nbackend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachments":{"type":["list","string"],"description":"A list of the URLs of all InterconnectAttachments configured to use this Interconnect.","description_kind":"plain","computed":true},"interconnect_type":{"type":"string","description":"Type of interconnect. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED.\nCan take one of the following values:\n - PARTNER: A partner-managed interconnection shared between customers though a partner.\n - DEDICATED: A dedicated physical interconnection with the customer. Possible values: [\"DEDICATED\", \"PARTNER\", \"IT_PRIVATE\"]","description_kind":"plain","required":true},"label_fingerprint":{"type":"string","description":"A fingerprint for the labels being applied to this Interconnect, which is essentially a hash\nof the labels set used for optimistic locking. The fingerprint is initially generated by\nCompute Engine and changes after every request to modify or update labels.\nYou must always provide an up-to-date fingerprint hash in order to update or change labels,\notherwise the request will fail with error 412 conditionNotMet.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for this resource. These can only be added or modified by the setLabels\nmethod. Each label key/value pair must comply with RFC1035. Label values may be empty.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"link_type":{"type":"string","description":"Type of link requested. Note that this field indicates the speed of each of the links in the\nbundle, not the speed of the entire bundle. Can take one of the following values:\n - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics.\n - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. Possible values: [\"LINK_TYPE_ETHERNET_10G_LR\", \"LINK_TYPE_ETHERNET_100G_LR\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"URL of the InterconnectLocation object that represents where this connection is to be provisioned.\nSpecifies the location inside Google's Networks, should not be passed in case of cross-cloud interconnect.","description_kind":"plain","optional":true},"macsec_enabled":{"type":"bool","description":"Enable or disable MACsec on this Interconnect connection.\nMACsec enablement fails if the MACsec object is not specified.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The name must be\n1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must be a dash,\nlowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"noc_contact_email":{"type":"string","description":"Email address to contact the customer NOC for operations and maintenance notifications\nregarding this Interconnect. If specified, this will be used for notifications in addition to\nall other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications.\nThis field is required for users who sign up for Cloud Interconnect using workforce identity\nfederation.","description_kind":"plain","optional":true},"operational_status":{"type":"string","description":"The current status of this Interconnect's functionality, which can take one of the following:\n - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may\n be provisioned on this Interconnect.\n - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be\n provisioned on this Interconnect.\n - OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No\n attachments may be provisioned or updated on this Interconnect.","description_kind":"plain","computed":true},"peer_ip_address":{"type":"string","description":"IP address configured on the customer side of the Interconnect link.\nThe customer should configure this IP address during turnup when prompted by Google NOC.\nThis can be used only for ping tests.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_link_count":{"type":"number","description":"Number of links actually provisioned in this interconnect.","description_kind":"plain","computed":true},"remote_location":{"type":"string","description":"Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside\nof Google's network that the interconnect is connected to.","description_kind":"plain","optional":true},"requested_features":{"type":["list","string"],"description":"interconnects.list of features requested for this Interconnect connection. Options: IF_MACSEC (\nIf specified then the connection is created on MACsec capable hardware ports. If not\nspecified, the default value is false, which allocates non-MACsec capable ports first if\navailable). Note that MACSEC is still technically allowed for compatibility reasons, but it\ndoes not work with the API, and will be removed in an upcoming major version. Possible values: [\"MACSEC\", \"IF_MACSEC\"]","description_kind":"plain","optional":true},"requested_link_count":{"type":"number","description":"Target number of physical links in the link bundle, as requested by the customer.","description_kind":"plain","required":true},"satisfies_pzs":{"type":"bool","description":"Reserved for future use.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of Interconnect functionality, which can take one of the following values:\n - ACTIVE: The Interconnect is valid, turned up and ready to use.\n Attachments may be provisioned on this Interconnect.\n - UNPROVISIONED: The Interconnect has not completed turnup. No attachments may b\n provisioned on this Interconnect.\n - UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may\n be provisioned or updated on this Interconnect.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"macsec":{"nesting_mode":"list","block":{"attributes":{"fail_open":{"type":"bool","description":"If set to true, the Interconnect connection is configured with a should-secure\nMACsec security policy, that allows the Google router to fallback to cleartext\ntraffic if the MKA session cannot be established. By default, the Interconnect\nconnection is configured with a must-secure security policy that drops all traffic\nif the MKA session cannot be established with your router.","description_kind":"plain","optional":true}},"block_types":{"pre_shared_keys":{"nesting_mode":"list","block":{"attributes":{"fail_open":{"type":"bool","description":"If set to true, the Interconnect connection is configured with a should-secure\nMACsec security policy, that allows the Google router to fallback to cleartext\ntraffic if the MKA session cannot be established. By default, the Interconnect\nconnection is configured with a must-secure security policy that drops all traffic\nif the MKA session cannot be established with your router.","description_kind":"plain","deprecated":true,"optional":true},"name":{"type":"string","description":"A name for this pre-shared key. The name must be 1-63 characters long, and\n comply with RFC1035. Specifically, the name must be 1-63 characters long and match\n the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\n must be a lowercase letter, and all following characters must be a dash, lowercase\n letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"A RFC3339 timestamp on or after which the key is valid. startTime can be in the\nfuture. If the keychain has a single key, startTime can be omitted. If the keychain\nhas multiple keys, startTime is mandatory for each key. The start times of keys must\nbe in increasing order. The start times of two consecutive keys must be at least 6\nhours apart.","description_kind":"plain","optional":true}},"description":"A keychain placeholder describing a set of named key objects along with their\nstart times. A MACsec CKN/CAK is generated for each key in the key chain.\nGoogle router automatically picks the key with the most recent startTime when establishing\nor re-establishing a MACsec secure link.","description_kind":"plain"},"min_items":1}},"description":"Configuration that enables Media Access Control security (MACsec) on the Cloud\nInterconnect connection between Google and your on-premises router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect_attachment":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Whether the VLAN attachment is enabled or disabled. When using\nPARTNER type this will Pre-Activate the interconnect attachment","description_kind":"plain","optional":true},"bandwidth":{"type":"string","description":"Provisioned bandwidth capacity for the interconnect attachment.\nFor attachments of type DEDICATED, the user can set the bandwidth.\nFor attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth.\nOutput only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,\nDefaults to BPS_10G Possible values: [\"BPS_50M\", \"BPS_100M\", \"BPS_200M\", \"BPS_300M\", \"BPS_400M\", \"BPS_500M\", \"BPS_1G\", \"BPS_2G\", \"BPS_5G\", \"BPS_10G\", \"BPS_20G\", \"BPS_50G\"]","description_kind":"plain","optional":true,"computed":true},"candidate_subnets":{"type":["list","string"],"description":"Up to 16 candidate prefixes that can be used to restrict the allocation\nof cloudRouterIpAddress and customerRouterIpAddress for this attachment.\nAll prefixes must be within link-local address space (169.254.0.0/16)\nand must be /29 or shorter (/28, /27, etc). Google will attempt to select\nan unused /29 from the supplied candidate prefix(es). The request will\nfail if all possible /29s are in use on Google's edge. If not supplied,\nGoogle will randomly select an unused /29 from all of link-local space.","description_kind":"plain","optional":true},"cloud_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"cloud_router_ipv6_address":{"type":"string","description":"IPv6 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"customer_router_ipv6_address":{"type":"string","description":"IPv6 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_availability_domain":{"type":"string","description":"Desired availability domain for the attachment. Only available for type\nPARTNER, at creation time. For improved reliability, customers should\nconfigure a pair of attachments with one per availability domain. The\nselected availability domain will be provided to the Partner via the\npairing key so that the provisioned circuit will lie in the specified\ndomain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.","description_kind":"plain","optional":true,"computed":true},"encryption":{"type":"string","description":"Indicates the user-supplied encryption option of this interconnect\nattachment. Can only be specified at attachment creation for PARTNER or\nDEDICATED attachments.\n* NONE - This is the default value, which means that the VLAN attachment\ncarries unencrypted traffic. VMs are able to send traffic to, or receive\ntraffic from, such a VLAN attachment.\n* IPSEC - The VLAN attachment carries only encrypted traffic that is\nencrypted by an IPsec device, such as an HA VPN gateway or third-party\nIPsec VPN. VMs cannot directly send traffic to, or receive traffic from,\nsuch a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN\nattachment must be created with this option. Default value: \"NONE\" Possible values: [\"NONE\", \"IPSEC\"]","description_kind":"plain","optional":true},"google_reference_id":{"type":"string","description":"Google reference ID, to be used when raising support tickets with\nGoogle or otherwise to debug backend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect":{"type":"string","description":"URL of the underlying Interconnect object that this attachment's\ntraffic will traverse through. Required if type is DEDICATED, must not\nbe set if type is PARTNER.","description_kind":"plain","optional":true},"ipsec_internal_addresses":{"type":["list","string"],"description":"URL of addresses that have been reserved for the interconnect attachment,\nUsed only for interconnect attachment that has the encryption option as\nIPSEC.\nThe addresses must be RFC 1918 IP address ranges. When creating HA VPN\ngateway over the interconnect attachment, if the attachment is configured\nto use an RFC 1918 IP address, then the VPN gateway's IP address will be\nallocated from the IP address range specified here.\nFor example, if the HA VPN gateway's interface 0 is paired to this\ninterconnect attachment, then an RFC 1918 IP address for the VPN gateway\ninterface 0 will be allocated from the IP address specified for this\ninterconnect attachment.\nIf this field is not specified for interconnect attachment that has\nencryption option as IPSEC, later on when creating HA VPN gateway on this\ninterconnect attachment, the HA VPN gateway's IP address will be\nallocated from regional external IP address pool.","description_kind":"plain","optional":true},"mtu":{"type":"string","description":"Maximum Transmission Unit (MTU), in bytes, of packets passing through\nthis interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a\nlowercase letter, and all following characters must be a dash, lowercase\nletter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"pairing_key":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. The opaque\nidentifier of an PARTNER attachment used to initiate provisioning with\na selected partner. Of the form \"XXXXX/region/domain\"","description_kind":"plain","computed":true},"partner_asn":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. Optional\nBGP ASN for the router that should be supplied by a layer 3 Partner if\nthey configured BGP on behalf of the customer.","description_kind":"plain","computed":true},"private_interconnect_info":{"type":["list",["object",{"tag8021q":"number"}]],"description":"Information specific to an InterconnectAttachment. This property\nis populated if the interconnect that this is attached to is of type DEDICATED.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the regional interconnect attachment resides.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of the cloud router to be used for dynamic routing. This router must be in\nthe same region as this InterconnectAttachment. The InterconnectAttachment will\nautomatically connect the Interconnect to the network \u0026 region within which the\nCloud Router is configured.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this interconnect attachment to identify whether the IPv6\nfeature is enabled or not. If not specified, IPV4_ONLY will be used.\nThis field can be both set at interconnect attachments creation and update\ninterconnect attachment operations. Possible values: [\"IPV4_IPV6\", \"IPV4_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"[Output Only] The current state of this attachment's functionality.","description_kind":"plain","computed":true},"subnet_length":{"type":"number","description":"Length of the IPv4 subnet mask. Allowed values: 29 (default), 30. The default value is 29,\nexcept for Cross-Cloud Interconnect connections that use an InterconnectRemoteLocation with a\nconstraints.subnetLengthRange.min equal to 30. For example, connections that use an Azure\nremote location fall into this category. In these cases, the default value is 30, and\nrequesting 29 returns an error. Where both 29 and 30 are allowed, 29 is preferred, because it\ngives Google Cloud Support more debugging visibility.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of InterconnectAttachment you wish to create. Defaults to\nDEDICATED. Possible values: [\"DEDICATED\", \"PARTNER\", \"PARTNER_PROVIDER\"]","description_kind":"plain","optional":true,"computed":true},"vlan_tag8021q":{"type":"number","description":"The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When\nusing PARTNER type this will be managed upstream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_managed_ssl_certificate":{"version":0,"block":{"attributes":{"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subject_alternative_names":{"type":["list","string"],"description":"Domains associated with the certificate via Subject Alternative Name.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Enum field whose value is always 'MANAGED' - used to signal to the API\nwhich type this is. Default value: \"MANAGED\" Possible values: [\"MANAGED\"]","description_kind":"plain","optional":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"domains":{"type":["list","string"],"description":"Domains for which a managed SSL certificate will be valid. Currently,\nthere can be up to 100 domains in this list.","description_kind":"plain","required":true}},"description":"Properties relevant to a managed certificate. These will be used if the\ncertificate is managed (as indicated by a value of 'MANAGED' in 'type').","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"auto_create_subnetworks":{"type":"bool","description":"When set to 'true', the network is created in \"auto subnet mode\" and\nit will create a subnet for each region automatically across the\n'10.128.0.0/9' address range.\n\nWhen set to 'false', the network is created in \"custom subnet mode\" so\nthe user can explicitly connect subnetwork resources.","description_kind":"plain","optional":true},"delete_default_routes_on_create":{"type":"bool","description":"If set to 'true', default routes ('0.0.0.0/0') will be deleted\nimmediately after network creation. Defaults to 'false'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. The resource must be\nrecreated to modify this field.","description_kind":"plain","optional":true},"enable_ula_internal_ipv6":{"type":"bool","description":"Enable ULA internal ipv6 on this network. Enabling this feature will assign\na /48 from google defined ULA prefix fd20::/20.","description_kind":"plain","optional":true},"gateway_ipv4":{"type":"string","description":"The gateway address for default routing out of the network. This value\nis selected by GCP.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description":"When enabling ula internal ipv6, caller optionally can specify the /48 range\nthey want from the google defined ULA prefix fd20::/20. The input must be a\nvalid /48 ULA IPv6 address and must be within the fd20::/20. Operation will\nfail if the speficied /48 is already in used by another resource.\nIf the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field.","description_kind":"plain","optional":true,"computed":true},"mtu":{"type":"number","description":"Maximum Transmission Unit in bytes. The default value is 1460 bytes.\nThe minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames).\nNote that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs\nwith varying MTUs.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_enforcement_order":{"type":"string","description":"Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: \"AFTER_CLASSIC_FIREWALL\" Possible values: [\"BEFORE_CLASSIC_FIREWALL\", \"AFTER_CLASSIC_FIREWALL\"]","description_kind":"plain","optional":true},"network_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"numeric_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","deprecated":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_mode":{"type":"string","description":"The network-wide routing mode to use. If set to 'REGIONAL', this\nnetwork's cloud routers will only advertise routes with subnetworks\nof this network in the same region as the router. If set to 'GLOBAL',\nthis network's cloud routers will advertise routes with all\nsubnetworks of this network, across regions. Possible values: [\"REGIONAL\", \"GLOBAL\"]","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_attachment":{"version":0,"block":{"attributes":{"connection_endpoints":{"type":["list",["object",{"ip_address":"string","project_id_or_num":"string","secondary_ip_cidr_ranges":"string","status":"string","subnetwork":"string"}]],"description":"An array of connections for all the producers connected to this network attachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules. Possible values: [\"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\", \"INVALID\"]","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking. An up-to-date fingerprint must be provided in order to patch.","description_kind":"plain","computed":true},"id":{"type":"string","description":"The unique identifier for the resource type. The server generates this identifier.","description_kind":"plain","computed":true},"kind":{"type":"string","description":"Type of the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network which the Network Attachment belongs to. Practically it is inferred by fetching the network of the first subnetwork associated.\nBecause it is required that all the subnetworks must be from the same network, it is assured that the Network Attachment belongs to the same network as all the subnetworks.","description_kind":"plain","computed":true},"producer_accept_lists":{"type":["list","string"],"description":"Projects that are allowed to connect to this network attachment. The project can be specified using its id or number.","description_kind":"plain","optional":true},"producer_reject_lists":{"type":["list","string"],"description":"Projects that are not allowed to connect to this network attachment. The project can be specified using its id or number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the network attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource's resource id.","description_kind":"plain","computed":true},"subnetworks":{"type":["list","string"],"description":"An array of URLs where each entry is the URL of a subnet provided by the service consumer to use for endpoints in the producers that connect to this network attachment.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone of network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoints":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group these endpoints are part of.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_endpoints":{"nesting_mode":"set","block":{"attributes":{"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone as the network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true}},"description":"The network endpoints to be added to the enclosing network endpoint group\n(NEG). Each endpoint specifies an IP address and port, along with\nadditional information depending on the NEG type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\", \"goto_next\" and \"apply_security_profile_group\".","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled.\nWhen set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist.\nIf this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule.\nIf logging is enabled, logs will be exported to the configured export destination in Stackdriver.\nLogs may be exported to BigQuery or Pub/Sub.\nNote: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always 'compute#firewallPolicyRule' for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list.\nThe priority must be a positive value between 0 and 2147483647.\nRules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"security_profile_group":{"type":"string","description":"A fully-qualified URL of a SecurityProfile resource instance.\nExample: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group\nMust be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true},"tls_inspect":{"type":"bool","description":"Boolean flag indicating if the traffic should be TLS decrypted.\nCan be set only if action = 'apply_security_profile_group' and cannot be set for other actions.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of dest region codes allowed is 5000.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of source region codes allowed is 5000.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule.\nThis value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.\nExample inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to.\nIf targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the targetSecureTag are in INEFFECTIVE state, then this rule will be ignored.\ntargetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","optional":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","optional":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","required":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering_routes_config":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to import the custom routes to the peer network.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the primary network for the peering.","description_kind":"plain","required":true},"peering":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_group":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_size":{"type":"number","description":"The initial number of nodes in the node group. One of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain","optional":true},"maintenance_policy":{"type":"string","description":"Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_template":{"type":"string","description":"The URL of the node template to which this node group belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"The total number of nodes in the node group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where this node group is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Maximum size of the node group. Set to a value less than or equal\nto 100 and greater than or equal to min-nodes.","description_kind":"plain","optional":true,"computed":true},"min_nodes":{"type":"number","description":"Minimum size of the node group. Must be less\nthan or equal to max-nodes. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The autoscaling mode. Set to one of the following:\n - OFF: Disables the autoscaler.\n - ON: Enables scaling in and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out.\n You must use this mode if your node groups are configured to\n restart their hosted VMs on minimal servers. Possible values: [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"]","description_kind":"plain","optional":true,"computed":true}},"description":"If you use sole-tenant nodes for your workloads, you can use the node\ngroup autoscaler to automatically manage the sizes of your node groups.\n\nOne of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"start_time":{"type":"string","description":"instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"contains properties for the timeframe of maintenance","description_kind":"plain"},"max_items":1},"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Node group sharing type. Possible values: [\"ORGANIZATION\", \"SPECIFIC_PROJECTS\", \"LOCAL\"]","description_kind":"plain","required":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number should be the same as the key of this project config in the project map.","description_kind":"plain","required":true}},"description":"A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"Share settings for the node group.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_template":{"version":0,"block":{"attributes":{"cpu_overcommit_type":{"type":"string","description":"CPU overcommit. Default value: \"NONE\" Possible values: [\"ENABLED\", \"NONE\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_affinity_labels":{"type":["map","string"],"description":"Labels to use for node affinity, which will be used in\ninstance scheduling.","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"Node type to use for nodes group that are created from this template.\nOnly one of nodeTypeFlexibility and nodeType can be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where nodes using the node template will be created.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the guest accelerator cards exposed to this\nnode template.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full or partial URL of the accelerator type resource to expose\nto this node template.","description_kind":"plain","optional":true}},"description":"List of the type and count of accelerator cards attached to the\nnode template","description_kind":"plain"}},"disks":{"nesting_mode":"list","block":{"attributes":{"disk_count":{"type":"number","description":"Specifies the number of such disks.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Specifies the size of the disk in base-2 GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"Specifies the desired disk type on the node. This disk type must be a local storage type (e.g.: local-ssd). Note that for nodeTemplates, this should be the name of the disk type and not its URL.","description_kind":"plain","optional":true}},"description":"List of the type, size and count of disks attached to the\nnode template","description_kind":"plain"}},"node_type_flexibility":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"string","description":"Number of virtual CPUs to use.","description_kind":"plain","optional":true},"local_ssd":{"type":"string","description":"Use local SSD","description_kind":"plain","computed":true},"memory":{"type":"string","description":"Physical memory available to the node, defined in MB.","description_kind":"plain","optional":true}},"description":"Flexible properties for the desired node type. Node groups that\nuse this node template will create nodes of a type that matches\nthese properties. Only one of nodeTypeFlexibility and nodeType can\nbe specified.","description_kind":"plain"},"max_items":1},"server_binding":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER',\nnodes using this template will restart on any physical server\nfollowing a maintenance event.\n\nIf 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template\nwill restart on the same physical server following a maintenance\nevent, instead of being live migrated to or restarted on a new\nphysical server. This option may be useful if you are using\nsoftware licenses tied to the underlying server characteristics\nsuch as physical sockets or cores, to avoid the need for\nadditional licenses when maintenance occurs. However, VMs on such\nnodes will experience outages while maintenance is applied. Possible values: [\"RESTART_NODE_ON_ANY_SERVER\", \"RESTART_NODE_ON_MINIMAL_SERVERS\"]","description_kind":"plain","required":true}},"description":"The server binding policy for nodes using this template. Determines\nwhere the nodes should restart following a maintenance event.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_packet_mirroring":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the packet mirroring rule","description_kind":"plain","required":true},"priority":{"type":"number","description":"Since only one rule can be active at a time, priority is\nused to break ties in the case of two rules that apply to\nthe same instances.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"collector_ilb":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the forwarding rule.","description_kind":"plain","required":true}},"description":"The Forwarding Rule resource (of type load_balancing_scheme=INTERNAL)\nthat will be used as collector for mirrored traffic. The\nspecified forwarding rule must have is_mirroring_collector\nset to true.","description_kind":"plain"},"min_items":1,"max_items":1},"filter":{"nesting_mode":"list","block":{"attributes":{"cidr_ranges":{"type":["list","string"],"description":"IP CIDR ranges that apply as a filter on the source (ingress) or\ndestination (egress) IP in the IP header. Only IPv4 is supported.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"Direction of traffic to mirror. Default value: \"BOTH\" Possible values: [\"INGRESS\", \"EGRESS\", \"BOTH\"]","description_kind":"plain","optional":true},"ip_protocols":{"type":["list","string"],"description":"Possible IP protocols including tcp, udp, icmp and esp","description_kind":"plain","optional":true}},"description":"A filter for mirrored traffic. If unset, all traffic is mirrored.","description_kind":"plain"},"max_items":1},"mirrored_resources":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"All instances with these tags will be mirrored.","description_kind":"plain","optional":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the instances where this rule should be active.","description_kind":"plain","required":true}},"description":"All the listed instances will be mirrored. Specify at most 50.","description_kind":"plain"}},"subnetworks":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the subnetwork where this rule should be active.","description_kind":"plain","required":true}},"description":"All instances in one of these subnetworks will be mirrored.","description_kind":"plain"}}},"description":"A means of specifying which resources to mirror.","description_kind":"plain"},"min_items":1,"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The full self_link URL of the network where this rule is active.","description_kind":"plain","required":true}},"description":"Specifies the mirrored VPC network. Only packets in this network\nwill be mirrored. All mirrored VMs should have a NIC in the given\nnetwork. All mirrored subnetworks should belong to the given network.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The instance group manager this instance config is part of.","description_kind":"plain","required":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_cloud_armor_tier":{"version":0,"block":{"attributes":{"cloud_armor_tier":{"type":"string","description":"Managed protection tier to be set. Possible values: [\"CA_STANDARD\", \"CA_ENTERPRISE_PAYGO\", \"CA_ENTERPRISE_ANNUAL\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_default_network_tier":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The default network tier to be configured for the project. This field can take the following values: PREMIUM or STANDARD.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"A series of key value pairs.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata_item":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"The metadata key to set.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The value to set for the given metadata key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_advertised_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns_verification_ip":{"type":"string","description":"The IPv4 address to be used for reverse DNS verification.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Output Only. The shared secret to be used for reverse DNS verification.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_delegated_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"is_live_migration":{"type":"bool","description":"If true, the prefix will be live migrated.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"parent_prefix":{"type":"string","description":"The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A region where the prefix will reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A filter string to be used as the filter string for\na Stackdriver Monitoring TimeSeries.list API call.\nThis filter is used to select a specific TimeSeries for\nthe purpose of autoscaling and to determine whether the metric\nis exporting per-instance or per-group data.\n\nYou can only use the AND operator for joining selectors.\nYou can only use direct equality comparison operator (=) without\nany functions for each selector.\nYou can specify the metric in both the filter string and in the\nmetric field. However, if specified in both places, the metric must\nbe identical.\n\nThe monitored resource type determines what kind of values are\nexpected for the metric. If it is a gce_instance, the autoscaler\nexpects the metric to include a separate TimeSeries for each\ninstance in a group. In such a case, you cannot filter on resource\nlabels.\n\nIf the resource type is any other value, the autoscaler expects\nthis metric to contain values that apply to the entire autoscaled\ninstance group and resource label filtering can be performed to\npoint autoscaler at the correct TimeSeries to scale upon.\nThis is called a per-group metric for the purpose of autoscaling.\n\nIf not specified, the type defaults to gce_instance.\n\nYou should provide a filter that is selective enough to pick just\none TimeSeries for the autoscaled group or for each of the instances\n(if you are using gce_instance resource type). If multiple\nTimeSeries are returned upon the query execution, the autoscaler\nwill sum their respective values to obtain its scaling value.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"single_instance_assignment":{"type":"number","description":"If scaling is based on a per-group metric value that represents the\ntotal amount of work to be done or resource usage, set this value to\nan amount assigned for a single instance of the scaled group.\nThe autoscaler will keep the number of instances proportional to the\nvalue of this metric, the metric itself should not change value due\nto group resizing.\n\nFor example, a good metric to use with the target is\n'pubsub.googleapis.com/subscription/num_undelivered_messages'\nor a custom metric exporting the total number of requests coming to\nyour instances.\n\nA bad example would be a metric exporting an average or median\nlatency, since this value can't include a chunk assignable to a\nsingle instance, it could be better used with utilization_target\ninstead.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this RegionBackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to HealthCheck resources for health checking\nthis RegionBackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address_selection_policy":{"type":"string","description":"Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values: [\"IPV4_ONLY\", \"PREFER_IPV6\", \"IPV6_ONLY\"]","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Indicates what kind of load balancing this regional backend service\nwill be used for. A backend service created for one type of load\nbalancing cannot be used with the other(s). For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"INTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. Only applicable to loadBalancingScheme\n EXTERNAL. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\nlocality_lb_policy is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\nIf session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network to which this backend service belongs.\nThis field can only be specified when the load balancing scheme is set to INTERNAL.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"A named port on a backend instance group representing the port for\ncommunication to the backend VMs in that group. Required when the\nloadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED\nand the backends are instance groups. The named port must be defined on each\nbackend instance group. This parameter has no meaning if the backends are NEGs. API sets a\ndefault of \"http\" if not given.\nMust be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this RegionBackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"SSL\", \"TCP\", \"UDP\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created backend service should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"CLIENT_IP_NO_DESTINATION\", \"STRONG_COOKIE_AFFINITY\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"The backend service timeout has a different meaning depending on the type of load balancer.\nFor more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices).\nThe default is 30 seconds.\nThe full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\n~\u003e**NOTE**: This field cannot be set for\nINTERNAL region backend services (default loadBalancingScheme),\nbut is required for non-INTERNAL backend service. The total\ncapacity_scaler for all backends must be non-zero.\n\nA setting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"failover":{"type":"bool","description":"This field designates whether this is a failover backend. More\nthan one failover backend can be configured for a given RegionBackendService.","description_kind":"plain","optional":true,"computed":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nWhen the 'load_balancing_scheme' is INTERNAL, only instance groups\nare supported.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\nCannot be set for INTERNAL backend services.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. Cannot be set\nfor INTERNAL backend services.\n\nThis is used to calculate the capacity of the group. Can be\nused in either CONNECTION or UTILIZATION balancing modes. For\nCONNECTION mode, either maxConnections or\nmaxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. Cannot be set for INTERNAL backend\nservices.\n\nThis is used to calculate the capacity of the group.\nCan be used in either CONNECTION or UTILIZATION balancing modes.\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group. Cannot be set\nfor INTERNAL backend services.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. Either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].\nCannot be set for INTERNAL backend services.","description_kind":"plain","optional":true}},"description":"The set of backends that serve this RegionBackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the 'load_balancing_scheme' is set to INTERNAL_MANAGED\nand the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing.\nThis field only applies when all of the following are true -\n * 'load_balancing_scheme' is set to INTERNAL_MANAGED\n * 'protocol' is set to HTTP, HTTPS, or HTTP2\n * 'locality_lb_policy' is set to MAGLEV or RING_HASH","description_kind":"plain"},"max_items":1},"failover_policy":{"nesting_mode":"list","block":{"attributes":{"disable_connection_drain_on_failover":{"type":"bool","description":"On failover or failback, this field indicates whether connection drain\nwill be honored. Setting this to true has the following effect: connections\nto the old active pool are not drained. Connections to the new active pool\nuse the timeout of 10 min (currently fixed). Setting to false has the\nfollowing effect: both old and new connections will have a drain timeout\nof 10 min.\nThis can be set to true only if the protocol is TCP.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"drop_traffic_if_unhealthy":{"type":"bool","description":"This option is used only when no healthy VMs are detected in the primary\nand backup instance groups. When set to true, traffic is dropped. When\nset to false, new connections are sent across all VMs in the primary group.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"failover_ratio":{"type":"number","description":"The value of the field must be in [0, 1]. If the ratio of the healthy\nVMs in the primary backend is at or below this number, traffic arriving\nat the load-balanced IP will be directed to the failover backend.\nIn case where 'failoverRatio' is not set or all the VMs in the backup\nbackend are unhealthy, the traffic will be directed back to the primary\nbackend in the \"force\" mode, where traffic will be spread to the healthy\nVMs with the best effort, or to all VMs when no VM is healthy.\nThis field is only used with l4 load balancing.","description_kind":"plain","optional":true}},"description":"Policy for failovers.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the serving infrastructure will authenticate and authorize all incoming requests.","description_kind":"plain","required":true},"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","optional":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","optional":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the 'load_balancing_scheme' is set\nto INTERNAL_MANAGED and the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"strong_session_affinity_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_commitment":{"version":0,"block":{"attributes":{"auto_renew":{"type":"bool","description":"Specifies whether to enable automatic renewal for the commitment.\nThe default value is false if not specified.\nIf the field is set to true, the commitment will be automatically renewed for either\none or three years according to the terms of the existing commitment.","description_kind":"plain","optional":true,"computed":true},"category":{"type":"string","description":"The category of the commitment. Category MACHINE specifies commitments composed of\nmachine resources such as VCPU or MEMORY, listed in resources. Category LICENSE\nspecifies commitments composed of software licenses, listed in licenseResources.\nNote that only MACHINE commitments should have a Type specified. Possible values: [\"LICENSE\", \"MACHINE\"]","description_kind":"plain","optional":true,"computed":true},"commitment_id":{"type":"number","description":"Unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"end_timestamp":{"type":"string","description":"Commitment end time in RFC3339 text format.","description_kind":"plain","computed":true},"existing_reservations":{"type":"string","description":"Specifies the already existing reservations to attach to the Commitment.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"plan":{"type":"string","description":"The plan for this commitment, which determines duration and discount rate.\nThe currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years). Possible values: [\"TWELVE_MONTH\", \"THIRTY_SIX_MONTH\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where this commitment may be used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"start_timestamp":{"type":"string","description":"Commitment start time in RFC3339 text format.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Status of the commitment with regards to eventual expiration\n(each commitment has an end date defined).","description_kind":"plain","computed":true},"status_message":{"type":"string","description":"A human-readable explanation of the status.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of commitment, which affects the discount rate and the eligible resources.\nThe type could be one of the following value: 'MEMORY_OPTIMIZED', 'ACCELERATOR_OPTIMIZED',\n'GENERAL_PURPOSE_N1', 'GENERAL_PURPOSE_N2', 'GENERAL_PURPOSE_N2D', 'GENERAL_PURPOSE_E2',\n'GENERAL_PURPOSE_T2D', 'GENERAL_PURPOSE_C3', 'COMPUTE_OPTIMIZED_C2', 'COMPUTE_OPTIMIZED_C2D' and\n'GRAPHICS_OPTIMIZED_G2'","description_kind":"plain","optional":true,"computed":true}},"block_types":{"license_resource":{"nesting_mode":"list","block":{"attributes":{"amount":{"type":"string","description":"The number of licenses purchased.","description_kind":"plain","optional":true},"cores_per_license":{"type":"string","description":"Specifies the core range of the instance for which this license applies.","description_kind":"plain","optional":true},"license":{"type":"string","description":"Any applicable license URI.","description_kind":"plain","required":true}},"description":"The license specification required as part of a license commitment.","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.","description_kind":"plain","optional":true},"amount":{"type":"string","description":"The amount of the resource purchased (in a type-dependent unit,\nsuch as bytes). For vCPUs, this can just be an integer. For memory,\nthis must be provided in MB. Memory must be a multiple of 256 MB,\nwith up to 6.5GB of memory per every vCPU.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of resource for which this commitment applies.\nPossible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.","description_kind":"plain","optional":true}},"description":"A list of commitment amounts for particular resources.\nNote that VCPU and MEMORY resource commitments must occur together.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the regional disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"health_check_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created health check should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTP2, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n\n* Empty serviceName means the overall status of all services at the backend.\n* Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\n\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"distribution_policy_target_shape":{"type":"string","description":"The shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).","description_kind":"plain","optional":true,"computed":true},"distribution_policy_zones":{"type":["set","string"],"description":"The distribution policy for this managed instance group. You can specify one or more values.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_group_manager_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the managed instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"target_stopped_size":{"type":"number","description":"The target number of stopped instances for this managed instance group.","description_kind":"plain","optional":true,"computed":true},"target_suspended_size":{"type":"number","description":"The target number of suspended instances for this managed instance group.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_flexibility_policy":{"nesting_mode":"list","block":{"block_types":{"instance_selections":{"nesting_mode":"set","block":{"attributes":{"machine_types":{"type":["set","string"],"description":"Full machine-type names, e.g. \"n1-standard-16\"","description_kind":"plain","required":true},"name":{"type":"string","description":"Instance selection name.","description_kind":"plain","required":true},"rank":{"type":"number","description":"Preference of this instance selection. Lower number means higher preference. MIG will first try to create a VM based on the machine-type with lowest rank and fallback to next rank based on availability. Machine types and instance selections with the same rank have the same preference.","description_kind":"plain","optional":true}},"description":"Named instance selections configuring properties that the group will use when creating new VMs.","description_kind":"plain"}}},"description":"The flexibility policy for this managed instance group. Instance flexibility allowing MIG to create VMs from multiple types of machines. Instance flexibility configuration on MIG overrides instance template configuration.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"default_action_on_failure":{"type":"string","description":"Default behavior for all instance or health check failures.","description_kind":"plain","optional":true},"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"standby_policy":{"nesting_mode":"list","block":{"attributes":{"initial_delay_sec":{"type":"number","description":"Specifies the number of seconds that the MIG should wait to suspend or stop a VM after that VM was created. The initial delay gives the initialization script the time to prepare your VM for a quick scale out. The value of initial delay must be between 0 and 3600 seconds. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Defines how a MIG resumes or starts VMs from a standby pool when the group scales out. The default mode is \"MANUAL\".","description_kind":"plain","optional":true,"computed":true}},"description":"Standby policy for stopped and suspended instances.","description_kind":"plain"},"max_items":1},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"instance_redistribution_type":{"type":"string","description":"The instance redistribution policy for regional managed instance groups. Valid values are: \"PROACTIVE\", \"NONE\". If PROACTIVE (default), the group attempts to maintain an even distribution of VM instances across zones in the region. If NONE, proactive redistribution is disabled.","description_kind":"plain","optional":true},"max_surge_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer. Conflicts with max_surge_percent. Both cannot be 0","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive integer.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for regional managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"The time at which the instance was created in RFC 3339 format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"key_revocation_action_type":{"type":"string","description":"Action to be taken when a customer's encryption key is revoked. Supports \"STOP\" and \"NONE\", with \"NONE\" being the default.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"enable_uefi_networking":{"type":"bool","description":"Whether to enable UEFI networking or not.","description_kind":"plain","optional":true},"performance_monitoring_unit":{"type":"string","description":"The PMU is a hardware component within the CPU core that monitors how the processor runs code. Valid values for the level of PMU are \"STANDARD\", \"ENHANCED\", and \"ARCHITECTURAL\".","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"turbo_mode":{"type":"string","description":"Turbo frequency mode to use for the instance. Currently supported modes is \"ALL_CORE_MAX\".","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"confidential_instance_type":{"type":"string","description":"\n\t\t\t\t\t\t\t\tThe confidential computing technology the instance uses.\n\t\t\t\t\t\t\t\tSEV is an AMD feature. TDX is an Intel feature. One of the following\n\t\t\t\t\t\t\t\tvalues is required: SEV, SEV_SNP, TDX. If SEV_SNP, min_cpu_platform =\n\t\t\t\t\t\t\t\t\"AMD Milan\" is currently required.","description_kind":"plain","optional":true},"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled. Field will be deprecated in a future release.","description_kind":"plain","optional":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk) or the [Hyperdisk documentation](https://cloud.google.com/compute/docs/disks/hyperdisks) depending on the selected disk_type.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk, in MB/s. This sets the amount of data that can be read or written from the disk per second. Values must greater than or equal to 1. For more details, see the [Hyperdisk documentation](https://cloud.google.com/compute/docs/disks/hyperdisks).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"availability_domain":{"type":"number","description":"Specifies the availability domain, which this instance should be scheduled on.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"max_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"The timeout for new network connections to hosts.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}},"on_instance_stop_action":{"nesting_mode":"list","block":{"attributes":{"discard_local_ssd":{"type":"bool","description":"If true, the contents of any attached Local SSD disks will be discarded.","description_kind":"plain","optional":true}},"description":"Defines the behaviour for instances with the instance_termination_action.","description_kind":"plain"},"max_items":1}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT.","description_kind":"plain","optional":true},"network_endpoint_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Port number of network endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true},"region_network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","optional":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"GCE_VM_IP_PORTMAP\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true}},"block_types":{"app_engine":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional serving service.\nThe service name must be 1-63 characters long, and comply with RFC1035.\nExample value: \"default\", \"my-service\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and version fields from a request URL.\nURL mask allows for routing to multiple App Engine services without\nhaving to create multiple Network Endpoint Groups and backend services.\n\nFor example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and\n\"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with\nURL mask \"-dot-appname.appspot.com/\". The URL mask will parse\nthem to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional serving version.\nThe version must be 1-63 characters long, and comply with RFC1035.\nExample value: \"v1\", \"v2\".","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_function":{"nesting_mode":"list","block":{"attributes":{"function":{"type":"string","description":"A user-defined name of the Cloud Function.\nThe function name is case-sensitive and must be 1-63 characters long.\nExample value: \"func1\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse function field from a request URL. URL mask allows\nfor routing to multiple Cloud Functions without having to create\nmultiple Network Endpoint Groups and backend services.\n\nFor example, request URLs \"mydomain.com/function1\" and \"mydomain.com/function2\"\ncan be backed by the same Serverless NEG with URL mask \"/\". The URL mask\nwill parse them to { function = \"function1\" } and { function = \"function2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_run":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Cloud Run service is the main resource of Cloud Run.\nThe service must be 1-63 characters long, and comply with RFC1035.\nExample value: \"run-service\".","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Cloud Run tag represents the \"named-revision\" to provide\nadditional fine-grained traffic routing information.\nThe tag must be 1-63 characters long, and comply with RFC1035.\nExample value: \"revision-0010\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and tag fields from a request URL.\nURL mask allows for routing to multiple Run services without having\nto create multiple network endpoint groups and backend services.\n\nFor example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\"\nan be backed by the same Serverless Network Endpoint Group (NEG) with\nURL mask \".domain.com/\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" }\nand { service=\"bar2\", tag=\"foo2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"psc_data":{"nesting_mode":"list","block":{"attributes":{"producer_port":{"type":"string","description":"The PSC producer port to use when consumer PSC NEG connects to a producer. If\nthis flag isn't specified for a PSC NEG with endpoint type\nprivate-service-connect, then PSC NEG will be connected to a first port in the\navailable PSC producer port range.","description_kind":"plain","optional":true}},"description":"This field is only used for PSC NEGs.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of this resource.","description_kind":"plain","optional":true,"computed":true},"region_network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\", \"goto_next\" and \"apply_security_profile_group\".","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled.\nWhen set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist.\nIf this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule.\nIf logging is enabled, logs will be exported to the configured export destination in Stackdriver.\nLogs may be exported to BigQuery or Pub/Sub.\nNote: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always 'compute#firewallPolicyRule' for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list.\nThe priority must be a positive value between 0 and 2147483647.\nRules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"security_profile_group":{"type":"string","description":"A fully-qualified URL of a SecurityProfile resource instance.\nExample: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group\nMust be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.\n\nSecurity Profile Group and Firewall Policy Rule must be in the same scope.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true},"tls_inspect":{"type":"bool","description":"Boolean flag indicating if the traffic should be TLS decrypted.\nCan be set only if action = 'apply_security_profile_group' and cannot be set for other actions.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of dest region codes allowed is 5000.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex.\"US\" Maximum number of source region codes allowed is 5000.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule.\nThis value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port.\nExample inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the secure tag, either EFFECTIVE or INEFFECTIVE. A secure tag is INEFFECTIVE when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to.\nIf targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the targetSecureTag are in INEFFECTIVE state, then this rule will be ignored.\ntargetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true},"region_instance_group_manager":{"type":"string","description":"The region instance group manager this instance config is part of.","description_kind":"plain","required":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"A list of features enabled when the selected profile is CUSTOM. The\nmethod returns the set of features that can be specified in this\nlist. This field must be empty if the profile is not CUSTOM.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the regional SSL policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (600 seconds) will be used. For Regional\nHTTP(S) load balancer, the minimum allowed value is 5 seconds and the\nmaximum allowed value is 600 seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nsslCertificates and certificateManagerCertificates can't be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (600 seconds) will be used. For Regioanl\nHTTP(S) load balancer, the minimum allowed value is 5 seconds and the\nmaximum allowed value is 600 seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n\nIf you remove this field from your configuration at the same time as\ndeleting or recreating a referenced ServerTlsPolicy resource, you will\nreceive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy\nwithin the ServerTlsPolicy resource to avoid this.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nAt least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates.\nsslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the Region SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the RegionBackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target TCP proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The full or partial URL of the defaultService resource to which traffic is directed if\nnone of the hostRules match. If defaultRouteAction is additionally specified, advanced\nrouting actions like URL Rewrites, etc. take effect prior to sending the request to the\nbackend. However, if defaultService is specified, defaultRouteAction cannot contain any\nweightedBackendServices. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of defaultService,\ndefaultUrlRedirect or defaultRouteAction.weightedBackendService must be set.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the url map should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.\nDefault is false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regualar expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.\nSimilarly requests from clients can be aborted by the load balancer for a percentage of requests.\ntimeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.\nFault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the RegionBackendService resource being mirrored to.\nThe backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.\nServerless NEG backends are not currently supported as a mirrored backend service.","description_kind":"plain","optional":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nThe load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry policy applies.\nValid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable.\n - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams.\n - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504.\n - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts.\n - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409.\n - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled.\n - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded.\n - internal : a retry is attempted if the gRPC status code in the response header is set to internal.\n - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted.\n - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable.","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.\nIf not specified, this field uses the largest timeout among all backend services associated with the route.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.\nThe value must be from 1 to 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.\nThe value must be from 1 to 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, before forwarding the request to the matched service.\nurlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) .\nThe selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy.\nThe value must be from 0 to 1000.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response before sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request before forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add the response before sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for the selected backendService.\nheaderAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.\nheaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.\nAfter a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.\nURL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction.\ndefaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this HostRule. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid\nhostnames, except * will match any string of ([a-z0-9-.]*). In\nthat case, * must be the first character and must be followed in\nthe pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of\nthe URL if the hostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"A reference to a RegionBackendService resource. This will be used if\nnone of the pathRules defined by this PathMatcher is matched by\nthe URL's path portion.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n- 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nfor example: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n- gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n- connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n- retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n- refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n- cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n- deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n- resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n- unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0]\n\n* -3 will match\n* 0 will not match\n* 0.25 will not match\n* -3someString will not match.\n\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n\n* MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n* MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n for example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained. The default value is false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"A reference to expected RegionBackendService resource the given URL should be mapped to.","description_kind":"plain","required":true}},"description":"The list of expected URL mappings. Requests to update this UrlMap will\nsucceed only if all of the test cases pass.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","optional":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"block_types":{"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Type of sharing for this shared-reservation Possible values: [\"LOCAL\", \"SPECIFIC_PROJECTS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number, should be same as the key of this project config in the project map.","description_kind":"plain","optional":true}},"description":"A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"The share setting for reservations.","description_kind":"plain"},"max_items":1},"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of resources that are allocated.","description_kind":"plain","required":true},"in_use_count":{"type":"number","description":"How many instances are in use.","description_kind":"plain","computed":true}},"block_types":{"instance_properties":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The name of the machine type to reserve.","description_kind":"plain","required":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform for the reservation. For example,\n'\"Intel Skylake\"'. See\nthe CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones)\nfor information on available CPU platforms.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"guest_accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the guest accelerator cards exposed to\nthis instance.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The full or partial URL of the accelerator type to\nattach to this instance. For example:\n'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100'\n\nIf you are creating an instance template, specify only the accelerator name.","description_kind":"plain","required":true}},"description":"Guest accelerator type and count.","description_kind":"plain"}},"local_ssds":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The size of the disk in base-2 GB.","description_kind":"plain","required":true},"interface":{"type":"string","description":"The disk interface to use for attaching this disk. Default value: \"SCSI\" Possible values: [\"SCSI\", \"NVME\"]","description_kind":"plain","optional":true}},"description":"The amount of local ssd to reserve with each instance. This\nreserves disks of type 'local-ssd'.","description_kind":"plain"}}},"description":"The instance properties for the reservation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Reservation for instances with specific machine shapes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resize_request":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"The creation timestamp for this resize request in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resize-request.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The reference of the instance group manager this ResizeRequest is a part of.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resize request. The name must be 1-63 characters long, and comply with RFC1035.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resize_by":{"type":"number","description":"The number of instances to be created by this resize request. The group's target size will be increased by this number.","description_kind":"plain","required":true},"state":{"type":"string","description":"Current state of the request.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"error":["list",["object",{"errors":["list",["object",{"code":"string","error_details":["list",["object",{"error_info":["list",["object",{"domain":"string","metadatas":["map","string"],"reason":"string"}]],"help":["list",["object",{"links":["list",["object",{"description":"string","url":"string"}]]}]],"localized_message":["list",["object",{"locale":"string","message":"string"}]],"quota_info":["list",["object",{"dimensions":["map","string"],"future_limit":"number","limit":"number","limit_name":"string","metric_name":"string","rollout_status":"string"}]]}]],"location":"string","message":"string"}]]}]],"last_attempt":["list",["object",{"error":["list",["object",{"errors":["list",["object",{"code":"string","error_details":["list",["object",{"error_info":["list",["object",{"domain":"string","metadatas":["map","string"],"reason":"string"}]],"help":["list",["object",{"links":["list",["object",{"description":"string","url":"string"}]]}]],"localized_message":["list",["object",{"locale":"string","message":"string"}]],"quota_info":["list",["object",{"dimensions":["map","string"],"future_limit":"number","limit":"number","limit_name":"string","metric_name":"string","rollout_status":"string"}]]}]],"location":"string","message":"string"}]]}]]}]]}]],"description":"Status of the request.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The reference of the compute zone scoping this request.","description_kind":"plain","required":true}},"block_types":{"requested_run_duration":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 600 to 604800 inclusive. Note: minimum and maximum allowed range for requestedRunDuration is 10 minutes (600 seconds) and 7 days(604800 seconds) correspondingly.","description_kind":"plain","required":true}},"description":"Requested run duration for instances that will be created by this request. At the end of the run duration instance will be deleted.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"disk_consistency_group_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable disk consistency on the resource policy.","description_kind":"plain","required":true}},"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain"},"max_items":1},"group_placement_policy":{"nesting_mode":"list","block":{"attributes":{"availability_domain_count":{"type":"number","description":"The number of availability domains instances will be spread across. If two instances are in different\navailability domain, they will not be put in the same low latency network","description_kind":"plain","optional":true},"collocation":{"type":"string","description":"Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network.\nSpecify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created\nwith a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy\nattached. Possible values: [\"COLLOCATED\"]","description_kind":"plain","optional":true},"vm_count":{"type":"number","description":"Number of VMs in this placement group. Google does not recommend that you use this field\nunless you use a compact policy and you want your policy to work only if it contains this\nexact number of VMs.","description_kind":"plain","optional":true}},"description":"Resource policy for instances used for placement configuration.","description_kind":"plain"},"max_items":1},"instance_schedule_policy":{"nesting_mode":"list","block":{"attributes":{"expiration_time":{"type":"string","description":"The expiration time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The start time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name\nfrom the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","required":true}},"block_types":{"vm_start_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for starting instances.","description_kind":"plain"},"max_items":1},"vm_stop_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for stopping instances.","description_kind":"plain"},"max_items":1}},"description":"Resource policy for scheduling instance operations.","description_kind":"plain"},"max_items":1},"snapshot_schedule_policy":{"nesting_mode":"list","block":{"block_types":{"retention_policy":{"nesting_mode":"list","block":{"attributes":{"max_retention_days":{"type":"number","description":"Maximum age of the snapshot that is allowed to be kept.","description_kind":"plain","required":true},"on_source_disk_delete":{"type":"string","description":"Specifies the behavior to apply to scheduled snapshots when\nthe source disk is deleted. Default value: \"KEEP_AUTO_SNAPSHOTS\" Possible values: [\"KEEP_AUTO_SNAPSHOTS\", \"APPLY_RETENTION_POLICY\"]","description_kind":"plain","optional":true}},"description":"Retention policy applied to snapshots created by this resource policy.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"days_in_cycle":{"type":"number","description":"Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"This must be in UTC format that resolves to one of\n00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example,\nboth 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"The policy will execute every nth day at the specified time.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"hours_in_cycle":{"type":"number","description":"The number of hours between snapshots.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in an hourly format \"HH:MM\",\nwhere HH : [00-23] and MM : [00] GMT. eg: 21:00","description_kind":"plain","required":true}},"description":"The policy will execute every nth hour starting at the specified time.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"block_types":{"day_of_weeks":{"nesting_mode":"set","block":{"attributes":{"day":{"type":"string","description":"The day of the week to create the snapshot. e.g. MONDAY Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.","description_kind":"plain","required":true}},"description":"May contain up to seven (one for each day of the week) snapshot times.","description_kind":"plain"},"min_items":1,"max_items":7}},"description":"Allows specifying a snapshot time for each day of the week.","description_kind":"plain"},"max_items":1}},"description":"Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.","description_kind":"plain"},"min_items":1,"max_items":1},"snapshot_properties":{"nesting_mode":"list","block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and comply\nwith RFC1035.","description_kind":"plain","optional":true},"guest_flush":{"type":"bool","description":"Whether to perform a 'guest aware' snapshot.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key-value pairs.","description_kind":"plain","optional":true},"storage_locations":{"type":["set","string"],"description":"Cloud Storage bucket location to store the auto snapshot\n(regional or multi-regional)","description_kind":"plain","optional":true}},"description":"Properties with which the snapshots are created, such as labels.","description_kind":"plain"},"max_items":1}},"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_route":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"dest_range":{"type":"string","description":"The destination range of outgoing packets that this route applies to.\nOnly IPv4 is supported.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network that this route applies to.","description_kind":"plain","required":true},"next_hop_gateway":{"type":"string","description":"URL to a gateway that should handle matching packets.\nCurrently, you can only specify the internet gateway, using a full or\npartial valid URL:\n* 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway'\n* 'projects/project/global/gateways/default-internet-gateway'\n* 'global/gateways/default-internet-gateway'\n* The string 'default-internet-gateway'.","description_kind":"plain","optional":true},"next_hop_ilb":{"type":"string","description":"The IP address or URL to a forwarding rule of type\nloadBalancingScheme=INTERNAL that should handle matching\npackets.\n\nWith the GA provider you can only specify the forwarding\nrule as a partial or full URL. For example, the following\nare all valid values:\n* 10.128.0.56\n* https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule\n* regions/region/forwardingRules/forwardingRule\n\nWhen the beta provider, you can also specify the IP address\nof a forwarding rule from the same VPC or any peered VPC.\n\nNote that this can only be used when the destinationRange is\na public (non-RFC 1918) IP CIDR range.","description_kind":"plain","optional":true},"next_hop_instance":{"type":"string","description":"URL to an instance that should handle matching packets.\nYou can specify this as a full or partial URL. For example:\n* 'https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance'\n* 'projects/project/zones/zone/instances/instance'\n* 'zones/zone/instances/instance'\n* Just the instance name, with the zone in 'next_hop_instance_zone'.","description_kind":"plain","optional":true},"next_hop_instance_zone":{"type":"string","description":"The zone of the instance specified in next_hop_instance. Omit if next_hop_instance is specified as a URL.","description_kind":"plain","optional":true,"computed":true},"next_hop_ip":{"type":"string","description":"Network IP address of an instance that should handle matching packets.","description_kind":"plain","optional":true,"computed":true},"next_hop_network":{"type":"string","description":"URL to a Network that should handle matching packets.","description_kind":"plain","computed":true},"next_hop_vpn_tunnel":{"type":"string","description":"URL to a VpnTunnel that should handle matching packets.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this route. Priority is used to break ties in cases\nwhere there is more than one matching route of equal prefix length.\n\nIn the case of two routes with equal prefix length, the one with the\nlowest-numbered priority value wins.\n\nDefault value is 1000. Valid range is 0 through 65535.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A list of instance tags to which this route applies.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"bgp":{"nesting_mode":"list","block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement. Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom mode.\nThis field can only be populated if advertiseMode is CUSTOM and\nis advertised to all peers of the router. These groups will be\nadvertised in addition to any specified prefixes. Leave this field\nblank to advertise no custom groups.\n\nThis enum field has the one valid value: ALL_SUBNETS","description_kind":"plain","optional":true},"asn":{"type":"number","description":"Local BGP Autonomous System Number (ASN). Must be an RFC6996\nprivate ASN, either 16-bit or 32-bit. The value will be fixed for\nthis router resource. All VPN tunnels that link to this router\nwill have the same local ASN.","description_kind":"plain","required":true},"identifier_range":{"type":"string","description":"Explicitly specifies a range of valid BGP Identifiers for this Router.\nIt is provided as a link-local IPv4 range (from 169.254.0.0/16), of\nsize at least /30, even if the BGP sessions are over IPv6. It must\nnot overlap with any IPv4 BGP session ranges. Other vendors commonly\ncall this router ID.","description_kind":"plain","optional":true,"computed":true},"keepalive_interval":{"type":"number","description":"The interval in seconds between BGP keepalive messages that are sent\nto the peer. Hold time is three times the interval at which keepalive\nmessages are sent, and the hold time is the maximum number of seconds\nallowed to elapse between successive keepalive messages that BGP\nreceives from a peer.\n\nBGP will use the smaller of either the local hold time value or the\npeer's hold time value as the hold time for the BGP connection\nbetween the two peers. If set, this value must be between 20 and 60.\nThe default is 20.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis CUSTOM and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}}},"description":"BGP information specific to this router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_interface":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachment":{"type":"string","description":"The name or resource link to the VLAN interconnect for this interface. Changing this forces a new interface to be created. Only one of interconnect_attachment, subnetwork or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"ip_range":{"type":"string","description":"The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"IP version of this interface.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the interface, required by GCE. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance. Changing this forces a new interface to be created.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which this interface's router belongs. If it is not provided, the provider project is used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"redundant_interface":{"type":"string","description":"The name of the interface that is redundant to this interface. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the router this interface will be attached to. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"subnetwork":{"type":"string","description":"The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. Changing this forces a new interface to be created. Only one of subnetwork, interconnect_attachment or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"vpn_tunnel":{"type":"string","description":"The name or resource link to the VPN tunnel this interface will be linked to. Changing this forces a new interface to be created. Only one of vpn_tunnel, interconnect_attachment or subnetwork can be specified.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"auto_network_tier":{"type":"string","description":"The network tier to use when automatically reserving NAT IP addresses.\nMust be one of: PREMIUM, STANDARD. If not specified, then the current\nproject-level default tier is used. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","optional":true,"computed":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","optional":true,"computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","optional":true,"computed":true},"endpoint_types":{"type":["list","string"],"description":"Specifies the endpoint Types supported by the NAT Gateway.\nSupported values include:\n 'ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG',\n 'ENDPOINT_TYPE_MANAGED_PROXY_LB'.","description_kind":"plain","optional":true,"computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource.\nConflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.","description_kind":"plain","optional":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","optional":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","optional":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.\nIf this field is used alongside with a count created list of address resources 'google_compute_address.foobar.*.self_link',\nthe access level resource for the address resource must have a 'lifecycle' block with 'create_before_destroy = true' so\nthe number of resources can be increased/decreased without triggering the 'resourceInUseByAnotherResource' error.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","required":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","optional":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","optional":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","optional":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs.","description_kind":"plain","required":true},"filter":{"type":"string","description":"Specifies the desired filtering of logs on this NAT. Possible values: [\"ERRORS_ONLY\", \"TRANSLATIONS_ONLY\", \"ALL\"]","description_kind":"plain","required":true}},"description":"Configuration for logging on NAT","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this rule.","description_kind":"plain","optional":true},"match":{"type":"string","description":"CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.\nIf it evaluates to true, the corresponding action is enforced.\n\nThe following examples are valid match expressions for public NAT:\n\n\"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\"\n\n\"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\"\n\nThe following example is a valid match expression for private NAT:\n\n\"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"","description_kind":"plain","required":true},"rule_number":{"type":"number","description":"An integer uniquely identifying a rule in the list.\nThe rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.","description_kind":"plain","required":true}},"block_types":{"action":{"nesting_mode":"list","block":{"attributes":{"source_nat_active_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources used for this NAT rule.\nThese IP addresses must be valid static external IP addresses assigned to the project.\nThis field is used for public NAT.","description_kind":"plain","optional":true},"source_nat_drain_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained.\nThese IPs must be valid static external IPs that have been assigned to the NAT.\nThese IPs should be used for updating/patching a NAT rule only.\nThis field is used for public NAT.","description_kind":"plain","optional":true}},"description":"The action to be enforced for traffic that matches this rule.","description_kind":"plain"},"max_items":1}},"description":"A list of rules associated with this NAT.","description_kind":"plain"}},"subnetwork":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Self-link of subnetwork to NAT","description_kind":"plain","required":true},"secondary_ip_range_names":{"type":["set","string"],"description":"List of the secondary ranges of the subnetwork that are allowed\nto use NAT. This can be populated only if\n'LIST_OF_SECONDARY_IP_RANGES' is one of the values in\nsourceIpRangesToNat","description_kind":"plain","optional":true},"source_ip_ranges_to_nat":{"type":["set","string"],"description":"List of options for which source IPs in the subnetwork\nshould have NAT enabled. Supported values include:\n'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',\n'PRIMARY_IP_RANGE'.","description_kind":"plain","required":true}},"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_nat_address":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs to be used in a Nat service. Only valid if the referenced RouterNat\nnatIpAllocateOption is set to MANUAL_ONLY.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the NAT service reside.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which the referenced NAT service is configured.","description_kind":"plain","required":true},"router_nat":{"type":"string","description":"The name of the Nat service in which this address will be configured.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_peer":{"version":0,"block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement.\nValid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom\nmode, which currently supports the following option:\n\n* 'ALL_SUBNETS': Advertises all of the router's own VPC subnets.\nThis excludes any routes learned for subnets that use VPC Network\nPeering.\n\n\nNote that this field can only be populated if advertiseMode is 'CUSTOM'\nand overrides the list defined for the router (in the \"bgp\" message).\nThese groups are advertised in addition to any specified prefixes.\nLeave this field blank to advertise no custom groups.","description_kind":"plain","optional":true},"advertised_route_priority":{"type":"number","description":"The priority of routes advertised to this BGP peer.\nWhere there is more than one matching route of maximum\nlength, the routes with the lowest priority value win.","description_kind":"plain","optional":true},"custom_learned_route_priority":{"type":"number","description":"The user-defined custom learned route priority for a BGP session.\nThis value is applied to all custom learned route ranges for the session. You can choose a value\nfrom 0 to 65335. If you don't provide a value, Google Cloud assigns a priority of 100 to the ranges.","description_kind":"plain","optional":true},"enable":{"type":"bool","description":"The status of the BGP peer connection. If set to false, any active session\nwith the peer is terminated and all associated routing information is removed.\nIf set to true, the peer connection can be established with routing information.\nThe default is true.","description_kind":"plain","optional":true},"enable_ipv4":{"type":"bool","description":"Enable IPv4 traffic over BGP Peer. It is enabled by default if the peerIpAddress is version 4.","description_kind":"plain","optional":true,"computed":true},"enable_ipv6":{"type":"bool","description":"Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Name of the interface the BGP peer is associated with.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"IP address of the interface inside Google Cloud Platform.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"ipv4_nexthop_address":{"type":"string","description":"IPv4 address of the interface inside Google Cloud Platform.","description_kind":"plain","optional":true,"computed":true},"ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the interface inside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"management_type":{"type":"string","description":"The resource that configures and manages this BGP peer.\n\n* 'MANAGED_BY_USER' is the default value and can be managed by\nyou or other users\n* 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and\nmanaged by Cloud Interconnect, specifically by an\nInterconnectAttachment of type PARTNER. Google automatically\ncreates, updates, and deletes this type of BGP peer when the\nPARTNER InterconnectAttachment is created, updated,\nor deleted.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of this BGP peer. The name must be 1-63 characters long,\nand comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_asn":{"type":"number","description":"Peer BGP Autonomous System Number (ASN).\nEach BGP interface may use a different value.","description_kind":"plain","required":true},"peer_ip_address":{"type":"string","description":"IP address of the BGP interface outside Google Cloud Platform.\nOnly IPv4 is supported. Required if 'ip_address' is set.","description_kind":"plain","optional":true,"computed":true},"peer_ipv4_nexthop_address":{"type":"string","description":"IPv4 address of the BGP interface outside Google Cloud Platform.","description_kind":"plain","optional":true,"computed":true},"peer_ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the BGP interface outside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and BgpPeer reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this BgpPeer will be configured.","description_kind":"plain","required":true},"router_appliance_instance":{"type":"string","description":"The URI of the VM instance that is used as third-party router appliances\nsuch as Next Gen Firewalls, Virtual Routers, or Router Appliances.\nThe VM instance must be located in zones contained in the same region as\nthis Cloud Router. The VM instance is the peer side of the BGP session.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis 'CUSTOM' and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}},"bfd":{"nesting_mode":"list","block":{"attributes":{"min_receive_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\nreceived from the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the transmit interval of the other router. If set, this value\nmust be between 1000 and 30000.","description_kind":"plain","optional":true},"min_transmit_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\ntransmitted to the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the corresponding receive interval of the other router. If set,\nthis value must be between 1000 and 30000.","description_kind":"plain","optional":true},"multiplier":{"type":"number","description":"The number of consecutive BFD packets that must be missed before\nBFD declares that a peer is unavailable. If set, the value must\nbe a value between 5 and 16.","description_kind":"plain","optional":true},"session_initialization_mode":{"type":"string","description":"The BFD session initialization mode for this BGP peer.\nIf set to 'ACTIVE', the Cloud Router will initiate the BFD session\nfor this BGP peer. If set to 'PASSIVE', the Cloud Router will wait\nfor the peer router to initiate the BFD session for this BGP peer.\nIf set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: [\"ACTIVE\", \"DISABLED\", \"PASSIVE\"]","description_kind":"plain","required":true}},"description":"BFD configuration for the BGP peering.","description_kind":"plain"},"max_items":1},"custom_learned_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"The IP range to learn. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"The custom learned route IP address range. Must be a valid CIDR-formatted prefix. If an \nIP address is provided without a subnet mask, it is interpreted as, for IPv4, a /32 singular IP address range, and, for IPv6, /128.","description_kind":"plain"}},"md5_authentication_key":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Value of the key.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"[REQUIRED] Name used to identify the key.\nMust be unique within a router. Must be referenced by exactly one bgpPeer. Must comply with RFC1035.","description_kind":"plain","required":true}},"description":"Present if MD5 authentication is enabled for the peering. Must be the name\nof one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"adaptive_protection_config":{"nesting_mode":"list","block":{"block_types":{"layer_7_ddos_defense_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"If set to true, enables CAAP for L7 DDoS detection.","description_kind":"plain","optional":true},"rule_visibility":{"type":"string","description":"Rule visibility. Supported values include: \"STANDARD\", \"PREMIUM\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"threshold_configs":{"nesting_mode":"list","block":{"attributes":{"auto_deploy_confidence_threshold":{"type":"number","description_kind":"plain","optional":true},"auto_deploy_expiration_sec":{"type":"number","description_kind":"plain","optional":true},"auto_deploy_impacted_baseline_threshold":{"type":"number","description_kind":"plain","optional":true},"auto_deploy_load_threshold":{"type":"number","description_kind":"plain","optional":true},"detection_absolute_qps":{"type":"number","description_kind":"plain","optional":true},"detection_load_threshold":{"type":"number","description_kind":"plain","optional":true},"detection_relative_to_baseline_qps":{"type":"number","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the security policy.","description_kind":"plain","required":true}},"block_types":{"traffic_granularity_configs":{"nesting_mode":"list","block":{"attributes":{"enable_each_unique_value":{"type":"bool","description":"If enabled, traffic matching each unique value for the specified type constitutes a separate traffic unit. It can only be set to true if value is empty.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of this configuration.","description_kind":"plain","required":true},"value":{"type":"string","description":"Requests that match this value constitute a granular traffic unit.","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description":"Configuration options for layer7 adaptive protection for various customizable thresholds.","description_kind":"plain"}}},"description":"Layer 7 DDoS Defense Config of this security policy","description_kind":"plain"},"max_items":1}},"description":"Adaptive Protection Config of this security policy.","description_kind":"plain"},"max_items":1},"advanced_options_config":{"nesting_mode":"list","block":{"attributes":{"json_parsing":{"type":"string","description":"JSON body parsing. Supported values include: \"DISABLED\", \"STANDARD\".","description_kind":"plain","optional":true,"computed":true},"log_level":{"type":"string","description":"Logging level. Supported values include: \"NORMAL\", \"VERBOSE\".","description_kind":"plain","optional":true,"computed":true},"user_ip_request_headers":{"type":["set","string"],"description":"An optional list of case-insensitive request header names to use for resolving the callers client IP address.","description_kind":"plain","optional":true}},"block_types":{"json_custom_config":{"nesting_mode":"list","block":{"attributes":{"content_types":{"type":["set","string"],"description":"A list of custom Content-Type header values to apply the JSON parsing.","description_kind":"plain","required":true}},"description":"Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.","description_kind":"plain"},"max_items":1}},"description":"Advanced Options Config of this security policy.","description_kind":"plain"},"max_items":1},"recaptcha_options_config":{"nesting_mode":"list","block":{"attributes":{"redirect_site_key":{"type":"string","description":"A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.","description_kind":"plain","required":true}},"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain"},"max_items":1},"rule":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Action to take when match matches the request.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this rule. Max size is 64.","description_kind":"plain","optional":true},"preview":{"type":"bool","description":"When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_adds":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to set.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value to set the named header to.","description_kind":"plain","optional":true}},"description":"The list of request headers to add or overwrite if they're already present.","description_kind":"plain"},"min_items":1}},"description":"Additional actions that are performed on headers.","description_kind":"plain"},"max_items":1},"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["set","string"],"description":"Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).","description_kind":"plain","required":true}},"description":"The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1},"expr_options":{"nesting_mode":"list","block":{"block_types":{"recaptcha_options":{"nesting_mode":"list","block":{"attributes":{"action_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created","description_kind":"plain","optional":true},"session_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.","description_kind":"plain","optional":true}},"description":"reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"preconfigured_waf_config":{"nesting_mode":"list","block":{"block_types":{"exclusion":{"nesting_mode":"list","block":{"attributes":{"target_rule_ids":{"type":["set","string"],"description":"A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.","description_kind":"plain","optional":true},"target_rule_set":{"type":"string","description":"Target WAF rule set to apply the preconfigured WAF exclusion.","description_kind":"plain","required":true}},"block_types":{"request_cookie":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_header":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request header whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_query_param":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.","description_kind":"plain"}},"request_uri":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.","description_kind":"plain"}}},"description":"An exclusion to apply during preconfigured WAF evaluation.","description_kind":"plain"}}},"description":"Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.","description_kind":"plain"},"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.","description_kind":"plain","required":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are \"deny()\" where valid values for status are 403, 404, 429, and 502, and \"redirect\" where the redirect parameters come from exceedRedirectOptions below.","description_kind":"plain","required":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"enforce_on_key_configs":{"nesting_mode":"list","block":{"attributes":{"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"enforce_on_key_type":{"type":"string","description":"Determines the key to enforce the rate_limit_threshold on","description_kind":"plain","optional":true}},"description":"Enforce On Key Config of this security policy","description_kind":"plain"}},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rate limit threshold for this security policy. Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action. Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1}},"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the rule is matched. The following are the valid actions:\n\n* allow: allow access to target.\n\n* deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.\n\n* rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.\n\n* redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.\n\n* throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"preview":{"type":"bool","description":"If set to true, the specified action is not enforced.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list.\nThe priority must be a positive value between 0 and 2147483647.\nRules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The name of the security policy this rule belongs to.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_adds":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to set.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value to set the named header to.","description_kind":"plain","optional":true}},"description":"The list of request headers to add or overwrite if they're already present.","description_kind":"plain"}}},"description":"Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR.","description_kind":"plain"},"max_items":1},"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Preconfigured versioned expression. If this field is specified, config must also be specified.\nAvailable preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. Possible values: [\"SRC_IPS_V1\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of srcIpRanges allowed is 10.","description_kind":"plain","optional":true}},"description":"The configuration options available when specifying versionedExpr.\nThis field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1},"expr_options":{"nesting_mode":"list","block":{"block_types":{"recaptcha_options":{"nesting_mode":"list","block":{"attributes":{"action_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.","description_kind":"plain","optional":true},"session_token_site_keys":{"type":["list","string"],"description":"A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.","description_kind":"plain","optional":true}},"description":"reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against.\nIf it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"max_items":1},"preconfigured_waf_config":{"nesting_mode":"list","block":{"block_types":{"exclusion":{"nesting_mode":"list","block":{"attributes":{"target_rule_ids":{"type":["list","string"],"description":"A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion.\nIf omitted, it refers to all the rule IDs under the WAF rule set.","description_kind":"plain","optional":true},"target_rule_set":{"type":"string","description":"Target WAF rule set to apply the preconfigured WAF exclusion.","description_kind":"plain","required":true}},"block_types":{"request_cookie":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_header":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request header whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_query_param":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation.\nNote that the parameter can be in the query string or in the POST body.","description_kind":"plain"}},"request_uri":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation.\nWhen specifying this field, the query or fragment part should be excluded.","description_kind":"plain"}}},"description":"An exclusion to apply during preconfigured WAF evaluation.","description_kind":"plain"}}},"description":"Preconfigured WAF configuration to be applied for the rule.\nIf the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.","description_kind":"plain"},"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\".\nIf specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold.\nValid option is \"allow\" only.","description_kind":"plain","optional":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on. Possible values are:\n* ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKey\" is not configured.\n* IP: The source IP address of the request is the key. Each IP has this limit enforced separately.\n* HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.\n* XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.\n* HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.\n* HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.\n* SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.\n* REGION_CODE: The country/region from which the request originates.\n* TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.\n* USER_IP: The IP address of the originating client, which is resolved based on \"userIpRequestHeaders\" configured with the security policy. If there is no \"userIpRequestHeaders\" configuration or an IP address cannot be resolved from it, the key type defaults to IP. Possible values: [\"ALL\", \"IP\", \"HTTP_HEADER\", \"XFF_IP\", \"HTTP_COOKIE\", \"HTTP_PATH\", \"SNI\", \"REGION_CODE\", \"TLS_JA3_FINGERPRINT\", \"USER_IP\"]","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types:\nHTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.\nHTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint.\nValid options are deny(STATUS), where valid values for STATUS are 403, 404, 429, and 502.","description_kind":"plain","optional":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","optional":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","optional":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\".\nIf specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"enforce_on_key_configs":{"nesting_mode":"list","block":{"attributes":{"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types:\nHTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.\nHTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"enforce_on_key_type":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on. Possible values are:\n* ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKeyConfigs\" is not configured.\n* IP: The source IP address of the request is the key. Each IP has this limit enforced separately.\n* HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.\n* XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.\n* HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.\n* HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.\n* SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.\n* REGION_CODE: The country/region from which the request originates.\n* TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.\n* USER_IP: The IP address of the originating client, which is resolved based on \"userIpRequestHeaders\" configured with the security policy. If there is no \"userIpRequestHeaders\" configuration or an IP address cannot be resolved from it, the key type defaults to IP. Possible values: [\"ALL\", \"IP\", \"HTTP_HEADER\", \"XFF_IP\", \"HTTP_COOKIE\", \"HTTP_PATH\", \"SNI\", \"REGION_CODE\", \"TLS_JA3_FINGERPRINT\", \"USER_IP\"]","description_kind":"plain","optional":true}},"description":"If specified, any combination of values of enforceOnKeyType/enforceOnKeyName is treated as the key on which ratelimit threshold/action is enforced.\nYou can specify up to 3 enforceOnKeyConfigs.\nIf enforceOnKeyConfigs is specified, enforceOnKey must not be specified.","description_kind":"plain"}},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","optional":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. This field is only supported in Global Security Policies of type CLOUD_ARMOR.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","optional":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","optional":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"max_items":1}},"description":"Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","optional":true}},"description":"Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_service_attachment":{"version":0,"block":{"attributes":{"connected_endpoints":{"type":["list",["object",{"consumer_network":"string","endpoint":"string","propagated_connection_count":"number","psc_connection_id":"string","status":"string"}]],"description":"An array of the consumer forwarding rules connected to this service\nattachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference to use for this service attachment. Valid\nvalues include \"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\".","description_kind":"plain","required":true},"consumer_reject_lists":{"type":["list","string"],"description":"An array of projects that are not allowed to connect to this service\nattachment.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"domain_names":{"type":["list","string"],"description":"If specified, the domain name will be used during the integration between\nthe PSC connected endpoints and the Cloud DNS. For example, this is a\nvalid domain name: \"p.mycompany.com.\". Current max number of domain names\nsupported is 1.","description_kind":"plain","optional":true},"enable_proxy_protocol":{"type":"bool","description":"If true, enable the proxy protocol which is for supplying client TCP/IP\naddress data in TCP connections that traverse proxies on their way to\ndestination servers.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"nat_subnets":{"type":["list","string"],"description":"An array of subnets that is provided for NAT in this service attachment.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"propagated_connection_limit":{"type":"number","description":"The number of consumer spokes that connected Private Service Connect endpoints can be propagated to through Network Connectivity Center.\nThis limit lets the service producer limit how many propagated Private Service Connect connections can be established to this service attachment from a single consumer.\n\nIf the connection preference of the service attachment is ACCEPT_MANUAL, the limit applies to each project or network that is listed in the consumer accept list.\nIf the connection preference of the service attachment is ACCEPT_AUTOMATIC, the limit applies to each project that contains a connected endpoint.\n\nIf unspecified, the default propagated connection limit is 250.","description_kind":"plain","optional":true,"computed":true},"reconcile_connections":{"type":"bool","description":"This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints.\n\nIf false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified .\nIf true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the resource resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target_service":{"type":"string","description":"The URL of a service serving the endpoint identified by this service attachment.","description_kind":"plain","required":true}},"block_types":{"consumer_accept_lists":{"nesting_mode":"set","block":{"attributes":{"connection_limit":{"type":"number","description":"The number of consumer forwarding rules the consumer project can\ncreate.","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The network that is allowed to connect to this service attachment.\nOnly one of project_id_or_num and network_url may be set.","description_kind":"plain","optional":true},"project_id_or_num":{"type":"string","description":"A project that is allowed to connect to this service attachment.\nOnly one of project_id_or_num and network_url may be set.","description_kind":"plain","optional":true}},"description":"An array of projects that are allowed to connect to this service\nattachment.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_host_project":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC host project","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_service_project":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host_project":{"type":"string","description":"The ID of a host project to associate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC service project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","required":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain"},"max_items":1},"source_disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource. This field can be set only at resource\ncreation time.","description_kind":"plain","optional":true},"external_ipv6_prefix":{"type":"string","description":"The range of external IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during updates of this resource.","description_kind":"plain","deprecated":true,"computed":true},"gateway_address":{"type":"string","description":"The gateway address for default routes to reach destination addresses\noutside this subnetwork.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description":"The internal IPv6 address range that is assigned to this subnetwork.","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that are owned by this subnetwork.\nProvide this property when you create the subnetwork. For example,\n10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported.\nField is optional when 'reserved_internal_range' is defined, otherwise required.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation\nor the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet\ncannot enable direct path. Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"ipv6_cidr_range":{"type":"string","description":"The range of internal IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially\ncreating the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this subnet belongs to.\nOnly networks that are in the distributed mode can have subnetworks.","description_kind":"plain","required":true},"private_ip_google_access":{"type":"bool","description":"When enabled, VMs in this subnetwork without external IP addresses can\naccess Google APIs and services by using Private Google Access.","description_kind":"plain","optional":true,"computed":true},"private_ipv6_google_access":{"type":"string","description":"The private IPv6 google access type for the VMs in this subnet.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. This field can be either 'PRIVATE', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', 'PRIVATE_SERVICE_CONNECT' or 'PRIVATE_NAT'([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)).\nA subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers.\nA subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers.\nA subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service.\nA subnetwork with purpose set to 'PRIVATE_NAT' is used as source range for Private NAT gateways.\nNote that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers.\nIf unspecified, the purpose defaults to 'PRIVATE'.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The GCP region for this subnetwork.","description_kind":"plain","optional":true,"computed":true},"reserved_internal_range":{"type":"string","description":"The ID of the reserved internal range. Must be prefixed with 'networkconnectivity.googleapis.com'\nE.g. 'networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}'","description_kind":"plain","optional":true},"role":{"type":"string","description":"The role of subnetwork.\nCurrently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'.\nThe value can be set to 'ACTIVE' or 'BACKUP'.\nAn 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region.\nA 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: [\"ACTIVE\", \"BACKUP\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"send_secondary_ip_range_if_empty":{"type":"bool","description":"Controls the removal behavior of secondary_ip_range.\nWhen false, removing secondary_ip_range from config will not produce a diff as\nthe provider will default to the API's value.\nWhen true, the provider will treat removing secondary_ip_range as sending an\nempty list of secondary IP ranges to the API.\nDefaults to false.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this subnet to identify whether the IPv6 feature is enabled or not.\nIf not specified IPV4_ONLY will be used. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true,"computed":true},"subnetwork_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"aggregation_interval":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nToggles the aggregation interval for collecting flow logs. Increasing the\ninterval time will reduce the amount of generated flow logs for long\nlasting connections. Default is an interval of 5 seconds per connection. Default value: \"INTERVAL_5_SEC\" Possible values: [\"INTERVAL_5_SEC\", \"INTERVAL_30_SEC\", \"INTERVAL_1_MIN\", \"INTERVAL_5_MIN\", \"INTERVAL_10_MIN\", \"INTERVAL_15_MIN\"]","description_kind":"plain","optional":true},"filter_expr":{"type":"string","description":"Export filter used to define which VPC flow logs should be logged, as as CEL expression. See\nhttps://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field.\nThe default value is 'true', which evaluates to include everything.","description_kind":"plain","optional":true},"flow_sampling":{"type":"number","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nThe value of the field must be in [0, 1]. Set the sampling rate of VPC\nflow logs within the subnetwork where 1.0 means all collected logs are\nreported and 0.0 means no logs are reported. Default is 0.5 which means\nhalf of all collected logs are reported.","description_kind":"plain","optional":true},"metadata":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nConfigures whether metadata fields should be added to the reported VPC\nflow logs. Default value: \"INCLUDE_ALL_METADATA\" Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\", \"CUSTOM_METADATA\"]","description_kind":"plain","optional":true},"metadata_fields":{"type":["set","string"],"description":"List of metadata fields that should be added to reported logs.\nCan only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" is set to CUSTOM_METADATA.","description_kind":"plain","optional":true}},"description":"This field denotes the VPC flow logging options for this subnetwork. If\nlogging is enabled, logs are exported to Cloud Logging. Flow logging\nisn't supported if the subnet 'purpose' field is set to subnetwork is\n'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'.","description_kind":"plain"},"max_items":1},"secondary_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The range of IP addresses belonging to this subnetwork secondary\nrange. Provide this property when you create the subnetwork.\nRanges must be unique and non-overlapping with all primary and\nsecondary IP ranges within a network. Only IPv4 is supported.\nField is optional when 'reserved_internal_range' is defined, otherwise required.","description_kind":"plain","optional":true,"computed":true},"range_name":{"type":"string","description":"The name associated with this subnetwork secondary range, used\nwhen adding an alias IP range to a VM instance. The name must\nbe 1-63 characters long, and comply with RFC1035. The name\nmust be unique within the subnetwork.","description_kind":"plain","required":true},"reserved_internal_range":{"type":"string","description":"The ID of the reserved internal range. Must be prefixed with 'networkconnectivity.googleapis.com'\nE.g. 'networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}'","description_kind":"plain","optional":true}},"description":"An array of configurations for secondary IP ranges for VM instances\ncontained in this subnetwork. The primary IP of such VM must belong\nto the primary ipCidrRange of the subnetwork. The alias IPs may belong\nto either primary or secondary ranges.\n\n**Note**: This field uses [attr-as-block mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html) to avoid\nbreaking users during the 0.12 upgrade. To explicitly send a list of zero objects,\nset 'send_secondary_ip_range_if_empty = true'","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_target_grpc_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in\nthis object. This field is used in optimistic locking. This field\nwill be ignored when inserting a TargetGrpcProxy. An up-to-date\nfingerprint must be provided in order to patch/update the\nTargetGrpcProxy; otherwise, the request will fail with error\n412 conditionNotMet. To see the latest fingerprint, make a get()\nrequest to retrieve the TargetGrpcProxy. A base64-encoded string.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource\nis created. The name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long\nand match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL with id for the resource.","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"URL to the UrlMap resource that defines the mapping from URL to\nthe BackendService. The protocol field in the BackendService\nmust be set to GRPC.","description_kind":"plain","optional":true},"validate_for_proxyless":{"type":"bool","description":"If true, indicates that the BackendServices referenced by\nthe urlMap may be accessed by gRPC applications without using\na sidecar proxy. This will enable configuration checks on urlMap\nand its referenced BackendServices to not allow unsupported features.\nA gRPC application must use \"xds:///\" scheme in the target URI\nof the service it is connecting to. If false, indicates that the\nBackendServices referenced by the urlMap will be accessed by gRPC\napplications via a sidecar proxy. In this case, a gRPC application\nmust not use \"xds:///\" scheme in the target URI of the service\nit is connecting to","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value will be used. For Global\nexternal HTTP(S) load balancer, the default value is 610 seconds, the\nminimum allowed value is 5 seconds and the maximum allowed value is 1200\nseconds. For cross-region internal HTTP(S) load balancer, the default\nvalue is 600 seconds, the minimum allowed value is 5 seconds, and the\nmaximum allowed value is 600 seconds. For Global external HTTP(S) load\nbalancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCertificate manager certificates only apply when the load balancing scheme is set to INTERNAL_MANAGED.\nFor EXTERNAL and EXTERNAL_MANAGED, use certificate_map instead.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field is only supported for EXTERNAL and EXTERNAL_MANAGED load balancing schemes.\nFor INTERNAL_MANAGED, use certificate_manager_certificates instead.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value will be used. For Global\nexternal HTTP(S) load balancer, the default value is 610 seconds, the\nminimum allowed value is 5 seconds and the maximum allowed value is 1200\nseconds. For cross-region internal HTTP(S) load balancer, the default\nvalue is 600 seconds, the minimum allowed value is 5 seconds, and the\nmaximum allowed value is 600 seconds. For Global external HTTP(S) load\nbalancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"quic_override":{"type":"string","description":"Specifies the QUIC override policy for this resource. This determines\nwhether the load balancer will attempt to negotiate QUIC with clients\nor not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is\nspecified, Google manages whether QUIC is used. Default value: \"NONE\" Possible values: [\"NONE\", \"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n\nIf you remove this field from your configuration at the same time as\ndeleting or recreating a referenced ServerTlsPolicy resource, you will\nreceive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy\nwithin the ServerTlsPolicy resource to avoid this.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates can not be defined together.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"tls_early_data":{"type":"string","description":"Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.\nEarly Data allows a TLS resumption handshake to include the initial application payload\n(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.\nThis applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). Possible values: [\"STRICT\", \"PERMISSIVE\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_instance":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The Compute instance VM handling traffic for this target instance.\nAccepts the instance self-link, relative path\n(e.g. 'projects/project/zones/zone/instances/instance') or name. If\nname is given, the zone will default to the given zone or\nthe provider-default zone and the project will default to the\nprovider-level project.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"nat_policy":{"type":"string","description":"NAT option controlling how IPs are NAT'ed to the instance.\nCurrently only NO_NAT (default value) is supported. Default value: \"NO_NAT\" Possible values: [\"NO_NAT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"zone":{"type":"string","description":"URL of the zone where the target instance resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_pool":{"version":0,"block":{"attributes":{"backup_pool":{"type":"string","description":"URL to the backup target pool. Must also set failover_ratio.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Textual description field.","description_kind":"plain","optional":true},"failover_ratio":{"type":"number","description":"Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set).","description_kind":"plain","optional":true},"health_checks":{"type":["list","string"],"description":"List of zero or one health check name or self_link. Only legacy google_compute_http_health_check is supported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"List of instances in the pool. They can be given as URLs, or in the form of \"zone/name\". Note that the instances need not exist at the time of target pool creation, so there is no need to use the Terraform interpolators to create a dependency on the instances from the target pool.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the resource, required by GCE. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Where the target pool resides. Defaults to project region.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"How to distribute load. Options are \"NONE\" (no affinity). \"CLIENT_IP\" (hash of the source/dest addresses / ports), and \"CLIENT_IP_PROTO\" also includes the protocol (default \"NONE\").","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_ssl_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of SslCertificate resources that are used to authenticate\nconnections between users and the load balancer. At least one\nSSL certificate must be specified.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetSslProxy resource. If not set, the TargetSslProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given rules match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase\nletter, and all following characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions\nlike URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend.\nIf defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService\nis set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained. The default is set to false.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here take effect after\nheaderAction specified under pathMatcher.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid hostnames, except * will\nmatch any string of ([a-z0-9-.]*). In that case, * must be the first character\nand must be followed in the pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of the URL if the\nhostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given paths match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs\nadvanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request\nto the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set.\nConversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. HeaderAction specified here are applied after the\nmatching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket to use if any of the given paths match.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nfor example: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n* unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0] - -3 will match. - 0 will\nnot match. - 0.25 will not match. - -3someString will not match. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n - MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n - MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n for example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction\nis not set, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set\nto false, the URL scheme of the redirected request will remain the same as that\nof the request. This must only be set for UrlMaps used in TargetHttpProxys.\nSetting this true for TargetHttpsProxy is not permitted. Defaults to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. Only one of pathRedirect or prefixRedirect must be\nspecified. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained. Defaults to false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket link that should be matched by this test.","description_kind":"plain","required":true}},"description":"The list of expected URL mapping tests. Request to update this UrlMap will\nsucceed only if all of the test cases pass. You can specify a maximum of 100\ntests per UrlMap.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_tunnel":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"detailed_status":{"type":"string","description":"Detailed status message for the VPN tunnel.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ike_version":{"type":"number","description":"IKE protocol version to use when establishing the VPN tunnel with\npeer VPN gateway.\nAcceptable IKE versions are 1 or 2. Default version is 2.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this VpnTunnel.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"local_traffic_selector":{"type":["set","string"],"description":"Local traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63\ncharacters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\nmust be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_external_gateway":{"type":"string","description":"URL of the peer side external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_external_gateway_interface":{"type":"number","description":"The interface ID of the external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_gcp_gateway":{"type":"string","description":"URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.\nIf provided, the VPN tunnel will automatically use the same vpn_gateway_interface\nID in the peer GCP VPN gateway.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"peer_ip":{"type":"string","description":"IP address of the peer VPN gateway. Only IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.","description_kind":"plain","optional":true,"computed":true},"remote_traffic_selector":{"type":["set","string"],"description":"Remote traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of router resource to be used for dynamic routing.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Shared secret used to set the secure session between the Cloud VPN\ngateway and the peer VPN gateway.","description_kind":"plain","required":true,"sensitive":true},"shared_secret_hash":{"type":"string","description":"Hash of the shared secret.","description_kind":"plain","computed":true},"target_vpn_gateway":{"type":"string","description":"URL of the Target VPN gateway with which this VPN tunnel is\nassociated.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tunnel_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"vpn_gateway":{"type":"string","description":"URL of the VPN gateway with which this VPN tunnel is associated.\nThis must be used if a High Availability VPN gateway resource is created.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"vpn_gateway_interface":{"type":"number","description":"The interface ID of the VPN gateway with which this VPN tunnel is associated.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time this note was created.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"Time of expiration for this note. Leave empty if note does not expire.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The type of analysis this note describes","description_kind":"plain","computed":true},"long_description":{"type":"string","description":"A detailed description of the note","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the note.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"related_note_names":{"type":["set","string"],"description":"Names of other notes related to this note.","description_kind":"plain","optional":true},"short_description":{"type":"string","description":"A one sentence description of the note.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time this note was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation_authority":{"nesting_mode":"list","block":{"block_types":{"hint":{"nesting_mode":"list","block":{"attributes":{"human_readable_name":{"type":"string","description":"The human readable name of this Attestation Authority, for\nexample \"qa\".","description_kind":"plain","required":true}},"description":"This submessage provides human-readable hints about the purpose of\nthe AttestationAuthority. Because the name of a Note acts as its\nresource reference, it is important to disambiguate the canonical\nname of the Note (which might be a UUID for security purposes)\nfrom \"readable\" names more suitable for debug output. Note that\nthese hints should NOT be used to look up AttestationAuthorities\nin security sensitive contexts, such as when looking up\nAttestations to verify.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Note kind that represents a logical attestation \"role\" or \"authority\".\nFor example, an organization might have one AttestationAuthority for\n\"QA\" and one for \"build\". This Note is intended to act strictly as a\ngrouping mechanism for the attached Occurrences (Attestations). This\ngrouping mechanism also provides a security boundary, since IAM ACLs\ngate the ability for a principle to attach an Occurrence to a given\nNote. It also provides a single point of lookup to find all attached\nAttestation Occurrences, even if they don't all live in the same\nproject.","description_kind":"plain"},"min_items":1,"max_items":1},"related_url":{"nesting_mode":"set","block":{"attributes":{"label":{"type":"string","description":"Label to describe usage of the URL","description_kind":"plain","optional":true},"url":{"type":"string","description":"Specific URL associated with the resource.","description_kind":"plain","required":true}},"description":"URLs associated with this note and related metadata.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_analysis_occurrence":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The note kind which explicitly denotes which of the occurrence\ndetails are specified. This field can be used as a filter in list\nrequests.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the occurrence.","description_kind":"plain","computed":true},"note_name":{"type":"string","description":"The analysis note associated with this occurrence, in the form of\nprojects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a\nfilter in list requests.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remediation":{"type":"string","description":"A description of actions that can be taken to remedy the note.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"Required. Immutable. A URI that represents the resource for which\nthe occurrence applies. For example,\nhttps://gcr.io/project/image@sha256:123abc for a Docker image.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation":{"nesting_mode":"list","block":{"attributes":{"serialized_payload":{"type":"string","description":"The serialized payload that is verified by one or\nmore signatures. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"signatures":{"nesting_mode":"set","block":{"attributes":{"public_key_id":{"type":"string","description":"The identifier for the public key that verifies this\nsignature. MUST be an RFC3986 conformant\nURI. * When possible, the key id should be an\nimmutable reference, such as a cryptographic digest.\nExamples of valid values:\n\n* OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr\n for more details on this scheme.\n * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'\n* RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"","description_kind":"plain","required":true},"signature":{"type":"string","description":"The content of the signature, an opaque bytestring.\nThe payload that this signature verifies MUST be\nunambiguously provided with the Signature during\nverification. A wrapper message might provide the\npayload explicitly. Alternatively, a message might\nhave a canonical serialization that can always be\nunambiguously computed to derive the payload.","description_kind":"plain","optional":true}},"description":"One or more signatures over serializedPayload.\nVerifier implementations should consider this attestation\nmessage verified if at least one signature verifies\nserializedPayload. See Signature in common.proto for more\ndetails on signature structure and verification.","description_kind":"plain"},"min_items":1}},"description":"Occurrence that represents a single \"attestation\". The authenticity\nof an attestation can be verified using the attached signature.\nIf the verifier trusts the public key of the signer, then verifying\nthe signature is sufficient to establish trust. In this circumstance,\nthe authority to which this attestation is attached is primarily\nuseful for lookup (how to find this attestation if you already\nknow the authority and artifact to be verified) and intent (for\nwhich authority this attestation was intended to sign.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_attached_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same\nrestrictions as Kubernetes annotations. The total size of all keys and\nvalues combined is limited to 256k. Key can have 2 segments: prefix (optional)\nand name (required), separated by a slash (/). Prefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster_region":{"type":"string","description":"Output only. The region where this cluster runs.\n\nFor EKS clusters, this is an AWS region. For AKS clusters,\nthis is an Azure region.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine what flags to send on delete. Possible values: DELETE, DELETE_IGNORE_ERRORS","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human readable description of this attached cluster. Cannot be longer\nthan 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"distribution":{"type":"string","description":"The Kubernetes distribution of the underlying attached cluster. Supported values:\n\"eks\", \"aks\", \"generic\". The generic distribution provides the ability to register\nor migrate any CNCF conformant cluster.","description_kind":"plain","required":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"errors":{"type":["list",["object",{"message":"string"}]],"description":"A set of errors found in the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_version":{"type":"string","description":"The Kubernetes version of the cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"platform_version":{"type":"string","description":"The platform version for the cluster (e.g. '1.23.0-gke.1').","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the cluster. Possible values:\nSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\nDEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"attributes":{"admin_groups":{"type":["list","string"],"description":"Groups that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the groups. Up to ten admin groups can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true},"admin_users":{"type":["list","string"],"description":"Users that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the users. Up to ten admin users can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Configure Binary Authorization evaluation mode. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization configuration.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this\ncluster. Membership names are formatted as\nprojects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","required":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"logging_config":{"nesting_mode":"list","block":{"block_types":{"component_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"]","description_kind":"plain","optional":true}},"description":"The configuration of the logging components","description_kind":"plain"},"max_items":1}},"description":"Logging configuration.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"managed_prometheus_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Managed Collection.","description_kind":"plain","optional":true}},"description":"Enable Google Cloud Managed Service for Prometheus in the cluster.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration.","description_kind":"plain"},"max_items":1},"oidc_config":{"nesting_mode":"list","block":{"attributes":{"issuer_url":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'","description_kind":"plain","required":true},"jwks":{"type":"string","description":"OIDC verification keys in JWKS format (RFC 7517).","description_kind":"plain","optional":true}},"description":"OIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how GCP services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuer_url' field\nwhile clusters with private issuers need to provide both\n'issuer_url' and 'jwks'.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"block_types":{"kubernetes_secret":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Namespace of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true}},"description":"The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.","description_kind":"plain"},"max_items":1}},"description":"Support for proxy configuration.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"vulnerability_mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Possible values: [\"VULNERABILITY_DISABLED\", \"VULNERABILITY_ENTERPRISE\"]","description_kind":"plain","required":true}},"description":"Enable/Disable Security Posture API features for the cluster.","description_kind":"plain","deprecated":true},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM instance pofile to assign to each control plane replica.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"subnet_ids":{"type":["list","string"],"description":"The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of AWS resource tags to propagate to all underlying managed AWS resources. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling .","description_kind":"plain","required":true}},"block_types":{"aws_services_authentication":{"nesting_mode":"list","block":{"attributes":{"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.","description_kind":"plain","required":true},"role_session_name":{"type":"string","description":"Optional. An identifier for the assumed role session. When unspecified, it defaults to `multicloud-service-agent`.","description_kind":"plain","optional":true,"computed":true}},"description":"Authentication configuration for management of AWS resources.","description_kind":"plain"},"min_items":1,"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain"},"min_items":1,"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"per_node_pool_sg_rules_disabled":{"type":"bool","description":"Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.","description_kind":"plain","optional":true},"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"vpc_id":{"type":"string","description":"The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The awsCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The lifecycle state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The subnet where the node pool node run.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version to run on this node pool (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the NodePool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the NodePool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM role assigned to nodes in the pool.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to nodes in this pool. The manager will automatically create security groups with minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. Key/value metadata to assign to each underlying AWS resource. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_metrics_collection":{"nesting_mode":"list","block":{"attributes":{"granularity":{"type":"string","description":"The frequency at which EC2 Auto Scaling sends aggregated data to AWS CloudWatch. The only valid value is \"1Minute\".","description_kind":"plain","required":true},"metrics":{"type":["list","string"],"description":"The metrics to enable. For a list of valid metrics, see https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html. If you specify granularity and don't specify any metrics, all metrics are enabled.","description_kind":"plain","optional":true}},"description":"Optional. Configuration related to CloudWatch metrics collection on the Auto Scaling group of the node pool. When unspecified, metrics collection is disabled.","description_kind":"plain"},"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Template for the root volume provisioned for node pool nodes. Volumes will be provisioned in the availability zone assigned to the node pool subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. The SSH configuration.","description_kind":"plain"},"max_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"The taint effect. Possible values: EFFECT_UNSPECIFIED, NO_SCHEDULE, PREFER_NO_SCHEDULE, NO_EXECUTE","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for the taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for the taint.","description_kind":"plain","required":true}},"description":"Optional. The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Whether or not to enable CPU CFS quota. Defaults to true.","description_kind":"plain","optional":true,"computed":true},"cpu_cfs_quota_period":{"type":"string","description":"Optional. The CPU CFS quota period to use for the node. Defaults to \"100ms\".","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"The CpuManagerPolicy to use for the node. Defaults to \"none\".","description_kind":"plain","optional":true,"computed":true},"pod_pids_limit":{"type":"number","description":"Optional. The maximum number of PIDs in each pod running on the node. The limit scales automatically based on underlying machine size if left unset.","description_kind":"plain","optional":true}},"description":"The kubelet configuration for the node pool.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_settings":{"nesting_mode":"list","block":{"block_types":{"surge_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Settings for surge update.","description_kind":"plain"},"max_items":1}},"description":"Optional. Update settings control the speed and disruption of the node pool update.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_azure_client":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"Output only. The PEM encoded x509 certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this resource was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the client.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_region":{"type":"string","description":"The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call to list all supported Azure regions within a given Google Cloud region.","description_kind":"plain","required":true},"client":{"type":"string","description":"Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/\u003cproject-number\u003e/locations/\u003cregion\u003e/azureClients/\u003cclient-id\u003e`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"resource_group_id":{"type":"string","description":"The ARM ID of the resource group where the cluster resources are deployed. For example: `/subscriptions/*/resourceGroups/*`","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"azure_services_authentication":{"nesting_mode":"list","block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID for Authentication configuration.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID for Authentication configuration.","description_kind":"plain","required":true}},"description":"Azure authentication configuration for management of Azure resources","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the control plane VMs are deployed. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/default`.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying control plane Azure resources.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAzureServerConfig.","description_kind":"plain","required":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. For available VM sizes, see https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-id\u003e/providers/Microsoft.KeyVault/vaults/\u003ckey-vault-id\u003e/keys/\u003ckey-name\u003e` Encryption will always take the latest version of the key and hence specific version is not supported.","description_kind":"plain","required":true}},"description":"Optional. Configuration related to application-layer secrets encryption.","description_kind":"plain"},"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. When unspecified, it defaults to a 8-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"replica_placements":{"nesting_mode":"list","block":{"attributes":{"azure_availability_zone":{"type":"string","description":"For a given replica, the Azure availability zone where to provision the control plane VM and the ETCD disk.","description_kind":"plain","required":true},"subnet_id":{"type":"string","description":"For a given replica, the ARM ID of the subnet where the control plane VM is deployed. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true}},"description":"Configuration for where to place the control plane replicas. Up to three replica placement instances can be specified. If replica_placements is set, the replica placement instances will be applied to the three control plane replicas as evenly as possible.","description_kind":"plain"}},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. When unspecified, it defaults to 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range of the pods in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All pods in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range for services in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All services in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creating a cluster.","description_kind":"plain","required":true},"virtual_network_id":{"type":"string","description":"The Azure Resource Manager (ARM) ID of the VNet associated with your cluster. All components in the cluster (i.e. control plane and node pools) run on a single VNet. Example: `/subscriptions/*/resourceGroups/*/providers/Microsoft.Network/virtualNetworks/*` This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_availability_zone":{"type":"string","description":"Optional. The Azure availability zone of the nodes in this nodepool. When unspecified, it defaults to `1`.","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"The azureCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently pending changes to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the node pool VMs run. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this node pool.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the node pool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the node pool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying Azure resources for this node pool. This currently only includes Virtual Machine Scale Sets. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. See (/anthos/clusters/docs/azure/reference/supported-vms) for options. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each node pool machine. When unspecified, it defaults to a 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the node pool machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","optional":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","optional":true,"computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","optional":true,"computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"bool","description":"When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the cluster will fail. When the field is set to false, deleting the cluster is allowed.","description_kind":"plain","optional":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","optional":true},"enable_cilium_clusterwide_network_policy":{"type":"bool","description":"Whether Cilium cluster-wide network policy is enabled on this cluster.","description_kind":"plain","optional":true},"enable_fqdn_network_policy":{"type":"bool","description":"Whether FQDN Network Policy is enabled on this cluster.","description_kind":"plain","optional":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","optional":true,"computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","optional":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","optional":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","optional":true},"enable_multi_networking":{"type":"bool","description":"Whether multi-networking is enabled for this cluster.","description_kind":"plain","optional":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","optional":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true,"computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","optional":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","optional":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","optional":true,"computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"cloudrun_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description_kind":"plain","optional":true}},"description":"The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.","description_kind":"plain"},"max_items":1},"config_connector_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The of the Config Connector addon.","description_kind":"plain"},"max_items":1},"dns_cache_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gce_persistent_disk_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.","description_kind":"plain"},"max_items":1},"gcp_filestore_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled for Standard clusters; set enabled = true to enable. It is enabled by default for Autopilot clusters; set enabled = true to enable it explicitly.","description_kind":"plain"},"max_items":1},"gcs_fuse_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gke_backup_agent_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"horizontal_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"http_load_balancing":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"network_policy_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.","description_kind":"plain"},"max_items":1},"parallelstore_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Parallelstore CSI driver addon, which allows the usage of Parallelstore instances as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"ray_operator_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"block_types":{"ray_cluster_logging_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of Ray Logging, which scrapes Ray cluster logs to Cloud Logging. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"ray_cluster_monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of Ray Cluster monitoring, which shows Ray cluster metrics in Cloud Console. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1}},"description":"The status of the Ray Operator addon, which enabled management of Ray AI/ML jobs on GKE. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":3},"stateful_ha_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1}},"description":"The configuration for addons supported by GKE.","description_kind":"plain"},"max_items":1},"authenticator_groups_config":{"nesting_mode":"list","block":{"attributes":{"security_group":{"type":"string","description":"The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.","description_kind":"plain","required":true}},"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Binary Authorization for this cluster.","description_kind":"plain","deprecated":true,"optional":true},"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"cluster_autoscaling":{"nesting_mode":"list","block":{"attributes":{"auto_provisioning_locations":{"type":["list","string"],"description":"The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.","description_kind":"plain","optional":true,"computed":true},"autoscaling_profile":{"type":"string","description":"Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"auto_provisioning_defaults":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The default image type used by NAP once a new node pool is being created.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["list","string"],"description":"Scopes that are used by NAP when creating node pools.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true}},"block_types":{"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.","description_kind":"plain","optional":true,"computed":true},"auto_upgrade":{"type":"bool","description":"Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.","description_kind":"plain","optional":true,"computed":true},"upgrade_options":{"type":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]],"description":"Specifies the Auto Upgrade knobs for the node pool.","description_kind":"plain","computed":true}},"description":"NodeManagement configuration for this NodePool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.","description_kind":"plain","optional":true},"max_unavailable":{"type":"number","description":"The maximum number of nodes that can be simultaneously unavailable during the upgrade process.","description_kind":"plain","optional":true},"strategy":{"type":"string","description":"Update strategy of the node pool.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Standard policy for the blue-green upgrade.","description_kind":"plain"},"max_items":1}},"description":"Settings for blue-green upgrade strategy.","description_kind":"plain"},"max_items":1}},"description":"Specifies the upgrade settings for NAP created node pools","description_kind":"plain"},"max_items":1}},"description":"Contains defaults for a node pool created by NAP.","description_kind":"plain"},"max_items":1},"resource_limits":{"nesting_mode":"list","block":{"attributes":{"maximum":{"type":"number","description":"Maximum amount of the resource in the cluster.","description_kind":"plain","optional":true},"minimum":{"type":"number","description":"Minimum amount of the resource in the cluster.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.","description_kind":"plain","required":true}},"description":"Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.","description_kind":"plain"}}},"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this cluster.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain"},"max_items":1},"control_plane_endpoints_config":{"nesting_mode":"list","block":{"block_types":{"dns_endpoint_config":{"nesting_mode":"list","block":{"attributes":{"allow_external_traffic":{"type":"bool","description":"Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The cluster's DNS endpoint.","description_kind":"plain","optional":true,"computed":true}},"description":"DNS endpoint configuration.","description_kind":"plain"},"max_items":1}},"description":"Configuration for all of the cluster's control plane endpoints. Currently supports only DNS endpoint configuration, IP endpoint configuration is available in private_cluster_config.","description_kind":"plain"},"max_items":1},"cost_management_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.","description_kind":"plain","required":true}},"description":"Cost management configuration for the cluster.","description_kind":"plain"},"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_name":{"type":"string","description":"The key to use to encrypt/decrypt secrets.","description_kind":"plain","optional":true},"state":{"type":"string","description":"ENCRYPTED or DECRYPTED.","description_kind":"plain","required":true}},"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain"},"max_items":1},"default_snat_status":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.","description_kind":"plain","required":true}},"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain"},"max_items":1},"dns_config":{"nesting_mode":"list","block":{"attributes":{"additive_vpc_scope_dns_domain":{"type":"string","description":"Enable additive VPC scope DNS in a GKE cluster.","description_kind":"plain","optional":true},"cluster_dns":{"type":"string","description":"Which in-cluster DNS provider should be used.","description_kind":"plain","optional":true},"cluster_dns_domain":{"type":"string","description":"The suffix used for all cluster service records.","description_kind":"plain","optional":true},"cluster_dns_scope":{"type":"string","description":"The scope of access to cluster DNS records.","description_kind":"plain","optional":true}},"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain"},"max_items":1},"enable_k8s_beta_apis":{"nesting_mode":"list","block":{"attributes":{"enabled_apis":{"type":["set","string"],"description":"Enabled Kubernetes Beta APIs.","description_kind":"plain","required":true}},"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain"},"max_items":1},"enterprise_config":{"nesting_mode":"list","block":{"attributes":{"cluster_tier":{"type":"string","description":"Indicates the effective cluster tier. Available options include STANDARD and ENTERPRISE.","description_kind":"plain","computed":true},"desired_tier":{"type":"string","description":"Indicates the desired cluster tier. Available options include STANDARD and ENTERPRISE.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the config needed to enable/disable GKE Enterprise","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Full resource name of the registered fleet membership of the cluster.","description_kind":"plain","computed":true},"membership_id":{"type":"string","description":"Short name of the fleet membership, for example \"member-1\".","description_kind":"plain","computed":true},"membership_location":{"type":"string","description":"Location of the fleet membership, for example \"us-central1\".","description_kind":"plain","computed":true},"pre_registered":{"type":"bool","description":"Whether the cluster has been registered via the fleet API.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The Fleet host project of the cluster.","description_kind":"plain","optional":true}},"description":"Fleet configuration of the cluster.","description_kind":"plain"},"max_items":1},"gateway_api_config":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The Gateway API release channel to use for Gateway API.","description_kind":"plain","required":true}},"description":"Configuration for GKE Gateway API controller.","description_kind":"plain"},"max_items":1},"identity_service_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable the Identity Service component.","description_kind":"plain","optional":true}},"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain"},"max_items":1},"ip_allocation_policy":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_block":{"type":"string","description":"The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"cluster_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"services_ipv4_cidr_block":{"type":"string","description":"The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"services_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set","description_kind":"plain","optional":true}},"block_types":{"additional_pod_ranges_config":{"nesting_mode":"list","block":{"attributes":{"pod_range_names":{"type":["set","string"],"description":"Name for pod secondary ipv4 range which has the actual range defined ahead.","description_kind":"plain","required":true}},"description":"AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for cluster level pod cidr overprovision. Default is disabled=false.","description_kind":"plain"},"max_items":1}},"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain"},"max_items":1},"logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, KCP_CONNECTION, KCP_SSHD, SCHEDULER, and WORKLOADS.","description_kind":"plain","required":true}},"description":"Logging configuration for the cluster.","description_kind":"plain"},"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"daily_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description_kind":"plain","computed":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window specified for daily maintenance operations. Specify start_time in RFC3339 format \"HH:MM”, where HH : [00-23] and MM : [00-59] GMT.","description_kind":"plain"},"max_items":1},"maintenance_exclusion":{"nesting_mode":"set","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"exclusion_name":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"block_types":{"exclusion_options":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"The scope of automatic upgrades to restrict in the exclusion window.","description_kind":"plain","required":true}},"description":"Maintenance exclusion related options.","description_kind":"plain"},"max_items":1}},"description":"Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.","description_kind":"plain"},"max_items":20},"recurring_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"recurrence":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window for recurring maintenance operations.","description_kind":"plain"},"max_items":1}},"description":"The maintenance policy to use for the cluster.","description_kind":"plain"},"max_items":1},"master_auth":{"nesting_mode":"list","block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"Base64 encoded private key used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true,"sensitive":true},"cluster_ca_certificate":{"type":"string","description":"Base64 encoded public certificate that is the root of trust for the cluster.","description_kind":"plain","computed":true}},"block_types":{"client_certificate_config":{"nesting_mode":"list","block":{"attributes":{"issue_client_certificate":{"type":"bool","description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain","required":true}},"description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"gcp_public_cidrs_access_enabled":{"type":"bool","description":"Whether Kubernetes master is accessible via Google Compute Engine Public IPs.","description_kind":"plain","optional":true,"computed":true},"private_endpoint_enforcement_enabled":{"type":"bool","description":"Whether authorized networks is enforced on the private endpoint or not. Defaults to false.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"External networks that can access the Kubernetes cluster master through HTTPS.","description_kind":"plain"}}},"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain"},"max_items":1},"mesh_certificates":{"nesting_mode":"list","block":{"attributes":{"enable_certificates":{"type":"bool","description":"When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","required":true}},"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_datapath_observability_config":{"nesting_mode":"list","block":{"attributes":{"enable_metrics":{"type":"bool","description":"Whether or not the advanced datapath metrics are enabled.","description_kind":"plain","required":true},"enable_relay":{"type":"bool","description":"Whether or not Relay is enabled.","description_kind":"plain","required":true}},"description":"Configuration of Advanced Datapath Observability features.","description_kind":"plain"},"max_items":1},"managed_prometheus":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the managed collection is enabled.","description_kind":"plain","required":true}},"description":"Configuration for Google Cloud Managed Services for Prometheus.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration for the cluster.","description_kind":"plain"},"max_items":1},"network_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether network policy is enabled on the cluster.","description_kind":"plain","required":true},"provider":{"type":"string","description":"The selected network policy provider.","description_kind":"plain","optional":true}},"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_encryption_mode":{"type":"string","description":"LocalSsdEncryptionMode specified the method used for encrypting the local SSDs attached to the node.","description_kind":"plain","optional":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"storage_pools":{"type":["list","string"],"description":"The list of Storage Pools where boot disks are provisioned.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether the node should have nested virtualization enabled.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the accelerator cards exposed to an instance.","description_kind":"plain","required":true},"gpu_partition_size":{"type":"string","description":"Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning)","description_kind":"plain","optional":true},"type":{"type":"string","description":"The accelerator type resource name.","description_kind":"plain","required":true}},"block_types":{"gpu_driver_installation_config":{"nesting_mode":"list","block":{"attributes":{"gpu_driver_version":{"type":"string","description":"Mode for how the GPU driver is installed.","description_kind":"plain","required":true}},"description":"Configuration for auto installation of GPU driver.","description_kind":"plain"},"max_items":1},"gpu_sharing_config":{"nesting_mode":"list","block":{"attributes":{"gpu_sharing_strategy":{"type":"string","description":"The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig)","description_kind":"plain","required":true},"max_shared_clients_per_gpu":{"type":"number","description":"The maximum number of containers that can share a GPU.","description_kind":"plain","required":true}},"description":"Configuration for GPU sharing.","description_kind":"plain"},"max_items":1}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","optional":true},"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"block_types":{"hugepages_config":{"nesting_mode":"list","block":{"attributes":{"hugepage_size_1g":{"type":"number","description":"Amount of 1G hugepages.","description_kind":"plain","optional":true},"hugepage_size_2m":{"type":"number","description":"Amount of 2M hugepages.","description_kind":"plain","optional":true}},"description":"Amounts for 2M and 1G hugepages.","description_kind":"plain"},"max_items":1}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"node_pool":{"nesting_mode":"list","block":{"attributes":{"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"additional_node_network_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Name of the VPC where the additional interface belongs.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional interface belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface","description_kind":"plain"}},"additional_pod_network_configs":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node which use this pod network.","description_kind":"plain","optional":true,"computed":true},"secondary_pod_range":{"type":"string","description":"The name of the secondary range on the subnet which provides IP address for this pod range.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional pod network belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_encryption_mode":{"type":"string","description":"LocalSsdEncryptionMode specified the method used for encrypting the local SSDs attached to the node.","description_kind":"plain","optional":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"storage_pools":{"type":["list","string"],"description":"The list of Storage Pools where boot disks are provisioned.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether the node should have nested virtualization enabled.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the accelerator cards exposed to an instance.","description_kind":"plain","required":true},"gpu_partition_size":{"type":"string","description":"Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning)","description_kind":"plain","optional":true},"type":{"type":"string","description":"The accelerator type resource name.","description_kind":"plain","required":true}},"block_types":{"gpu_driver_installation_config":{"nesting_mode":"list","block":{"attributes":{"gpu_driver_version":{"type":"string","description":"Mode for how the GPU driver is installed.","description_kind":"plain","required":true}},"description":"Configuration for auto installation of GPU driver.","description_kind":"plain"},"max_items":1},"gpu_sharing_config":{"nesting_mode":"list","block":{"attributes":{"gpu_sharing_strategy":{"type":"string","description":"The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig)","description_kind":"plain","required":true},"max_shared_clients_per_gpu":{"type":"number","description":"The maximum number of containers that can share a GPU.","description_kind":"plain","required":true}},"description":"Configuration for GPU sharing.","description_kind":"plain"},"max_items":1}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","optional":true},"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"block_types":{"hugepages_config":{"nesting_mode":"list","block":{"attributes":{"hugepage_size_1g":{"type":"number","description":"Amount of 1G hugepages.","description_kind":"plain","optional":true},"hugepage_size_2m":{"type":"number","description":"Amount of 2M hugepages.","description_kind":"plain","optional":true}},"description":"Amounts for 2M and 1G hugepages.","description_kind":"plain"},"max_items":1}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"queued_provisioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API","description_kind":"plain","required":true}},"description":"Specifies the configuration of queued provisioning","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain"}},"node_pool_auto_config":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"block_types":{"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true}},"description":"Linux node configuration options.","description_kind":"plain"},"max_items":1},"network_tags":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"List of network tags applied to auto-provisioned node pools.","description_kind":"plain","optional":true}},"description":"Collection of Compute Engine network tags that can be applied to a node's underlying VM instance.","description_kind":"plain"},"max_items":1},"node_kubelet_config":{"nesting_mode":"list","block":{"attributes":{"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1}},"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain"},"max_items":1},"node_pool_defaults":{"nesting_mode":"list","block":{"block_types":{"node_config_defaults":{"nesting_mode":"list","block":{"attributes":{"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"Subset of NodeConfig message that has defaults.","description_kind":"plain"},"max_items":1}},"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the notification config is enabled","description_kind":"plain","required":true},"topic":{"type":"string","description":"The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":["list","string"],"description":"Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT","description_kind":"plain","required":true}},"description":"Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent","description_kind":"plain"},"max_items":1}},"description":"Notification config for Cloud Pub/Sub","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain"},"max_items":1},"private_cluster_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_endpoint":{"type":"bool","description":"When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.","description_kind":"plain","optional":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.","description_kind":"plain","optional":true,"computed":true},"peering_name":{"type":"string","description":"The name of the peering between this cluster and the Google owned VPC.","description_kind":"plain","computed":true},"private_endpoint":{"type":"string","description":"The internal IP address of this cluster's master endpoint.","description_kind":"plain","computed":true},"private_endpoint_subnetwork":{"type":"string","description":"Subnetwork in cluster's network where master's endpoint will be provisioned.","description_kind":"plain","optional":true},"public_endpoint":{"type":"string","description":"The external IP address of this cluster's master endpoint.","description_kind":"plain","computed":true}},"block_types":{"master_global_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the cluster master is accessible globally or not.","description_kind":"plain","required":true}},"description":"Controls cluster master global access settings.","description_kind":"plain"},"max_items":1}},"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain"},"max_items":1},"release_channel":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The selected release channel. Accepted values are:\n* UNSPECIFIED: Not set.\n* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.\n* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.\n* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.\n* EXTENDED: GKE provides extended support for Kubernetes minor versions through the Extended channel. With this channel, you can stay on a minor version for up to 24 months.","description_kind":"plain","required":true}},"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain"},"max_items":1},"resource_usage_export_config":{"nesting_mode":"list","block":{"attributes":{"enable_network_egress_metering":{"type":"bool","description":"Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.","description_kind":"plain","optional":true},"enable_resource_consumption_metering":{"type":"bool","description":"Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of a BigQuery Dataset.","description_kind":"plain","required":true}},"description":"Parameters for using BigQuery as the destination of resource usage export.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain"},"max_items":1},"secret_manager_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable the Secret manager csi component.","description_kind":"plain","required":true}},"description":"Configuration for the Secret Manager feature.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.","description_kind":"plain","optional":true,"computed":true},"vulnerability_mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain"},"max_items":1},"service_external_ips_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, services with external ips specified will be allowed.","description_kind":"plain","required":true}},"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"user_managed_keys_config":{"nesting_mode":"list","block":{"attributes":{"aggregation_ca":{"type":"string","description":"The Certificate Authority Service caPool to use for the aggreation CA in this cluster.","description_kind":"plain","optional":true},"cluster_ca":{"type":"string","description":"The Certificate Authority Service caPool to use for the cluster CA in this cluster.","description_kind":"plain","optional":true},"control_plane_disk_encryption_key":{"type":"string","description":"The Cloud KMS cryptoKey to use for Confidential Hyperdisk on the control plane nodes.","description_kind":"plain","optional":true},"etcd_api_ca":{"type":"string","description":"The Certificate Authority Service caPool to use for the etcd API CA in this cluster.","description_kind":"plain","optional":true},"etcd_peer_ca":{"type":"string","description":"The Certificate Authority Service caPool to use for the etcd peer CA in this cluster.","description_kind":"plain","optional":true},"gkeops_etcd_backup_encryption_key":{"type":"string","description":"Resource path of the Cloud KMS cryptoKey to use for encryption of internal etcd backups.","description_kind":"plain","optional":true},"service_account_signing_keys":{"type":["set","string"],"description":"The Cloud KMS cryptoKeyVersions to use for signing service account JWTs issued by this cluster.","description_kind":"plain","optional":true},"service_account_verification_keys":{"type":["set","string"],"description":"The Cloud KMS cryptoKeyVersions to use for verifying service account JWTs issued by this cluster.","description_kind":"plain","optional":true}},"description":"The custom keys configuration of the cluster.","description_kind":"plain"},"max_items":1},"vertical_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables vertical pod autoscaling.","description_kind":"plain","required":true}},"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain"},"max_items":1},"workload_identity_config":{"nesting_mode":"list","block":{"attributes":{"workload_pool":{"type":"string","description":"The workload pool to attach all Kubernetes service accounts to.","description_kind":"plain","optional":true}},"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_node_pool":{"version":1,"block":{"attributes":{"cluster":{"type":"string","description":"The cluster to create the node pool for. Cluster must be present in location provided for zonal clusters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) of the cluster.","description_kind":"plain","optional":true,"computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which to create the node pool. If blank, the provider-configured project will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"additional_node_network_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Name of the VPC where the additional interface belongs.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional interface belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface","description_kind":"plain"}},"additional_pod_network_configs":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node which use this pod network.","description_kind":"plain","optional":true,"computed":true},"secondary_pod_range":{"type":"string","description":"The name of the secondary range on the subnet which provides IP address for this pod range.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Name of the subnetwork where the additional pod network belongs.","description_kind":"plain","optional":true}},"description":"We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_encryption_mode":{"type":"string","description":"LocalSsdEncryptionMode specified the method used for encrypting the local SSDs attached to the node.","description_kind":"plain","optional":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"storage_pools":{"type":["list","string"],"description":"The list of Storage Pools where boot disks are provisioned.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether the node should have nested virtualization enabled.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"containerd_config":{"nesting_mode":"list","block":{"block_types":{"private_registry_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not private registries are configured.","description_kind":"plain","required":true}},"block_types":{"certificate_authority_domain_config":{"nesting_mode":"list","block":{"attributes":{"fqdns":{"type":["list","string"],"description":"List of fully-qualified-domain-names. IPv4s and port specification are supported.","description_kind":"plain","required":true}},"block_types":{"gcp_secret_manager_certificate_config":{"nesting_mode":"list","block":{"attributes":{"secret_uri":{"type":"string","description":"URI for the secret that hosts a certificate. Must be in the format 'projects/PROJECT_NUM/secrets/SECRET_NAME/versions/VERSION_OR_LATEST'.","description_kind":"plain","required":true}},"description":"Parameters for configuring a certificate hosted in GCP SecretManager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Parameters for configuring CA certificate and domains.","description_kind":"plain"}}},"description":"Parameters for private container registries configuration.","description_kind":"plain"},"max_items":1}},"description":"Parameters for containerd configuration.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the accelerator cards exposed to an instance.","description_kind":"plain","required":true},"gpu_partition_size":{"type":"string","description":"Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning)","description_kind":"plain","optional":true},"type":{"type":"string","description":"The accelerator type resource name.","description_kind":"plain","required":true}},"block_types":{"gpu_driver_installation_config":{"nesting_mode":"list","block":{"attributes":{"gpu_driver_version":{"type":"string","description":"Mode for how the GPU driver is installed.","description_kind":"plain","required":true}},"description":"Configuration for auto installation of GPU driver.","description_kind":"plain"},"max_items":1},"gpu_sharing_config":{"nesting_mode":"list","block":{"attributes":{"gpu_sharing_strategy":{"type":"string","description":"The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig)","description_kind":"plain","required":true},"max_shared_clients_per_gpu":{"type":"number","description":"The maximum number of containers that can share a GPU.","description_kind":"plain","required":true}},"description":"Configuration for GPU sharing.","description_kind":"plain"},"max_items":1}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","optional":true},"insecure_kubelet_readonly_port_enabled":{"type":"string","description":"Controls whether the kubelet read-only port is enabled. It is strongly recommended to set this to `FALSE`. Possible values: `TRUE`, `FALSE`.","description_kind":"plain","optional":true,"computed":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"block_types":{"hugepages_config":{"nesting_mode":"list","block":{"attributes":{"hugepage_size_1g":{"type":"number","description":"Amount of 1G hugepages.","description_kind":"plain","optional":true},"hugepage_size_2m":{"type":"number","description":"Amount of 2M hugepages.","description_kind":"plain","optional":true}},"description":"Amounts for 2M and 1G hugepages.","description_kind":"plain"},"max_items":1}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"queued_provisioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API","description_kind":"plain","required":true}},"description":"Specifies the configuration of queued provisioning","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_registry":{"version":0,"block":{"attributes":{"bucket_self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_entry":{"version":0,"block":{"attributes":{"bigquery_date_sharded_spec":{"type":["list",["object",{"dataset":"string","shard_count":"number","table_prefix":"string"}]],"description":"Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD.\nContext: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding.","description_kind":"plain","computed":true},"bigquery_table_spec":{"type":["list",["object",{"table_source_type":"string","table_spec":["list",["object",{"grouped_entry":"string"}]],"view_spec":["list",["object",{"view_query":"string"}]]}]],"description":"Specification that applies to a BigQuery table. This is only valid on entries of type TABLE.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Entry description, which can consist of several sentences or paragraphs that describe entry contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display information such as title and description. A short name to identify the entry,\nfor example, \"Analytics Data - Jan 2011\".","description_kind":"plain","optional":true},"entry_group":{"type":"string","description":"The name of the entry group this entry is in.","description_kind":"plain","required":true},"entry_id":{"type":"string","description":"The id of the entry to create.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integrated_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub.","description_kind":"plain","computed":true},"linked_resource":{"type":"string","description":"The resource this metadata entry refers to.\nFor Google Cloud Platform resources, linkedResource is the full name of the resource.\nFor example, the linkedResource for a table resource from BigQuery is:\n//bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId\nOutput only when Entry is of type in the EntryType enum. For entries with userSpecifiedType,\nthis field is optional and defaults to an empty string.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The Data Catalog resource name of the entry in URL format.\nExample: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}.\nNote that this Entry and its child resources may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"schema":{"type":"string","description":"Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema\nattached to it. See\nhttps://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema\nfor what fields this schema can contain.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the entry. Only used for Entries with types in the EntryType enum.\nCurrently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: [\"FILESET\"]","description_kind":"plain","optional":true},"user_specified_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog does not integrate with.\nuserSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers,\nand underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true},"user_specified_type":{"type":"string","description":"Entry type if it does not fit any of the input-allowed values listed in EntryType enum above.\nWhen creating an entry, users should check the enum values first, if nothing matches the entry\nto be created, then provide a custom value, for example \"my_special_type\".\nuserSpecifiedType strings must begin with a letter or underscore and can only contain letters,\nnumbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true}},"block_types":{"gcs_fileset_spec":{"nesting_mode":"list","block":{"attributes":{"file_patterns":{"type":["list","string"],"description":"Patterns to identify a set of files in Google Cloud Storage.\nSee [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames)\nfor more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns:\n\n* gs://bucket_name/dir/*: matches all files within bucket_name/dir directory.\n* gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories.\n* gs://bucket_name/file*: matches files prefixed by file in bucket_name\n* gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name\n* gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name\n* gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name\n* gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b\n* gs://another_bucket/a.txt: matches gs://another_bucket/a.txt","description_kind":"plain","required":true},"sample_gcs_file_specs":{"type":["list",["object",{"file_path":"string","size_bytes":"number"}]],"description":"Sample files contained in this fileset, not all files contained in this fileset are represented here.","description_kind":"plain","computed":true}},"description":"Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Entry group description, which can consist of several sentences or paragraphs that describe entry group contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A short name to identify the entry group, for example, \"analytics data - jan 2011\".","description_kind":"plain","optional":true},"entry_group_id":{"type":"string","description":"The id of the entry group to create. The id must begin with a letter or underscore,\ncontain only English letters, numbers and underscores, and be at most 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"EntryGroup location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag":{"version":0,"block":{"attributes":{"child_policy_tags":{"type":["list","string"],"description":"Resource names of child policy tags of this policy tag.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this policy tag. It must: contain only unicode characters, tabs,\nnewlines, carriage returns and page breaks; and be at most 2000 bytes long when\nencoded in UTF-8. If not set, defaults to an empty description.\nIf not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this policy tag. It must: be unique within the parent\ntaxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;\nnot start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this policy tag, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}\"","description_kind":"plain","computed":true},"parent_policy_tag":{"type":"string","description":"Resource name of this policy tag's parent policy tag.\nIf empty, it means this policy tag is a top level policy tag.\nIf not set, defaults to an empty string.","description_kind":"plain","optional":true},"taxonomy":{"type":"string","description":"Taxonomy the policy tag is associated with","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag":{"version":0,"block":{"attributes":{"column":{"type":"string","description":"Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an\nindividual column based on that schema.\n\nFor attaching a tag to a nested column, use '.' to separate the column names. Example:\n'outer_column.inner_column'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag in URL format. Example:\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id}\nwhere tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to\nall entries in that group.","description_kind":"plain","optional":true},"template":{"type":"string","description":"The resource name of the tag template that this tag uses. Example:\nprojects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}\nThis field cannot be modified after creation.","description_kind":"plain","required":true},"template_displayname":{"type":"string","description":"The display name of the tag template.","description_kind":"plain","computed":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"bool_value":{"type":"bool","description":"Holds the value for a tag field with boolean type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of this field","description_kind":"plain","computed":true},"double_value":{"type":"number","description":"Holds the value for a tag field with double type.","description_kind":"plain","optional":true},"enum_value":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","optional":true},"field_name":{"type":"string","description_kind":"plain","required":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag. For example, a higher value can indicate\na more important field. The value can be negative. Multiple fields can have the same order, and field orders\nwithin a tag do not have to be sequential.","description_kind":"plain","computed":true},"string_value":{"type":"string","description":"Holds the value for a tag field with string type.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"Holds the value for a tag field with timestamp type.","description_kind":"plain","optional":true}},"description":"This maps the ID of a tag field to the value of and additional information about that field.\nValid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name for this template.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Template location region.","description_kind":"plain","optional":true,"computed":true},"tag_template_id":{"type":"string","description":"The id of the tag template to create.","description_kind":"plain","required":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description for this field.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The display name for this field.","description_kind":"plain","optional":true,"computed":true},"field_id":{"type":"string","description_kind":"plain","required":true},"is_required":{"type":"bool","description":"Whether this is a required field. Defaults to false.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}","description_kind":"plain","computed":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag template.\nA higher value indicates a more important field. The value can be negative.\nMultiple fields can have the same order, and field orders within a tag do not have to be sequential.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"type":{"nesting_mode":"list","block":{"attributes":{"primitive_type":{"type":"string","description":"Represents primitive types - string, bool etc.\n Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: [\"DOUBLE\", \"STRING\", \"BOOL\", \"TIMESTAMP\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enum_type":{"nesting_mode":"list","block":{"block_types":{"allowed_values":{"nesting_mode":"set","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","required":true}},"description":"The set of allowed values for this enum. The display names of the\nvalues must be case-insensitively unique within this set. Currently,\nenum values can only be added to the list of allowed values. Deletion\nand renaming of enum values are not supported.\nCan have up to 500 allowed values.","description_kind":"plain"},"min_items":1}},"description":"Represents an enum type.\n Exactly one of 'primitive_type' or 'enum_type' must be set","description_kind":"plain"},"max_items":1}},"description":"The type of value this tag field can contain.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy":{"version":0,"block":{"attributes":{"activated_policy_types":{"type":["list","string"],"description":"A list of policy types that are activated for this taxonomy. If not set,\ndefaults to an empty list. Possible values: [\"POLICY_TYPE_UNSPECIFIED\", \"FINE_GRAINED_ACCESS_CONTROL\"]","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of this taxonomy. It must: contain only unicode characters,\ntabs, newlines, carriage returns and page breaks; and be at most 2000 bytes\nlong when encoded in UTF-8. If not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this taxonomy.\nThe taxonomy display name must be unique within an organization.\nIt must: contain only unicode letters, numbers, underscores, dashes\nand spaces; not start or end with spaces; and be at most 200 bytes\nlong when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this taxonomy, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}\".","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Taxonomy location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance":{"version":0,"block":{"attributes":{"api_endpoint":{"type":"string","description":"Endpoint on which the REST APIs is accessible.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"dataproc_service_account":{"type":"string","description":"User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of the instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name for an instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_rbac":{"type":"bool","description":"Option to enable granular role-based access control.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Option to enable Stackdriver Logging.","description_kind":"plain","optional":true},"enable_stackdriver_monitoring":{"type":"bool","description":"Option to enable Stackdriver Monitoring.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket generated by Data Fusion in the customer project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for instance to use to annotate any related underlying resources,\nsuch as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"options":{"type":["map","string"],"description":"Map of additional options used to configure the behavior of Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"p4_service_account":{"type":"string","description":"P4 service account for the customer project.","description_kind":"plain","computed":true},"private_instance":{"type":"bool","description":"Specifies whether the Data Fusion instance should be private. If set to\ntrue, all Data Fusion nodes will have private IP addresses and will not be\nable to access the public internet.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"service_endpoint":{"type":"string","description":"Endpoint on which the Data Fusion UI and REST APIs are accessible.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this Data Fusion instance.\n- CREATING: Instance is being created\n- RUNNING: Instance is running and ready for requests\n- FAILED: Instance creation failed\n- DELETING: Instance is being deleted\n- UPGRADING: Instance is being upgraded\n- RESTARTING: Instance is being restarted","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of this Data Fusion instance if available.","description_kind":"plain","computed":true},"tenant_project_id":{"type":"string","description":"The name of the tenant project.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Represents the type of Data Fusion instance. Each type is configured with\nthe default settings for processing and memory.\n- BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines\nusing point and click UI. However, there are certain limitations, such as fewer number\nof concurrent pipelines, no support for streaming pipelines, etc.\n- ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features\navailable, such as support for streaming pipelines, higher number of concurrent pipelines, etc.\n- DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but\nwith restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration\npipelines at low cost. Possible values: [\"BASIC\", \"ENTERPRISE\", \"DEVELOPER\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time the instance was last updated in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"version":{"type":"string","description":"Current version of the Data Fusion.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"CDC\", \"HEALTHCARE\", \"CCAI_INSIGHTS\"]","description_kind":"plain","required":true},"state":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true}},"description":"List of accelerators enabled for this CDF instance.\n\nIf accelerators are enabled it is possible a permadiff will be created with the Options field.\nUsers will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes).","description_kind":"plain"}},"crypto_key_config":{"nesting_mode":"list","block":{"attributes":{"key_reference":{"type":"string","description":"The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","required":true}},"description":"The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature.","description_kind":"plain"},"max_items":1},"event_publish_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Option to enable Event Publishing.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}","description_kind":"plain","required":true}},"description":"Option to enable and pass metadata for event publishing.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"connection_type":{"type":"string","description":"Optional. Type of connection for establishing private IP connectivity between the Data Fusion customer project VPC and\nthe corresponding tenant project from a predefined list of available connection modes.\nIf this field is unspecified for a private instance, VPC peering is used. Possible values: [\"VPC_PEERING\", \"PRIVATE_SERVICE_CONNECT_INTERFACES\"]","description_kind":"plain","optional":true},"ip_allocation":{"type":"string","description":"The IP range in CIDR notation to use for the managed Data Fusion instance\nnodes. This range must not overlap with any other ranges used in the Data Fusion instance network.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Name of the network in the project with which the tenant project\nwill be peered for executing pipelines. In case of shared VPC where the network resides in another host\nproject the network should specified in the form of projects/{host-project-id}/global/networks/{network}","description_kind":"plain","optional":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"effective_unreachable_cidr_block":{"type":"string","description":"Output only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC.\nThe size of this block is /25. The format of this field is governed by RFC 4632.","description_kind":"plain","computed":true},"network_attachment":{"type":"string","description":"Optional. The reference to the network attachment used to establish private connectivity.\nIt will be of the form projects/{project-id}/regions/{region}/networkAttachments/{network-attachment-id}.\nThis is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES.","description_kind":"plain","optional":true},"unreachable_cidr_block":{"type":"string","description":"Optional. Input only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC.\nThe size of this block should be at least /25. This range should not overlap with the primary address range of any subnetwork used by the network attachment.\nThis range can be used for other purposes in the consumer VPC as long as there is no requirement for CDF to reach destinations using these addresses.\nIf this value is not provided, the server chooses a non RFC 1918 address range. The format of this field is governed by RFC 4632.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Private Service Connect.\nThis is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES.","description_kind":"plain"},"max_items":1}},"description":"Network configuration options. These are required when a private Data Fusion instance is to be created.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_fusion_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_loss_prevention_deidentify_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"deidentify_config":{"nesting_mode":"list","block":{"block_types":{"image_transformations":{"nesting_mode":"list","block":{"block_types":{"transforms":{"nesting_mode":"list","block":{"block_types":{"all_info_types":{"nesting_mode":"list","block":{"description":"Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes.","description_kind":"plain"},"max_items":1},"all_text":{"nesting_mode":"list","block":{"description":"Apply transformation to all text that doesn't match an infoType.","description_kind":"plain"},"max_items":1},"redaction_color":{"nesting_mode":"list","block":{"attributes":{"blue":{"type":"number","description":"The amount of blue in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"green":{"type":"number","description":"The amount of green in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"red":{"type":"number","description":"The amount of red in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true}},"description":"The color to use when redacting content from an image. If not specified, the default is black.","description_kind":"plain"},"max_items":1},"selected_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"},"min_items":1}},"description":"Apply transformation to the selected infoTypes.","description_kind":"plain"},"max_items":1}},"description":"For determination of how redaction of images should occur.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as an image and redact.","description_kind":"plain"},"max_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"attributes":{"replace_with_info_type_config":{"type":"bool","description":"Replace each matching finding with the name of the info type.","description_kind":"plain","optional":true}},"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character.\nMasking can start from the beginning or end of the string.","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"Range of shift in days. Negative means shift to earlier in time.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends).\nNegative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"An integer value.","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a\nyear by itself or a year and month where the day is not significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Primitive transformation to apply to the infoType.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as free-form text and apply the same free text transformation everywhere","description_kind":"plain"},"max_items":1},"record_transformations":{"nesting_mode":"list","block":{"block_types":{"field_transformations":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against.\nThe 'value' block must only contain one argument. For example when a condition is evaluated against a string-type field, only 'string_value' should be set.\nThis argument is mandatory, except for conditions using the 'EXISTS' operator.","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression.","description_kind":"plain"},"max_items":1}},"description":"Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation.\nExample Use Cases:\n- Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range.\n- Redact a field if the date of birth field is greater than 85.","description_kind":"plain"},"max_items":1},"fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId.\nFieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".","description_kind":"plain"},"min_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"},"min_items":1}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking. Only one of this or 'common_characters_to_ignore' must be specified.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Only one of this or 'characters_to_skip' must be specified. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Only one of this, 'custom_alphabet' or 'radix' must be specified. Possible values: [\"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''. Only one of this, 'common_alphabet' or 'radix' must be specified.","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\]. Only one of this, 'custom_alphabet' or 'common_alphabet' must be specified.","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"replace_with_info_type_config":{"nesting_mode":"list","block":{"description":"Replace each matching finding with the name of the info type.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","required":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the contents of the field as free text, and selectively transform content that matches an InfoType.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a specified value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Transform the record by applying various field transformations.","description_kind":"plain"}},"record_suppressions":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND. Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against. [Mandatory, except for EXISTS tests.]","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression, consisting of an operator and conditions.","description_kind":"plain"},"max_items":1}},"description":"A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.","description_kind":"plain"},"max_items":1}},"description":"Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.","description_kind":"plain"}}},"description":"Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the deidentify template","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_discovery_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation timestamp of a DiscoveryConfig.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Display Name (max 1000 Chars)","description_kind":"plain","optional":true},"errors":{"type":["list",["object",{"details":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"timestamp":"string"}]],"description":"Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_templates":{"type":["list","string"],"description":"Detection logic for profile generation","description_kind":"plain","optional":true},"last_run_time":{"type":"string","description":"Output only. The timestamp of the last time this config was executed","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location to create the discovery config in.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the discovery config in any of the following formats:\n\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Required. A status for this configuration Possible values: [\"RUNNING\", \"PAUSED\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of a DiscoveryConfig.","description_kind":"plain","computed":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"export_data":{"nesting_mode":"list","block":{"block_types":{"profile_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset Id of the table","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table. If omitted, the project ID is inferred from the API call.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"Name of the table","description_kind":"plain","optional":true}},"description":"Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in a new row in BigQuery","description_kind":"plain"},"max_items":1}},"description":"Export data profiles into a provided location","description_kind":"plain"},"max_items":1},"pub_sub_notification":{"nesting_mode":"list","block":{"attributes":{"detail_of_message":{"type":"string","description":"How much data to include in the pub/sub message. Possible values: [\"TABLE_PROFILE\", \"RESOURCE_NAME\"]","description_kind":"plain","optional":true},"event":{"type":"string","description":"The type of event that triggers a Pub/Sub. At most one PubSubNotification per EventType is permitted. Possible values: [\"NEW_PROFILE\", \"CHANGED_PROFILE\", \"SCORE_INCREASED\", \"ERROR_CHANGED\"]","description_kind":"plain","optional":true},"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"pubsub_condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the collection of conditions Possible values: [\"OR\", \"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"minimum_risk_score":{"type":"string","description":"The minimum data risk score that triggers the condition. Possible values: [\"HIGH\", \"MEDIUM_OR_HIGH\"]","description_kind":"plain","optional":true},"minimum_sensitivity_score":{"type":"string","description":"The minimum sensitivity level that triggers the condition. Possible values: [\"HIGH\", \"MEDIUM_OR_HIGH\"]","description_kind":"plain","optional":true}},"description":"Conditions to apply to the expression","description_kind":"plain"}}},"description":"An expression","description_kind":"plain"},"max_items":1}},"description":"Conditions for triggering pubsub","description_kind":"plain"},"max_items":1}},"description":"Publish a message into the Pub/Sub topic.","description_kind":"plain"},"max_items":1},"tag_resources":{"nesting_mode":"list","block":{"attributes":{"lower_data_risk_to_low":{"type":"bool","description":"Whether applying a tag to a resource should lower the risk of the profile for that resource. For example, in conjunction with an [IAM deny policy](https://cloud.google.com/iam/docs/deny-overview), you can deny all principals a permission if a tag value is present, mitigating the risk of the resource. This also lowers the data risk of resources at the lower levels of the resource hierarchy. For example, reducing the data risk of a table data profile also reduces the data risk of the constituent column data profiles.","description_kind":"plain","optional":true},"profile_generations_to_tag":{"type":["list","string"],"description":"The profile generations for which the tag should be attached to resources. If you attach a tag to only new profiles, then if the sensitivity score of a profile subsequently changes, its tag doesn't change. By default, this field includes only new profiles. To include both new and updated profiles for tagging, this field should explicitly include both 'PROFILE_GENERATION_NEW' and 'PROFILE_GENERATION_UPDATE'. Possible values: [\"PROFILE_GENERATION_NEW\", \"PROFILE_GENERATION_UPDATE\"]","description_kind":"plain","optional":true}},"block_types":{"tag_conditions":{"nesting_mode":"list","block":{"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Conditions attaching the tag to a resource on its profile having this sensitivity score.","description_kind":"plain"},"max_items":1},"tag":{"nesting_mode":"list","block":{"attributes":{"namespaced_value":{"type":"string","description":"The namespaced name for the tag value to attach to resources. Must be in the format '{parent_id}/{tag_key_short_name}/{short_name}', for example, \"123456/environment/prod\".","description_kind":"plain","optional":true}},"description":"The tag value to attach to resources.","description_kind":"plain"},"max_items":1}},"description":"The tags to associate with different conditions.","description_kind":"plain"}}},"description":"Publish a message into the Pub/Sub topic.","description_kind":"plain"},"max_items":1}},"description":"Actions to execute at the completion of scanning","description_kind":"plain"}},"org_config":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the cloud DLP API must be enabled.","description_kind":"plain","optional":true}},"block_types":{"location":{"nesting_mode":"list","block":{"attributes":{"folder_id":{"type":"string","description":"The ID for the folder within an organization to scan","description_kind":"plain","optional":true},"organization_id":{"type":"string","description":"The ID of an organization to scan","description_kind":"plain","optional":true}},"description":"The data to scan folder org or project","description_kind":"plain"},"max_items":1}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"targets":{"nesting_mode":"list","block":{"block_types":{"big_query_target":{"nesting_mode":"list","block":{"block_types":{"cadence":{"nesting_mode":"list","block":{"block_types":{"inspect_template_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently data profiles can be updated when the template is modified. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when the inspection rules defined by the 'InspectTemplate' change. If not set, changing the template will not cause a data profile to update.","description_kind":"plain"},"max_items":1},"schema_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently profiles may be updated when schemas are modified. Default to monthly Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMN. Possible values: [\"SCHEMA_NEW_COLUMNS\", \"SCHEMA_REMOVED_COLUMNS\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when a schema is modified","description_kind":"plain"},"max_items":1},"table_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently data profiles can be updated when tables are modified. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP Possible values: [\"TABLE_MODIFIED_TIMESTAMP\"]","description_kind":"plain","optional":true}},"description":"Governs when to update profile when a table is modified.","description_kind":"plain"},"max_items":1}},"description":"How often and when to update profiles. New tables that match both the fiter and conditions are scanned as quickly as possible depending on system capacity.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"created_after":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format with nanosecond resolution and upto nine fractional digits.","description_kind":"plain","optional":true},"type_collection":{"type":"string","description":"Restrict discovery to categories of table types. Currently view, materialized view, snapshot and non-biglake external tables are supported. Possible values: [\"BIG_QUERY_COLLECTION_ALL_TYPES\", \"BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES\"]","description_kind":"plain","optional":true}},"block_types":{"or_conditions":{"nesting_mode":"list","block":{"attributes":{"min_age":{"type":"string","description":"Duration format. The minimum age a table must have before Cloud DLP can profile it. Value greater than 1.","description_kind":"plain","optional":true},"min_row_count":{"type":"number","description":"Minimum number of rows that should be present before Cloud DLP profiles as a table.","description_kind":"plain","optional":true}},"description":"At least one of the conditions must be true for a table to be scanned.","description_kind":"plain"},"max_items":1},"types":{"nesting_mode":"list","block":{"attributes":{"types":{"type":["list","string"],"description":"A set of BiqQuery table types Possible values: [\"BIG_QUERY_TABLE_TYPE_TABLE\", \"BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE\"]","description_kind":"plain","optional":true}},"description":"Restrict discovery to specific table type","description_kind":"plain"},"max_items":1}},"description":"In addition to matching the filter, these conditions must be true before a profile is generated","description_kind":"plain"},"max_items":1},"disabled":{"nesting_mode":"list","block":{"description":"Tables that match this filter will not have profiles created.","description_kind":"plain"},"max_items":1},"filter":{"nesting_mode":"list","block":{"block_types":{"other_tables":{"nesting_mode":"list","block":{"description":"Catch-all. This should always be the last filter in the list because anything above it will apply first.","description_kind":"plain"},"max_items":1},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table.","description_kind":"plain","required":true}},"description":"The table to scan. Discovery configurations including this can only include one DiscoveryTarget (the DiscoveryTarget with this TableReference).","description_kind":"plain"},"max_items":1},"tables":{"nesting_mode":"list","block":{"block_types":{"include_regexes":{"nesting_mode":"list","block":{"block_types":{"patterns":{"nesting_mode":"list","block":{"attributes":{"dataset_id_regex":{"type":"string","description":"if unset, this property matches all datasets","description_kind":"plain","optional":true},"project_id_regex":{"type":"string","description":"For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.","description_kind":"plain","optional":true},"table_id_regex":{"type":"string","description":"if unset, this property matches all tables","description_kind":"plain","optional":true}},"description":"A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.","description_kind":"plain"}}},"description":"A collection of regular expressions to match a BQ table against.","description_kind":"plain"},"max_items":1}},"description":"A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config.","description_kind":"plain"},"max_items":1}},"description":"Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table","description_kind":"plain"},"max_items":1}},"description":"BigQuery target for Discovery. The first target to match a table will be the one applied.","description_kind":"plain"},"max_items":1},"cloud_sql_target":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"database_engines":{"type":["list","string"],"description":"Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified. Possible values: [\"ALL_SUPPORTED_DATABASE_ENGINES\", \"MYSQL\", \"POSTGRES\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES]. Possible values: [\"DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES\", \"DATABASE_RESOURCE_TYPE_TABLE\"]","description_kind":"plain","optional":true}},"description":"In addition to matching the filter, these conditions must be true before a profile is generated.","description_kind":"plain"},"max_items":1},"disabled":{"nesting_mode":"list","block":{"description":"Disable profiling for database resources that match this filter.","description_kind":"plain"},"max_items":1},"filter":{"nesting_mode":"list","block":{"block_types":{"collection":{"nesting_mode":"list","block":{"block_types":{"include_regexes":{"nesting_mode":"list","block":{"block_types":{"patterns":{"nesting_mode":"list","block":{"attributes":{"database_regex":{"type":"string","description":"Regex to test the database name against. If empty, all databases match.","description_kind":"plain","optional":true},"database_resource_name_regex":{"type":"string","description":"Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.'","description_kind":"plain","optional":true},"instance_regex":{"type":"string","description":"Regex to test the instance name against. If empty, all instances match.","description_kind":"plain","optional":true},"project_id_regex":{"type":"string","description":"For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.","description_kind":"plain","optional":true}},"description":"A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expressions' length can't exceed 10 KiB.","description_kind":"plain"}}},"description":"A collection of regular expressions to match a database resource against.","description_kind":"plain"},"max_items":1}},"description":"A specific set of database resources for this filter to apply to.","description_kind":"plain"},"max_items":1},"database_resource_reference":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Required. Name of a database within the instance.","description_kind":"plain","required":true},"database_resource":{"type":"string","description":"Required. Name of a database resource, for example, a table within the database.","description_kind":"plain","required":true},"instance":{"type":"string","description":"Required. The instance where this resource is located. For example: Cloud SQL instance ID.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Required. If within a project-level config, then this must match the config's project ID.","description_kind":"plain","required":true}},"description":"The database resource to scan. Targets including this can only include one target (the target with this database resource reference).","description_kind":"plain"},"max_items":1},"others":{"nesting_mode":"list","block":{"description":"Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.","description_kind":"plain"},"max_items":1}},"description":"Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.","description_kind":"plain"},"min_items":1,"max_items":1},"generation_cadence":{"nesting_mode":"list","block":{"attributes":{"refresh_frequency":{"type":"string","description":"Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true}},"block_types":{"inspect_template_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently data profiles can be updated when the template is modified. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","required":true}},"description":"Governs when to update data profiles when the inspection rules defined by the 'InspectTemplate' change. If not set, changing the template will not cause a data profile to update.","description_kind":"plain"},"max_items":1},"schema_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"Frequency to regenerate data profiles when the schema is modified. Defaults to monthly. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The types of schema modifications to consider. Defaults to NEW_COLUMNS. Possible values: [\"NEW_COLUMNS\", \"REMOVED_COLUMNS\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when a schema is modified","description_kind":"plain"},"max_items":1}},"description":"How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.","description_kind":"plain"},"max_items":1}},"description":"Cloud SQL target for Discovery. The first target to match a table will be the one applied.","description_kind":"plain"},"max_items":1},"cloud_storage_target":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"created_after":{"type":"string","description":"File store must have been created after this date. Used to avoid backfilling. A timestamp in RFC3339 UTC \"Zulu\" format with nanosecond resolution and upto nine fractional digits.","description_kind":"plain","optional":true},"min_age":{"type":"string","description":"Duration format. Minimum age a file store must have. If set, the value must be 1 hour or greater.","description_kind":"plain","optional":true}},"block_types":{"cloud_storage_conditions":{"nesting_mode":"list","block":{"attributes":{"included_bucket_attributes":{"type":["list","string"],"description":"Only objects with the specified attributes will be scanned. Defaults to [ALL_SUPPORTED_BUCKETS] if unset. Possible values: [\"ALL_SUPPORTED_BUCKETS\", \"AUTOCLASS_DISABLED\", \"AUTOCLASS_ENABLED\"]","description_kind":"plain","optional":true},"included_object_attributes":{"type":["list","string"],"description":"Only objects with the specified attributes will be scanned. If an object has one of the specified attributes but is inside an excluded bucket, it will not be scanned. Defaults to [ALL_SUPPORTED_OBJECTS]. A profile will be created even if no objects match the included_object_attributes. Possible values: [\"ALL_SUPPORTED_OBJECTS\", \"STANDARD\", \"NEARLINE\", \"COLDLINE\", \"ARCHIVE\", \"REGIONAL\", \"MULTI_REGIONAL\", \"DURABLE_REDUCED_AVAILABILITY\"]","description_kind":"plain","optional":true}},"description":"Cloud Storage conditions.","description_kind":"plain"},"max_items":1}},"description":"In addition to matching the filter, these conditions must be true before a profile is generated.","description_kind":"plain"},"max_items":1},"disabled":{"nesting_mode":"list","block":{"description":"Disable profiling for buckets that match this filter.","description_kind":"plain"},"max_items":1},"filter":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_resource_reference":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to scan.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"If within a project-level config, then this must match the config's project id.","description_kind":"plain","optional":true}},"description":"The bucket to scan. Targets including this can only include one target (the target with this bucket). This enables profiling the contents of a single bucket, while the other options allow for easy profiling of many buckets within a project or an organization.","description_kind":"plain"},"max_items":1},"collection":{"nesting_mode":"list","block":{"block_types":{"include_regexes":{"nesting_mode":"list","block":{"block_types":{"patterns":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_regex":{"nesting_mode":"list","block":{"attributes":{"bucket_name_regex":{"type":"string","description":"Regex to test the bucket name against. If empty, all buckets match. Example: \"marketing2021\" or \"(marketing)\\d{4}\" will both match the bucket gs://marketing2021","description_kind":"plain","optional":true},"project_id_regex":{"type":"string","description":"For organizations, if unset, will match all projects.","description_kind":"plain","optional":true}},"description":"Regex for Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The group of regular expression patterns to match against one or more file stores. Maximum of 100 entries. The sum of all lengths of regular expressions can't exceed 10 KiB.","description_kind":"plain"}}},"description":"A collection of regular expressions to match a file store against.","description_kind":"plain"},"max_items":1}},"description":"A specific set of buckets for this filter to apply to.","description_kind":"plain"},"max_items":1},"others":{"nesting_mode":"list","block":{"description":"Match discovery resources not covered by any other filter.","description_kind":"plain"},"max_items":1}},"description":"The buckets the generation_cadence applies to. The first target with a matching filter will be the one to apply to a bucket.","description_kind":"plain"},"min_items":1,"max_items":1},"generation_cadence":{"nesting_mode":"list","block":{"attributes":{"refresh_frequency":{"type":"string","description":"Data changes in Cloud Storage can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying buckets have changes. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true}},"block_types":{"inspect_template_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently data profiles can be updated when the template is modified. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when the inspection rules defined by the 'InspectTemplate' change. If not set, changing the template will not cause a data profile to update.","description_kind":"plain"},"max_items":1}},"description":"How often and when to update profiles. New buckets that match both the filter and conditions are scanned as quickly as possible depending on system capacity.","description_kind":"plain"},"max_items":1}},"description":"Cloud Storage target for Discovery. The first target to match a bucket will be the one applied.","description_kind":"plain"},"max_items":1},"secrets_target":{"nesting_mode":"list","block":{"description":"Discovery target that looks for credentials and secrets stored in cloud resource metadata and reports them as vulnerabilities to Security Command Center. Only one target of this type is allowed.","description_kind":"plain"},"max_items":1}},"description":"Target to match against for determining what to scan and how frequently","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_inspect_template":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the inspect template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the inspect template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the inspect template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the inspect template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"inspect_config":{"nesting_mode":"list","block":{"attributes":{"content_options":{"type":["list","string"],"description":"List of options defining data content to scan. If empty, text, images, and other content will be included. Possible values: [\"CONTENT_TEXT\", \"CONTENT_IMAGE\"]","description_kind":"plain","optional":true},"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","required":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","required":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","required":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"},"min_items":1},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider.","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider.","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.\nFor tabular data, the context includes the column name.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_job_trigger":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the job trigger.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the job trigger.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_run_time":{"type":"string","description":"The timestamp of the last time this trigger executed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the job trigger. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the trigger, either in the format 'projects/{{project}}'\nor 'projects/{{project}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Whether the trigger is currently active. Default value: \"HEALTHY\" Possible values: [\"PAUSED\", \"HEALTHY\", \"CANCELLED\"]","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The trigger id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+.\nThe maximum length is 100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"inspect_job":{"nesting_mode":"list","block":{"attributes":{"inspect_template_name":{"type":"string","description":"The name of the template to run when this job is triggered.","description_kind":"plain","optional":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"deidentify":{"nesting_mode":"list","block":{"attributes":{"cloud_storage_output":{"type":"string","description":"User settable Cloud Storage bucket and folders to store de-identified files.\n\nThis field must be set for cloud storage deidentification.\n\nThe output Cloud Storage bucket must be different from the input bucket.\n\nDe-identified files will overwrite files in the output path.\n\nForm of: gs://bucket/folder/ or gs://bucket","description_kind":"plain","required":true},"file_types_to_transform":{"type":["list","string"],"description":"List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed.\n\nIf empty, all supported files will be transformed. Supported types may be automatically added over time.\n\nIf a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Possible values: [\"IMAGE\", \"TEXT_FILE\", \"CSV\", \"TSV\"]","description_kind":"plain","optional":true}},"block_types":{"transformation_config":{"nesting_mode":"list","block":{"attributes":{"deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the default de-identify template.","description_kind":"plain","optional":true},"image_redact_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for images.","description_kind":"plain","optional":true},"structured_deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables.","description_kind":"plain","optional":true}},"description":"User specified deidentify templates and configs for structured, unstructured, and image files.","description_kind":"plain"},"max_items":1},"transformation_details_storage_config":{"nesting_mode":"list","block":{"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","optional":true}},"description":"The BigQuery table in which to store the output.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Config for storing transformation details.","description_kind":"plain"},"max_items":1}},"description":"Create a de-identified copy of the requested table or files.","description_kind":"plain"},"max_items":1},"job_notification_emails":{"nesting_mode":"list","block":{"description":"Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.","description_kind":"plain"},"max_items":1},"pub_sub":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to.","description_kind":"plain","required":true}},"description":"Publish a message into a given Pub/Sub topic when the job completes.","description_kind":"plain"},"max_items":1},"publish_findings_to_cloud_data_catalog":{"nesting_mode":"list","block":{"description":"Publish findings of a DlpJob to Data Catalog.","description_kind":"plain"},"max_items":1},"publish_summary_to_cscc":{"nesting_mode":"list","block":{"description":"Publish the result summary of a DlpJob to the Cloud Security Command Center.","description_kind":"plain"},"max_items":1},"publish_to_stackdriver":{"nesting_mode":"list","block":{"description":"Enable Stackdriver metric dlp.googleapis.com/findingCount.","description_kind":"plain"},"max_items":1},"save_findings":{"nesting_mode":"list","block":{"block_types":{"output_config":{"nesting_mode":"list","block":{"attributes":{"output_schema":{"type":"string","description":"Schema used for writing the findings for Inspect jobs. This field is only used for\nInspect and must be unspecified for Risk jobs. Columns are derived from the Finding\nobject. If appending to an existing table, any columns from the predefined schema\nthat are missing will be added. No columns in the existing table will be deleted.\n\nIf unspecified, then all available columns will be used for a new table or an (existing)\ntable with no schema, and no changes will be made to an existing table that has a schema.\nOnly for use with external storage. Possible values: [\"BASIC_COLUMNS\", \"GCS_COLUMNS\", \"DATASTORE_COLUMNS\", \"BIG_QUERY_COLUMNS\", \"ALL_COLUMNS\"]","description_kind":"plain","optional":true}},"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table. If is not set a new one will be generated for you with the following format:\n'dlp_googleapis_yyyy_mm_dd_[dlp_job_id]'. Pacific timezone will be used for generating the date details.","description_kind":"plain","optional":true}},"description":"Information on the location of the target BigQuery Table.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information on where to store output","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk","description_kind":"plain"},"max_items":1}},"description":"Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in [attribute-as-blocks mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html).","description_kind":"plain"}},"inspect_config":{"nesting_mode":"list","block":{"attributes":{"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","optional":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","optional":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","optional":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"}},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"block_types":{"big_query_options":{"nesting_mode":"list","block":{"attributes":{"rows_limit":{"type":"number","description":"Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted.\nIf not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be\nspecified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"rows_limit_percent":{"type":"number","description":"Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of\nrowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either\nrowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them.\nIf TimespanConfig is set, set this to an empty string to avoid using the default value. Default value: \"TOP\" Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"excluded_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field excluded from scanning.","description_kind":"plain","required":true}},"description":"References to fields excluded from scanning.\nThis allows you to skip inspection of entire columns which you know have no findings.","description_kind":"plain"}},"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of a BigQuery field to be returned with the findings.","description_kind":"plain","required":true}},"description":"Specifies the BigQuery fields that will be returned with findings.\nIf not specified, no identifying fields will be returned for findings.","description_kind":"plain"}},"included_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field to which scanning is limited.","description_kind":"plain","required":true}},"description":"Limit scanning only to these fields.","description_kind":"plain"}},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining BigQuery table and row identifiers.","description_kind":"plain"},"max_items":1},"cloud_storage_options":{"nesting_mode":"list","block":{"attributes":{"bytes_limit_per_file":{"type":"number","description":"Max number of bytes to scan from a file. If a scanned file's size is bigger than this value\nthen the rest of the bytes are omitted.","description_kind":"plain","optional":true},"bytes_limit_per_file_percent":{"type":"number","description":"Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"file_types":{"type":["list","string"],"description":"List of file type groups to include in the scan. If empty, all files are scanned and available data\nformat processors are applied. In addition, the binary content of the selected files is always scanned as well.\nImages are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Possible values: [\"BINARY_FILE\", \"TEXT_FILE\", \"IMAGE\", \"WORD\", \"PDF\", \"AVRO\", \"CSV\", \"TSV\", \"POWERPOINT\", \"EXCEL\"]","description_kind":"plain","optional":true},"files_limit_percent":{"type":"number","description":"Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile.\nIf not specified, scanning would start from the top. Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The Cloud Storage url of the file(s) to scan, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard\nin the path is allowed.\n\nIf the url ends in a trailing slash, the bucket or directory represented by the url will be scanned\nnon-recursively (content in sub-directories will not be scanned). This means that 'gs://mybucket/' is\nequivalent to 'gs://mybucket/*', and 'gs://mybucket/directory/' is equivalent to 'gs://mybucket/directory/*'.","description_kind":"plain","optional":true}},"block_types":{"regex_file_set":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The name of a Cloud Storage bucket.","description_kind":"plain","required":true},"exclude_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to exclude. All files in the bucket that match at\nleast one of these regular expressions will be excluded from the scan.","description_kind":"plain","optional":true},"include_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to include. All files in the bucket\nthat match at least one of these regular expressions will be included in the set of files,\nexcept for those that also match an item in excludeRegex. Leaving this field empty will\nmatch all files by default (this is equivalent to including .* in the list)","description_kind":"plain","optional":true}},"description":"The regex-filtered set of files to scan.","description_kind":"plain"},"max_items":1}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a file or a set of files within a Google Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"datastore_options":{"nesting_mode":"list","block":{"block_types":{"kind":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the Datastore kind.","description_kind":"plain","required":true}},"description":"A representation of a Datastore kind.","description_kind":"plain"},"min_items":1,"max_items":1},"partition_id":{"nesting_mode":"list","block":{"attributes":{"namespace_id":{"type":"string","description":"If not empty, the ID of the namespace to which the entities belong.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the project to which the entities belong.","description_kind":"plain","required":true}},"description":"Datastore partition ID. A partition ID identifies a grouping of entities. The grouping\nis always by project and namespace, however the namespace ID may be empty.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a data set within Google Cloud Datastore.","description_kind":"plain"},"max_items":1},"hybrid_options":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A short description of where the data is coming from. Will be stored once in the job. 256 max length.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"To organize findings, these labels will be added to each finding.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nLabel values must be between 0 and 63 characters long and must conform to the regular expression '([a-z]([-a-z0-9]*[a-z0-9])?)?'.\n\nNo more than 10 labels can be associated with a given finding.\n\nExamples:\n* '\"environment\" : \"production\"'\n* '\"pipeline\" : \"etl\"'","description_kind":"plain","optional":true},"required_finding_label_keys":{"type":["list","string"],"description":"These are labels that each inspection request must include within their 'finding_labels' map. Request\nmay contain others, but any missing one of these will be rejected.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nNo more than 10 keys can be required.","description_kind":"plain","optional":true}},"block_types":{"table_options":{"nesting_mode":"list","block":{"block_types":{"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The columns that are the primary keys for table objects included in ContentItem. A copy of this\ncell's value will stored alongside alongside each finding so that the finding can be traced to\nthe specific row it came from. No more than 3 may be provided.","description_kind":"plain"}}},"description":"If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.","description_kind":"plain"},"max_items":1}},"description":"Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.","description_kind":"plain"},"max_items":1},"timespan_config":{"nesting_mode":"list","block":{"attributes":{"enable_auto_population_of_timespan_config":{"type":"bool","description":"When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid\nscanning files that have not been modified since the last time the JobTrigger executed. This will\nbe based on the time of the execution of the last run of the JobTrigger or the timespan endTime\nused in the last run of the JobTrigger.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied.","description_kind":"plain","optional":true}},"block_types":{"timestamp_field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery.\n\nFor BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was\nmodified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp\nfield are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column.\n\nFor Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the\ntimestamp property does not exist or its value is empty or invalid.","description_kind":"plain","required":true}},"description":"Specification of the field containing the timestamp of scanned items.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the timespan of the items to include in scanning","description_kind":"plain"},"max_items":1}},"description":"Information on where to inspect","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Controls what and how to inspect for findings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"triggers":{"nesting_mode":"list","block":{"block_types":{"manual":{"nesting_mode":"list","block":{"description":"For use with hybrid jobs. Jobs must be manually created and finished.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"recurrence_period_duration":{"type":"string","description":"With this option a job is started a regular periodic basis. For example: every day (86400 seconds).\n\nA scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs.\n\nThis value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Schedule for triggered jobs","description_kind":"plain"},"max_items":1}},"description":"What event needs to occur for a new job to be started.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_data_loss_prevention_stored_info_type":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the info type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the info type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the info type. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the info type in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"stored_info_type_id":{"type":"string","description":"The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100\ncharacters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"large_custom_dictionary":{"nesting_mode":"list","block":{"block_types":{"big_query_field":{"nesting_mode":"list","block":{"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Designated field in the BigQuery table.","description_kind":"plain"},"min_items":1,"max_items":1},"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"max_items":1},"cloud_storage_file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The url, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard in the path is allowed.","description_kind":"plain","required":true}},"description":"Set of files containing newline-delimited lists of dictionary phrases.","description_kind":"plain"},"max_items":1},"output_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API.\nIf any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_pipeline_pipeline":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the pipeline was initially created. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the pipeline. It can contain only letters ([A-Za-z]), numbers ([0-9]), hyphens (-), and underscores (_).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_count":{"type":"number","description":"Number of jobs.","description_kind":"plain","computed":true},"last_update_time":{"type":"string","description":"The timestamp when the pipeline was last modified. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"\"The pipeline name. For example': 'projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID.\"\n\"- PROJECT_ID can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see Identifying projects.\"\n\"LOCATION_ID is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling google.cloud.location.Locations.ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in App Engine regions.\"\n\"PIPELINE_ID is the ID of the pipeline. Must be unique for the selected project and location.\"","description_kind":"plain","required":true},"pipeline_sources":{"type":["map","string"],"description":"The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region","description_kind":"plain","optional":true},"scheduler_service_account_email":{"type":"string","description":"Optional. A service account email to be used with the Cloud Scheduler job. If not specified, the default compute engine service account will be used.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pipeline. When the pipeline is created, the state is set to 'PIPELINE_STATE_ACTIVE' by default. State changes can be requested by setting the state to stopping, paused, or resuming. State cannot be changed through pipelines.patch requests.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#state Possible values: [\"STATE_UNSPECIFIED\", \"STATE_RESUMING\", \"STATE_ACTIVE\", \"STATE_STOPPING\", \"STATE_ARCHIVED\", \"STATE_PAUSED\"]","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the pipeline. This field affects the scheduling of the pipeline and the type of metrics to show for the pipeline.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#pipelinetype Possible values: [\"PIPELINE_TYPE_UNSPECIFIED\", \"PIPELINE_TYPE_BATCH\", \"PIPELINE_TYPE_STREAMING\"]","description_kind":"plain","required":true}},"block_types":{"schedule_info":{"nesting_mode":"list","block":{"attributes":{"next_job_time":{"type":"string","description":"When the next Scheduler job is going to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"schedule":{"type":"string","description":"Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Timezone ID. This matches the timezone IDs used by the Cloud Scheduler API. If empty, UTC time is assumed.","description_kind":"plain","optional":true}},"description":"Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#schedulespec","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"workload":{"nesting_mode":"list","block":{"block_types":{"dataflow_flex_template_request":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The regional endpoint to which to direct the request. For example, us-central1, us-west1.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description":"If true, the request is validated but not actually executed. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"launch_parameter":{"nesting_mode":"list","block":{"attributes":{"container_spec_gcs_path":{"type":"string","description":"Cloud Storage path to a file with a JSON-serialized ContainerSpec as content.","description_kind":"plain","optional":true},"job_name":{"type":"string","description":"The job name to use for the created job. For an update job request, the job name should be the same as the existing running job.","description_kind":"plain","required":true},"launch_options":{"type":["map","string"],"description":"Launch options for this Flex Template job. This is a common set of options across languages and templates. This should not be used to pass job parameters.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"'The parameters for the Flex Template. Example: {\"numWorkers\":\"5\"}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mappings":{"type":["map","string"],"description":"'Use this to pass transform name mappings for streaming update jobs. Example: {\"oldTransformName\":\"newTransformName\",...}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"Set this to true if you are sending a request to update a running streaming job. When set, the job name should be the same as the running job.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"flexrs_goal":{"type":"string","description":"Set FlexRS goal for the job. https://cloud.google.com/dataflow/docs/guides/flexrs\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexResourceSchedulingGoal Possible values: [\"FLEXRS_UNSPECIFIED\", \"FLEXRS_SPEED_OPTIMIZED\", \"FLEXRS_COST_OPTIMIZED\"]","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the Flex Template job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexTemplateRuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"Parameter to launch a job from a Flex Template.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplateparameter","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the flex launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplaterequest","description_kind":"plain"},"max_items":1},"dataflow_launch_template_request":{"nesting_mode":"list","block":{"attributes":{"gcs_path":{"type":"string","description":"A Cloud Storage path to the template from which to create the job. Must be a valid Cloud Storage URL, beginning with 'gs://'.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The regional endpoint to which to direct the request.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description_kind":"plain","optional":true}},"block_types":{"launch_parameters":{"nesting_mode":"list","block":{"attributes":{"job_name":{"type":"string","description":"The job name to use for the created job.","description_kind":"plain","required":true},"parameters":{"type":["map","string"],"description":"The runtime parameters to pass to the job.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mapping":{"type":["map","string"],"description":"Map of transform name prefixes of the job to be replaced to the corresponding name prefixes of the new job. Only applicable when updating a pipeline.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"If set, replace the existing pipeline with the name specified by jobName with this pipeline, preserving state.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"bypass_temp_dir_validation":{"type":"bool","description":"Whether to bypass the safety checks for the job's temporary directory. Use with caution.","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true,"computed":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#RuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"The parameters of the template to launch. This should be part of the body of the POST request.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplateparameters","description_kind":"plain"},"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the standard launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplaterequest","description_kind":"plain"},"max_items":1}},"description":"Workload information for creating new jobs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#workload","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_database_migration_service_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The ID of the connection profile.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dbprovider":{"type":"string","description":"The database provider.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The connection profile display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"description":"Output only. The error details in case of state FAILED.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the connection profile should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"alloydb":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"Required. The AlloyDB cluster ID that this connection profile is associated with.","description_kind":"plain","required":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels for the AlloyDB cluster created by DMS.","description_kind":"plain","optional":true},"vpc_network":{"type":"string","description":"Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster.","description_kind":"plain","required":true}},"block_types":{"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates if the initialUser.password field has been set.","description_kind":"plain","computed":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","required":true}},"description":"Required. Input only. Initial user to setup during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"primary_instance_settings":{"nesting_mode":"list","block":{"attributes":{"database_flags":{"type":["map","string"],"description":"Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The database username.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels for the AlloyDB primary instance created by DMS.","description_kind":"plain","optional":true},"private_ip":{"type":"string","description":"Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true}},"block_types":{"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","required":true}},"description":"Configuration for the machines that host the underlying database engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for the cluster's primary instance","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination AlloyDB cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster.","description_kind":"plain"},"max_items":1},"cloudsql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"Output only. The Cloud SQL instance ID that this connection profile is associated with.","description_kind":"plain","computed":true},"private_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's private IP.","description_kind":"plain","computed":true},"public_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's public IP.","description_kind":"plain","computed":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'. Possible values: [\"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true},"auto_storage_increase":{"type":"bool","description":"If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity.\nIf the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB.","description_kind":"plain","optional":true},"cmek_key_name":{"type":"string","description":"The KMS key name used for the csql instance.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The Cloud SQL default instance level collation.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"string","description":"The storage capacity available to the database, in GB. The minimum (and default) size is 10GB.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"The type of storage. Possible values: [\"PD_SSD\", \"PD_HDD\"]","description_kind":"plain","optional":true},"database_flags":{"type":["map","string"],"description":"The database flags passed to the Cloud SQL instance at startup.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The database engine type and version.\nCurrently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the given Cloud SQL instance. Possible values: [\"ENTERPRISE\", \"ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"root_password":{"type":"string","description":"Input only. Initial root password.","description_kind":"plain","optional":true,"sensitive":true},"root_password_set":{"type":"bool","description":"Output only. Indicates If this connection profile root password is stored.","description_kind":"plain","computed":true},"source_id":{"type":"string","description":"The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID","description_kind":"plain","required":true},"storage_auto_resize_limit":{"type":"string","description":"The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances).\nFor more information, see https://cloud.google.com/sql/docs/mysql/instance-settings","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Google Cloud Platform zone where your Cloud SQL datdabse instance is located.","description_kind":"plain","optional":true}},"block_types":{"ip_config":{"nesting_mode":"list","block":{"attributes":{"enable_ipv4":{"type":"bool","description":"Whether the instance should be assigned an IPv4 address or not.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default.\nThis setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP should be enforced or not.","description_kind":"plain","optional":true}},"block_types":{"authorized_networks":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time when this access control entry expires in RFC 3339 format.","description_kind":"plain","optional":true},"label":{"type":"string","description":"A label to identify this entry.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Input only. The time-to-leave of this access control entry.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The allowlisted value for the access control list.","description_kind":"plain","required":true}},"description":"The list of external networks that are allowed to connect to the instance using the IP.","description_kind":"plain"}}},"description":"The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled.","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination Cloud SQL database.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The IP or hostname of the source MySQL database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","optional":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The network port of the source MySQL database.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","optional":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for MySQL databases.","description_kind":"plain"},"max_items":1},"oracle":{"nesting_mode":"list","block":{"attributes":{"database_service":{"type":"string","description":"Required. Database service for the Oracle connection.","description_kind":"plain","required":true},"host":{"type":"string","description":"Required. The IP or hostname of the source Oracle database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source Oracle database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Required. Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"Input only. SSH password. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel, default value is 22.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"Input only. SSH private key. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Required. Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"Required. The resource name (URI) of the private connection.","description_kind":"plain","required":true}},"description":"Configuration for using a private network to communicate with the source database","description_kind":"plain"},"max_items":1},"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"static_service_ip_connectivity":{"nesting_mode":"list","block":{"description":"This object has no nested fields.\n\nStatic IP address connectivity configured on service project.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for Oracle databases.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"alloydb_cluster_id":{"type":"string","description":"If the connected database is an AlloyDB instance, use this field to provide the AlloyDB cluster ID.","description_kind":"plain","optional":true},"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The IP or hostname of the source MySQL database.","description_kind":"plain","optional":true},"network_architecture":{"type":"string","description":"Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","optional":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The network port of the source MySQL database.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","optional":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for PostgreSQL databases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_database_migration_service_migration_job":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"destination":{"type":"string","description":"The name of the destination connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{destinationConnectionProfile}.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The migration job display name.","description_kind":"plain","optional":true},"dump_path":{"type":"string","description":"The path to the dump file in Google Cloud Storage,\nin the format: (gs://[BUCKET_NAME]/[OBJECT_NAME]).\nThis field and the \"dump_flags\" field are mutually exclusive.","description_kind":"plain","optional":true},"dump_type":{"type":"string","description":"The type of the data dump. Supported for MySQL to CloudSQL for MySQL\nmigrations only. Possible values: [\"LOGICAL\", \"PHYSICAL\"]","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"description":"Output only. The error details in case of state FAILED.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for migration job to use to annotate any related underlying resources such as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the migration job should reside.","description_kind":"plain","optional":true},"migration_job_id":{"type":"string","description":"The ID of the migration job.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this migration job resource in the form of projects/{project}/locations/{location}/migrationJobs/{migrationJob}.","description_kind":"plain","computed":true},"phase":{"type":"string","description":"The current migration job phase.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name of the source connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{sourceConnectionProfile}.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current migration job state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the migration job. Possible values: [\"ONE_TIME\", \"CONTINUOUS\"]","description_kind":"plain","required":true}},"block_types":{"dump_flags":{"nesting_mode":"list","block":{"block_types":{"dump_flags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the flag","description_kind":"plain","optional":true},"value":{"type":"string","description":"The vale of the flag","description_kind":"plain","optional":true}},"description":"A list of dump flags","description_kind":"plain"}}},"description":"The initial dump flags.","description_kind":"plain"},"max_items":1},"performance_config":{"nesting_mode":"list","block":{"attributes":{"dump_parallel_level":{"type":"string","description":"Initial dump parallelism level. Possible values: [\"MIN\", \"OPTIMAL\", \"MAX\"]","description_kind":"plain","optional":true}},"description":"Data dump parallelism settings used by the migration.","description_kind":"plain"},"max_items":1},"reverse_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"vm":{"type":"string","description":"The name of the virtual machine (Compute Engine) used as the bastion server\nfor the SSH tunnel.","description_kind":"plain","optional":true},"vm_ip":{"type":"string","description":"The IP of the virtual machine (Compute Engine) used as the bastion server\nfor the SSH tunnel.","description_kind":"plain","optional":true},"vm_port":{"type":"number","description":"The forwarding port of the virtual machine (Compute Engine) used as the\nbastion server for the SSH tunnel.","description_kind":"plain","optional":true},"vpc":{"type":"string","description":"The name of the VPC to peer with the Cloud SQL private network.","description_kind":"plain","optional":true}},"description":"The details of the VPC network that the source database is located in.","description_kind":"plain"},"max_items":1},"static_ip_connectivity":{"nesting_mode":"list","block":{"description":"If set to an empty object ('{}'), the source database will allow incoming\nconnections from the public IP of the destination database.\nYou can retrieve the public IP of the Cloud SQL instance from the\nCloud SQL console or using Cloud SQL APIs.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_connectivity":{"nesting_mode":"list","block":{"attributes":{"vpc":{"type":"string","description":"The name of the VPC network to peer with the Cloud SQL private network.","description_kind":"plain","optional":true}},"description":"The details of the VPC network that the source database is located in.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_database_migration_service_private_connection":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc_name":{"type":"string","description":"Fully qualified name of the VPC that Database Migration Service will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween databasemigrationservice and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataflow_job":{"version":1,"block":{"attributes":{"additional_experiments":{"type":["set","string"],"description":"List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_streaming_engine":{"type":"bool","description":"Indicates if the job should use the streaming engine feature.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_configuration":{"type":"string","description":"The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".","description_kind":"plain","optional":true},"job_id":{"type":"string","description":"The unique ID of this job.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The name for the Cloud KMS key for the job. Key format is: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. NOTE: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique name for the resource, required by Dataflow.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which VMs will be assigned. If it is not provided, \"default\" will be used.","description_kind":"plain","optional":true},"on_delete":{"type":"string","description":"One of \"drain\" or \"cancel\". Specifies behavior of deletion during terraform destroy.","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Key/Value pairs to be passed to the Dataflow job (as used in the template).","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the created job should run.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The Service Account email used to create the job.","description_kind":"plain","optional":true},"skip_wait_on_job_termination":{"type":"bool","description":"If true, treat DRAINING and CANCELLING as terminal job states and do not wait for further changes before removing from terraform state and moving on. WARNING: this will lead to job name conflicts if you do not ensure that the job names are different, e.g. by embedding a release ID or by using a random_id.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The current state of the resource, selected from the JobState enum.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork to which VMs will be assigned. Should be of the form \"regions/REGION/subnetworks/SUBNETWORK\".","description_kind":"plain","optional":true},"temp_gcs_location":{"type":"string","description":"A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data.","description_kind":"plain","required":true},"template_gcs_path":{"type":"string","description":"The Google Cloud Storage path to the Dataflow job template.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"transform_name_mapping":{"type":["map","string"],"description":"Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of this job, selected from the JobType enum.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone in which the created job should run. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_aspect_type":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description":"The aspect type id of the aspect type.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the AspectType was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the AspectType.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the AspectType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where aspect type will be created in.","description_kind":"plain","optional":true},"metadata_template":{"type":"string","description":"MetadataTemplate of the Aspect.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the AspectType, of the form: projects/{project_number}/locations/{location_id}/aspectTypes/{aspect_type_id}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_status":{"type":"string","description":"Denotes the transfer status of the Aspect Type. It is unspecified\nfor Aspect Type created from Dataplex API.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the AspectType. This ID will be different if the AspectType is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the AspectType was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_binding":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_member":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_policy":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the asset was created.","description_kind":"plain","computed":true},"dataplex_zone":{"type":"string","description":"The zone for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the asset.","description_kind":"plain","optional":true},"discovery_status":{"type":["list",["object",{"last_run_duration":"string","last_run_time":"string","message":"string","state":"string","stats":["list",["object",{"data_items":"number","data_size":"number","filesets":"number","tables":"number"}]],"update_time":"string"}]],"description":"Output only. Status of the discovery feature applied to data referenced by this asset.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the asset.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the asset.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"resource_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the resource referenced by this asset.","description_kind":"plain","computed":true},"security_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the security policy applied to resource referenced by this asset.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the asset was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data referenced by this asset. When this spec is left unset, the asset will use the spec set on the parent zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: `projects/{project_number}/buckets/{bucket_id}` `projects/{project_number}/datasets/{dataset_id}`","description_kind":"plain","optional":true},"read_access_mode":{"type":"string","description":"Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resource that is referenced by this asset.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset_iam_binding":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_member":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the scan was created.","description_kind":"plain","computed":true},"data_scan_id":{"type":"string","description":"DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the scan.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job_end_time":"string","latest_job_start_time":"string"}]],"description":"Status of the data scan execution.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the scan. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the data scan should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the DataScan.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of DataScan.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the scan. This ID will be different if the scan is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the scan was last updated.","description_kind":"plain","computed":true}},"block_types":{"data":{"nesting_mode":"list","block":{"attributes":{"entity":{"type":"string","description":"The Dataplex entity that represents the data source(e.g. BigQuery table) for Datascan.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be:\n(Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type \"TABLE\" for DataProfileScan/DataQualityScan.","description_kind":"plain","optional":true}},"description":"The data source for DataScan.","description_kind":"plain"},"min_items":1,"max_items":1},"data_profile_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"exclude_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to exclude from data profile.\nIf specified, the fields will be excluded from data profile, regardless of 'include_fields' value.","description_kind":"plain"},"max_items":1},"include_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to include in data profile.\nIf not specified, all fields at the time of profile scan job execution are included, except for ones listed in 'exclude_fields'.","description_kind":"plain"},"max_items":1},"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataProfileScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1}},"description":"DataProfileScan related setting.","description_kind":"plain"},"max_items":1},"data_quality_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataQualityScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"The unnested column which this rule is evaluated against.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the rule.\nThe maximum length is 1,024 characters.","description_kind":"plain","optional":true},"dimension":{"type":"string","description":"The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are [\"COMPLETENESS\", \"ACCURACY\", \"CONSISTENCY\", \"VALIDITY\", \"UNIQUENESS\", \"INTEGRITY\"]","description_kind":"plain","required":true},"ignore_null":{"type":"bool","description":"Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A mutable name for the rule.\nThe name must contain only letters (a-z, A-Z), numbers (0-9), or hyphens (-).\nThe maximum length is 63 characters.\nMust start with a letter.\nMust end with a number or a letter.","description_kind":"plain","optional":true},"threshold":{"type":"number","description":"The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0).","description_kind":"plain","optional":true}},"block_types":{"non_null_expectation":{"nesting_mode":"list","block":{"description":"ColumnMap rule which evaluates whether each column value is null.","description_kind":"plain"},"max_items":1},"range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"strict_max_enabled":{"type":"bool","description":"Whether each value needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether each value needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnMap rule which evaluates whether each column value lies between a specified range.","description_kind":"plain"},"max_items":1},"regex_expectation":{"nesting_mode":"list","block":{"attributes":{"regex":{"type":"string","description":"A regular expression the column value is expected to match.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value matches a specified regex.","description_kind":"plain"},"max_items":1},"row_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether each row passes the specified condition.","description_kind":"plain"},"max_items":1},"set_expectation":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Expected values for the column value.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value is contained by a specified set.","description_kind":"plain"},"max_items":1},"sql_assertion":{"nesting_mode":"list","block":{"attributes":{"sql_statement":{"type":"string","description":"The SQL statement.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether any row matches invalid state.","description_kind":"plain"},"max_items":1},"statistic_range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"statistic":{"type":"string","description":"column statistics. Possible values: [\"STATISTIC_UNDEFINED\", \"MEAN\", \"MIN\", \"MAX\"]","description_kind":"plain","required":true},"strict_max_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range.","description_kind":"plain"},"max_items":1},"table_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether the provided expression is true.","description_kind":"plain"},"max_items":1},"uniqueness_expectation":{"nesting_mode":"list","block":{"description":"Row-level rule which evaluates whether each column value is unique.","description_kind":"plain"},"max_items":1}},"description":"The list of rules to evaluate against a data source. At least one rule is required.","description_kind":"plain"}}},"description":"DataQualityScan related setting.","description_kind":"plain"},"max_items":1},"execution_spec":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table.","description_kind":"plain","optional":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"block_types":{"on_demand":{"nesting_mode":"list","block":{"description":"The scan runs once via dataScans.run API.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule for running scans periodically. This field is required for Schedule scans.","description_kind":"plain","required":true}},"description":"The scan is scheduled to run periodically.","description_kind":"plain"},"max_items":1}},"description":"Spec related to how often and when a scan should be triggered.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"DataScan execution settings.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_datascan_iam_binding":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_member":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the EntryGroup was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the EntryGroup.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_group_id":{"type":"string","description":"The entry group id of the entry group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the EntryGroup.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where entry group will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the EntryGroup, of the form: projects/{project_number}/locations/{location_id}/entryGroups/{entry_group_id}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_status":{"type":"string","description":"Denotes the transfer status of the Entry Group. It is unspecified\nfor Entry Group created from Dataplex API.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the EntryGroup. This ID will be different if the EntryGroup is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the EntryGroup was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_type":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the EntryType was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the EntryType.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_type_id":{"type":"string","description":"The entry type id of the entry type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the EntryType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where entry type will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the EntryType, of the form: projects/{project_number}/locations/{location_id}/entryTypes/{entry_type_id}","description_kind":"plain","computed":true},"platform":{"type":"string","description":"The platform that Entries of this type belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"system":{"type":"string","description":"The system that Entries of this type belongs to.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type_aliases":{"type":["list","string"],"description":"Indicates the class this Entry Type belongs to, for example, TABLE, DATABASE, MODEL.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System generated globally unique ID for the EntryType. This ID will be different if the EntryType is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the EntryType was last updated.","description_kind":"plain","computed":true}},"block_types":{"required_aspects":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Required aspect type for the entry type.","description_kind":"plain","optional":true}},"description":"AspectInfo for the entry type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_binding":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_member":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_policy":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the lake.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the lake was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the lake.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User-defined labels for the lake.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"metastore_status":{"type":["list",["object",{"endpoint":"string","message":"string","state":"string","update_time":"string"}]],"description":"Output only. Metastore status of the lake.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the lake.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Output only. Service account associated with this lake. This service account must be authorized to access or operate on resources managed by the lake.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the lake was last updated.","description_kind":"plain","computed":true}},"block_types":{"metastore":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional. A relative reference to the Dataproc Metastore (https://cloud.google.com/dataproc-metastore/docs) service associated with the lake: `projects/{project_id}/locations/{location_id}/services/{service_id}`","description_kind":"plain","optional":true}},"description":"Optional. Settings to manage lake and Dataproc Metastore service instance association.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_lake_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the task was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the task.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job":["list",["object",{"end_time":"string","message":"string","name":"string","retry_count":"number","service":"string","service_job":"string","start_time":"string","state":"string","uid":"string"}]],"update_time":"string"}]],"description":"Configuration for the cluster","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the task.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake in which the task will be created in.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the task will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the task, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/ tasks/{name}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the task.","description_kind":"plain","computed":true},"task_id":{"type":"string","description":"The task Id of the task.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the task. This ID will be different if the task is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the task was last updated.","description_kind":"plain","computed":true}},"block_types":{"execution_spec":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["map","string"],"description":"The arguments to pass to the task. The args can use placeholders of the format ${placeholder} as part of key/value string. These will be interpolated before passing the args to the driver. Currently supported placeholders: - ${taskId} - ${job_time} To pass positional args, set the key as TASK_ARGS. The value should be a comma-separated string of all the positional arguments. To use a delimiter other than comma, refer to https://cloud.google.com/sdk/gcloud/reference/topic/escaping. In case of other keys being present in the args, then TASK_ARGS will be passed as the last argument. An object containing a list of 'key': value pairs. Example: { 'name': 'wrench', 'mass': '1.3kg', 'count': '3' }.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The Cloud KMS key to use for encryption, of the form: projects/{project_number}/locations/{locationId}/keyRings/{key-ring-name}/cryptoKeys/{key-name}.","description_kind":"plain","optional":true},"max_job_execution_lifetime":{"type":"string","description":"The maximum duration after which the job execution is expired. A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which jobs are run. By default, the project containing the Lake is used. If a project is provided, the ExecutionSpec.service_account must belong to this project.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Service account to use to execute a task. If not provided, the default Compute service account for the project is used.","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1},"notebook":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"notebook":{"type":"string","description":"Path to input notebook. This can be the Cloud Storage URI of the notebook file or the path to a Notebook Content. The execution args are accessible as environment variables (TASK_key=value).","description_kind":"plain","required":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in jar_file_uris. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The Cloud Storage URI of the jar file that contains the main class. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"python_script_file":{"type":"string","description":"The Gcloud Storage URI of the main Python file to use as the driver. Must be a .py file. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"sql_script":{"type":"string","description":"The query text. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true},"sql_script_file":{"type":"string","description":"A reference to a query file. This can be the Cloud Storage URI of the query file or it can the path to a SqlScript Content. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_spec":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Prevent the task from executing. This does not cancel already running tasks. It is intended to temporarily disable RECURRING tasks.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Number of retry attempts before aborting. Set to zero to never attempt to retry a failed task.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) for running tasks periodically. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: 'CRON_TZ=${IANA_TIME_ZONE}' or 'TZ=${IANA_TIME_ZONE}'. The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, CRON_TZ=America/New_York 1 * * * *, or TZ=America/New_York 1 * * * *. This field is required for RECURRING tasks.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The first run of the task will be after this time. If not specified, the task will run shortly after being submitted if ON_DEMAND and based on the schedule if RECURRING.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Trigger type of the user-specified Task Possible values: [\"ON_DEMAND\", \"RECURRING\"]","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the zone.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the zone was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the zone.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the zone.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the zone. This ID will be different if the zone is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the zone was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data in this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"location_type":{"type":"string","description":"Required. Immutable. The location type of the resources that are allowed to be attached to the assets within this zone. Possible values: LOCATION_TYPE_UNSPECIFIED, SINGLE_REGION, MULTI_REGION","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resources that are referenced by the assets within this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_zone_iam_binding":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_member":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the autoscaling policy should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The \"resource name\" of the autoscaling policy.","description_kind":"plain","computed":true},"policy_id":{"type":"string","description":"The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 50 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"basic_algorithm":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"string","description":"Duration between scaling events. A scaling period starts after the\nupdate operation from the previous event has completed.\n\nBounds: [2m, 1d]. Default: 2m.","description_kind":"plain","optional":true}},"block_types":{"yarn_config":{"nesting_mode":"list","block":{"attributes":{"graceful_decommission_timeout":{"type":"string","description":"Timeout for YARN graceful decommissioning of Node Managers. Specifies the\nduration to wait for jobs to complete before forcefully removing workers\n(and potentially interrupting jobs). Only applicable to downscaling operations.\n\nBounds: [0s, 1d].","description_kind":"plain","required":true},"scale_down_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nremove workers. A scale-down factor of 1 will result in scaling down so that there\nis no available memory remaining after the update (more aggressive scaling).\nA scale-down factor of 0 disables removing workers, which can be beneficial for\nautoscaling a single job.\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_down_min_worker_fraction":{"type":"number","description":"Minimum scale-down threshold as a fraction of total cluster size before scaling occurs.\nFor example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must\nrecommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0\nmeans the autoscaler will scale down on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true},"scale_up_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nadd workers. A scale-up factor of 1.0 will result in scaling up so that there\nis no pending memory remaining after the update (more aggressive scaling).\nA scale-up factor closer to 0 will result in a smaller magnitude of scaling up\n(less aggressive scaling).\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_up_min_worker_fraction":{"type":"number","description":"Minimum scale-up threshold as a fraction of total cluster size before scaling\noccurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler\nmust recommend at least a 2-worker scale-up for the cluster to scale. A threshold of\n0 means the autoscaler will scale up on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true}},"description":"YARN autoscaling configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Basic algorithm for autoscaling.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group. Note that by default, clusters will not use\nsecondary workers. Required for secondary workers if the minimum secondary instances is set.\nBounds: [minInstances, ). Defaults to 0.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for secondary workers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group.","description_kind":"plain","required":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for primary workers.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_batch":{"version":0,"block":{"attributes":{"batch_id":{"type":"string","description":"The ID to use for the batch, which will become the final component of the batch's resource name.\nThis value must be 4-63 characters. Valid characters are /[a-z][0-9]-/.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the batch was created.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"The email address of the user who created the batch.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this batch.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the batch will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the batch.","description_kind":"plain","computed":true},"operation":{"type":"string","description":"The resource name of the operation associated with this batch.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_info":{"type":["list",["object",{"approximate_usage":["list",["object",{"accelerator_type":"string","milli_accelerator_seconds":"string","milli_dcu_seconds":"string","shuffle_storage_gb_seconds":"string"}]],"current_usage":["list",["object",{"accelerator_type":"string","milli_accelerator":"string","milli_dcu":"string","milli_dcu_premium":"string","shuffle_storage_gb":"string","shuffle_storage_gb_premium":"string","snapshot_time":"string"}]],"diagnostic_output_uri":"string","endpoints":["map","string"],"output_uri":"string"}]],"description":"Runtime information about batch execution.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The state of the batch. For possible values, see the [API documentation](https://cloud.google.com/dataproc-serverless/docs/reference/rest/v1/projects.locations.batches#State).","description_kind":"plain","computed":true},"state_history":{"type":["list",["object",{"state":"string","state_message":"string","state_start_time":"string"}]],"description":"Historical state information for the batch.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Batch state details, such as a failure description if the state is FAILED.","description_kind":"plain","computed":true},"state_time":{"type":"string","description":"Batch state details, such as a failure description if the state is FAILED.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uuid":{"type":"string","description":"A batch UUID (Unique Universal Identifier). The service generates this value when it creates the batch.","description_kind":"plain","computed":true}},"block_types":{"environment_config":{"nesting_mode":"list","block":{"block_types":{"execution_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS key to use for encryption.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"Tags used for network traffic control.","description_kind":"plain","optional":true},"network_uri":{"type":"string","description":"Network configuration for workload execution.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Service account that used to execute workload.","description_kind":"plain","optional":true,"computed":true},"staging_bucket":{"type":"string","description":"A Cloud Storage bucket used to stage workload dependencies, config files, and store\nworkload output and other ephemeral data, such as Spark history files. If you do not specify a staging bucket,\nCloud Dataproc will determine a Cloud Storage location according to the region where your workload is running,\nand then create and manage project-level, per-location staging and temporary buckets.\nThis field requires a Cloud Storage bucket name, not a gs://... URI to a Cloud Storage bucket.","description_kind":"plain","optional":true},"subnetwork_uri":{"type":"string","description":"Subnetwork configuration for workload execution.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"The duration after which the workload will be terminated.\nWhen the workload exceeds this duration, it will be unconditionally terminated without waiting for ongoing\nwork to finish. If ttl is not specified for a batch workload, the workload will be allowed to run until it\nexits naturally (or run forever without exiting). If ttl is not specified for an interactive session,\nit defaults to 24 hours. If ttl is not specified for a batch that uses 2.1+ runtime version, it defaults to 4 hours.\nMinimum value is 10 minutes; maximum value is 14 days. If both ttl and idleTtl are specified (for an interactive session),\nthe conditions are treated as OR conditions: the workload will be terminated when it has been idle for idleTtl or\nwhen ttl has been exceeded, whichever occurs first.","description_kind":"plain","optional":true,"computed":true}},"description":"Execution configuration for a workload.","description_kind":"plain"},"max_items":1},"peripherals_config":{"nesting_mode":"list","block":{"attributes":{"metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service.","description_kind":"plain","optional":true}},"block_types":{"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload.","description_kind":"plain","optional":true}},"description":"The Spark History Server configuration for the workload.","description_kind":"plain"},"max_items":1}},"description":"Peripherals configuration that workload has access to.","description_kind":"plain"},"max_items":1}},"description":"Environment configuration for the batch execution.","description_kind":"plain"},"max_items":1},"pyspark_batch":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted into the working directory of each executor.\nSupported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver. Do not include arguments that can be set as batch\nproperties, such as --conf, since a collision can occur that causes an incorrect batch submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the classpath of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"The HCFS URI of the main Python file to use as the Spark driver. Must be a .py file.","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"HCFS file URIs of Python files to pass to the PySpark framework.\nSupported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"description":"PySpark batch config.","description_kind":"plain"},"max_items":1},"runtime_config":{"nesting_mode":"list","block":{"attributes":{"cohort":{"type":"string","description":"Optional. Cohort identifier. Identifies families of the workloads having the same shape, e.g. daily ETL jobs.","description_kind":"plain","optional":true},"container_image":{"type":"string","description":"Optional custom container image for the job runtime environment. If not specified, a default container image will be used.","description_kind":"plain","optional":true},"effective_properties":{"type":["map","string"],"description":"A mapping of property names to values, which are used to configure workload execution.","description_kind":"plain","computed":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, which are used to configure workload execution.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of the batch runtime.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autotuning_config":{"nesting_mode":"list","block":{"attributes":{"scenarios":{"type":["list","string"],"description":"Optional. Scenarios for which tunings are applied. Possible values: [\"SCALING\", \"BROADCAST_HASH_JOIN\", \"MEMORY\"]","description_kind":"plain","optional":true}},"description":"Optional. Autotuning configuration of the workload.","description_kind":"plain"},"max_items":1}},"description":"Runtime configuration for the batch execution.","description_kind":"plain"},"max_items":1},"spark_batch":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted into the working directory of each executor.\nSupported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver. Do not include arguments that can be set as batch\nproperties, such as --conf, since a collision can occur that causes an incorrect batch submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the classpath of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver main class. The jar file that contains the class must be in the\nclasspath or specified in jarFileUris.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true}},"description":"Spark batch config.","description_kind":"plain"},"max_items":1},"spark_r_batch":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted into the working directory of each executor.\nSupported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver. Do not include arguments that can be set as batch\nproperties, such as --conf, since a collision can occur that causes an incorrect batch submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"The HCFS URI of the main R file to use as the driver. Must be a .R or .r file.","description_kind":"plain","optional":true}},"description":"SparkR batch config.","description_kind":"plain"},"max_items":1},"spark_sql_batch":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains Spark SQL queries to execute.","description_kind":"plain","optional":true},"query_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET name=\"value\";).","description_kind":"plain","optional":true}},"description":"Spark SQL batch config.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_cluster":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"graceful_decommission_timeout":{"type":"string","description":"The timeout duration which allows graceful decomissioning when you change the number of worker nodes directly through a terraform apply","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The list of the labels (key/value pairs) configured on the resource and to be applied to instances in the cluster.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the cluster will exist. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the cluster and associated nodes will be created in. Defaults to global.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":" The name of the cloud storage bucket ultimately used to house the staging data for the cluster. If staging_bucket is specified, it will contain this value, otherwise it will be the auto generated name.","description_kind":"plain","computed":true},"staging_bucket":{"type":"string","description":"The Cloud Storage staging bucket used to stage files, such as Hadoop jars, between client machines and the cluster. Note: If you don't explicitly specify a staging_bucket then GCP will auto create / assign one for you. However, you are not guaranteed an auto generated bucket which is solely dedicated to your cluster; it may be shared with other clusters in the same region/zone also choosing to use the auto generation option.","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"The Cloud Storage temp bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. Note: If you don't explicitly specify a temp_bucket then GCP will auto create / assign one for you.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy_uri":{"type":"string","description":"The autoscaling policy used by the cluster.","description_kind":"plain","required":true}},"description":"The autoscaling policy config associated with the cluster.","description_kind":"plain"},"max_items":1},"auxiliary_node_groups":{"nesting_mode":"list","block":{"attributes":{"node_group_id":{"type":"string","description":"A node group ID. Generated if not specified. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of from 3 to 33 characters.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The Node group resource name.","description_kind":"plain","computed":true},"roles":{"type":["list","string"],"description":"Node group roles.","description_kind":"plain","required":true}},"block_types":{"node_group_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of auxiliary node group instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the auxiliary node group. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of auxiliary nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The node group instance group configuration.","description_kind":"plain"},"max_items":1}},"description":"Node group configuration.","description_kind":"plain"},"min_items":1}},"description":"The node group settings.","description_kind":"plain"}},"dataproc_metric_config":{"nesting_mode":"list","block":{"block_types":{"metrics":{"nesting_mode":"list","block":{"attributes":{"metric_overrides":{"type":["set","string"],"description":"Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect.","description_kind":"plain","optional":true},"metric_source":{"type":"string","description":"A source for the collection of Dataproc OSS metrics (see [available OSS metrics] (https://cloud.google.com//dataproc/docs/guides/monitoring#available_oss_metrics)).","description_kind":"plain","required":true}},"description":"Metrics sources to enable.","description_kind":"plain"},"min_items":1}},"description":"The config for Dataproc metrics.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","required":true}},"description":"The Customer managed encryption keys settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"The flag to enable http access to specific ports on the cluster from external sources (aka Component Gateway). Defaults to false.","description_kind":"plain","required":true},"http_ports":{"type":["map","string"],"description":"The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"The config settings for port access on the cluster. Structure defined below.","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. If set to true, all instances in the cluster will only have internal IP addresses. Note: Private Google Access (also known as privateIpGoogleAccess) must be enabled on the subnetwork that the cluster will be launched in.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"A map of the Compute Engine metadata entries to add to all instances","description_kind":"plain","optional":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to the cluster will be part of. Conflicts with subnetwork. If neither is specified, this defaults to the \"default\" network.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account to be used by the Node VMs. If not specified, the \"default\" service account is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs under the service_account specified. These can be either FQDNs, or scope aliases.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork the cluster will be part of. Conflicts with network.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to instances in the cluster. Tags are used to identify valid sources or targets for network firewalls.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP zone where your data is stored and used (i.e. where the master and the worker nodes will be created in). If region is set to 'global' (default) then zone is mandatory, otherwise GCP is able to make use of Auto Zone Placement to determine this automatically for you. Note: This setting additionally determines and restricts which computing resources are available for use with other configs such as cluster_config.master_config.machine_type and cluster_config.worker_config.machine_type.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","optional":true}},"description":"Confidential Instance Config for clusters using Compute Engine Confidential VMs.","description_kind":"plain"},"max_items":1},"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group_uri":{"type":"string","description":"The URI of a sole-tenant that the cluster will be created on.","description_kind":"plain","required":true}},"description":"Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Type of reservation to consume.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether instances have integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether instances have Secure Boot enabled.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether instances have the vTPM enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster.","description_kind":"plain"},"max_items":1},"initialization_action":{"nesting_mode":"list","block":{"attributes":{"script":{"type":"string","description":"The script to be executed during initialization of the cluster. The script must be a GCS file with a gs:// prefix.","description_kind":"plain","required":true},"timeout_sec":{"type":"number","description":"The maximum duration (in seconds) which script is allowed to take to execute its action. GCP will default to a predetermined computed value if not set (currently 300).","description_kind":"plain","optional":true}},"description":"Commands to execute on each node after config is completed. You can specify multiple versions of these.","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"The time when cluster will be auto-deleted. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"The duration to keep the cluster alive while idling (no jobs running). After this TTL, the cluster will be deleted. Valid range: [10m, 14d].","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Time when the cluster became idle (most recent job finished) and became eligible for deletion due to idleness.","description_kind":"plain","computed":true}},"description":"The settings for auto deletion cluster schedule.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of master nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's master instance.","description_kind":"plain"},"max_items":1},"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service.","description_kind":"plain","required":true}},"description":"Specifies a Metastore configuration.","description_kind":"plain"},"max_items":1},"preemptible_worker_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of preemptible instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"num_instances":{"type":"number","description":"Specifies the number of preemptible nodes to create. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"preemptibility":{"type":"string","description":"Specifies the preemptibility of the secondary nodes. Defaults to PREEMPTIBLE.","description_kind":"plain","optional":true}},"block_types":{"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each preemptible worker node, specified in GB. The smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each preemptible worker node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each preemptible worker node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1},"instance_flexibility_policy":{"nesting_mode":"list","block":{"attributes":{"instance_selection_results":{"type":["list",["object",{"machine_type":"string","vm_count":"number"}]],"description":"A list of instance selection results in the group.","description_kind":"plain","computed":true}},"block_types":{"instance_selection_list":{"nesting_mode":"list","block":{"attributes":{"machine_types":{"type":["list","string"],"description":"Full machine-type names, e.g. \"n1-standard-16\".","description_kind":"plain","optional":true,"computed":true},"rank":{"type":"number","description":"Preference of this instance selection. Lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference.","description_kind":"plain","optional":true,"computed":true}},"description":"List of instance selection options that the group will use when creating new VMs.","description_kind":"plain"}},"provisioning_model_mix":{"nesting_mode":"list","block":{"attributes":{"standard_capacity_base":{"type":"number","description":"The base capacity that will always use Standard VMs to avoid risk of more preemption than the minimum capacity you need.","description_kind":"plain","optional":true},"standard_capacity_percent_above_base":{"type":"number","description":"The percentage of target capacity that should use Standard VM. The remaining percentage will use Spot VMs.","description_kind":"plain","optional":true}},"description":"Defines how Dataproc should create VMs with a mixture of provisioning models.","description_kind":"plain"},"max_items":1}},"description":"Instance flexibility Policy allowing a mixture of VM shapes and provisioning models.","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the additional (aka preemptible) instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster\nKerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Flag to indicate whether to Kerberize the cluster.","description_kind":"plain","optional":true},"kdc_db_key_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing\nthe password to the user provided keystore. For the self-signed certificate, this password is generated\nby Dataproc","description_kind":"plain","optional":true},"keystore_uri":{"type":"string","description":"The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"kms_key_uri":{"type":"string","description":"The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","required":true},"realm":{"type":"string","description":"The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password_uri":{"type":"string","description":"The cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","required":true},"tgt_lifetime_hours":{"type":"number","description":"The lifetime of the ticket granting ticket, in hours.","description_kind":"plain","optional":true},"truststore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"truststore_uri":{"type":"string","description":"The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true}},"description":"Kerberos related configuration","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Security related configuration.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"The Cloud Dataproc image version to use for the cluster - this controls the sets of software versions installed onto the nodes when you create clusters. If not specified, defaults to the latest version.","description_kind":"plain","optional":true,"computed":true},"optional_components":{"type":["set","string"],"description":"The set of optional components to activate on the cluster.","description_kind":"plain","optional":true},"override_properties":{"type":["map","string"],"description":"A list of override and additional properties (key/value pairs) used to modify various aspects of the common configuration files used when creating a cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A list of the properties used to set the daemon config files. This will include any values supplied by the user via cluster_config.software_config.override_properties","description_kind":"plain","computed":true}},"description":"The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master/worker","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master/worker instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master/worker","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master/worker. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"min_num_instances":{"type":"number","description":"The minimum number of primary worker instances to create.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of worker nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"local_ssd_interface":{"type":"string","description":"Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's worker instances.","description_kind":"plain"},"max_items":1}},"description":"Allows you to configure various aspects of the cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_cluster_config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket.","description_kind":"plain","optional":true}},"block_types":{"auxiliary_services_config":{"nesting_mode":"list","block":{"block_types":{"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"The Hive Metastore configuration for this workload.","description_kind":"plain","optional":true}},"description":"The Hive Metastore configuration for this workload.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload.","description_kind":"plain","optional":true}},"description":"The Spark History Server configuration for the workload.","description_kind":"plain"},"max_items":1}},"description":"Auxiliary services configuration for a Cluster.","description_kind":"plain"},"max_items":1},"kubernetes_cluster_config":{"nesting_mode":"list","block":{"attributes":{"kubernetes_namespace":{"type":"string","description":"A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used.","description_kind":"plain","optional":true}},"block_types":{"gke_cluster_config":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_target":{"type":"string","description":"A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","optional":true}},"block_types":{"node_pool_target":{"nesting_mode":"list","block":{"attributes":{"node_pool":{"type":"string","description":"The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{nodePool}'","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"The roles associated with the GKE node pool.","description_kind":"plain","required":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"locations":{"type":["set","string"],"description":"The list of Compute Engine zones where node pool nodes associated with a Dataproc on GKE virtual cluster will be located.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes in the node pool. Must be \u003e= minNodeCount, and must be \u003e 0.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true}},"description":"The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present.","description_kind":"plain"},"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Compute Engine machine type.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as \"Intel Haswell\" or \"Intel Sandy Bridge\".","description_kind":"plain","optional":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances. Preemptible nodes cannot be used in a node pool with the CONTROLLER role or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).","description_kind":"plain","optional":true},"spot":{"type":"bool","description":"Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.","description_kind":"plain","optional":true}},"description":"The node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"Input only. The configuration for the GKE node pool.","description_kind":"plain"},"max_items":1}},"description":"GKE node pools where workloads will be scheduled. At least one node pool must be assigned the DEFAULT GkeNodePoolTarget.Role. If a GkeNodePoolTarget is not specified, Dataproc constructs a DEFAULT GkeNodePoolTarget.","description_kind":"plain"}}},"description":"The configuration for running the Dataproc cluster on GKE.","description_kind":"plain"},"min_items":1,"max_items":1},"kubernetes_software_config":{"nesting_mode":"list","block":{"attributes":{"component_version":{"type":["map","string"],"description":"The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"The properties to set on daemon config files. Property keys are specified in prefix:property format, for example spark:spark.kubernetes.container.image.","description_kind":"plain","optional":true,"computed":true}},"description":"The software configuration for this Dataproc cluster running on Kubernetes.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for running the Dataproc cluster on Kubernetes.","description_kind":"plain"},"max_items":1}},"description":"The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a Dataproc-on-GKE cluster. Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtualClusterConfig must be specified.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_binding":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_member":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_gdc_application_environment":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"The annotations to associate with this application environment. Annotations may be used to store client information, but are not used by the server.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"application_environment_id":{"type":"string","description":"The id of the application environment","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"User-provided human-readable name to be used in user interfaces.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this application environment. Labels may be used for filtering and billing tracking. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the application environment","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the application environment. Format: projects/{project}/locations/{location}/serviceInstances/{service_instance}/applicationEnvironments/{application_environment_id}","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"The name of the namespace in which to create this ApplicationEnvironment. This namespace must already exist in the cluster","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"serviceinstance":{"type":"string","description":"The id of the service instance to which this application environment belongs.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated unique identifier for this application environment, formatted as UUID4.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"spark_application_environment_config":{"nesting_mode":"list","block":{"attributes":{"default_properties":{"type":["map","string"],"description":"A map of default Spark properties to apply to workloads in this application environment. These defaults may be overridden by per-application properties.","description_kind":"plain","optional":true},"default_version":{"type":"string","description":"The default Dataproc version to use for applications submitted to this application environment","description_kind":"plain","optional":true}},"description":"Represents the SparkApplicationEnvironmentConfig.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_gdc_service_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"User-provided human-readable name to be used in user interfaces.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_service_account":{"type":"string","description":"Effective service account associated with ServiceInstance. This will be the service_account if specified. Otherwise, it will be an automatically created per-resource P4SA that also automatically has Fleet Workload. Identity bindings applied.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this service instance. Labels may be used for filtering and billing tracking. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the service instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Whether the service instance is currently reconciling. True if the current state of the resource does not match the intended state, and the system is working to reconcile them, whether or not the change was user initiated.","description_kind":"plain","computed":true},"requested_state":{"type":"string","description":"The intended state to which the service instance is reconciling. Possible values:\n* 'CREATING'\n* 'ACTIVE'\n* 'DISCONNECTED'\n* 'DELETING'\n* 'STOPPING'\n* 'STOPPED'\n* 'STARTING'\n* 'UPDATING'\n* 'FAILED'","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"Requested service account to associate with ServiceInstance.","description_kind":"plain","optional":true},"service_instance_id":{"type":"string","description":"Id of the service instance.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state. Possible values:\n* 'CREATING'\n* 'ACTIVE'\n* 'DISCONNECTED'\n* 'DELETING'\n* 'STOPPING'\n* 'STOPPED'\n* 'STARTING'\n* 'UPDATING'\n* 'FAILED'","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"A message explaining the current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated unique identifier for this service instance, formatted as UUID4.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"gdce_cluster":{"nesting_mode":"list","block":{"attributes":{"gdce_cluster":{"type":"string","description":"Gdce cluster resource id.","description_kind":"plain","required":true}},"description":"Gdce cluster information.","description_kind":"plain"},"max_items":1},"spark_service_instance_config":{"nesting_mode":"list","block":{"description":"Spark-specific service instance configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_gdc_spark_application":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"The annotations to associate with this application. Annotations may be used to store client information, but are not used by the server. \n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"application_environment":{"type":"string","description":"An ApplicationEnvironment from which to inherit configuration properties.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"dependency_images":{"type":["list","string"],"description":"List of container image uris for additional file dependencies. Dependent files are sequentially copied from each image. If a file with the same name exists in 2 images then the file from later image is used.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-provided human-readable name to be used in user interfaces.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this application. Labels may be used for filtering and billing tracking. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the spark application.","description_kind":"plain","required":true},"monitoring_endpoint":{"type":"string","description":"URL for a monitoring UI for this application (for eventual Spark PHS/UI support) Out of scope for private GA","description_kind":"plain","computed":true},"name":{"type":"string","description":"Identifier. The name of the application. Format: projects/{project}/locations/{location}/serviceInstances/{service_instance}/sparkApplications/{application}","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"The Kubernetes namespace in which to create the application. This namespace must already exist on the cluster.","description_kind":"plain","optional":true},"output_uri":{"type":"string","description":"An HCFS URI pointing to the location of stdout and stdout of the application Mainly useful for Pantheon and gcloud Not in scope for private GA","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"properties":{"type":["map","string"],"description":"application-specific properties.","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Whether the application is currently reconciling. True if the current state of the resource does not match the intended state, and the system is working to reconcile them, whether or not the change was user initiated.","description_kind":"plain","computed":true},"serviceinstance":{"type":"string","description":"The id of the service instance to which this spark application belongs.","description_kind":"plain","required":true},"spark_application_id":{"type":"string","description":"The id of the application","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state.\nPossible values:\n* 'STATE_UNSPECIFIED'\n* 'PENDING'\n* 'RUNNING'\n* 'CANCELLING'\n* 'CANCELLED'\n* 'SUCCEEDED'\n* 'FAILED'","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"A message explaining the current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated unique identifier for this application, formatted as UUID4.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was most recently updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Dataproc version of this application.","description_kind":"plain","optional":true}},"block_types":{"pyspark_application_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver. Do not include arguments, such as '--conf', that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"The HCFS URI of the main Python file to use as the driver. Must be a .py file.","description_kind":"plain","required":true},"python_file_uris":{"type":["list","string"],"description":"HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"description":"Represents the PySparkApplicationConfig.","description_kind":"plain"},"max_items":1},"spark_application_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: '.jar', '.tar', '.tar.gz', '.tgz', and '.zip'.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver. Do not include arguments that can be set as application properties, such as '--conf', since a collision can occur that causes an incorrect application submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the classpath of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver main class. The jar file that contains the class must be in the classpath or specified in 'jar_file_uris'.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true}},"description":"Represents the SparkApplicationConfig.","description_kind":"plain"},"max_items":1},"spark_r_application_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver. Do not include arguments, such as '--conf', that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"The HCFS URI of the main R file to use as the driver. Must be a .R file.","description_kind":"plain","required":true}},"description":"Represents the SparkRApplicationConfig.","description_kind":"plain"},"max_items":1},"spark_sql_application_config":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET 'name=\"value\";').","description_kind":"plain","optional":true}},"block_types":{"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"The queries to run.","description_kind":"plain","required":true}},"description":"Represents a list of queries.","description_kind":"plain"},"max_items":1}},"description":"Represents the SparkRApplicationConfig.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_job":{"version":0,"block":{"attributes":{"driver_controls_files_uri":{"type":"string","description":"Output-only. If present, the location of miscellaneous control files which may be used as part of job setup and handling. If not present, control files may be placed in the same location as driver_output_uri.","description_kind":"plain","computed":true},"driver_output_resource_uri":{"type":"string","description":"Output-only. A URI pointing to the location of the stdout of the job's driver program","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"By default, you can only delete inactive jobs within Dataproc. Setting this to true, and calling destroy, will ensure that the job is first cancelled before issuing the delete.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the cluster can be found and jobs subsequently run against. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Cloud Dataproc region. This essentially determines which clusters are available for this job to be submitted to. If not specified, defaults to global.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"details":"string","state":"string","state_start_time":"string","substate":"string"}]],"description":"The status of the job.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"hadoop_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of Hadoop job","description_kind":"plain"},"max_items":1},"hive_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Hive command: SET name=\"value\";).","description_kind":"plain","optional":true}},"description":"The config of hive job","description_kind":"plain"},"max_items":1},"pig_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Pig command: name=[value]).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pag job.","description_kind":"plain"},"max_items":1},"placement":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the cluster where the job will be submitted","description_kind":"plain","required":true},"cluster_uuid":{"type":"string","description":"Output-only. A cluster UUID generated by the Cloud Dataproc service when the job is submitted","description_kind":"plain","computed":true}},"description":"The config of job placement.","description_kind":"plain"},"min_items":1,"max_items":1},"presto_config":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Presto client tags to attach to this query.","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The format in which query output will be displayed. See the Presto documentation for supported output formats.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values. Used to set Presto session properties Equivalent to using the --session flag in the Presto CLI.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of presto job","description_kind":"plain"},"max_items":1},"pyspark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pySpark job.","description_kind":"plain"},"max_items":1},"reference":{"nesting_mode":"list","block":{"attributes":{"job_id":{"type":"string","description":"The job ID, which must be unique within the project. The job ID is generated by the server upon job submission or provided by the user as a means to perform retries without creating duplicate jobs","description_kind":"plain","optional":true,"computed":true}},"description":"The reference of the job","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true},"max_failures_total":{"type":"number","description":"Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of the Spark job.","description_kind":"plain"},"max_items":1},"sparksql_config":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Cloud Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET name=\"value\";).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of SparkSql job","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_federation":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore federation.","description_kind":"plain","computed":true},"federation_id":{"type":"string","description":"The ID of the metastore federation. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore federation.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore federation should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore federation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the metastore federation.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore federation, if available.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore federation.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Apache Hive metastore version of the federation. All backend metastore versions must be compatible with the federation version.","description_kind":"plain","required":true}},"block_types":{"backend_metastores":{"nesting_mode":"set","block":{"attributes":{"metastore_type":{"type":"string","description":"The type of the backend metastore. Possible values: [\"METASTORE_TYPE_UNSPECIFIED\", \"DATAPROC_METASTORE\", \"BIGQUERY\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the metastore that is being federated. The formats of the relative resource names for the currently supported metastores are listed below: Dataplex: projects/{projectId}/locations/{location}/lakes/{lake_id} BigQuery: projects/{projectId} Dataproc Metastore: projects/{projectId}/locations/{location}/services/{serviceId}","description_kind":"plain","required":true},"rank":{"type":"string","description_kind":"plain","required":true}},"description":"A map from BackendMetastore rank to BackendMetastores from which the federation service serves metadata at query time. The map key represents the order in which BackendMetastores should be evaluated to resolve database names at query time and should be greater than or equal to zero. A BackendMetastore with a lower number will be evaluated before a BackendMetastore with a higher number.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Indicates if the dataproc metastore should be protected against accidental deletions.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The fully qualified customer provided Cloud KMS key name to use for customer data encryption.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","required":true}},"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain"},"max_items":1},"hive_metastore_config":{"nesting_mode":"list","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml).\nThe mappings override system defaults (some keys cannot be overridden)","description_kind":"plain","optional":true,"computed":true},"endpoint_protocol":{"type":"string","description":"The protocol to use for the metastore service endpoint. If unspecified, defaults to 'THRIFT'. Default value: \"THRIFT\" Possible values: [\"THRIFT\", \"GRPC\"]","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Hive metastore schema version.","description_kind":"plain","required":true}},"block_types":{"auxiliary_versions":{"nesting_mode":"set","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the auxiliary Hive metastore (configured in hive-site.xml) in addition to the primary version's overrides.\nIf keys are present in both the auxiliary version's overrides and the primary version's overrides, the value from the auxiliary version's overrides takes precedence.","description_kind":"plain","optional":true},"key":{"type":"string","description_kind":"plain","required":true},"version":{"type":"string","description":"The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version.","description_kind":"plain","required":true}},"description":"A mapping of Hive metastore version to the auxiliary version configuration.\nWhen specified, a secondary Hive metastore service is created along with the primary service.\nAll auxiliary versions must be less than the service's primary version.\nThe key is the auxiliary service name and it must match the regular expression a-z?.\nThis means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen.","description_kind":"plain"}},"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"krb5_config_gcs_uri":{"type":"string","description":"A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly.","description_kind":"plain","required":true},"principal":{"type":"string","description":"A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form \"primary/instance@REALM\", but there is no exact format.","description_kind":"plain","required":true}},"block_types":{"keytab":{"nesting_mode":"list","block":{"attributes":{"cloud_secret":{"type":"string","description":"The relative resource name of a Secret Manager secret version, in the following form:\n\n\"projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}\".","description_kind":"plain","required":true}},"description":"A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC).","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information used to configure the Hive metastore service as a service principal in a Kerberos realm.","description_kind":"plain"},"max_items":1}},"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"The day of week, when the window starts. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"hour_of_day":{"type":"number","description":"The hour of day (0-23) when the window starts.","description_kind":"plain","required":true}},"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain"},"max_items":1},"metadata_integration":{"nesting_mode":"list","block":{"block_types":{"data_catalog_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog.","description_kind":"plain","required":true}},"description":"The integration config for the Data Catalog service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"consumers":{"nesting_mode":"list","block":{"attributes":{"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint.\nIt is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network.\nThere must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:\n'projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id}","description_kind":"plain","required":true}},"description":"The consumer-side network configuration for the Dataproc Metastore instance.","description_kind":"plain"},"min_items":1}},"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain"},"max_items":1},"scaling_config":{"nesting_mode":"list","block":{"attributes":{"instance_size":{"type":"string","description":"Metastore instance sizes. Possible values: [\"EXTRA_SMALL\", \"SMALL\", \"MEDIUM\", \"LARGE\", \"EXTRA_LARGE\"]","description_kind":"plain","optional":true},"scaling_factor":{"type":"number","description":"Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0.","description_kind":"plain","optional":true}},"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain"},"max_items":1},"scheduled_backup":{"nesting_mode":"list","block":{"attributes":{"backup_location":{"type":"string","description":"A Cloud Storage URI of a folder, in the format gs://\u003cbucket_name\u003e/\u003cpath_inside_bucket\u003e. A sub-folder \u003cbackup_folder\u003e containing backup files will be stored below it.","description_kind":"plain","required":true},"cron_schedule":{"type":"string","description":"The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron The default is empty: scheduled backup is not enabled. Must be specified to enable scheduled backups.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Defines whether the scheduled backup is enabled. The default value is false.","description_kind":"plain","optional":true,"computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, the default is UTC.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration of scheduled backup for the metastore service.","description_kind":"plain"},"max_items":1},"telemetry_config":{"nesting_mode":"list","block":{"attributes":{"log_format":{"type":"string","description":"The output format of the Dataproc Metastore service's logs. Default value: \"JSON\" Possible values: [\"LEGACY\", \"JSON\"]","description_kind":"plain","optional":true}},"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataproc_workflow_template":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time template was created.","description_kind":"plain","computed":true},"dag_timeout":{"type":"string","description":"Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes (\"600s\") to 24 hours (\"86400s\"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label **keys** must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be empty, but, if present, must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No more than 32 labels can be associated with a template.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workflow template, as described in https://cloud.google.com/apis/design/resource_names. * For `projects.regions.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/regions/{region}/workflowTemplates/{template_id}` * For `projects.locations.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/locations/{location}/workflowTemplates/{template_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time template was last updated.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Output only. The current version of this workflow template.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"jobs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.","description_kind":"plain","optional":true},"prerequisite_step_ids":{"type":["list","string"],"description":"Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.","description_kind":"plain","optional":true},"step_id":{"type":"string","description":"Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.","description_kind":"plain","required":true}},"block_types":{"hadoop_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file containing the main class. Examples: 'gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar' 'hdfs:/tmp/test-samples/custom-wordcount.jar' 'file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar'","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hadoop job.","description_kind":"plain"},"max_items":1},"hive_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains Hive queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hive job.","description_kind":"plain"},"max_items":1},"pig_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains the Pig queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Pig job.","description_kind":"plain"},"max_items":1},"presto_job":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Optional. Presto client tags to attach to this query","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Presto job.","description_kind":"plain"},"max_items":1},"pyspark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a PySpark job.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10.","description_kind":"plain","optional":true},"max_failures_total":{"type":"number","description":"Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240.","description_kind":"plain","optional":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Spark job.","description_kind":"plain"},"max_items":1},"spark_r_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"Required. The HCFS URI of the main R file to use as the driver. Must be a .R file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkR job.","description_kind":"plain"},"max_items":1},"spark_sql_job":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkSql job.","description_kind":"plain"},"max_items":1}},"description":"Required. The Directed Acyclic Graph of Jobs to submit.","description_kind":"plain"},"min_items":1},"parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Brief description of the parameter. Must not exceed 1024 characters.","description_kind":"plain","optional":true},"fields":{"type":["list","string"],"description":"Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter's list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template's cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels['key'] * placement.clusterSelector.clusterLabels['key'] * placement.managedCluster.labels['key'] * placement.clusterSelector.clusterLabels['key'] * jobs['step-id'].labels['key'] * Jobs in the jobs list can be referenced by step-id: * jobs['step-id'].hadoopJob.mainJarFileUri * jobs['step-id'].hiveJob.queryFileUri * jobs['step-id'].pySparkJob.mainPythonFileUri * jobs['step-id'].hadoopJob.jarFileUris[0] * jobs['step-id'].hadoopJob.archiveUris[0] * jobs['step-id'].hadoopJob.fileUris[0] * jobs['step-id'].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs['step-id'].sparkJob.args[0] * Other examples: * jobs['step-id'].hadoopJob.properties['key'] * jobs['step-id'].hadoopJob.args[0] * jobs['step-id'].hiveJob.scriptVariables['key'] * jobs['step-id'].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs['step-id'].sparkJob.args","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters.","description_kind":"plain","required":true}},"block_types":{"validation":{"nesting_mode":"list","block":{"block_types":{"regex":{"nesting_mode":"list","block":{"attributes":{"regexes":{"type":["list","string"],"description":"Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient).","description_kind":"plain","required":true}},"description":"Validation based on regular expressions.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Required. List of allowed values for the parameter.","description_kind":"plain","required":true}},"description":"Validation based on a list of allowed values.","description_kind":"plain"},"max_items":1}},"description":"Optional. Validation rules to be applied to this parameter's value.","description_kind":"plain"},"max_items":1}},"description":"Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.","description_kind":"plain"}},"placement":{"nesting_mode":"list","block":{"block_types":{"cluster_selector":{"nesting_mode":"list","block":{"attributes":{"cluster_labels":{"type":["map","string"],"description":"Required. The cluster labels. Cluster must have all labels to match.","description_kind":"plain","required":true},"zone":{"type":"string","description":"Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted.","description_kind":"plain"},"max_items":1},"managed_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.","description_kind":"plain","optional":true}},"description":"Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"gce_pd_kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","optional":true}},"description":"Optional. Encryption settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.","description_kind":"plain","optional":true},"http_ports":{"type":["map","string"],"description":"Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"Optional. Port/endpoint configuration for this cluster","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).","description_kind":"plain","optional":true},"network":{"type":"string","description":"Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`","description_kind":"plain","optional":true},"private_ipv6_google_access":{"type":"string","description":"Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group":{"type":"string","description":"Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`","description_kind":"plain","required":true}},"description":"Optional. Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION","description_kind":"plain","optional":true},"key":{"type":"string","description":"Optional. Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Optional. Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Optional. Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline.","description_kind":"plain","optional":true}},"description":"Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Optional. The shared Compute Engine config settings for all instances in a cluster.","description_kind":"plain"},"max_items":1},"initialization_actions":{"nesting_mode":"list","block":{"attributes":{"executable_file":{"type":"string","description":"Required. Cloud Storage URI of executable file.","description_kind":"plain","optional":true},"execution_timeout":{"type":"string","description":"Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.","description_kind":"plain","optional":true}},"description":"Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"auto_delete_ttl":{"type":"string","description":"Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","computed":true}},"description":"Optional. Lifecycle setting for the cluster.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for the master instance in a cluster.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for additional worker instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.","description_kind":"plain","optional":true},"kdc_db_key":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"keystore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"Optional. The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","optional":true},"realm":{"type":"string","description":"Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","optional":true},"tgt_lifetime_hours":{"type":"number","description":"Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.","description_kind":"plain","optional":true},"truststore":{"type":"string","description":"Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"truststore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true}},"description":"Optional. Kerberos related configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Security settings for the cluster.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.","description_kind":"plain","optional":true},"optional_components":{"type":["list","string"],"description":"Optional. The set of components to activate on the cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).","description_kind":"plain","optional":true}},"description":"Optional. The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for worker instances in a cluster.","description_kind":"plain"},"max_items":1}},"description":"Required. The cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A cluster that is managed by the workflow.","description_kind":"plain"},"max_items":1}},"description":"Required. WorkflowTemplate scheduling information.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The connection profile identifier.","description_kind":"plain","required":true},"create_without_validation":{"type":"bool","description":"Create the connection profile without validating it.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this connection profile is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"bigquery_profile":{"nesting_mode":"list","block":{"description":"BigQuery warehouse profile.","description_kind":"plain"},"max_items":1},"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"SSH password.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"SSH private key.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"Forward SSH tunnel connectivity.","description_kind":"plain"},"max_items":1},"gcs_profile":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The Cloud Storage bucket name.","description_kind":"plain","required":true},"root_path":{"type":"string","description":"The root path inside the Cloud Storage bucket.","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket profile.","description_kind":"plain"},"max_items":1},"mysql_profile":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the MySQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the MySQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the MySQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the MySQL connection.","description_kind":"plain","required":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM-encoded certificate of the CA that signed the source database\nserver's certificate.","description_kind":"plain","optional":true,"sensitive":true},"ca_certificate_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true},"client_certificate":{"type":"string","description":"PEM-encoded certificate that will be used by the replica to\nauthenticate against the source database server. If this field\nis used then the 'clientKey' and the 'caCertificate' fields are\nmandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_certificate_set":{"type":"bool","description":"Indicates whether the clientCertificate field is set.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'client_certificate' and the\n'ca_certificate' fields are mandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_key_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true}},"description":"SSL configuration for the MySQL connection.","description_kind":"plain"},"max_items":1}},"description":"MySQL database profile.","description_kind":"plain"},"max_items":1},"oracle_profile":{"nesting_mode":"list","block":{"attributes":{"connection_attributes":{"type":["map","string"],"description":"Connection string attributes","description_kind":"plain","optional":true},"database_service":{"type":"string","description":"Database for the Oracle connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the Oracle connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Oracle connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the Oracle connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the Oracle connection.","description_kind":"plain","required":true}},"description":"Oracle database profile.","description_kind":"plain"},"max_items":1},"postgresql_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the PostgreSQL connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the PostgreSQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the PostgreSQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the PostgreSQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the PostgreSQL connection.","description_kind":"plain","required":true}},"description":"PostgreSQL database profile.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"A reference to a private connection resource. Format: 'projects/{project}/locations/{location}/privateConnections/{name}'","description_kind":"plain","required":true}},"description":"Private connectivity.","description_kind":"plain"},"max_items":1},"sql_server_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the SQL Server connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the SQL Server connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the SQL Server connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the SQL Server connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the SQL Server connection.","description_kind":"plain","required":true}},"description":"SQL Server database profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_private_connection":{"version":1,"block":{"attributes":{"create_without_validation":{"type":"bool","description":"If set to true, will skip validations.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc":{"type":"string","description":"Fully qualified name of the VPC that Datastream will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween Datastream and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_datastream_stream":{"version":0,"block":{"attributes":{"create_without_validation":{"type":"bool","description":"Create the stream without validating it.","description_kind":"plain","optional":true},"customer_managed_encryption_key":{"type":"string","description":"A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data\nwill be encrypted using an internal Stream-specific encryption key provisioned through KMS.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Stream. Set this field to 'RUNNING' to start the stream,\n'NOT_STARTED' to create the stream without starting and 'PAUSED' to pause\nthe stream from a 'RUNNING' state.\nPossible values: NOT_STARTED, RUNNING, PAUSED. Default: NOT_STARTED","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this stream is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The stream's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the stream.","description_kind":"plain","computed":true},"stream_id":{"type":"string","description":"The stream identifier.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"backfill_all":{"nesting_mode":"list","block":{"block_types":{"mysql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"oracle_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"postgresql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"sql_server_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The SQL Server data type. Full data types list can be found here:\nhttps://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"SQL Server schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"SQL Server data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1}},"description":"Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded.","description_kind":"plain"},"max_items":1},"backfill_none":{"nesting_mode":"list","block":{"description":"Backfill strategy to disable automatic backfill for the Stream's objects.","description_kind":"plain"},"max_items":1},"destination_config":{"nesting_mode":"list","block":{"attributes":{"destination_connection_profile":{"type":"string","description":"Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"bigquery_destination_config":{"nesting_mode":"list","block":{"attributes":{"data_freshness":{"type":"string","description":"The guaranteed data freshness (in seconds) when querying tables created by the stream.\nEditing this field will only affect new tables created in the future, but existing tables\nwill not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true}},"block_types":{"append_only":{"nesting_mode":"list","block":{"description":"AppendOnly mode defines that the stream of changes (INSERT, UPDATE-INSERT, UPDATE-DELETE and DELETE\nevents) to a source table will be written to the destination Google BigQuery table, retaining the\nhistorical state of the data.","description_kind":"plain"},"max_items":1},"merge":{"nesting_mode":"list","block":{"description":"Merge mode defines that all changes to a table will be merged at the destination Google BigQuery\ntable. This is the default write mode. When selected, BigQuery reflects the way the data is stored\nin the source database. With Merge mode, no historical record of the change events is kept.","description_kind":"plain"},"max_items":1},"single_target_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID in the format projects/{project}/datasets/{dataset_id} or\n{project}:{dataset_id}","description_kind":"plain","required":true}},"description":"A single target dataset to which all data will be streamed.","description_kind":"plain"},"max_items":1},"source_hierarchy_datasets":{"nesting_mode":"list","block":{"block_types":{"dataset_template":{"nesting_mode":"list","block":{"attributes":{"dataset_id_prefix":{"type":"string","description":"If supplied, every created dataset will have its name prefixed by the provided value.\nThe prefix and name will be separated by an underscore. i.e. _.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery\ntable. The BigQuery Service Account associated with your project requires access to this\nencryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}.\nSee https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee https://cloud.google.com/bigquery/docs/locations for supported locations.","description_kind":"plain","required":true}},"description":"Dataset template used for dynamic dataset creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Google BigQuery.","description_kind":"plain"},"max_items":1},"gcs_destination_config":{"nesting_mode":"list","block":{"attributes":{"file_rotation_interval":{"type":"string","description":"The maximum duration for which new events are added before a file is closed and a new file is created.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true,"computed":true},"file_rotation_mb":{"type":"number","description":"The maximum file size to be saved in the bucket.","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path inside the Cloud Storage bucket to write data to.","description_kind":"plain","optional":true}},"block_types":{"avro_file_format":{"nesting_mode":"list","block":{"description":"AVRO file format configuration.","description_kind":"plain"},"max_items":1},"json_file_format":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"Compression of the loaded JSON file. Possible values: [\"NO_COMPRESSION\", \"GZIP\"]","description_kind":"plain","optional":true},"schema_file_format":{"type":"string","description":"The schema file format along JSON data files. Possible values: [\"NO_SCHEMA_FILE\", \"AVRO_SCHEMA_FILE\"]","description_kind":"plain","optional":true}},"description":"JSON file format configuration.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"Destination connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"source_config":{"nesting_mode":"list","block":{"attributes":{"source_connection_profile":{"type":"string","description":"Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"mysql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"binary_log_position":{"nesting_mode":"list","block":{"description":"CDC reader reads from binary logs replication cdc method.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"gtid":{"nesting_mode":"list","block":{"description":"CDC reader reads from gtid based replication.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"oracle_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"drop_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to retrieve from the source.","description_kind":"plain"},"max_items":1},"stream_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"postgresql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non\nnegative. If not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"publication":{"type":"string","description":"The name of the publication that includes the set of all tables\nthat are defined in the stream's include_objects.","description_kind":"plain","required":true},"replication_slot":{"type":"string","description":"The name of the logical replication slot that's configured with\nthe pgoutput plugin.","description_kind":"plain","required":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"PostgreSQL data source configuration.","description_kind":"plain"},"max_items":1},"sql_server_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Max concurrent backfill tasks.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Max concurrent CDC tasks.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"change_tables":{"nesting_mode":"list","block":{"description":"CDC reader reads from change tables.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The SQL Server data type. Full data types list can be found here:\nhttps://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"SQL Server schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"SQL Server objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The SQL Server data type. Full data types list can be found here:\nhttps://learn.microsoft.com/en-us/sql/t-sql/data-types/data-types-transact-sql?view=sql-server-ver16","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"SQL Server columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"SQL Server schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"SQL Server objects to retrieve from the source.","description_kind":"plain"},"max_items":1},"transaction_logs":{"nesting_mode":"list","block":{"description":"CDC reader reads from transaction logs.","description_kind":"plain"},"max_items":1}},"description":"SQL Server data source configuration.","description_kind":"plain"},"max_items":1}},"description":"Source connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_deployment_manager_deployment":{"version":0,"block":{"attributes":{"create_policy":{"type":"string","description":"Set the policy to use for creating new resources. Only used on\ncreate and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or\n'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist,\nthe deployment will fail. Note that updating this field does not\nactually affect the deployment, just how it is updated. Default value: \"CREATE_OR_ACQUIRE\" Possible values: [\"ACQUIRE\", \"CREATE_OR_ACQUIRE\"]","description_kind":"plain","optional":true},"delete_policy":{"type":"string","description":"Set the policy to use for deleting new resources on update/delete.\nValid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE',\nresource is deleted after removal from Deployment Manager. If\n'ABANDON', the resource is only removed from Deployment Manager\nand is not actually deleted. Note that updating this field does not\nactually change the deployment, just how it is updated. Default value: \"DELETE\" Possible values: [\"ABANDON\", \"DELETE\"]","description_kind":"plain","optional":true},"deployment_id":{"type":"string","description":"Unique identifier for deployment. Output only.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional user-provided description of deployment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"manifest":{"type":"string","description":"Output only. URL of the manifest representing the last manifest that\nwas successfully deployed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the deployment","description_kind":"plain","required":true},"preview":{"type":"bool","description":"If set to true, a deployment is created with \"shell\" resources\nthat are not actually instantiated. This allows you to preview a\ndeployment. It can be updated to false to actually deploy\nwith real resources.\n ~\u003e**NOTE:** Deployment Manager does not allow update\nof a deployment in preview (unless updating to preview=false). Thus,\nTerraform will force-recreate deployments if either preview is updated\nto true or if other fields are updated while preview is true.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Output only. Server defined URL for the resource.","description_kind":"plain","computed":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":"Key for label.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of label.","description_kind":"plain","optional":true}},"description":"Key-value pairs to apply to this labels.","description_kind":"plain"}},"target":{"nesting_mode":"list","block":{"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full YAML contents of your configuration file.","description_kind":"plain","required":true}},"description":"The root configuration file to use for this deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"imports":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full contents of the template that you want to import.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the template to import, as declared in the YAML\nconfiguration.","description_kind":"plain","optional":true}},"description":"Specifies import files for this configuration. This can be\nused to import templates or other files. For example, you might\nimport a text file in order to use the file in a template.","description_kind":"plain"}}},"description":"Parameters that define your deployment, including the deployment\nconfiguration and relevant templates.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_developer_connect_connection":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"connection_id":{"type":"string","description":"Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nconnection_id from the method_signature of Create RPC","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. [Output only] Create timestamp","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. [Output only] Delete timestamp","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Optional. If disabled is set to true, functionality is disabled for this connection.\nRepository based API methods and webhooks processing for repositories in\nthis connection will be disabled.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"installation_state":{"type":["list",["object",{"action_uri":"string","message":"string","stage":"string"}]],"description":"Describes stage and necessary actions to be taken by the\nuser to complete the installation. Used for GitHub and GitHub Enterprise\nbased connections.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels as key value pairs\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. It identifies the resource within its parent collection as described in https://google.aip.dev/122.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of the connection, in the format\n'projects/{project}/locations/{location}/connections/{connection_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the\nbackground.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A system-assigned unique identifier for a the GitRepositoryLink.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. [Output only] Update timestamp","description_kind":"plain","computed":true}},"block_types":{"crypto_key_config":{"nesting_mode":"list","block":{"attributes":{"key_reference":{"type":"string","description":"Required. The name of the key which is used to encrypt/decrypt customer data. For key\nin Cloud KMS, the key should be in the format of\n'projects/*/locations/*/keyRings/*/cryptoKeys/*'.","description_kind":"plain","required":true}},"description":"The crypto key configuration. This field is used by the Customer-managed\nencryption keys (CMEK) feature.","description_kind":"plain"},"max_items":1},"github_config":{"nesting_mode":"list","block":{"attributes":{"app_installation_id":{"type":"string","description":"Optional. GitHub App installation id.","description_kind":"plain","optional":true,"computed":true},"github_app":{"type":"string","description":"Required. Immutable. The GitHub Application that was installed to the GitHub user or\norganization.\nPossible values:\nGIT_HUB_APP_UNSPECIFIED\nDEVELOPER_CONNECT\nFIREBASE","description_kind":"plain","required":true},"installation_uri":{"type":"string","description":"Output only. The URI to navigate to in order to manage the installation associated\nwith this GitHubConfig.","description_kind":"plain","computed":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"oauth_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the OAuth token that authorizes\nthe connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated with this token.","description_kind":"plain","computed":true}},"description":"Represents an OAuth token of the account that authorized the Connection,\nand associated metadata.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to github.com.","description_kind":"plain"},"max_items":1},"github_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"app_id":{"type":"string","description":"Optional. ID of the GitHub App created from the manifest.","description_kind":"plain","optional":true},"app_installation_id":{"type":"string","description":"Optional. ID of the installation of the GitHub App.","description_kind":"plain","optional":true},"app_slug":{"type":"string","description":"Output only. The URL-friendly name of the GitHub App.","description_kind":"plain","computed":true},"host_uri":{"type":"string","description":"Required. The URI of the GitHub Enterprise host this connection is for.","description_kind":"plain","required":true},"installation_uri":{"type":"string","description":"Output only. The URI to navigate to in order to manage the installation associated\nwith this GitHubEnterpriseConfig.","description_kind":"plain","computed":true},"private_key_secret_version":{"type":"string","description":"Optional. SecretManager resource containing the private key of the GitHub App,\nformatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"server_version":{"type":"string","description":"Output only. GitHub Enterprise version installed at the host_uri.","description_kind":"plain","computed":true},"ssl_ca_certificate":{"type":"string","description":"Optional. SSL certificate to use for requests to GitHub Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Optional. SecretManager resource containing the webhook secret of the GitHub App,\nformatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true}},"block_types":{"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name.\nFormat:\nprojects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"ServiceDirectoryConfig represents Service Directory configuration for a\nconnection.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitHub Enterprise.","description_kind":"plain"},"max_items":1},"gitlab_config":{"nesting_mode":"list","block":{"attributes":{"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab project,\nformatted as 'projects/*/secrets/*/versions/*'. This is used to validate\nwebhooks.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes\nthe Developer Connect connection. Format:\n'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated with this token.","description_kind":"plain","computed":true}},"description":"Represents a personal access token that authorized the Connection,\nand associated metadata.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes\nthe Developer Connect connection. Format:\n'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated with this token.","description_kind":"plain","computed":true}},"description":"Represents a personal access token that authorized the Connection,\nand associated metadata.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for connections to gitlab.com.","description_kind":"plain"},"max_items":1},"gitlab_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"Required. The URI of the GitLab Enterprise host this connection is for.","description_kind":"plain","required":true},"server_version":{"type":"string","description":"Output only. Version of the GitLab Enterprise server running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca_certificate":{"type":"string","description":"Optional. SSL Certificate Authority certificate to use for requests to GitLab\nEnterprise instance.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab project,\nformatted as 'projects/*/secrets/*/versions/*'. This is used to validate\nwebhooks.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes\nthe Developer Connect connection. Format:\n'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated with this token.","description_kind":"plain","computed":true}},"description":"Represents a personal access token that authorized the Connection,\nand associated metadata.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes\nthe Developer Connect connection. Format:\n'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated with this token.","description_kind":"plain","computed":true}},"description":"Represents a personal access token that authorized the Connection,\nand associated metadata.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name.\nFormat:\nprojects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"ServiceDirectoryConfig represents Service Directory configuration for a\nconnection.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitLab Enterprise.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_developer_connect_git_repository_link":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Allows clients to store small amounts of arbitrary data. \n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"clone_uri":{"type":"string","description":"Required. Git Clone URI.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. [Output only] Create timestamp","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. [Output only] Delete timestamp","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.","description_kind":"plain","optional":true},"git_repository_link_id":{"type":"string","description":"Required. The ID to use for the repository, which will become the final component of\nthe repository's resource name. This ID should be unique in the connection.\nAllows alphanumeric characters and any of -._~%!$\u0026'()*+,;=@.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels as key value pairs \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type 'developerconnect.googleapis.com/GitRepositoryLink'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. Resource name of the repository, in the format\n'projects/*/locations/*/connections/*/gitRepositoryLinks/*'.","description_kind":"plain","computed":true},"parent_connection":{"type":"string","description":"Resource ID segment making up resource 'name'. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type 'developerconnect.googleapis.com/GitRepositoryLink'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the\nbackground.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A system-assigned unique identifier for a the GitRepositoryLink.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. [Output only] Update timestamp","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_agent":{"version":0,"block":{"attributes":{"api_version":{"type":"string","description":"API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query\ndifferent service endpoints for different API versions. However, bots connectors and webhook calls will follow\nthe specified API version.\n* API_VERSION_V1: Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", \"API_VERSION_V2_BETA_1\"]","description_kind":"plain","optional":true,"computed":true},"avatar_uri":{"type":"string","description":"The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered\ninto this field, the Dialogflow will save the image in the backend. The address of the backend image returned\nfrom the API will be shown in the [avatarUriBackend] field.","description_kind":"plain","optional":true},"avatar_uri_backend":{"type":"string","description":"The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar,\nthe [avatarUri] field can be used.","description_kind":"plain","computed":true},"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent,\nyou can tune the machine learning classification threshold. If the returned score value is less than the threshold\nvalue, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be\ntriggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the\ndefault of 0.3 is used.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this agent.","description_kind":"plain","required":true},"enable_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_mode":{"type":"string","description":"Determines how intents are detected from user queries.\n* MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates\nsyntax and composite entities.\n* MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones\nusing @sys.any or very large developer entities. Possible values: [\"MATCH_MODE_HYBRID\", \"MATCH_MODE_ML_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the defaultLanguageCode).","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The agent tier. If not specified, TIER_STANDARD is assumed.\n* TIER_STANDARD: Standard tier.\n* TIER_ENTERPRISE: Enterprise tier (Essentials).\n* TIER_ENTERPRISE_PLUS: Enterprise tier (Plus).\nNOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between\nthe Terraform state and Dialogflow if the agent tier is changed outside of Terraform. Possible values: [\"TIER_STANDARD\", \"TIER_ENTERPRISE\", \"TIER_ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_agent":{"version":0,"block":{"attributes":{"avatar_uri":{"type":"string","description":"The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the agent, unique within the location.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","deprecated":true,"optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location this agent is located in.\n\n~\u003e **Note:** The first time you are deploying an Agent in your project you must configure location settings.\n This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console.\n Another options is to use global location so you don't need to manually configure location settings.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the agent.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the default_language_code).","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1},"logging_settings":{"nesting_mode":"list","block":{"attributes":{"enable_consent_based_redaction":{"type":"bool","description":"Enables consent-based end-user input redaction, if true, a pre-defined session parameter **$session.params.conversation-redaction** will be used to determine if the utterance should be redacted.","description_kind":"plain","optional":true},"enable_interaction_logging":{"type":"bool","description":"Enables DF Interaction logging.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Enables Google Cloud Logging.","description_kind":"plain","optional":true}},"description":"Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels:\n* Agent level","description_kind":"plain"},"max_items":1},"speech_settings":{"nesting_mode":"list","block":{"attributes":{"endpointer_sensitivity":{"type":"number","description":"Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100.","description_kind":"plain","optional":true},"models":{"type":["map","string"],"description":"Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see [Speech models](https://cloud.google.com/dialogflow/cx/docs/concept/speech-models).\nAn object containing a list of **\"key\": value** pairs. Example: **{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }**.","description_kind":"plain","optional":true},"no_speech_timeout":{"type":"string","description":"Timeout before detecting no speech.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"use_timeout_based_endpointing":{"type":"bool","description":"Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value.","description_kind":"plain","optional":true}},"description":"Settings for speech to text detection. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"git_integration_settings":{"nesting_mode":"list","block":{"block_types":{"github_settings":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"string","description":"The access token used to authenticate the access to the GitHub repository.","description_kind":"plain","optional":true,"sensitive":true},"branches":{"type":["list","string"],"description":"A list of branches configured to be used from Dialogflow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The unique repository display name for the GitHub repository.","description_kind":"plain","optional":true},"repository_uri":{"type":"string","description":"The GitHub repository URI related to the agent.","description_kind":"plain","optional":true},"tracking_branch":{"type":"string","description":"The branch of the GitHub repository tracked for this agent.","description_kind":"plain","optional":true}},"description":"Settings of integration with GitHub.","description_kind":"plain"},"max_items":1}},"description":"Git integration settings for this agent.","description_kind":"plain"},"max_items":1},"speech_to_text_settings":{"nesting_mode":"list","block":{"attributes":{"enable_speech_adaptation":{"type":"bool","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","optional":true}},"description":"Settings related to speech recognition.","description_kind":"plain"},"max_items":1},"text_to_speech_settings":{"nesting_mode":"list","block":{"attributes":{"synthesize_speech_configs":{"type":"string","description":"Configuration of how speech should be synthesized, mapping from [language](https://cloud.google.com/dialogflow/cx/docs/reference/language) to [SynthesizeSpeechConfig](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents#synthesizespeechconfig).\nThese settings affect:\n* The phone gateway synthesize configuration set via Agent.text_to_speech_settings.\n* How speech is synthesized when invoking session APIs. 'Agent.text_to_speech_settings' only applies if 'OutputAudioConfig.synthesize_speech_config' is not specified.","description_kind":"plain","optional":true}},"description":"Settings related to speech synthesizing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_entity_type":{"version":0,"block":{"attributes":{"auto_expansion_mode":{"type":"string","description":"Represents kinds of entities.\n* AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity.\n* AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: [\"AUTO_EXPANSION_MODE_DEFAULT\", \"AUTO_EXPANSION_MODE_UNSPECIFIED\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the entity type, unique within the agent.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates whether the entity type can be automatically expanded.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value.\n* KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language of the following fields in entityType:\nEntityType.entities.value\nEntityType.entities.synonyms\nEntityType.excluded_phrases.value\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a entity type for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging.","description_kind":"plain","optional":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions.\nFor KIND_LIST entity types: This collection must contain exactly one synonym equal to value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions.\nFor KIND_MAP entity types: A canonical value to be used in place of synonyms.\nFor KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","optional":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"},"min_items":1},"excluded_phrases":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The word or phrase to be excluded.","description_kind":"plain","optional":true}},"description":"Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion.\nIf the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_environment":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the environment (unique in an agent). Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the environment.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Agent to create an Environment for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Update time of this environment. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_configs":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}.","description_kind":"plain","required":true}},"description":"A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_dialogflow_cx_flow":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the flow.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_start_flow":{"type":"bool","description":"Marks this as the [Default Start Flow](https://cloud.google.com/dialogflow/cx/docs/concept/flow#start) for an agent. When you create an agent, the Default Start Flow is created automatically.\nThe Default Start Flow cannot be deleted; deleting the 'google_dialogflow_cx_flow' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_flow' resources linked to the same agent with 'is_default_start_flow = true' because they will compete to control a single Default Start Flow resource in GCP.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in flow:\nFlow.event_handlers.trigger_fulfillment.messages\nFlow.event_handlers.trigger_fulfillment.conditional_cases\nFlow.transition_routes.trigger_fulfillment.messages\nFlow.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the flow.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a flow for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"A flow's transition route group serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1},"logging_settings":{"nesting_mode":"list","block":{"attributes":{"enable_consent_based_redaction":{"type":"bool","description":"Enables consent-based end-user input redaction, if true, a pre-defined session parameter **$session.params.conversation-redaction** will be used to determine if the utterance should be redacted.","description_kind":"plain","optional":true},"enable_interaction_logging":{"type":"bool","description":"Enables DF Interaction logging.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Enables Google Cloud Logging.","description_kind":"plain","optional":true}},"description":"Settings for logging. Settings for Dialogflow History, Contact Center messages, StackDriver logs, and speech logging. Exposed at the following levels:\n* Agent level","description_kind":"plain"},"max_items":1},"speech_settings":{"nesting_mode":"list","block":{"attributes":{"endpointer_sensitivity":{"type":"number","description":"Sensitivity of the speech model that detects the end of speech. Scale from 0 to 100.","description_kind":"plain","optional":true},"models":{"type":["map","string"],"description":"Mapping from language to Speech-to-Text model. The mapped Speech-to-Text model will be selected for requests from its corresponding language. For more information, see [Speech models](https://cloud.google.com/dialogflow/cx/docs/concept/speech-models).\nAn object containing a list of **\"key\": value** pairs. Example: **{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }**.","description_kind":"plain","optional":true},"no_speech_timeout":{"type":"string","description":"Timeout before detecting no speech.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"use_timeout_based_endpointing":{"type":"bool","description":"Use timeout based endpointing, interpreting endpointer sensitivity as seconds of timeout value.","description_kind":"plain","optional":true}},"description":"Settings for speech to text detection. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"A flow's event handlers serve two purposes:\nThey are responsible for handling events (e.g. no match, webhook errors) in the flow.\nThey are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow.\nUnlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored.","description_kind":"plain"}},"nlu_settings":{"nesting_mode":"list","block":{"attributes":{"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold.\nIf the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used.","description_kind":"plain","optional":true},"model_training_mode":{"type":"string","description":"Indicates NLU model training mode.\n* MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode.\n* MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: [\"MODEL_TRAINING_MODE_AUTOMATIC\", \"MODEL_TRAINING_MODE_MANUAL\"]","description_kind":"plain","optional":true},"model_type":{"type":"string","description":"Indicates the type of NLU model.\n* MODEL_TYPE_STANDARD: Use standard NLU model.\n* MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: [\"MODEL_TYPE_STANDARD\", \"MODEL_TYPE_ADVANCED\"]","description_kind":"plain","optional":true}},"description":"NLU related settings of the flow.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A flow's transition routes serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying \"help\" or \"can I talk to a human?\", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow.\n\nTransitionRoutes are evalauted in the following order:\n TransitionRoutes with intent specified.\n TransitionRoutes with only condition specified.\n TransitionRoutes with intent specified are inherited by pages in the flow.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_intent":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_negative_intent":{"type":"bool","description":"Marks this as the [Default Negative Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#negative) for an agent. When you create an agent, a Default Negative Intent is created automatically.\nThe Default Negative Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_negative_intent = true' because they will compete to control a single Default Negative Intent resource in GCP.","description_kind":"plain","optional":true},"is_default_welcome_intent":{"type":"bool","description":"Marks this as the [Default Welcome Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#welcome) for an agent. When you create an agent, a Default Welcome Intent is created automatically.\nThe Default Welcome Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_welcome_intent = true' because they will compete to control a single Default Welcome Intent resource in GCP.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation.\nAdding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event.\nTo manage the fallback intent, set 'is_default_negative_intent = true'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes.\nPrefix \"sys-\" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. \"sys-head\" means the intent is a head intent. \"sys.contextual\" means the intent is a contextual intent.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in intent:\nIntent.training_phrases.parts.text\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create an intent for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\nIf the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console.\nIf the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","required":true},"id":{"type":"string","description":"The unique identifier of the parameter. This field is used by training phrases to annotate their parts.","description_kind":"plain","required":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging.\nNote: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true}},"description":"The collection of parameters associated with the intent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"training_phrases":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The unique identifier of the training phrase.","description_kind":"plain","computed":true},"repeat_count":{"type":"number","description":"Indicates how many times this example was added to the intent.","description_kind":"plain","optional":true}},"block_types":{"parts":{"nesting_mode":"list","block":{"attributes":{"parameter_id":{"type":"string","description":"The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The text for this part.","description_kind":"plain","required":true}},"description":"The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase.\nNote: The API does not automatically annotate training phrases like the Dialogflow Console does.\nNote: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated.\nIf the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set.\nIf you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways:\nPart.text is set to a part of the phrase that has no parameters.\nPart.text is set to a part of the phrase that you want to annotate, and the parameterId field is set.","description_kind":"plain"},"min_items":1}},"description":"The collection of training phrases the agent is trained on to identify the intent.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_page":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the agent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_code":{"type":"string","description":"The language of the following fields in page:\n\nPage.entry_fulfillment.messages\nPage.entry_fulfillment.conditional_cases\nPage.event_handlers.trigger_fulfillment.messages\nPage.event_handlers.trigger_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.messages\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.reprompt_event_handlers.messages\nPage.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases\nPage.transition_routes.trigger_fulfillment.messages\nPage.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The flow to create a page for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page.\nIf multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -\u003e page's transition route group -\u003e flow's transition routes.\nIf multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"entry_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the session is entering the page.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"Handlers associated with the page to handle events such as webhook errors, no match or no input.","description_kind":"plain"}},"form":{"nesting_mode":"list","block":{"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"default_value":{"type":"string","description":"The default value of an optional parameter. If the parameter is required, the default value will be ignored.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the parameter, unique within the form.","description_kind":"plain","optional":true},"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","optional":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log.\nIf redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true},"required":{"type":"bool","description":"Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them.\nRequired parameters must be filled before form filling concludes.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"fill_behavior":{"nesting_mode":"list","block":{"block_types":{"initial_prompt_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter.","description_kind":"plain"},"max_items":1},"reprompt_event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are:\n* sys.no-match-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-match-default\n* sys.no-input-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-input-default\n* sys.invalid-parameter\n[initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter.\nIf the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on.\nA sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed.\nA sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt.\nIf the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted.","description_kind":"plain"}}},"description":"Defines fill behavior for the parameter.","description_kind":"plain"},"max_items":1}},"description":"Parameters to collect from the user.","description_kind":"plain"}}},"description":"The form associated with the page, used for collecting parameters relevant to the page.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow.\nWhen we are in a certain page, the TransitionRoutes are evalauted in the following order:\nTransitionRoutes defined in the page with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in flow with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in the page with only condition specified.\nTransitionRoutes defined in the transition route groups with only condition specified.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_security_settings":{"version":0,"block":{"attributes":{"deidentify_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text.\nNote: deidentifyTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the security settings, unique within the location.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config.\nNote: inspectTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location these settings are located in. Settings can only be applied to an agent in the same location.\nSee [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the settings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purge_data_types":{"type":["list","string"],"description":"List of types of data to remove when retention settings triggers purge. Possible values: [\"DIALOGFLOW_HISTORY\"]","description_kind":"plain","optional":true},"redaction_scope":{"type":"string","description":"Defines what types of data to redact. If not set, defaults to not redacting any kind of data.\n* REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk. Possible values: [\"REDACT_DISK_STORAGE\"]","description_kind":"plain","optional":true},"redaction_strategy":{"type":"string","description":"Defines how we redact data. If not set, defaults to not redacting.\n* REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted. Possible values: [\"REDACT_WITH_SERVICE\"]","description_kind":"plain","optional":true},"retention_strategy":{"type":"string","description":"Defines how long we retain persisted data that contains sensitive info. Only one of 'retention_window_days' and 'retention_strategy' may be set.\n* REMOVE_AFTER_CONVERSATION: Removes data when the conversation ends. If there is no conversation explicitly established, a default conversation ends when the corresponding Dialogflow session ends. Possible values: [\"REMOVE_AFTER_CONVERSATION\"]","description_kind":"plain","optional":true},"retention_window_days":{"type":"number","description":"Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL.\nOnly one of 'retention_window_days' and 'retention_strategy' may be set.","description_kind":"plain","optional":true}},"block_types":{"audio_export_settings":{"nesting_mode":"list","block":{"attributes":{"audio_export_pattern":{"type":"string","description":"Filename pattern for exported audio.","description_kind":"plain","optional":true},"audio_format":{"type":"string","description":"File format for exported audio file. Currently only in telephony recordings.\n* MULAW: G.711 mu-law PCM with 8kHz sample rate.\n* MP3: MP3 file format.\n* OGG: OGG Vorbis. Possible values: [\"MULAW\", \"MP3\", \"OGG\"]","description_kind":"plain","optional":true},"enable_audio_redaction":{"type":"bool","description":"Enable audio redaction if it is true.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.","description_kind":"plain","optional":true}},"description":"Controls audio export settings for post-conversation analytics when ingesting audio to conversations.\nIf retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled.\nIf audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket.\nThis setting won't effect audio input for implicit sessions via [Sessions.DetectIntent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.sessions/detectIntent#google.cloud.dialogflow.cx.v3.Sessions.DetectIntent).","description_kind":"plain"},"max_items":1},"insights_export_settings":{"nesting_mode":"list","block":{"attributes":{"enable_insights_export":{"type":"bool","description":"If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.","description_kind":"plain","required":true}},"description":"Controls conversation exporting settings to Insights after conversation is completed.\nIf retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_test_case":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the test was created. A timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The human-readable name of the test case, unique within the agent. Limit of 200 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_test_result":{"type":["list",["object",{"conversation_turns":["list",["object",{"user_input":["list",["object",{"enable_sentiment_analysis":"bool","injected_parameters":"string","input":["list",["object",{"dtmf":["list",["object",{"digits":"string","finish_digit":"string"}]],"event":["list",["object",{"event":"string"}]],"language_code":"string","text":["list",["object",{"text":"string"}]]}]],"is_webhook_enabled":"bool"}]],"virtual_agent_output":["list",["object",{"current_page":["list",["object",{"display_name":"string","name":"string"}]],"differences":["list",["object",{"description":"string","type":"string"}]],"session_parameters":"string","status":["list",["object",{"code":"number","details":"string","message":"string"}]],"text_responses":["list",["object",{"text":["list","string"]}]],"triggered_intent":["list",["object",{"display_name":"string","name":"string"}]]}]]}]],"environment":"string","name":"string","test_result":"string","test_time":"string"}]],"description":"The latest test result.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the test case.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/testCases/\u003cTestCase ID\u003e.","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Additional freeform notes about the test case. Limit of 400 characters.","description_kind":"plain","optional":true},"parent":{"type":"string","description":"The agent to create the test case for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags are short descriptions that users may apply to test cases for organizational and filtering purposes.\nEach tag should start with \"#\" and has a limit of 30 characters","description_kind":"plain","optional":true}},"block_types":{"test_case_conversation_turns":{"nesting_mode":"list","block":{"block_types":{"user_input":{"nesting_mode":"list","block":{"attributes":{"enable_sentiment_analysis":{"type":"bool","description":"Whether sentiment analysis is enabled.","description_kind":"plain","optional":true},"injected_parameters":{"type":"string","description":"Parameters that need to be injected into the conversation during intent detection.","description_kind":"plain","optional":true},"is_webhook_enabled":{"type":"bool","description":"If webhooks should be allowed to trigger in response to the user utterance. Often if parameters are injected, webhooks should not be enabled.","description_kind":"plain","optional":true}},"block_types":{"input":{"nesting_mode":"list","block":{"attributes":{"language_code":{"type":"string","description":"The language of the input. See [Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) for a list of the currently supported language codes.\nNote that queries in the same session do not necessarily need to specify the same language.","description_kind":"plain","optional":true}},"block_types":{"dtmf":{"nesting_mode":"list","block":{"attributes":{"digits":{"type":"string","description":"The dtmf digits.","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The finish digit (if any).","description_kind":"plain","optional":true}},"description":"The DTMF event to be handled.","description_kind":"plain"},"max_items":1},"event":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"Name of the event.","description_kind":"plain","required":true}},"description":"The event to be triggered.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"text":{"type":"string","description":"The natural language text to be processed. Text length must not exceed 256 characters.","description_kind":"plain","required":true}},"description":"The natural language text to be processed.","description_kind":"plain"},"max_items":1}},"description":"User input. Supports text input, event input, dtmf input in the test case.","description_kind":"plain"},"max_items":1}},"description":"The user input.","description_kind":"plain"},"max_items":1},"virtual_agent_output":{"nesting_mode":"list","block":{"attributes":{"session_parameters":{"type":"string","description":"The session parameters available to the bot at this point.","description_kind":"plain","optional":true}},"block_types":{"current_page":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Page](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages#Page) on which the utterance was spoken.","description_kind":"plain"},"max_items":1},"text_responses":{"nesting_mode":"list","block":{"attributes":{"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text responses from the agent for the turn.","description_kind":"plain"}},"triggered_intent":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Intent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents#Intent) that triggered the response.","description_kind":"plain"},"max_items":1}},"description":"The virtual agent output.","description_kind":"plain"},"max_items":1}},"description":"The conversation turns uttered when the test case was created, in chronological order. These include the canonical set of agent utterances that should occur when the agent is working properly.","description_kind":"plain"}},"test_config":{"nesting_mode":"list","block":{"attributes":{"flow":{"type":"string","description":"Flow name to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"page":{"type":"string","description":"The page to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"tracking_parameters":{"type":["list","string"],"description":"Session parameters to be compared when calculating differences.","description_kind":"plain","optional":true}},"description":"Config for the test case.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the version. Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation.","description_kind":"plain","computed":true},"nlu_settings":{"type":["list",["object",{"classification_threshold":"number","model_training_mode":"string","model_type":"string"}]],"description":"The NLU settings of the flow at version creation.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Flow to create an Version for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of this version.\n* RUNNING: Version is not ready to serve (e.g. training is running).\n* SUCCEEDED: Training has succeeded and this version is ready to serve.\n* FAILED: Version training failed.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_webhook":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Indicates whether the webhook is disabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the webhook, unique within the agent.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the webhook.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a webhook for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"timeout":{"type":"string","description":"Webhook execution timeout.","description_kind":"plain","optional":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"Configuration for a generic web service.","description_kind":"plain"},"max_items":1},"service_directory":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"The name of Service Directory service.","description_kind":"plain","required":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"The name of Service Directory service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for a Service Directory service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_entity_type":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The name of this entity type to be displayed on the console.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates the kind of entity type.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value.\n* KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity\ntypes can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/agent/entityTypes/\u003cEntity type ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym\ncould be green onions.\nFor KIND_LIST entity types:\n* This collection must contain exactly one synonym equal to value.","description_kind":"plain","required":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value\ncould be scallions.\nFor KIND_MAP entity types:\n* A reference value to be used in place of synonyms.\nFor KIND_LIST entity types:\n* A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","required":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_fulfillment":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the fulfillment, unique within the agent.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether fulfillment is enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the fulfillment.\nFormat: projects/\u003cProject ID\u003e/agent/fulfillment - projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agent/fulfillment","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"features":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of the feature that enabled for fulfillment.\n* SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: [\"SMALLTALK\"]","description_kind":"plain","required":true}},"description":"The field defines whether the fulfillment is enabled for certain features.","description_kind":"plain"}},"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password for HTTP Basic authentication.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with fulfillment requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The fulfillment URI for receiving POST requests. It must use https protocol.","description_kind":"plain","required":true},"username":{"type":"string","description":"The user name for HTTP Basic authentication.","description_kind":"plain","optional":true}},"description":"Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_intent":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The name of the action associated with the intent.\nNote: The action name must not contain whitespaces.","description_kind":"plain","optional":true,"computed":true},"default_response_platforms":{"type":["list","string"],"description":"The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED\n(i.e. default platform). Possible values: [\"FACEBOOK\", \"SLACK\", \"TELEGRAM\", \"KIK\", \"SKYPE\", \"LINE\", \"VIBER\", \"ACTIONS_ON_GOOGLE\", \"GOOGLE_HANGOUTS\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this intent to be displayed on the console.","description_kind":"plain","required":true},"events":{"type":["list","string"],"description":"The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of\nthe contexts must be present in the active user session for an event to trigger this intent. See the\n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details.","description_kind":"plain","optional":true},"followup_intent_info":{"type":["list",["object",{"followup_intent_name":"string","parent_followup_intent_name":"string"}]],"description":"Information about all followup intents that have this intent as a direct or indirect parent. We populate this field\nonly in the output.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"input_context_names":{"type":["list","string"],"description":"The list of context names required for this intent to be triggered.\nFormat: projects/\u003cProject ID\u003e/agent/sessions/-/contexts/\u003cContext ID\u003e.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent.","description_kind":"plain","optional":true,"computed":true},"ml_disabled":{"type":"bool","description":"Indicates whether Machine Learning is disabled for the intent.\nNote: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML\nONLY match mode. Also, auto-markup in the UI is turned off.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent_followup_intent_name":{"type":"string","description":"The unique identifier of the parent intent in the chain of followup intents.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\n - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds\n to the Normal priority in the console.\n - If the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reset_contexts":{"type":"bool","description":"Indicates whether to delete all contexts in the current session when this intent is matched.","description_kind":"plain","optional":true,"computed":true},"root_followup_intent_name":{"type":"string","description":"The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup\nintents chain for this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"webhook_state":{"type":"string","description":"Indicates whether webhooks are enabled for the intent.\n* WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent.\n* WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot\nfilling prompt is forwarded to the webhook. Possible values: [\"WEBHOOK_STATE_ENABLED\", \"WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_chat_engine":{"version":0,"block":{"attributes":{"chat_engine_metadata":{"type":["list",["object",{"dialogflow_agent":"string"}]],"description":"Additional information of the Chat Engine.","description_kind":"plain","computed":true},"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. Multiple DataStores in the same Collection can be associated here. All listed DataStores must be 'SOLUTION_TYPE_CHAT'. Adding or removing data stores will force recreation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"The ID to use for chat engine.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the chat engine registers. Vertical on Engine has to match vertical of the DataStore linked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the chat engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"chat_engine_config":{"nesting_mode":"list","block":{"attributes":{"dialogflow_agent_to_link":{"type":"string","description":"The resource name of an existing Dialogflow agent to link to this Chat Engine. Format: 'projects/\u003cProject_ID\u003e/locations/\u003cLocation_ID\u003e/agents/\u003cAgent_ID\u003e'.\nExactly one of 'agent_creation_config' or 'dialogflow_agent_to_link' must be set.","description_kind":"plain","optional":true}},"block_types":{"agent_creation_config":{"nesting_mode":"list","block":{"attributes":{"business":{"type":"string","description":"Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. See [Language Support](https://cloud.google.com/dialogflow/docs/reference/language) for a list of the currently supported language codes.","description_kind":"plain","required":true},"location":{"type":"string","description":"Agent location for Agent creation, currently supported values: global/us/eu, it needs to be the same region as the Chat Engine.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of the agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris.","description_kind":"plain","required":true}},"description":"The configuration to generate the Dialogflow agent that is associated to this Engine.\nExactly one of 'agent_creation_config' or 'dialogflow_agent_to_link' must be set.","description_kind":"plain"},"max_items":1}},"description":"Configurations for a chat Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_data_store":{"version":0,"block":{"attributes":{"content_config":{"type":"string","description":"The content config of the data store. Possible values: [\"NO_CONTENT\", \"CONTENT_REQUIRED\", \"PUBLIC_WEBSITE\"]","description_kind":"plain","required":true},"create_advanced_site_search":{"type":"bool","description":"If true, an advanced data store for site search will be created. If the\ndata store is not configured as site search (GENERIC vertical and\nPUBLIC_WEBSITE contentConfig), this flag will be ignored.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Timestamp when the DataStore was created.","description_kind":"plain","computed":true},"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"default_schema_id":{"type":"string","description":"The id of the default Schema associated with this data store.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the data store. This field must be a UTF-8 encoded\nstring with a length limit of 128 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the data store registers. Possible values: [\"GENERIC\", \"MEDIA\", \"HEALTHCARE_FHIR\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the data store. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_default_schema_creation":{"type":"bool","description":"A boolean flag indicating whether to skip the default schema creation for\nthe data store. Only enable this flag if you are certain that the default\nschema is incompatible with your use case.\nIf set to true, you must manually create a schema for the data store\nbefore any documents can be ingested.\nThis flag cannot be specified if 'data_store.starting_schema' is\nspecified.","description_kind":"plain","optional":true},"solution_types":{"type":["list","string"],"description":"The solutions that the data store enrolls. Possible values: [\"SOLUTION_TYPE_RECOMMENDATION\", \"SOLUTION_TYPE_SEARCH\", \"SOLUTION_TYPE_CHAT\", \"SOLUTION_TYPE_GENERATIVE_CHAT\"]","description_kind":"plain","optional":true}},"block_types":{"document_processing_config":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The full resource name of the Document Processing Config. Format:\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}/documentProcessingConfig'.","description_kind":"plain","computed":true}},"block_types":{"chunking_config":{"nesting_mode":"list","block":{"block_types":{"layout_based_chunking_config":{"nesting_mode":"list","block":{"attributes":{"chunk_size":{"type":"number","description":"The token size limit for each chunk.\nSupported values: 100-500 (inclusive). Default value: 500.","description_kind":"plain","optional":true},"include_ancestor_headings":{"type":"bool","description":"Whether to include appending different levels of headings to chunks from the middle of the document to prevent context loss.\nDefault value: False.","description_kind":"plain","optional":true}},"description":"Configuration for the layout based chunking.","description_kind":"plain"},"max_items":1}},"description":"Whether chunking mode is enabled.","description_kind":"plain"},"max_items":1},"default_parsing_config":{"nesting_mode":"list","block":{"block_types":{"digital_parsing_config":{"nesting_mode":"list","block":{"description":"Configurations applied to digital parser.","description_kind":"plain"},"max_items":1},"layout_parsing_config":{"nesting_mode":"list","block":{"description":"Configurations applied to layout parser.","description_kind":"plain"},"max_items":1},"ocr_parsing_config":{"nesting_mode":"list","block":{"attributes":{"use_native_text":{"type":"bool","description":"If true, will use native text instead of OCR text on pages containing native text.","description_kind":"plain","optional":true}},"description":"Configurations applied to OCR parser. Currently it only applies to PDFs.","description_kind":"plain"},"max_items":1}},"description":"Configurations for default Document parser. If not specified, this resource\nwill be configured to use a default DigitalParsingConfig, and the default parsing\nconfig will be applied to all file types for Document parsing.","description_kind":"plain"},"max_items":1},"parsing_config_overrides":{"nesting_mode":"set","block":{"attributes":{"file_type":{"type":"string","description_kind":"plain","required":true}},"block_types":{"digital_parsing_config":{"nesting_mode":"list","block":{"description":"Configurations applied to digital parser.","description_kind":"plain"},"max_items":1},"layout_parsing_config":{"nesting_mode":"list","block":{"description":"Configurations applied to layout parser.","description_kind":"plain"},"max_items":1},"ocr_parsing_config":{"nesting_mode":"list","block":{"attributes":{"use_native_text":{"type":"bool","description":"If true, will use native text instead of OCR text on pages containing native text.","description_kind":"plain","optional":true}},"description":"Configurations applied to OCR parser. Currently it only applies to PDFs.","description_kind":"plain"},"max_items":1}},"description":"Map from file type to override the default parsing configuration based on the file type. Supported keys:\n * 'pdf': Override parsing config for PDF files, either digital parsing, ocr parsing or layout parsing is supported.\n * 'html': Override parsing config for HTML files, only digital parsing and or layout parsing are supported.\n * 'docx': Override parsing config for DOCX files, only digital parsing and or layout parsing are supported.","description_kind":"plain"}}},"description":"Configuration for Document understanding and enrichment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_schema":{"version":0,"block":{"attributes":{"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"json_schema":{"type":"string","description":"The JSON representation of the schema.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the schema. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}/schemas/{schema_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema_id":{"type":"string","description":"The unique id of the schema.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_search_engine":{"version":0,"block":{"attributes":{"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. For SOLUTION_TYPE_SEARCH type of engines, they can only associate with at most one data store.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Required. The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"Unique ID to use for Search Engine App.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the engine registers. The restriction of the Engine industry vertical is based on DataStore: If unspecified, default to GENERIC. Vertical on Engine has to match vertical of the DataStore liniked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\", \"MEDIA\", \"HEALTHCARE_FHIR\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the search engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.cd","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"search_engine_config":{"nesting_mode":"list","block":{"attributes":{"search_add_ons":{"type":["list","string"],"description":"The add-on that this search engine enables. Possible values: [\"SEARCH_ADD_ON_LLM\"]","description_kind":"plain","optional":true},"search_tier":{"type":"string","description":"The search feature tier of this engine. Defaults to SearchTier.SEARCH_TIER_STANDARD if not specified. Default value: \"SEARCH_TIER_STANDARD\" Possible values: [\"SEARCH_TIER_STANDARD\", \"SEARCH_TIER_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Configurations for a Search Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_target_site":{"version":0,"block":{"attributes":{"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"exact_match":{"type":"bool","description":"If set to false, a uri_pattern is generated to include all pages whose\naddress contains the provided_uri_pattern. If set to true, an uri_pattern\nis generated to try to be an exact match of the provided_uri_pattern or\njust the specific page if the provided_uri_pattern is a specific one.\nprovided_uri_pattern is always normalized to generate the URI pattern to\nbe used by the search engine.","description_kind":"plain","optional":true},"failure_reason":{"type":["list",["object",{"quota_failure":["list",["object",{"total_required_quota":"number"}]]}]],"description":"Site search indexing failure reasons.","description_kind":"plain","computed":true},"generated_uri_pattern":{"type":"string","description":"This is system-generated based on the 'provided_uri_pattern'.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"indexing_status":{"type":"string","description":"The indexing status.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the target site. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}/siteSearchEngine/targetSites/{target_site_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provided_uri_pattern":{"type":"string","description":"The user provided URI pattern from which the 'generated_uri_pattern' is\ngenerated.","description_kind":"plain","required":true},"root_domain_uri":{"type":"string","description":"Root domain of the 'provided_uri_pattern'.","description_kind":"plain","computed":true},"site_verification_info":{"type":["list",["object",{"site_verification_state":"string","verify_time":"string"}]],"description":"Site ownership and validity verification status.","description_kind":"plain","computed":true},"target_site_id":{"type":"string","description":"The unique id of the target site.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The possible target site types. Possible values: [\"INCLUDE\", \"EXCLUDE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The target site's last updated time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The DNS name of this managed zone, for instance \"example.com.\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"Set this true to delete all records in the zone.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this ManagedZone.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"User assigned name for this resource.\nMust be unique within the project.","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description":"Delegate your managed_zone to these virtual name servers;\ndefined by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"]","description_kind":"plain","optional":true}},"block_types":{"cloud_logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_logging":{"type":"bool","description":"If set, enable query logging for this ManagedZone. False by default, making logging opt-in.","description_kind":"plain","required":true}},"description":"Cloud logging configuration","description_kind":"plain"},"max_items":1},"dnssec_config":{"nesting_mode":"list","block":{"attributes":{"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true},"non_existence":{"type":"string","description":"Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"]","description_kind":"plain","optional":true}},"block_types":{"default_key_specs":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"]","description_kind":"plain","optional":true},"key_length":{"type":"number","description":"Length of the keys in bits","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"]","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true}},"description":"Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.","description_kind":"plain"}}},"description":"DNSSEC configuration","description_kind":"plain"},"max_items":1},"forwarding_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address of a target name server.","description_kind":"plain","required":true}},"description":"List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.","description_kind":"plain"},"min_items":1}},"description":"The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.","description_kind":"plain"},"max_items":1},"peering_config":{"nesting_mode":"list","block":{"block_types":{"target_network":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The network with which to peer.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.","description_kind":"plain"},"max_items":1},"private_visibility_config":{"nesting_mode":"list","block":{"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to bind to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you\nmay experience issues with this resource while updating. If you've defined a 'networks' block and\nadd another 'networks' block while keeping the old block, Terraform will see an incorrect diff\nand apply an incorrect update to the resource. If you encounter this issue, remove all 'networks'\nblocks in an update and then apply another update adding all of them back simultaneously.","description_kind":"plain"}}},"description":"For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"enable_inbound_forwarding":{"type":"bool","description":"Allows networks bound to this policy to receive DNS queries sent\nby VMs or applications over VPN connections. When enabled, a\nvirtual IP address will be allocated from each of the sub-networks\nthat are bound to this policy.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Controls whether logging is enabled for the networks bound to this policy.\nDefaults to no logging if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User assigned name for this policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"alternative_name_server_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address to forward to.","description_kind":"plain","required":true}},"description":"Sets an alternative name server for the associated networks. When specified,\nall DNS queries are forwarded to a name server that you choose. Names such as .internal\nare not available when an alternative name server is specified.","description_kind":"plain"},"min_items":1}},"description":"Sets an alternative name server for the associated networks.\nWhen specified, all DNS queries are forwarded to a name server that you choose.\nNames such as .internal are not available when an alternative name server is specified.","description_kind":"plain"},"max_items":1},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"List of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description":"The name of the zone in which this record set will reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The DNS name this record set will apply to.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \\\" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \\\"\\\" inside the Terraform configuration string (e.g. \"first255characters\\\"\\\"morecharacters\").","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"plain","optional":true},"type":{"type":"string","description":"The DNS record set type.","description_kind":"plain","required":true}},"block_types":{"routing_policy":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing":{"type":"bool","description":"Specifies whether to enable fencing for geo queries.","description_kind":"plain","optional":true},"health_check":{"type":"string","description":"Specifies the health check.","description_kind":"plain","optional":true}},"block_types":{"geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"attributes":{"external_endpoints":{"type":["list","string"],"description":"The Internet IP addresses to be health checked.","description_kind":"plain","optional":true}},"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"}}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Geo location based routing policy.","description_kind":"plain"}},"primary_backup":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing_for_backups":{"type":"bool","description":"Specifies whether to enable fencing for backup geo queries.","description_kind":"plain","optional":true},"trickle_ratio":{"type":"number","description":"Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.","description_kind":"plain","optional":true}},"block_types":{"backup_geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"attributes":{"external_endpoints":{"type":["list","string"],"description":"The Internet IP addresses to be health checked.","description_kind":"plain","optional":true}},"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"}}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The backup geo targets, which provide a regional failover policy for the otherwise global primary targets.","description_kind":"plain"},"min_items":1},"primary":{"nesting_mode":"list","block":{"attributes":{"external_endpoints":{"type":["list","string"],"description":"The Internet IP addresses to be health checked.","description_kind":"plain","optional":true}},"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"}}},"description":"The list of global primary targets to be health checked.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy.","description_kind":"plain"},"max_items":1},"wrr":{"nesting_mode":"list","block":{"attributes":{"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true},"weight":{"type":"number","description":"The ratio of traffic routed to the target.","description_kind":"plain","required":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"attributes":{"external_endpoints":{"type":["list","string"],"description":"The Internet IP addresses to be health checked.","description_kind":"plain","optional":true}},"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","optional":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"}}},"description":"The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of `rrdatas` or `health_checked_targets` can be set.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Weighted Round Robin based routing policy.","description_kind":"plain"}}},"description":"The configuration for steering traffic based on query. You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) type.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_response_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the response policy, such as 'My new response policy'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy_name":{"type":"string","description":"The user assigned name for this Response Policy, such as 'myresponsepolicy'.","description_kind":"plain","required":true}},"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The fully qualified URL of the VPC network to bind to.\nThis should be formatted like\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_response_policy_rule":{"version":0,"block":{"attributes":{"dns_name":{"type":"string","description":"The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy":{"type":"string","description":"Identifies the response policy addressed by this request.","description_kind":"plain","required":true},"rule_name":{"type":"string","description":"An identifier for this rule. Must be unique with the ResponsePolicy.","description_kind":"plain","required":true}},"block_types":{"local_data":{"nesting_mode":"list","block":{"block_types":{"local_datas":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"For example, www.example.com.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description":"As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Number of seconds that this ResourceRecordSet can be cached by\nresolvers.","description_kind":"plain","optional":true},"type":{"type":"string","description":"One of valid DNS resource types. Possible values: [\"A\", \"AAAA\", \"CAA\", \"CNAME\", \"DNSKEY\", \"DS\", \"HTTPS\", \"IPSECVPNKEY\", \"MX\", \"NAPTR\", \"NS\", \"PTR\", \"SOA\", \"SPF\", \"SRV\", \"SSHFP\", \"SVCB\", \"TLSA\", \"TXT\"]","description_kind":"plain","required":true}},"description":"All resource record sets for this selector, one per resource record type. The name must match the dns_name.","description_kind":"plain"},"min_items":1}},"description":"Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name;\nin particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name. Must be unique.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the processor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor_default_version":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"processor":{"type":"string","description":"The processor to set the version on.","description_kind":"plain","required":true},"version":{"type":"string","description":"The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel.\nApply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_document_schema":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name of the schema given by the user.","description_kind":"plain","required":true},"document_is_folder":{"type":"bool","description":"Tells whether the document is a folder or a typical document.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the document schema.","description_kind":"plain","computed":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"property_type_options":{"nesting_mode":"list","block":{"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1}},"description":"Nested structured data property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text/string property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_location":{"version":0,"block":{"attributes":{"access_control_mode":{"type":"string","description":"The access control mode for accessing the customer data. Possible values: [\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\", \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_BYOID\", \"ACL_MODE_UNIVERSAL_ACCESS\"]","description_kind":"plain","required":true},"database_type":{"type":"string","description":"The type of database used to store customer data. Possible values: [\"DB_INFRA_SPANNER\", \"DB_CLOUD_SQL_POSTGRES\"]","description_kind":"plain","required":true},"document_creator_default_role":{"type":"string","description":"The default role for the person who create a document. Possible values: [\"DOCUMENT_ADMIN\", \"DOCUMENT_EDITOR\", \"DOCUMENT_VIEWER\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"The KMS key used for CMEK encryption. It is required that\nthe kms key is in the same region as the endpoint. The\nsame key will be used for all provisioned resources, if\nencryption is available. If the kmsKey is left empty, no\nencryption will be enforced.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the instance is to be provisioned. It takes the form projects/{projectNumber}/locations/{location}.","description_kind":"plain","required":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_cluster":{"version":0,"block":{"attributes":{"cluster_ca_certificate":{"type":"string","description":"The PEM-encoded public certificate of the cluster's CA.","description_kind":"plain","computed":true,"sensitive":true},"control_plane_version":{"type":"string","description":"The control plane release version.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node used if a maximum value is not\nspecified explicitly for a node pool in this cluster. If unspecified, the\nKubernetes default value will be used.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of the Kubernetes API server.","description_kind":"plain","computed":true},"external_load_balancer_ipv4_address_pools":{"type":["list","string"],"description":"Address pools for cluster data plane external load balancing.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the edgecloud cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"maintenance_events":{"type":["list",["object",{"create_time":"string","end_time":"string","operation":"string","schedule":"string","start_time":"string","state":"string","target_version":"string","type":"string","update_time":"string","uuid":"string"}]],"description":"All the maintenance events scheduled for the cluster, including the ones\nongoing, planned for the future and done in the past (up to 90 days).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The GDCE cluster name.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes. This field can be empty\nif the cluster does not have any worker nodes.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the Kubernetes API server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel a cluster is subscribed to. Possible values: [\"RELEASE_CHANNEL_UNSPECIFIED\", \"NONE\", \"REGULAR\"]","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Indicates the status of the cluster.","description_kind":"plain","computed":true},"target_version":{"type":"string","description":"The target cluster version. For example: \"1.5.0\".","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"An active Google username.","description_kind":"plain","required":true}},"description":"User that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster. Currently, this is a singular field, but will\nbe expanded to allow multiple admins in the future.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"RBAC policy that will be applied and managed by GEC.","description_kind":"plain"},"min_items":1,"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"local":{"nesting_mode":"list","block":{"attributes":{"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to host control\nplane nodes. The filtering language accepts strings like \"name=\u003cname\u003e\",\nand is documented here: [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes to serve as replicas of the Control Plane.\nOnly 1 and 3 are supported.","description_kind":"plain","optional":true,"computed":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true},"shared_deployment_policy":{"type":"string","description":"Policy configuration about how user applications are deployed. Possible values: [\"SHARED_DEPLOYMENT_POLICY_UNSPECIFIED\", \"ALLOWED\", \"DISALLOWED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Local control plane configuration.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote control plane configuration.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the cluster control plane.","description_kind":"plain"},"max_items":1},"control_plane_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g.\nprojects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}\nto use for protecting control plane disks. If not specified, a\nGoogle-managed key will be used instead.","description_kind":"plain","optional":true,"computed":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting control\nplane disks. Only applicable if kms_key is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then\nnodes may go offline as they cannot access their local data. This can be\ncaused by a lack of permissions to use the key, or if the key is disabled\nor deleted.","description_kind":"plain","computed":true},"kms_status":{"type":["list",["object",{"code":"number","message":"string"}]],"description":"Error status returned by Cloud KMS when using this key. This field may be\npopulated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'.\nIf populated, this field contains the error status reported by Cloud KMS.","description_kind":"plain","computed":true}},"description":"Remote control plane disk encryption options. This field is only used when\nenabling CMEK support.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster.\nMembership names are formatted as\n'projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The name of the Fleet host project where this cluster will be registered.\nProject names are formatted as\n'projects/\u003cproject-number\u003e'.","description_kind":"plain","required":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"maintenance_exclusions":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"A unique (per cluster) id for the window.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The time that the window ends. The end time must take place after the\nstart time.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time that the window first starts.","description_kind":"plain","optional":true,"computed":true}},"description":"Represents an arbitrary window of time.","description_kind":"plain"},"max_items":1}},"description":"Exclusions to automatic maintenance. Non-emergency maintenance should not occur\nin these windows. Each exclusion has a unique name and may be active or expired.\nThe max number of maintenance exclusions allowed at a given time is 3.","description_kind":"plain"}},"window":{"nesting_mode":"list","block":{"block_types":{"recurring_window":{"nesting_mode":"list","block":{"attributes":{"recurrence":{"type":"string","description":"An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how\nthis window recurs. They go on for the span of time between the start and\nend time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The time that the window ends. The end time must take place after the\nstart time.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time that the window first starts.","description_kind":"plain","optional":true,"computed":true}},"description":"Represents an arbitrary window of time.","description_kind":"plain"},"max_items":1}},"description":"Represents an arbitrary window of time that recurs.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the maintenance window in which maintenance may be performed.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Cluster-wide maintenance policy configuration.","description_kind":"plain"},"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"cluster_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all pods in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6.","description_kind":"plain","computed":true},"services_ipv4_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"services_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all services in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"system_addons_config":{"nesting_mode":"list","block":{"block_types":{"ingress":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Whether Ingress is disabled.","description_kind":"plain","optional":true,"computed":true},"ipv4_vip":{"type":"string","description":"Ingress VIP.","description_kind":"plain","optional":true,"computed":true}},"description":"Config for the Ingress add-on which allows customers to create an Ingress\nobject to manage external access to the servers in a cluster. The add-on\nconsists of istiod and istio-ingress.","description_kind":"plain"},"max_items":1}},"description":"Config that customers are allowed to define for GDCE system add-ons.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_node_pool":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The name of the target Distributed Cloud Edge Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the node pool was created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to join the node pool.\nThe filtering language accepts strings like \"name=\u003cname\u003e\", and is\ndocumented in more detail in [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the node pool.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"The number of nodes in the pool.","description_kind":"plain","required":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the node pool was last updated.","description_kind":"plain","computed":true}},"block_types":{"local_disk_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks.\nIf not specified, a Google-managed key will be used instead.","description_kind":"plain","optional":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kmsKey is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data.\nThis can be caused by a lack of permissions to use the key, or if the key is disabled or deleted.","description_kind":"plain","computed":true}},"description":"Local disk encryption options. This field is only used when enabling CMEK support.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"\"The Kubernetes node labels\"","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for each node in the NodePool","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_vpn_connection":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the VPN connection was created.","description_kind":"plain","computed":true},"details":{"type":["list",["object",{"cloud_router":["list",["object",{"name":"string"}]],"cloud_vpns":["list",["object",{"gateway":"string"}]],"error":"string","state":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_high_availability":{"type":"bool","description":"Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Google Cloud Platform location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of VPN connection","description_kind":"plain","required":true},"nat_gateway_ip":{"type":"string","description":"NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster.\nThis is empty if NAT is not used.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The VPN connection Cloud Router name.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the VPN connection was last updated.","description_kind":"plain","computed":true},"vpc":{"type":"string","description":"The network ID of VPC to connect to.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_project":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project of the VPC to connect to. If not specified, it is the same as the cluster project.","description_kind":"plain","optional":true}},"description":"Project detail of the VPC network. Required if VPC is in a different project than the cluster project.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_edgenetwork_network":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"mtu":{"type":"number","description":"IP (L3) MTU value of the network. Default value is '1500'. Possible values are: '1500', '9000'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","computed":true},"network_id":{"type":"string","description":"A unique ID that identifies this network.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgenetwork_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_cidr":{"type":["list","string"],"description":"The ranges of ipv4 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"ipv6_cidr":{"type":["list","string"],"description":"The ranges of ipv6 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'","description_kind":"plain","computed":true},"network":{"type":"string","description":"The ID of the network to which this router belongs.\nMust be of the form: 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current stage of the resource to the device by config push.","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"A unique ID that identifies this subnet.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID for this subnetwork. If not specified, one is assigned automatically.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service":{"version":1,"block":{"attributes":{"apis":{"type":["list",["object",{"methods":["list",["object",{"name":"string","request_type":"string","response_type":"string","syntax":"string"}]],"name":"string","syntax":"string","version":"string"}]],"description":"A list of API objects.","description_kind":"plain","computed":true},"config_id":{"type":"string","description":"The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.","description_kind":"plain","computed":true},"dns_address":{"type":"string","description":"The address at which the service can be found - usually the same as the service name.","description_kind":"plain","computed":true},"endpoints":{"type":["list",["object",{"address":"string","name":"string"}]],"description":"A list of Endpoint objects.","description_kind":"plain","computed":true},"grpc_config":{"type":"string","description":"The full text of the Service Config YAML file (Example located here). If provided, must also provide protoc_output_base64. open_api config must not be provided.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"openapi_config":{"type":"string","description":"The full text of the OpenAPI YAML configuration as described here. Either this, or both of grpc_config and protoc_output_base64 must be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project ID that the service belongs to. If not provided, provider project is used.","description_kind":"plain","optional":true,"computed":true},"protoc_output_base64":{"type":"string","description":"The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_binding":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_member":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_essential_contacts_contact":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email address to send notifications to. This does not need to be a Google account.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_tag":{"type":"string","description":"The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages.","description_kind":"plain","required":true},"name":{"type":"string","description":"The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}","description_kind":"plain","computed":true},"notification_category_subscriptions":{"type":["list","string"],"description":"The categories of notifications that the contact will receive communications for.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_channel":{"version":0,"block":{"attributes":{"activation_token":{"type":"string","description":"Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the channel. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{project}/topics/{topic_id}`.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE","description_kind":"plain","computed":true},"third_party_provider":{"type":"string","description":"The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: `projects/{project}/locations/{location}/providers/{provider_id}`.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_google_channel_config":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the config. Must be in the format of, `projects/{project}/locations/{location}/googleChannelConfig`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_trigger":{"version":0,"block":{"attributes":{"channel":{"type":"string","description":"Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners.","description_kind":"plain","optional":true},"conditions":{"type":["map","string"],"description":"Output only. The reason(s) why a trigger is in FAILED state.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"event_data_content_type":{"type":"string","description":"Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to `application/json` if the value is not defined.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User labels attached to the triggers that can be used to group resources.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the trigger. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"cloud_function":{"type":"string","description":"The Cloud Function resource name. Only Cloud Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} This is a read-only field. [WARNING] Creating Cloud Functions V2 triggers is only supported via the Cloud Functions product. An error will be returned if the user sets this value.","description_kind":"plain","computed":true},"workflow":{"type":"string","description":"The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`","description_kind":"plain","optional":true}},"block_types":{"cloud_run_service":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"region":{"type":"string","description":"Required. The region the Cloud Run service is deployed in.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed.","description_kind":"plain","required":true}},"description":"Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger.","description_kind":"plain"},"max_items":1},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created.","description_kind":"plain","required":true},"location":{"type":"string","description":"Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Required. The namespace the GKE service is running in.","description_kind":"plain","required":true},"path":{"type":"string","description":"Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the GKE service.","description_kind":"plain","required":true}},"description":"A GKE service capable of receiving events. The service should be running in the same project as the trigger.","description_kind":"plain"},"max_items":1},"http_endpoint":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: `http://10.10.10.8:80/route`, `http://svc.us-central1.p.local:8080/`. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS.","description_kind":"plain","required":true}},"description":"An HTTP endpoint destination described by an URI.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"network_attachment":{"type":"string","description":"Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: `projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}`","description_kind":"plain","required":true}},"description":"Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type.","description_kind":"plain"},"max_items":1}},"description":"Required. Destination specifies where the events should be sent to.","description_kind":"plain"},"min_items":1,"max_items":1},"matching_criteria":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.","description_kind":"plain","required":true}},"description":"Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transport":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"subscription":{"type":"string","description":"Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion.","description_kind":"plain","optional":true}},"description":"The Pub/Sub topic and subscription used by Eventarc as delivery intermediary.","description_kind":"plain"},"max_items":1}},"description":"Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_filestore_backup":{"version":0,"block":{"attributes":{"capacity_gb":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"download_bytes":{"type":"string","description":"Amount of bytes that will be downloaded if the backup is restored.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_file_share":{"type":"string","description":"Name of the file share in the source Cloud Filestore instance that the backup is created from.","description_kind":"plain","required":true},"source_instance":{"type":"string","description":"The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup.","description_kind":"plain","required":true},"source_instance_tier":{"type":"string","description":"The service tier of the source Cloud Filestore instance that this backup is created from.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The backup state.","description_kind":"plain","computed":true},"storage_bytes":{"type":"string","description":"The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion.","description_kind":"plain","computed":true},"tags":{"type":["map","string"],"description":"A map of resource manager tags.\nResource manager tag keys and values have the same definition as resource manager tags.\nKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}.\nThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"deletion_protection_enabled":{"type":"bool","description":"Indicates whether the instance is protected against deletion.","description_kind":"plain","optional":true},"deletion_protection_reason":{"type":"string","description":"The reason for enabling deletion protection.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"Either NFSv3, for using NFS version 3 as file sharing protocol,\nor NFSv4.1, for using NFS version 4.1 as file sharing protocol.\nNFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE.\nThe default is NFSv3. Default value: \"NFS_V3\" Possible values: [\"NFS_V3\", \"NFS_V4_1\"]","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","required":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"file_shares":{"nesting_mode":"list","block":{"attributes":{"capacity_gb":{"type":"number","description":"File share capacity in GiB. This must be at least 1024 GiB\nfor the standard tier, or 2560 GiB for the premium tier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the fileshare (16 characters or less)","description_kind":"plain","required":true},"source_backup":{"type":"string","description":"The resource name of the backup, in the format\nprojects/{projectId}/locations/{locationId}/backups/{backupId},\nthat this file share has been restored from.","description_kind":"plain","optional":true}},"block_types":{"nfs_export_options":{"nesting_mode":"list","block":{"attributes":{"access_mode":{"type":"string","description":"Either READ_ONLY, for allowing only read requests on the exported directory,\nor READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"anon_gid":{"type":"number","description":"An integer representing the anonymous group id with a default value of 65534.\nAnon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"anon_uid":{"type":"number","description":"An integer representing the anonymous user id with a default value of 65534.\nAnon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"ip_ranges":{"type":["list","string"],"description":"List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share.\nOverlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned.\nThe limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.","description_kind":"plain","optional":true},"squash_mode":{"type":"string","description":"Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH,\nfor not allowing root access. The default is NO_ROOT_SQUASH. Default value: \"NO_ROOT_SQUASH\" Possible values: [\"NO_ROOT_SQUASH\", \"ROOT_SQUASH\"]","description_kind":"plain","optional":true}},"description":"Nfs Export Options. There is a limit of 10 export options per file share.","description_kind":"plain"},"max_items":10}},"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"networks":{"nesting_mode":"list","block":{"attributes":{"connect_mode":{"type":"string","description":"The network connect mode of the Filestore instance.\nIf not provided, the connect mode defaults to\nDIRECT_PEERING. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"A list of IPv4 or IPv6 addresses.","description_kind":"plain","computed":true},"modes":{"type":["list","string"],"description":"IP versions for which the instance has\nIP addresses assigned. Possible values: [\"ADDRESS_MODE_UNSPECIFIED\", \"MODE_IPV4\", \"MODE_IPV6\"]","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the GCE VPC network to which the\ninstance is connected.","description_kind":"plain","required":true},"reserved_ip_range":{"type":"string","description":"A /29 CIDR block that identifies the range of IP\naddresses reserved for this instance.","description_kind":"plain","optional":true,"computed":true}},"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain"},"min_items":1},"performance_config":{"nesting_mode":"list","block":{"block_types":{"fixed_iops":{"nesting_mode":"list","block":{"attributes":{"max_iops":{"type":"number","description":"The number of IOPS to provision for the instance.\nmax_iops must be in multiple of 1000.","description_kind":"plain","optional":true}},"description":"The instance will have a fixed provisioned IOPS value,\nwhich will remain constant regardless of instance\ncapacity.","description_kind":"plain"},"max_items":1},"iops_per_tb":{"nesting_mode":"list","block":{"attributes":{"max_iops_per_tb":{"type":"number","description":"The instance max IOPS will be calculated by multiplying\nthe capacity of the instance (TB) by max_iops_per_tb,\nand rounding to the nearest 1000. The instance max IOPS\nwill be changed dynamically based on the instance\ncapacity.","description_kind":"plain","optional":true}},"description":"The instance provisioned IOPS will change dynamically\nbased on the capacity of the instance.","description_kind":"plain"},"max_items":1}},"description":"Performance configuration for the instance. If not provided,\nthe default performance settings will be used.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_snapshot":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filesystem_used_bytes":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The resource name of the filestore instance.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the snapshot. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The snapshot state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_app_attest_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the App Attest configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_debug_token":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of a\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id),\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id),\nor [Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id)","description_kind":"plain","required":true},"debug_token_id":{"type":"string","description":"The last segment of the resource name of the debug token.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A human readable display name used to identify this debug token.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token":{"type":"string","description":"The secret token itself. Must be provided during creation, and must be a UUID4,\ncase insensitive. You may use a method of your choice such as random/random_uuid\nto generate the token.\n\nThis field is immutable once set, and cannot be updated. You can, however, delete\nthis debug token to revoke it.\n\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_device_check_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the DeviceCheck configuration object","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The contents of the private key (.p8) file associated with the key specified by keyId.","description_kind":"plain","required":true,"sensitive":true},"private_key_set":{"type":"bool","description":"Whether the privateKey field was previously set. Since App Check will never return the\nprivateKey field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from DeviceCheck artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_play_integrity_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the Play Integrity configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from Play Integrity artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_enterprise_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA Enterprise configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_key":{"type":"string","description":"The score-based site key created in reCAPTCHA Enterprise used to invoke reCAPTCHA and generate the reCAPTCHA tokens for your application.\n\n**Important**: This is not the siteSecret (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key.","description_kind":"plain","required":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_v3_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA V3 configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_secret":{"type":"string","description":"The site secret used to identify your service for reCAPTCHA v3 verification.\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true},"site_secret_set":{"type":"bool","description":"Whether the siteSecret was previously set. Since we will never return the siteSecret field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA V3 artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_service_config":{"version":0,"block":{"attributes":{"enforcement_mode":{"type":"string","description":"The App Check enforcement mode for a service supported by App Check. Valid values are\n\n(Unset)\nFirebase App Check is not enforced for the service, nor are App Check metrics collected.\nThough the service is not protected by App Check in this mode, other applicable protections,\nsuch as user authorization, are still enforced. An unconfigured service is in this mode by default.\nThis is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the\nenforcement to OFF for this service.\n\nUNENFORCED\nFirebase App Check is not enforced for the service. App Check metrics are collected to help you\ndecide when to turn on enforcement for the service. Though the service is not protected by App Check\nin this mode, other applicable protections, such as user authorization, are still enforced.\n\nENFORCED\nFirebase App Check is enforced for the service. The service will reject any request that attempts to\naccess your project's resources if it does not have valid App Check token attached, with some exceptions\ndepending on the service; for example, some services will still allow requests bearing the developer's\nprivileged service account credentials without an App Check token. App Check metrics continue to be\ncollected to help you detect issues with your App Check integration and monitor the composition of your\ncallers. While the service is protected by App Check, other applicable protections, such as user\nauthorization, continue to be enforced at the same time.\n\nUse caution when choosing to enforce App Check on a Firebase service. If your users have not updated\nto an App Check capable version of your app, their apps will no longer be able to use your Firebase\nservices that are enforcing App Check. App Check metrics can help you decide whether to enforce App\nCheck on your Firebase services.\n\nIf your app has not launched yet, you should enable enforcement immediately, since there are no outdated\nclients in use. Possible values: [\"UNENFORCED\", \"ENFORCED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The fully-qualified resource name of the service enforcement configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The identifier of the service to configure enforcement. Currently, the following service IDs are supported:\n firebasestorage.googleapis.com (Cloud Storage for Firebase)\n firebasedatabase.googleapis.com (Firebase Realtime Database)\n firestore.googleapis.com (Cloud Firestore)\n identitytoolkit.googleapis.com (Authentication)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_release":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the release was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: `projects/{project_id}/releases/{release_id}`\\Firestore Rules Releases will **always** have the name 'cloud.firestore'","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"ruleset_name":{"type":"string","description":"Name of the `Ruleset` referred to by this `Release`. The `Ruleset` must exist for the `Release` to be created.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Time the release was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_ruleset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the `Ruleset` was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["list",["object",{"services":["list","string"]}]],"description":"Output only. The metadata for this ruleset.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Output only. Name of the `Ruleset`. The ruleset_id is auto generated by the service. Format: `projects/{project_id}/rulesets/{ruleset_id}`","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"language":{"type":"string","description":"`Language` of the `Source` bundle. If unspecified, the language will default to `FIREBASE_RULES`. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS","description_kind":"plain","optional":true}},"block_types":{"files":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"Textual Content.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint (e.g. github sha) associated with the `File`.","description_kind":"plain","optional":true},"name":{"type":"string","description":"File name.","description_kind":"plain","required":true}},"description":"`File` set constituting the `Source` bundle.","description_kind":"plain"},"min_items":1}},"description":"`Source` for the `Ruleset`.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_backup_schedule":{"version":0,"block":{"attributes":{"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique backup schedule identifier across all locations and databases for the given project. Format:\n'projects/{{project}}/databases/{{database}}/backupSchedules/{{backupSchedule}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retention":{"type":"string","description":"At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".\n\nYou can set this to a value up to 14 weeks.","description_kind":"plain","required":true}},"block_types":{"daily_recurrence":{"nesting_mode":"list","block":{"description":"For a schedule that runs daily.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"weekly_recurrence":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"The day of week to run. Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"For a schedule that runs weekly on a specific day.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_database":{"version":0,"block":{"attributes":{"app_engine_integration_mode":{"type":"string","description":"The App Engine integration mode to use for this database. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"concurrency_mode":{"type":"string","description":"The concurrency control mode to use for this database. Possible values: [\"OPTIMISTIC\", \"PESSIMISTIC\", \"OPTIMISTIC_WITH_ENTITY_GROUPS\"]","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Output only. The timestamp at which this database was created.","description_kind":"plain","computed":true},"delete_protection_state":{"type":"string","description":"State of delete protection for the database.\nWhen delete protection is enabled, this database cannot be deleted.\nThe default value is 'DELETE_PROTECTION_STATE_UNSPECIFIED', which is currently equivalent to 'DELETE_PROTECTION_DISABLED'.\n**Note:** Additionally, to delete this database using 'terraform destroy', 'deletion_policy' must be set to 'DELETE'. Possible values: [\"DELETE_PROTECTION_STATE_UNSPECIFIED\", \"DELETE_PROTECTION_ENABLED\", \"DELETE_PROTECTION_DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Deletion behavior for this database.\nIf the deletion policy is 'ABANDON', the database will be removed from Terraform state but not deleted from Google Cloud upon destruction.\nIf the deletion policy is 'DELETE', the database will both be removed from Terraform state and deleted from Google Cloud upon destruction.\nThe default value is 'ABANDON'.\nSee also 'delete_protection'.","description_kind":"plain","optional":true},"earliest_version_time":{"type":"string","description":"Output only. The earliest timestamp at which older versions of the data can be read from the database. See versionRetentionPeriod above; this field is populated with now - versionRetentionPeriod.\nThis value is continuously updated, and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an\nup-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_prefix":{"type":"string","description":"Output only. The keyPrefix for this database.\nThis keyPrefix is used, in combination with the project id (\"~\") to construct the application id\nthat is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes.\nThis value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo).","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The location of the database. Available locations are listed at\nhttps://cloud.google.com/firestore/docs/locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID to use for the database, which will become the final\ncomponent of the database's resource name. This value should be 4-63\ncharacters. Valid characters are /[a-z][0-9]-/ with first character\na letter and the last a letter or a number. Must not be\nUUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/.\n\"(default)\" database id is also valid.","description_kind":"plain","required":true},"point_in_time_recovery_enablement":{"type":"string","description":"Whether to enable the PITR feature on this database.\nIf 'POINT_IN_TIME_RECOVERY_ENABLED' is selected, reads are supported on selected versions of the data from within the past 7 days.\nversionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour\nand reads against 1-minute snapshots beyond 1 hour and within 7 days.\nIf 'POINT_IN_TIME_RECOVERY_DISABLED' is selected, reads are supported on any version of the data from within the past 1 hour. Default value: \"POINT_IN_TIME_RECOVERY_DISABLED\" Possible values: [\"POINT_IN_TIME_RECOVERY_ENABLED\", \"POINT_IN_TIME_RECOVERY_DISABLED\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the database.\nSee https://cloud.google.com/datastore/docs/firestore-or-datastore\nfor information about how to choose. Possible values: [\"FIRESTORE_NATIVE\", \"DATASTORE_MODE\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. The system-generated UUID4 for this Database.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp at which this database was most recently updated.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"Output only. The period during which past versions of data are retained in the database.\nAny read or query can specify a readTime within this window, and will read the state of the database at that time.\nIf the PITR feature is enabled, the retention period is 7 days. Otherwise, the retention period is 1 hour.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"cmek_config":{"nesting_mode":"list","block":{"attributes":{"active_key_version":{"type":["list","string"],"description":"Currently in-use KMS key versions (https://cloud.google.com/kms/docs/resource-hierarchy#key_versions).\nDuring key rotation (https://cloud.google.com/kms/docs/key-rotation), there can be\nmultiple in-use key versions.\n\nThe expected format is\n'projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{key_version}'.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The resource ID of a Cloud KMS key. If set, the database created will\nbe a Customer-managed Encryption Key (CMEK) database encrypted with\nthis key. This feature is allowlist only in initial launch.\n\nOnly keys in the same location as this database are allowed to be used\nfor encryption. For Firestore's nam5 multi-region, this corresponds to Cloud KMS\nmulti-region us. For Firestore's eur3 multi-region, this corresponds to\nCloud KMS multi-region europe. See https://cloud.google.com/kms/docs/locations.\n\nThis value should be the KMS key resource ID in the format of\n'projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}'.\nHow to retrieve this resource ID is listed at\nhttps://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version.","description_kind":"plain","required":true}},"description":"The CMEK (Customer Managed Encryption Key) configuration for a Firestore\ndatabase. If not present, the database is secured by the default Google\nencryption key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_document":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 format.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"document_id":{"type":"string","description":"The client-assigned document ID to use for this document during creation.","description_kind":"plain","required":true},"fields":{"type":"string","description":"The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this document. Format:\n'projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}'","description_kind":"plain","computed":true},"path":{"type":"string","description":"A relative path to the collection this document exists within","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Last update timestamp in RFC3339 format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_field":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The id of the collection group to configure.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"field":{"type":"string","description":"The id of the field to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this field. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"index_config":{"nesting_mode":"list","block":{"block_types":{"indexes":{"nesting_mode":"set","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=, !=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Collection scoped queries require you specify\nthe collection at query time. Collection group scope allows queries across all\ncollections with the same id. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"]","description_kind":"plain","optional":true}},"description":"The indexes to configure on the field. Order or array contains must be specified.","description_kind":"plain"}}},"description":"The single field index configuration for this field.\nCreating an index configuration for this field will override any inherited configuration with the\nindexes specified. Configuring the index configuration with an empty block disables all indexes on\nthe field.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"ttl_config":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"The state of TTL (time-to-live) configuration for documents that have this Field set.","description_kind":"plain","computed":true}},"description":"The TTL configuration for this Field. If set to an empty block (i.e. 'ttl_config {}'), a TTL policy is configured based on the field. If unset, a TTL policy is not configured (or will be disabled upon updating the resource).","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_index":{"version":0,"block":{"attributes":{"api_scope":{"type":"string","description":"The API scope at which a query is run. Default value: \"ANY_API\" Possible values: [\"ANY_API\", \"DATASTORE_MODE_API\"]","description_kind":"plain","optional":true},"collection":{"type":"string","description":"The collection being indexed.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\", \"COLLECTION_RECURSIVE\"]","description_kind":"plain","optional":true}},"block_types":{"fields":{"nesting_mode":"list","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order', 'arrayConfig', and\n'vectorConfig' can be specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"field_path":{"type":"string","description":"Name of the field.","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=.\nOnly one of 'order', 'arrayConfig', and 'vectorConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true}},"block_types":{"vector_config":{"nesting_mode":"list","block":{"attributes":{"dimension":{"type":"number","description":"The resulting index will only include vectors of this dimension, and can be used for vector search\nwith the same dimension.","description_kind":"plain","optional":true}},"block_types":{"flat":{"nesting_mode":"list","block":{"description":"Indicates the vector index is a flat index.","description_kind":"plain"},"max_items":1}},"description":"Indicates that this field supports vector search operations. Only one of 'order', 'arrayConfig', and\n'vectorConfig' can be specified. Vector Fields should come after the field path '__name__'.","description_kind":"plain"},"max_items":1}},"description":"The fields supported by this index. The last non-stored field entry is\nalways for the field path '__name__'. If, on creation, '__name__' was not\nspecified as the last field, it will be added automatically with the same\ndirection as that of the last field defined. If the final field in a\ncomposite index is not directional, the '__name__' will be ordered\n'\"ASCENDING\"' (unless explicitly specified otherwise).","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the instance will fail. When the field is set to false, deleting the instance is allowed.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The folder id from the name \"folders/{folder_id}\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Folder. Its format is folders/{folder_id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Folder has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"ID of the folder of the access approval settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"folders/{folder_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n * all\n * App Engine\n * BigQuery\n * Cloud Bigtable\n * Cloud Key Management Service\n * Compute Engine\n * Cloud Dataflow\n * Cloud Identity and Access Management\n * Cloud Pub/Sub\n * Cloud Storage\n * Persistent Disk\n\nNote: These values are supported as input, but considered a legacy format:\n * all\n * appengine.googleapis.com\n * bigquery.googleapis.com\n * bigtable.googleapis.com\n * cloudkms.googleapis.com\n * compute.googleapis.com\n * dataflow.googleapis.com\n * iam.googleapis.com\n * pubsub.googleapis.com\n * storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_folder_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The source cluster from which Backups will be created via this BackupPlan.","description_kind":"plain","required":true},"deactivated":{"type":"bool","description":"This flag indicates whether this BackupPlan has been deactivated.\nSetting this field to True locks the BackupPlan such that no further updates will be allowed\n(except deletes), including the deactivated field itself. It also prevents any new Backups\nfrom being created via this BackupPlan (including scheduled Backups).","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"User specified descriptive string for this BackupPlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"etag is used for optimistic concurrency control as a way to help prevent simultaneous\nupdates of a backup plan from overwriting each other. It is strongly suggested that\nsystems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates\nin order to avoid race conditions: An etag is returned in the response to backupPlans.get,\nand systems are expected to put that etag in the request to backupPlans.patch or\nbackupPlans.delete to ensure that their change will be applied to the same version of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Backup Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protected_pod_count":{"type":"number","description":"The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State of the BackupPlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why BackupPlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, include all namespaced resources.","description_kind":"plain","optional":true},"include_secrets":{"type":"bool","description":"This flag specifies whether Kubernetes Secret resources should be included\nwhen they fall into the scope of Backups.","description_kind":"plain","optional":true,"computed":true},"include_volume_data":{"type":"bool","description":"This flag specifies whether volume data should be backed up when PVCs are\nincluded in the scope of a Backup.","description_kind":"plain","optional":true,"computed":true},"permissive_mode":{"type":"bool","description":"This flag specifies whether Backups will not fail when\nBackup for GKE detects Kubernetes configuration that is\nnon-standard or requires additional setup to restore.","description_kind":"plain","optional":true}},"block_types":{"encryption_key":{"nesting_mode":"list","block":{"attributes":{"gcp_kms_encryption_key":{"type":"string","description":"Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*","description_kind":"plain","required":true}},"description":"This defines a customer managed encryption key that will be used to encrypt the \"config\"\nportion (the Kubernetes resources) of Backups created via this plan.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of namespaced Kubernetes Resources.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"If set, include just the resources in the listed namespaces.","description_kind":"plain"},"max_items":1}},"description":"Defines the configuration of Backups created via this BackupPlan.","description_kind":"plain"},"max_items":1},"backup_schedule":{"nesting_mode":"list","block":{"attributes":{"cron_schedule":{"type":"string","description":"A standard cron string that defines a repeating schedule for\ncreating Backups via this BackupPlan.\nThis is mutually exclusive with the rpoConfig field since at most one\nschedule can be defined for a BackupPlan.\nIf this is defined, then backupRetainDays must also be defined.","description_kind":"plain","optional":true},"paused":{"type":"bool","description":"This flag denotes whether automatic Backup creation is paused for this BackupPlan.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"rpo_config":{"nesting_mode":"list","block":{"attributes":{"target_rpo_minutes":{"type":"number","description":"Defines the target RPO for the BackupPlan in minutes, which means the target\nmaximum data loss in time that is acceptable for this BackupPlan. This must be\nat least 60, i.e., 1 hour, and at most 86400, i.e., 60 days.","description_kind":"plain","required":true}},"block_types":{"exclusion_windows":{"nesting_mode":"list","block":{"attributes":{"daily":{"type":"bool","description":"The exclusion window occurs every day if set to \"True\".\nSpecifying this field to \"False\" is an error.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Specifies duration of the window in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\". Restrictions for duration based on the\nrecurrence type to allow some time for backup to happen:\n - single_occurrence_date: no restriction\n - daily window: duration \u003c 24 hours\n - weekly window:\n - days of week includes all seven days of a week: duration \u003c 24 hours\n - all other weekly window: duration \u003c 168 hours (i.e., 24 * 7 hours)","description_kind":"plain","required":true}},"block_types":{"days_of_week":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"A list of days of week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"The exclusion window occurs on these days of each week in UTC.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain"},"max_items":1},"single_occurrence_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date.","description_kind":"plain","optional":true}},"description":"No recurrence. The exclusion window occurs only once and on this date in UTC.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain"},"max_items":1},"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time.","description_kind":"plain","optional":true}},"description":"Specifies the start time of the window using time of the day in UTC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"User specified time windows during which backup can NOT happen for this BackupPlan.\nBackups should start and finish outside of any given exclusion window. Note: backup\njobs will be scheduled to start and finish outside the duration of the window as\nmuch as possible, but running jobs will not get canceled when it runs into the window.\nAll the time and date values in exclusionWindows entry in the API are in UTC. We\nonly allow \u003c=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no\nrestriction on number of single occurrence windows.","description_kind":"plain"}}},"description":"Defines the RPO schedule configuration for this BackupPlan. This is mutually\nexclusive with the cronSchedule field since at most one schedule can be defined\nfor a BackupPLan. If this is defined, then backupRetainDays must also be defined.","description_kind":"plain"},"max_items":1}},"description":"Defines a schedule for automatic Backup creation via this BackupPlan.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"backup_delete_lock_days":{"type":"number","description":"Minimum age for a Backup created via this BackupPlan (in days).\nMust be an integer value between 0-90 (inclusive).\nA Backup created under this BackupPlan will not be deletable\nuntil it reaches Backup's (create time + backup_delete_lock_days).\nUpdating this field of a BackupPlan does not affect existing Backups.\nBackups created after a successful update will inherit this new value.","description_kind":"plain","optional":true,"computed":true},"backup_retain_days":{"type":"number","description":"The default maximum age of a Backup created via this BackupPlan.\nThis field MUST be an integer value \u003e= 0 and \u003c= 365. If specified,\na Backup created under this BackupPlan will be automatically deleted\nafter its age reaches (createTime + backupRetainDays).\nIf not specified, Backups created under this BackupPlan will NOT be\nsubject to automatic deletion. Updating this field does NOT affect\nexisting Backups under it. Backups created AFTER a successful update\nwill automatically pick up the new value.\nNOTE: backupRetainDays must be \u003e= backupDeleteLockDays.\nIf cronSchedule is defined, then this must be \u003c= 360 * the creation interval.\nIf rpo_config is defined, then this must be\n\u003c= 360 * targetRpoMinutes/(1440minutes/day)","description_kind":"plain","optional":true,"computed":true},"locked":{"type":"bool","description":"This flag denotes whether the retention policy of this BackupPlan is locked.\nIf set to True, no further update is allowed on this policy, including\nthe locked field itself.","description_kind":"plain","optional":true,"computed":true}},"description":"RetentionPolicy governs lifecycle of Backups created under this plan.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan":{"version":0,"block":{"attributes":{"backup_plan":{"type":"string","description":"A reference to the BackupPlan from which Backups may be used\nas the source for Restores created via this RestorePlan.","description_kind":"plain","required":true},"cluster":{"type":"string","description":"The source cluster from which Restores will be created via this RestorePlan.","description_kind":"plain","required":true},"description":{"type":"string","description":"User specified descriptive string for this RestorePlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Restore Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The State of the RestorePlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why RestorePlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"restore_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, restore all namespaced resources in the Backup.\nSetting this field to False will result in an error.","description_kind":"plain","optional":true},"cluster_resource_conflict_policy":{"type":"string","description":"Defines the behavior for handling the situation where cluster-scoped resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'CLUSTER_RESOURCE_CONFLICT_POLICY_UNSPECIFIED'\nif 'clusterResourceRestoreScope' is anyting other than 'noGroupKinds'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#clusterresourceconflictpolicy\nfor more information on each policy option. Possible values: [\"USE_EXISTING_VERSION\", \"USE_BACKUP_VERSION\"]","description_kind":"plain","optional":true},"namespaced_resource_restore_mode":{"type":"string","description":"Defines the behavior for handling the situation where sets of namespaced resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#namespacedresourcerestoremode\nfor more information on each mode. Possible values: [\"DELETE_AND_RESTORE\", \"FAIL_ON_CONFLICT\", \"MERGE_SKIP_ON_CONFLICT\", \"MERGE_REPLACE_VOLUME_ON_CONFLICT\", \"MERGE_REPLACE_ON_CONFLICT\"]","description_kind":"plain","optional":true},"no_namespaces":{"type":"bool","description":"Do not restore any namespaced resources if set to \"True\".\nSpecifying this field to \"False\" is not allowed.","description_kind":"plain","optional":true},"volume_data_restore_policy":{"type":"string","description":"Specifies the mechanism to be used to restore volume data.\nThis should be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nIf not specified, it will be treated as 'NO_VOLUME_DATA_RESTORATION'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy\nfor more information on each policy option. Possible values: [\"RESTORE_VOLUME_DATA_FROM_BACKUP\", \"REUSE_VOLUME_HANDLE_FROM_BACKUP\", \"NO_VOLUME_DATA_RESTORATION\"]","description_kind":"plain","optional":true}},"block_types":{"cluster_resource_restore_scope":{"nesting_mode":"list","block":{"attributes":{"all_group_kinds":{"type":"bool","description":"If True, all valid cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true},"no_group_kinds":{"type":"bool","description":"If True, no cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true}},"block_types":{"excluded_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to NOT restore from the backup.\nIf specified, all valid cluster-scoped resources will be restored except\nfor those specified in the list.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain"}},"selected_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to restore from the backup.\nIf specified, only the selected resources will be restored.\nMutually exclusive to any other field in the 'clusterResourceRestoreScope'.","description_kind":"plain"}}},"description":"Identifies the cluster-scoped resources to restore from the Backup.","description_kind":"plain"},"max_items":1},"excluded_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces excluded from restoration.\nAll namespaces except those in this list will be restored.","description_kind":"plain"},"max_items":1},"restore_order":{"nesting_mode":"list","block":{"block_types":{"group_kind_dependencies":{"nesting_mode":"list","block":{"block_types":{"requiring":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"The requiring group kind requires that the satisfying\ngroup kind be restored first.","description_kind":"plain"},"min_items":1,"max_items":1},"satisfying":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"The satisfying group kind must be restored first\nin order to satisfy the dependency.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of group kind dependency pairs\nthat is used by Backup for GKE to\ngenerate a group kind restore order.","description_kind":"plain"},"min_items":1}},"description":"It contains custom ordering to use on a Restore.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of selected ProtectedApplications to restore.\nThe listed ProtectedApplications and all the resources\nto which they refer will be restored.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces to restore from the Backup.\nThe listed Namespaces and all resources contained in them will be restored.","description_kind":"plain"},"max_items":1},"transformation_rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description is a user specified string description\nof the transformation rule.","description_kind":"plain","optional":true}},"block_types":{"field_actions":{"nesting_mode":"list","block":{"attributes":{"from_path":{"type":"string","description":"A string containing a JSON Pointer value that references the\nlocation in the target document to move the value from.","description_kind":"plain","optional":true},"op":{"type":"string","description":"Specifies the operation to perform. Possible values: [\"REMOVE\", \"MOVE\", \"COPY\", \"ADD\", \"TEST\", \"REPLACE\"]","description_kind":"plain","required":true},"path":{"type":"string","description":"A string containing a JSON-Pointer value that references a\nlocation within the target document where the operation is performed.","description_kind":"plain","optional":true},"value":{"type":"string","description":"A string that specifies the desired value in string format\nto use for transformation.","description_kind":"plain","optional":true}},"description":"A list of transformation rule actions to take against candidate\nresources. Actions are executed in order defined - this order\nmatters, as they could potentially interfere with each other and\nthe first operation could affect the outcome of the second operation.","description_kind":"plain"},"min_items":1},"resource_filter":{"nesting_mode":"list","block":{"attributes":{"json_path":{"type":"string","description":"This is a JSONPath expression that matches specific fields of\ncandidate resources and it operates as a filtering parameter\n(resources that are not matched with this expression will not\nbe candidates for transformation).","description_kind":"plain","optional":true},"namespaces":{"type":["list","string"],"description":"(Filtering parameter) Any resource subject to transformation must\nbe contained within one of the listed Kubernetes Namespace in the\nBackup. If this field is not provided, no namespace filtering will\nbe performed (all resources in all Namespaces, including all\ncluster-scoped resources, will be candidates for transformation).\nTo mix cluster-scoped and namespaced resources in the same rule,\nuse an empty string (\"\") as one of the target namespaces.","description_kind":"plain","optional":true}},"block_types":{"group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"(Filtering parameter) Any resource subject to transformation must\nbelong to one of the listed \"types\". If this field is not provided,\nno type filtering will be performed\n(all resources of all types matching previous filtering parameters\nwill be candidates for transformation).","description_kind":"plain"}}},"description":"This field is used to specify a set of fields that should be used to\ndetermine which resources in backup should be acted upon by the\nsupplied transformation rule actions, and this will ensure that only\nspecific resources are affected by transformation rule actions.","description_kind":"plain"},"max_items":1}},"description":"A list of transformation rules to be applied against Kubernetes\nresources as they are selected for restoration from a Backup.\nRules are executed in order defined - this order matters,\nas changes made by a rule may impact the filtering logic of subsequent\nrules. An empty list means no transformation will occur.","description_kind":"plain"}},"volume_data_restore_policy_bindings":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Specifies the mechanism to be used to restore this volume data.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy\nfor more information on each policy option. Possible values: [\"RESTORE_VOLUME_DATA_FROM_BACKUP\", \"REUSE_VOLUME_HANDLE_FROM_BACKUP\", \"NO_VOLUME_DATA_RESTORATION\"]","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"The volume type, as determined by the PVC's\nbound PV, to apply the policy to. Possible values: [\"GCE_PERSISTENT_DISK\"]","description_kind":"plain","required":true}},"description":"A table that binds volumes by their scope to a restore policy. Bindings\nmust have a unique scope. Any volumes not scoped in the bindings are\nsubject to the policy defined in volume_data_restore_policy.","description_kind":"plain"}}},"description":"Defines the configuration of Restores created via this RestorePlan.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. When the Feature resource was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. When the Feature resource was deleted.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"GCP labels for this Feature.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The full, unique name of this Feature resource","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_state":{"type":["list",["object",{"has_resources":"bool","state":"string"}]],"description":"State of the Feature resource itself.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"state":["list",["object",{"code":"string","description":"string","update_time":"string"}]]}]],"description":"Output only. The Hub-wide Feature state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. When the Feature resource was last updated.","description_kind":"plain","computed":true}},"block_types":{"fleet_default_member_config":{"nesting_mode":"list","block":{"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"MANAGEMENT_AUTOMATIC\", \"MANAGEMENT_MANUAL\"]","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of Config Sync installed","description_kind":"plain","optional":true}},"block_types":{"config_sync":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.","description_kind":"plain","optional":true},"prevent_drift":{"type":"bool","description":"Set to true to enable the Config Sync admission webhook to prevent drifts. If set to 'false', disables the Config Sync admission webhook and does not prevent drifts.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in hierarchical or unstructured mode","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS Proxy to be used when communicating with the Git repo","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true}},"description":"Git repo configuration for the cluster","description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of Config Sync installed","description_kind":"plain","deprecated":true,"optional":true}},"description":"OCI repo configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"ConfigSync configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"Config Management spec","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Whether to automatically manage Service Mesh Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"MANAGEMENT_AUTOMATIC\", \"MANAGEMENT_MANUAL\"]","description_kind":"plain","required":true}},"description":"Service Mesh spec","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Configures the version of Policy Controller","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation Possible values: [\"INSTALL_SPEC_UNSPECIFIED\", \"INSTALL_SPEC_NOT_INSTALLED\", \"INSTALL_SPEC_ENABLED\", \"INSTALL_SPEC_SUSPENDED\", \"INSTALL_SPEC_DETACHED\"]","description_kind":"plain","required":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component":{"type":"string","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: [\"AFFINITY_UNSPECIFIED\", \"NO_AFFINITY\", \"ANTI_AFFINITY\"]","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_toleration":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":"Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. Possible values: [\"MONITORING_BACKEND_UNSPECIFIED\", \"PROMETHEUS\", \"CLOUD_MONITORING\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Monitoring specifies the configuration of monitoring Policy Controller.","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle":{"type":"string","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"Configures which bundles to install and their corresponding install specs.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: [\"INSTALLATION_UNSPECIFIED\", \"NOT_INSTALLED\", \"ALL\"]","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Configuration of Policy Controller","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller spec","description_kind":"plain"},"max_items":1}},"description":"Optional. Fleet Default Membership Configuration.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"block_types":{"clusterupgrade":{"nesting_mode":"list","block":{"attributes":{"upstream_fleets":{"type":["list","string"],"description":"Specified if other fleet should be considered as a source of upgrades. Currently, at most one upstream fleet is allowed. The fleet name should be either fleet project number or id.","description_kind":"plain","required":true}},"block_types":{"gke_upgrade_overrides":{"nesting_mode":"list","block":{"block_types":{"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"min_items":1,"max_items":1},"upgrade":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the upgrade, e.g., \"k8s_control_plane\". It should be a valid upgrade name. It must not exceet 99 characters.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the upgrade, e.g., \"1.22.1-gke.100\". It should be a valid version. It must not exceet 99 characters.","description_kind":"plain","required":true}},"description":"Which upgrade to override.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration overrides for individual upgrades.","description_kind":"plain"}},"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"max_items":1}},"description":"Clusterupgrade feature spec.","description_kind":"plain"},"max_items":1},"fleetobservability":{"nesting_mode":"list","block":{"block_types":{"logging_config":{"nesting_mode":"list","block":{"block_types":{"default_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the default routing config to logs not specified in other configs.","description_kind":"plain"},"max_items":1},"fleet_scope_logs_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the routing config to all logs for all fleet scopes.","description_kind":"plain"},"max_items":1}},"description":"Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet.","description_kind":"plain"},"max_items":1}},"description":"Fleet Observability feature spec.","description_kind":"plain"},"max_items":1},"multiclusteringress":{"nesting_mode":"list","block":{"attributes":{"config_membership":{"type":"string","description":"Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: 'projects/foo-proj/locations/global/memberships/bar'","description_kind":"plain","required":true}},"description":"Multicluster Ingress-specific spec.","description_kind":"plain"},"max_items":1}},"description":"Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_feature_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_membership":{"version":0,"block":{"attributes":{"feature":{"type":"string","description":"The name of the feature","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the feature","description_kind":"plain","required":true},"membership":{"type":"string","description":"The name of the membership","description_kind":"plain","required":true},"membership_location":{"type":"string","description":"The location of the membership","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project of the feature","description_kind":"plain","optional":true,"computed":true}},"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"Optional. Version of ACM to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"binauthz":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether binauthz is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"**DEPRECATED** Binauthz configuration for the cluster. This field will be ignored and should not be set.","description_kind":"plain"},"max_items":1},"config_sync":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.","description_kind":"plain","optional":true},"metrics_gcp_service_account_email":{"type":"string","description":"Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring.","description_kind":"plain","optional":true},"prevent_drift":{"type":"bool","description":"Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in \"hierarchical\" or \"unstructured\" mode.","description_kind":"plain","optional":true},"stop_syncing":{"type":"bool","description":"Set to true to stop syncing configs for a single cluster. Default: false.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secretType is gcpServiceAccount.","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS proxy to be used when communicating with the Git repo.","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth.","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. ","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds(int64 format) between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"Config Sync configuration for the cluster.","description_kind":"plain"},"max_items":1},"hierarchy_controller":{"nesting_mode":"list","block":{"attributes":{"enable_hierarchical_resource_quota":{"type":"bool","description":"Whether hierarchical resource quota is enabled in this cluster.","description_kind":"plain","optional":true},"enable_pod_tree_labels":{"type":"bool","description":"Whether pod tree labels are enabled in this cluster.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"**DEPRECATED** Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use https://github.com/kubernetes-sigs/hierarchical-namespaces instead.","description_kind":"plain","optional":true}},"description":"Hierarchy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1},"policy_controller":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"string","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true},"template_library_installed":{"type":"bool","description":"Installs the default template library along with Policy Controller.","description_kind":"plain","optional":true}},"block_types":{"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1}},"description":"**DEPRECATED** Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead.","description_kind":"plain"},"max_items":1}},"description":"Config Management-specific spec.","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"control_plane":{"type":"string","description":"**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL","description_kind":"plain","deprecated":true,"optional":true},"management":{"type":"string","description":"Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL","description_kind":"plain","optional":true}},"description":"Manage Mesh Features","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of Policy Controller to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation. Possible values: INSTALL_SPEC_UNSPECIFIED, INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, INSTALL_SPEC_DETACHED","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component_name":{"type":"string","description":"The name for the key in the map for which this object is mapped to in the API","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_tolerations":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle_name":{"type":"string","description":"The name for the key in the map for which this object is mapped to in the API","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"map of bundle name to BundleInstallSpec. The bundle name maps to the `bundleName` key in the `policycontroller.gke.io/constraintData` annotation on a constraint.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller-specific spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_fleet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time the fleet was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the fleet was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters.\nAllowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"The state of the fleet resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource. This is unique across all\nFleet resources. If a Fleet resource is deleted and another\nresource with the same name is created, it gets a different uid.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the fleet was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"default_cluster_config":{"nesting_mode":"list","block":{"block_types":{"binary_authorization_config":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. Possible values: [\"DISABLED\", \"POLICY_BINDINGS\"]","description_kind":"plain","optional":true}},"block_types":{"policy_bindings":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The relative resource name of the binauthz platform policy to audit. GKE\nplatform policies have the following format:\n'projects/{project_number}/platforms/gke/policies/{policy_id}'.","description_kind":"plain","optional":true}},"description":"Binauthz policies that apply to this cluster.","description_kind":"plain"}}},"description":"Enable/Disable binary authorization features for the cluster.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets which mode to use for Security Posture features. Possible values: [\"DISABLED\", \"BASIC\", \"ENTERPRISE\"]","description_kind":"plain","optional":true},"vulnerability_mode":{"type":"string","description":"Sets which mode to use for vulnerability scanning. Possible values: [\"VULNERABILITY_DISABLED\", \"VULNERABILITY_BASIC\", \"VULNERABILITY_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Enable/Disable Security Posture features for the cluster.","description_kind":"plain"},"max_items":1}},"description":"The default cluster configurations to apply across the fleet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this membership.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership.\nThe default value is 'global'.","description_kind":"plain","optional":true},"membership_id":{"type":"string","description":"The client-provided identifier of the membership.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the membership.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"authority":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://' and // be a valid\nwith length \u003c2000 characters. For example: 'https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster'. If the cluster is provisioned with Terraform, this is '\"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}\"'.","description_kind":"plain","required":true}},"description":"Authority encodes how Google will recognize identities from this Membership.\nSee the workload identity documentation for more details:\nhttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity","description_kind":"plain"},"max_items":1},"endpoint":{"nesting_mode":"list","block":{"block_types":{"gke_cluster":{"nesting_mode":"list","block":{"attributes":{"resource_link":{"type":"string","description":"Self-link of the GCP resource for the GKE cluster.\nFor example: '//container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster'.\nIt can be at the most 1000 characters in length. If the cluster is provisioned with Terraform,\nthis can be '\"//container.googleapis.com/${google_container_cluster.my-cluster.id}\"' or\n'google_container_cluster.my-cluster.id'.","description_kind":"plain","required":true}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the MembershipBinding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the MembershipBinding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Membership binding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership","description_kind":"plain","required":true},"membership_binding_id":{"type":"string","description":"The client-provided identifier of the membership binding.","description_kind":"plain","required":true},"membership_id":{"type":"string","description":"Id of the membership","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the membershipbinding itself","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"A Workspace resource name in the format\n'projects/*/locations/*/scopes/*'.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the membership binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the MembershipBinding was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_namespace":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Namespace was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Namespace.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the namespace","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Namespace-level cluster namespace labels. These labels are applied\nto the related namespace of the member clusters bound to the parent\nScope. Scope-level labels ('namespace_labels' in the Fleet Scope\nresource) take precedence over Namespace-level labels if they share\na key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The name of the Scope instance.","description_kind":"plain","required":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_namespace_id":{"type":"string","description":"The client-provided identifier of the namespace.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the namespace resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Scope was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Scope was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Scope.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the scope","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Scope-level cluster namespace labels. For the member clusters bound\nto the Scope, these labels are applied to each namespace under the\nScope. Scope-level labels take precedence over Namespace-level\nlabels ('namespace_labels' in the Fleet Namespace resource) if they\nshare a key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"The client-provided identifier of the scope.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the scope resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Scope was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_hub_scope_rbac_role_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the RBAC Role Binding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the RBAC Role Binding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\ngroup is the group, as seen by the kubernetes cluster.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this ScopeRBACRoleBinding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the RBAC Role Binding","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_rbac_role_binding_id":{"type":"string","description":"The client-provided identifier of the RBAC Role Binding.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the RBAC Role Binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the RBAC Role Binding was updated in UTC.","description_kind":"plain","computed":true},"user":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\nuser is the name of the user as seen by the kubernetes cluster, example\n\"alice\" or \"alice@domain.tld\"","description_kind":"plain","optional":true}},"block_types":{"role":{"nesting_mode":"list","block":{"attributes":{"predefined_role":{"type":"string","description":"PredefinedRole is an ENUM representation of the default Kubernetes Roles Possible values: [\"UNKNOWN\", \"ADMIN\", \"EDIT\", \"VIEW\"]","description_kind":"plain","optional":true}},"description":"Role to bind to the principal.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_admin_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Admin Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal Admin Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Admin Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal admin cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal Admin Cluster.","description_kind":"plain","computed":true}},"block_types":{"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the Admin Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal Admin Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nFor example: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nFor Example: http://domain\nWARNING: Do not provide credentials in the format\nof http://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The Admin Cluster this Bare Metal User Cluster belongs to.\nThis is the full resource name of the Admin Cluster's hub membership.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. If unspecified,\ndefaults to DISABLED. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization related configurations.","description_kind":"plain"},"max_items":1},"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the User Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"bgp_lb_config":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) of the cluster.\nThis field can be updated after cluster creation.","description_kind":"plain","required":true}},"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"string","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"bgp_peer_configs":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) for the network that contains the\nexternal peer device.","description_kind":"plain","required":true},"control_plane_nodes":{"type":["list","string"],"description":"The IP address of the control plane node that connects to the external\npeer.\nIf you don't specify any control plane nodes, all control plane nodes\ncan connect to the external peer. If you specify one or more IP addresses,\nonly the nodes specified participate in peering sessions.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the external peer device.","description_kind":"plain","required":true}},"description":"The list of BGP peers that the cluster will connect to.\nAt least one peer must be configured for each control plane node.\nControl plane nodes will connect to these peers to advertise the control\nplane VIP. The Services load balancer also uses these peers by default.\nThis field can be updated after cluster creation.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"registry_burst":{"type":"number","description":"The maximum size of bursty pulls, temporarily allows pulls to burst to this\nnumber, while still not exceeding registry_pull_qps.\nThe value must not be a negative number.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 10.","description_kind":"plain","optional":true},"registry_pull_qps":{"type":"number","description":"The limit of registry pulls per second.\nSetting this value to 0 means no limit.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 5.","description_kind":"plain","optional":true},"serialize_image_pulls_disabled":{"type":"bool","description":"Prevents the Kubelet from pulling multiple images at a time.\nWe recommend *not* changing the default value on nodes that run docker\ndaemon with version \u003c 1.9 or an Another Union File System (Aufs) storage\nbackend. Issue https://github.com/kubernetes/kubernetes/issues/10959 has\nmore details.","description_kind":"plain","optional":true}},"description":"The modifiable kubelet configurations for the baremetal machines.","description_kind":"plain"},"max_items":1},"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the node pool running data plane load balancing. L2 connectivity\nis required among nodes in this pool. If missing, the control plane node\npool is used for data plane load balancing.","description_kind":"plain"},"max_items":1}},"description":"Configuration for BGP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the load balancer's node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal User Cluster.","description_kind":"plain","required":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this Bare Metal User Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enables the use of advanced Anthos networking features, such as Bundled\nLoad Balancing with BGP or the egress NAT gateway.\nSetting configuration for advanced networking features will automatically\nset this flag.","description_kind":"plain","optional":true}},"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"multiple_network_interfaces_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable multiple network interfaces for your pods.\nWhen set network_config.advanced_networking is automatically\nset to true.","description_kind":"plain","optional":true}},"description":"Configuration for multiple network interfaces.","description_kind":"plain"},"max_items":1},"sr_iov_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to install the SR-IOV operator.","description_kind":"plain","optional":true}},"description":"Configuration for SR-IOV.","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"container_runtime":{"type":"string","description":"The available runtimes that can be used to run containers in a Bare Metal User Cluster. Possible values: [\"CONTAINER_RUNTIME_UNSPECIFIED\", \"DOCKER\", \"CONTAINERD\"]","description_kind":"plain","optional":true,"computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"os_environment_config":{"nesting_mode":"list","block":{"attributes":{"package_repo_excluded":{"type":"bool","description":"Whether the package repo should not be included when initializing\nbare metal machines.","description_kind":"plain","required":true}},"description":"OS environment related configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nFor example [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nFor example: http://domain\nWARNING: Do not provide credentials in the format\nof http://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Specifies which upgrade policy to use. Possible values: [\"SERIAL\", \"CONCURRENT\"]","description_kind":"plain","optional":true}},"description":"The cluster upgrade policy.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the Bare Metal Node Pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal node pool name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed node pool status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Node Pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n - http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nFor example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"},"min_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"Node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_vmware_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The admin cluster this VMware User Cluster belongs to.\nThis is the full resource name of the admin cluster's hub membership.\nIn the future, references to other resource types might be allowed if\nadmin clusters are modeled as their own resources.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the VMware User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which VMware User Cluster was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time at which VMware User Cluster was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this VMware User Cluster.","description_kind":"plain","optional":true},"disable_bundled_ingress":{"type":"bool","description":"Disable bundled ingress.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_control_plane_v2":{"type":"bool","description":"Enable control plane V2. Default to false.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The DNS name of VMware User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet configuration for the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the VMware OnPremUserCluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\n\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The VMware cluster name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"The Anthos clusters on the VMware version for your user cluster.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the VMware User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the VMware User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which VMware User Cluster was last updated.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"ValidationCheck represents the result of the preflight check job.","description_kind":"plain","computed":true},"vm_tracking_enabled":{"type":"bool","description":"Enable VM tracking.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"anti_affinity_groups":{"nesting_mode":"list","block":{"attributes":{"aag_config_disabled":{"type":"bool","description":"Spread nodes across at least three physical hosts (requires at least three\nhosts).\nEnabled by default.","description_kind":"plain","required":true}},"description":"AAGConfig specifies whether to spread VMware User Cluster nodes across at\nleast three physical hosts in the datacenter.","description_kind":"plain"},"max_items":1},"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster.","description_kind":"plain"}}},"description":"RBAC policy that will be applied and managed by GKE On-Prem.","description_kind":"plain"},"max_items":1},"auto_repair_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether auto repair is enabled.","description_kind":"plain","required":true}},"description":"Configuration for auto repairing.","description_kind":"plain"},"max_items":1},"control_plane_node":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"number","description":"The number of CPUs for each admin cluster node that serve as control planes\nfor this VMware User Cluster. (default: 4 CPUs)","description_kind":"plain","optional":true},"memory":{"type":"number","description":"The megabytes of memory for each admin cluster node that serves as a\ncontrol plane for this VMware User Cluster (default: 8192 MB memory).","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of control plane nodes for this VMware User Cluster.\n(default: 1 replica).","description_kind":"plain","optional":true},"vsphere_config":{"type":["list",["object",{"datastore":"string","storage_policy_name":"string"}]],"description":"Vsphere-specific config.","description_kind":"plain","computed":true}},"block_types":{"auto_resize_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable control plane node auto resizing.","description_kind":"plain","required":true}},"description":"AutoResizeConfig provides auto resizing configurations.","description_kind":"plain"},"max_items":1}},"description":"VMware User Cluster control plane nodes must have either 1 or 3 replicas.","description_kind":"plain"},"min_items":1,"max_items":1},"dataplane_v2":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enable advanced networking which requires dataplane_v2_enabled to be set true.","description_kind":"plain","optional":true},"dataplane_v2_enabled":{"type":"bool","description":"Enables Dataplane V2.","description_kind":"plain","optional":true},"windows_dataplane_v2_enabled":{"type":"bool","description":"Enable Dataplane V2 for clusters with Windows nodes.","description_kind":"plain","optional":true}},"description":"VmwareDataplaneV2Config specifies configuration for Dataplane V2.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"f5_config":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The load balancer's IP address.","description_kind":"plain","optional":true},"partition":{"type":"string","description":"he preexisting partition to be used by the load balancer. T\nhis partition is usually created for the admin cluster for example:\n'my-f5-admin-partition'.","description_kind":"plain","optional":true},"snat_pool":{"type":"string","description":"The pool name. Only necessary, if using SNAT.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for F5 Big IP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_node_port":{"type":"number","description":"NodePort for control plane service. The Kubernetes API server in the admin\ncluster is implemented as a Service of type NodePort (ex. 30968).","description_kind":"plain","optional":true,"computed":true},"ingress_http_node_port":{"type":"number","description":"NodePort for ingress service's http. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 32527).","description_kind":"plain","optional":true,"computed":true},"ingress_https_node_port":{"type":"number","description":"NodePort for ingress service's https. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 30139).","description_kind":"plain","optional":true,"computed":true},"konnectivity_server_node_port":{"type":"number","description":"NodePort for konnectivity server service running as a sidecar in each\nkube-apiserver pod (ex. 30564).","description_kind":"plain","optional":true,"computed":true}},"description":"Manually configured load balancers.","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address\nmust be either in the CIDR form (1.2.3.0/24) or range\nform (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for\nthose special IP addresses.","description_kind":"plain","optional":true,"computed":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true,"computed":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1}},"description":"Configuration for MetalLB typed load balancers.","description_kind":"plain"},"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this cluster.","description_kind":"plain","optional":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this cluster.","description_kind":"plain","optional":true}},"description":"The VIPs used by the load balancer.","description_kind":"plain"},"max_items":1}},"description":"Load Balancer configuration.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges.\nOnly a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address\nfrom these ranges. Only a single range is supported.. This field\ncannot be changed after creation.","description_kind":"plain","required":true},"vcenter_network":{"type":"string","description":"vcenter_network specifies vCenter network name. Inherited from the admin cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"control_plane_v2_config":{"nesting_mode":"list","block":{"block_types":{"control_plane_ip_block":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","optional":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","optional":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","optional":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"}}},"description":"Static IP addresses for the control plane nodes.","description_kind":"plain"},"max_items":1}},"description":"Configuration for control plane V2 mode.","description_kind":"plain"},"max_items":1},"dhcp_ip_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"enabled is a flag to mark if DHCP IP allocation is\nused for VMware user clusters.","description_kind":"plain","required":true}},"description":"Configuration settings for a DHCP IP configuration.","description_kind":"plain"},"max_items":1},"host_config":{"nesting_mode":"list","block":{"attributes":{"dns_search_domains":{"type":["list","string"],"description":"DNS search domains.","description_kind":"plain","optional":true},"dns_servers":{"type":["list","string"],"description":"DNS servers.","description_kind":"plain","optional":true},"ntp_servers":{"type":["list","string"],"description":"NTP servers.","description_kind":"plain","optional":true}},"description":"Represents common network settings irrespective of the host's IP address.","description_kind":"plain"},"max_items":1},"static_ip_config":{"nesting_mode":"list","block":{"block_types":{"ip_blocks":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","required":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","required":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","required":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"},"min_items":1}},"description":"Represents the configuration values for static IP allocation to nodes.","description_kind":"plain"},"min_items":1}},"description":"Configuration settings for a static IP configuration.","description_kind":"plain"},"max_items":1}},"description":"The VMware User Cluster network configuration.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"attributes":{"vsphere_csi_disabled":{"type":"bool","description":"Whether or not to deploy vSphere CSI components in the VMware User Cluster.\nEnabled by default.","description_kind":"plain","required":true}},"description":"Storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"control_plane_only":{"type":"bool","description":"Controls whether the upgrade applies to the control plane only.","description_kind":"plain","optional":true}},"description":"Specifies upgrade policy for the cluster.","description_kind":"plain"},"max_items":1},"vcenter":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The vCenter IP address.","description_kind":"plain","computed":true},"ca_cert_data":{"type":"string","description":"Contains the vCenter CA certificate public key for SSL verification.","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"The name of the vCenter cluster for the user cluster.","description_kind":"plain","optional":true,"computed":true},"datacenter":{"type":"string","description":"The name of the vCenter datacenter for the user cluster.","description_kind":"plain","optional":true,"computed":true},"datastore":{"type":"string","description":"The name of the vCenter datastore for the user cluster.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The name of the vCenter folder for the user cluster.","description_kind":"plain","optional":true,"computed":true},"resource_pool":{"type":"string","description":"The name of the vCenter resource pool for the user cluster.","description_kind":"plain","optional":true,"computed":true},"storage_policy_name":{"type":"string","description":"The name of the vCenter storage policy for the user cluster.","description_kind":"plain","optional":true,"computed":true}},"description":"VmwareVCenterConfig specifies vCenter config for the user cluster.\nInherited from the admin cluster.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_vmware_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the node pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The vmware node pool name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"Anthos version for the node pool. Defaults to the user cluster version.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"vmware_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"VMware disk size to be used during creation.","description_kind":"plain","optional":true},"cpus":{"type":"number","description":"The number of CPUs for each node in the node pool.","description_kind":"plain","optional":true},"enable_load_balancer":{"type":"bool","description":"Allow node pool traffic to be load balanced. Only works for clusters with\nMetalLB load balancers.","description_kind":"plain","optional":true},"image":{"type":"string","description":"The OS image name in vCenter, only valid when using Windows.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The OS image to be used for each node in a node pool.\nCurrently 'cos', 'cos_cgv2', 'ubuntu', 'ubuntu_cgv2', 'ubuntu_containerd' and 'windows' are supported.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node.\nThese will added in addition to any default label(s) that\nKubernetes may apply to the node.\nIn case of conflict in label keys, the applied set may differ depending on\nthe Kubernetes version -- it's best to assume the behavior is undefined\nand conflicts should be avoided.","description_kind":"plain","optional":true,"computed":true},"memory_mb":{"type":"number","description":"The megabytes of memory for each node in the node pool.","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of nodes in the node pool.","description_kind":"plain","optional":true}},"block_types":{"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Available taint effects. Possible values: [\"EFFECT_UNSPECIFIED\", \"NO_SCHEDULE\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","required":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}},"vsphere_config":{"nesting_mode":"list","block":{"attributes":{"datastore":{"type":"string","description":"The name of the vCenter datastore. Inherited from the user cluster.","description_kind":"plain","optional":true},"host_groups":{"type":["list","string"],"description":"Vsphere host groups to apply to all VMs in the node pool","description_kind":"plain","optional":true}},"block_types":{"tags":{"nesting_mode":"list","block":{"attributes":{"category":{"type":"string","description":"The Vsphere tag category.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The Vsphere tag name.","description_kind":"plain","optional":true}},"description":"Tags to apply to VMs.","description_kind":"plain"}}},"description":"Specifies the vSphere config for node pool.","description_kind":"plain"},"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"node_pool_autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_replicas":{"type":"number","description":"Maximum number of replicas in the NodePool.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"Minimum number of replicas in the NodePool.","description_kind":"plain","required":true}},"description":"Node Pool autoscaling config for the node pool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_consent_ttl":{"type":"string","description":"Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_consent_create_on_update":{"type":"bool","description":"If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize Consent stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}'\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}'\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this ConsentStore, for example:\n\"consent1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_binding":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_member":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dataset":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the Dataset.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Dataset.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"The default timezone used by this dataset. Must be a either a valid IANA time zone name such as\n\"America/New_York\" or empty, which defaults to UTC. This is used for parsing times in resources\n(e.g., HL7 messages) where no explicit timezone is specified.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"KMS encryption key that is used to secure this dataset and its sub-resources. The key used for\nencryption and the dataset must be in the same location. If empty, the default Google encryption\nkey will be used to secure this dataset. The format is\nprojects/{projectId}/locations/{locationId}/keyRings/{keyRingId}/cryptoKeys/{keyId}.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dicom_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize DICOM stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the DicomStore.\n\n** Changing this property may recreate the Dicom store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true},"send_for_bulk_import":{"type":"bool","description":"Indicates whether or not to send Pub/Sub notifications on bulk import. Only supported for DICOM imports.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_binding":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_member":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_fhir_store":{"version":0,"block":{"attributes":{"complex_data_type_reference_parsing":{"type":"string","description":"Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED by default after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. Possible values: [\"COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED\", \"DISABLED\", \"ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_search_handling_strict":{"type":"bool","description":"If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters.\nIf false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters.\nThe handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient.","description_kind":"plain","optional":true},"disable_referential_integrity":{"type":"bool","description":"Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store\ncreation. The default value is false, meaning that the API will enforce referential integrity and fail the\nrequests that will result in inconsistent state in the FHIR store. When this field is set to true, the API\nwill skip referential integrity check. Consequently, operations that rely on references, such as\nPatient.get$everything, will not return all the results if broken references exist.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"disable_resource_versioning":{"type":"bool","description":"Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation\nof FHIR store. If set to false, which is the default behavior, all write operations will cause historical\nversions to be recorded automatically. The historical versions can be fetched through the history APIs, but\ncannot be updated. If set to true, no historical versions will be kept. The server will send back errors for\nattempts to read the historical versions.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_history_import":{"type":"bool","description":"Whether to allow the bulk import API to accept history bundles and directly insert historical resource\nversions into the FHIR store. Importing resource histories creates resource interactions that appear to have\noccurred in the past, which clients may not want to allow. If set to false, history bundles within an import\nwill fail with an error.\n\n** Changing this property may recreate the FHIR store (removing all data) **\n\n** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **","description_kind":"plain","optional":true},"enable_update_create":{"type":"bool","description":"Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update\noperation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through\nthe Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit\nlogs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient\nidentifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub\nnotifications.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize FHIR stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the FhirStore.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The FHIR specification version. Possible values: [\"DSTU2\", \"STU3\", \"R4\"]","description_kind":"plain","required":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain","deprecated":true},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true},"send_full_resource":{"type":"bool","description":"Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation.\nNote that setting this to true does not guarantee that all resources will be sent in the format of\nfull FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be\nsent. Clients should always check the \"payloadType\" label from a Pub/Sub message to determine whether\nit needs to fetch the full resource as a separate operation.","description_kind":"plain","optional":true},"send_previous_resource_on_delete":{"type":"bool","description":"Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. Note that setting this to\ntrue does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a\nresource change is too large or during heavy traffic, only the resource name will be sent. Clients should always\ncheck the \"payloadType\" label from a Pub/Sub message to determine whether it needs to fetch the full previous\nresource as a separate operation.","description_kind":"plain","optional":true}},"description":"A list of notifcation configs that configure the notification for every resource mutation in this FHIR store.","description_kind":"plain"}},"stream_configs":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"Supply a FHIR resource type (such as \"Patient\" or \"Observation\"). See\nhttps://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats\nan empty list as an intent to stream all the supported resource types in this FHIR store.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_uri":{"type":"string","description":"BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId","description_kind":"plain","required":true}},"block_types":{"schema_config":{"nesting_mode":"list","block":{"attributes":{"recursive_structure_depth":{"type":"number","description":"The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem\nresource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called\nconcept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default\nvalue 2. The maximum depth allowed is 5.","description_kind":"plain","required":true},"schema_type":{"type":"string","description":"Specifies the output schema type.\n * ANALYTICS: Analytics schema defined by the FHIR community.\n See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md.\n * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON.\n * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: \"ANALYTICS\" Possible values: [\"ANALYTICS\", \"ANALYTICS_V2\", \"LOSSLESS\"]","description_kind":"plain","optional":true}},"block_types":{"last_updated_partition_config":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of partitioning. Possible values: [\"PARTITION_TYPE_UNSPECIFIED\", \"HOUR\", \"DAY\", \"MONTH\", \"YEAR\"]","description_kind":"plain","required":true}},"description":"The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column.","description_kind":"plain"},"max_items":1}},"description":"The configuration for the exported BigQuery schema.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The destination BigQuery structure that contains both the dataset location and corresponding schema config.\nThe output is organized in one table per resource type. The server reuses the existing tables (if any) that\nare named after the resource types, e.g. \"Patient\", \"Observation\". When there is no existing table for a given\nresource type, the server attempts to create one.\nSee the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of streaming configs that configure the destinations of streaming export for every resource mutation in\nthis FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next\nresource mutation is streamed to the new location in addition to the existing ones. When a location is removed\nfrom the list, the server stops streaming to that location. Before adding a new config, you must add the required\nbigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on\nthe order of dozens of seconds) is expected before the results show up in the streaming destination.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize HL7v2 stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the Hl7V2Store.\n\n** Changing this property may recreate the Hl7v2 store (removing all data) **","description_kind":"plain","required":true},"reject_duplicate_message":{"type":"bool","description":"Determines whether duplicate messages are allowed.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Restricts notifications sent for messages matching a filter. If this is empty, all messages\nare matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings\n\nFields/functions available for filtering are:\n\n* messageType, from the MSH-9.1 field. For example, NOT messageType = \"ADT\".\n* send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date \u003c \"2017-01-02\".\n* sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime \u003c \"2017-01-02T00:00:00-05:00\".\n* sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = \"ABC\".\n* PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId(\"123456\", \"MRN\").\n* labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels.\"priority\"=\"high\". The operator :* can be used to assert the existence of a label. For example, labels.\"priority\":*.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.\n\nIf a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver","description_kind":"plain","required":true}},"description":"A list of notification configs. Each configuration uses a filter to determine whether to publish a\nmessage (both Ingest \u0026 Create) on the corresponding notification destination. Only the message name\nis sent as part of the notification. Supplied by the client.","description_kind":"plain"}},"parser_config":{"nesting_mode":"list","block":{"attributes":{"allow_null_header":{"type":"bool","description":"Determines whether messages with no header are allowed.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"JSON encoded string for schemas used to parse messages in this\nstore if schematized parsing is desired.","description_kind":"plain","optional":true},"segment_terminator":{"type":"string","description":"Byte(s) to be used as the segment terminator. If this is unset, '\\r' will be used as segment terminator.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The version of the unschematized parser to be used when a custom 'schema' is not set. Default value: \"V1\" Possible values: [\"V1\", \"V2\", \"V3\"]","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_pipeline_job":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Healthcare Dataset under which the Pipeline Job is to run","description_kind":"plain","required":true},"disable_lineage":{"type":"bool","description":"If true, disables writing lineage for the pipeline.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize Pipeline Jobs.\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, and must conform to the following PCRE regular expression:\n[\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\nLabel values are optional, must be between 1 and 63 characters long, have a\nUTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE\nregular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\nNo more than 64 labels can be associated with a given pipeline.\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location where the Pipeline Job is to run","description_kind":"plain","required":true},"name":{"type":"string","description":"Specifies the name of the pipeline job. This field is user-assigned.","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"backfill_pipeline_job":{"nesting_mode":"list","block":{"attributes":{"mapping_pipeline_job":{"type":"string","description":"Specifies the mapping pipeline job to backfill, the name format\nshould follow: projects/{projectId}/locations/{locationId}/datasets/{datasetId}/pipelineJobs/{pipelineJobId}.","description_kind":"plain","optional":true}},"description":"Specifies the backfill configuration.","description_kind":"plain"},"max_items":1},"mapping_pipeline_job":{"nesting_mode":"list","block":{"attributes":{"fhir_store_destination":{"type":"string","description":"If set, the mapping pipeline will write snapshots to this\nFHIR store without assigning stable IDs. You must\ngrant your pipeline project's Cloud Healthcare Service\nAgent serviceaccount healthcare.fhirResources.executeBundle\nand healthcare.fhirResources.create permissions on the\ndestination store. The destination store must set\n[disableReferentialIntegrity][FhirStore.disable_referential_integrity]\nto true. The destination store must use FHIR version R4.\nFormat: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{fhirStoreID}.","description_kind":"plain","optional":true},"reconciliation_destination":{"type":"bool","description":"If set to true, a mapping pipeline will send output snapshots\nto the reconciliation pipeline in its dataset. A reconciliation\npipeline must exist in this dataset before a mapping pipeline\nwith a reconciliation destination can be created.","description_kind":"plain","optional":true}},"block_types":{"fhir_streaming_source":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Describes the streaming FHIR data source.","description_kind":"plain","optional":true},"fhir_store":{"type":"string","description":"The path to the FHIR store in the format projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}.","description_kind":"plain","required":true}},"description":"A streaming FHIR data source.","description_kind":"plain"},"max_items":1},"mapping_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Describes the mapping configuration.","description_kind":"plain","optional":true}},"block_types":{"whistle_config_source":{"nesting_mode":"list","block":{"attributes":{"import_uri_prefix":{"type":"string","description":"Directory path where all the Whistle files are located.\nExample: gs://{bucket-id}/{path/to/import-root/dir}","description_kind":"plain","required":true},"uri":{"type":"string","description":"Main configuration file which has the entrypoint or the root function.\nExample: gs://{bucket-id}/{path/to/import-root/dir}/entrypoint-file-name.wstl.","description_kind":"plain","required":true}},"description":"Specifies the path to the mapping configuration for harmonization pipeline.","description_kind":"plain"},"max_items":1}},"description":"The location of the mapping configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies mapping configuration.","description_kind":"plain"},"max_items":1},"reconciliation_pipeline_job":{"nesting_mode":"list","block":{"attributes":{"fhir_store_destination":{"type":"string","description":"The harmonized FHIR store to write harmonized FHIR resources to,\nin the format of: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{id}","description_kind":"plain","optional":true},"matching_uri_prefix":{"type":"string","description":"Specifies the top level directory of the matching configs used\nin all mapping pipelines, which extract properties for resources\nto be matched on.\nExample: gs://{bucket-id}/{path/to/matching/configs}","description_kind":"plain","required":true}},"block_types":{"merge_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Describes the mapping configuration.","description_kind":"plain","optional":true}},"block_types":{"whistle_config_source":{"nesting_mode":"list","block":{"attributes":{"import_uri_prefix":{"type":"string","description":"Directory path where all the Whistle files are located.\nExample: gs://{bucket-id}/{path/to/import-root/dir}","description_kind":"plain","required":true},"uri":{"type":"string","description":"Main configuration file which has the entrypoint or the root function.\nExample: gs://{bucket-id}/{path/to/import-root/dir}/entrypoint-file-name.wstl.","description_kind":"plain","required":true}},"description":"Specifies the path to the mapping configuration for harmonization pipeline.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the location of the reconciliation configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies reconciliation configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_workspace":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The user labels. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the workspace, in the format 'projects/{projectId}/locations/{location}/datasets/{datasetId}/dataMapperWorkspaces/{workspaceId}'","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"data_project_ids":{"type":["list","string"],"description":"Project IDs for data projects hosted in a workspace.","description_kind":"plain","required":true}},"description":"Settings associated with this workspace.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_access_boundary_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"access_boundary_rule":{"nesting_mode":"list","block":{"attributes":{"available_permissions":{"type":["list","string"],"description":"A list of permissions that may be allowed for use on the specified resource.","description_kind":"plain","optional":true},"available_resource":{"type":"string","description":"The full resource name of a Google Cloud resource entity.","description_kind":"plain","optional":true}},"block_types":{"availability_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The availability condition further constrains the access allowed by the access boundary rule.","description_kind":"plain"},"max_items":1}},"description":"An access boundary rule in an IAM policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_deny_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"deny_rule":{"nesting_mode":"list","block":{"attributes":{"denied_permissions":{"type":["list","string"],"description":"The permissions that are explicitly denied by this rule. Each permission uses the format '{service-fqdn}/{resource}.{verb}',\nwhere '{service-fqdn}' is the fully qualified domain name for the service. For example, 'iam.googleapis.com/roles.list'.","description_kind":"plain","optional":true},"denied_principals":{"type":["list","string"],"description":"The identities that are prevented from using one or more permissions on Google Cloud resources.","description_kind":"plain","optional":true},"exception_permissions":{"type":["list","string"],"description":"Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.\nIf a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.\nThe excluded permissions can be specified using the same syntax as deniedPermissions.","description_kind":"plain","optional":true},"exception_principals":{"type":["list","string"],"description":"The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.\nFor example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.","description_kind":"plain","optional":true}},"block_types":{"denial_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A deny rule in an IAM deny policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_folders_policy_binding":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time when the policy binding was created.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. The description of the policy binding. Must be less than or equal to 63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The parent folder for the PolicyBinding.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the PolicyBinding.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the policy binding in the format '{binding_parent/locations/{location}/policyBindings/{policy_binding_id}'","description_kind":"plain","computed":true},"policy":{"type":"string","description":"Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).","description_kind":"plain","required":true},"policy_binding_id":{"type":"string","description":"The Policy Binding ID.","description_kind":"plain","required":true},"policy_kind":{"type":"string","description":"Immutable. The kind of the policy to attach in this binding. This\nfield must be one of the following: - Left empty (will be automatically set\nto the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS","description_kind":"plain","optional":true},"policy_uid":{"type":"string","description":"Output only. The globally unique ID of the policy to be bound.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the policy binding was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language\n(CEL) syntax. CEL is a C-like expression language. The syntax and semantics of\nCEL are documented at https://github.com/google/cel-spec.\nExample (Comparison):\ntitle: \\\"Summary size limit\\\"\ndescription: \\\"Determines if a summary is less than 100 chars\\\"\nexpression: \\\"document.summary.size() \u003c 100\\\"\nExample\n(Equality):\ntitle: \\\"Requestor is owner\\\"\ndescription: \\\"Determines if requestor is the document owner\\\"\nexpression: \\\"document.owner == request.auth.claims.email\\\" Example\n(Logic):\ntitle: \\\"Public documents\\\"\ndescription: \\\"Determine whether the document should be publicly visible\\\"\nexpression: \\\"document.type != 'private' \u0026\u0026 document.type != 'internal'\\\"\nExample (Data Manipulation):\ntitle: \\\"Notification string\\\"\ndescription: \\\"Create a notification string with a timestamp.\\\"\nexpression: \\\"'New message received at ' + string(document.create_time)\\\"\nThe exact variables and functions that may be referenced within an expression are\ndetermined by the service that evaluates it. See the service documentation for\nadditional information.","description_kind":"plain"},"max_items":1},"target":{"nesting_mode":"list","block":{"attributes":{"principal_set":{"type":"string","description":"Required. Immutable. The resource name of the policy to be bound.\nThe binding parent and policy must belong to the same Organization (or Project).","description_kind":"plain","optional":true}},"description":"Target is the full resource name of the resource to which the policy will be bound. Immutable once set.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_organizations_policy_binding":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time when the policy binding was created.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. The description of the policy binding. Must be less than or equal to 63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Policy Binding","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the policy binding in the format '{binding_parent/locations/{location}/policyBindings/{policy_binding_id}'","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent organization of the Policy Binding.","description_kind":"plain","required":true},"policy":{"type":"string","description":"Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).","description_kind":"plain","required":true},"policy_binding_id":{"type":"string","description":"The Policy Binding ID.","description_kind":"plain","required":true},"policy_kind":{"type":"string","description":"Immutable. The kind of the policy to attach in this binding. This\nfield must be one of the following: - Left empty (will be automatically set\nto the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS","description_kind":"plain","optional":true},"policy_uid":{"type":"string","description":"Output only. The globally unique ID of the policy to be bound.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the policy binding was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language\n(CEL) syntax. CEL is a C-like expression language. The syntax and semantics of\nCEL are documented at https://github.com/google/cel-spec.\nExample (Comparison):\ntitle: \\\"Summary size limit\\\"\ndescription: \\\"Determines if a summary is less than 100 chars\\\"\nexpression: \\\"document.summary.size() \u003c 100\\\"\nExample\n(Equality):\ntitle: \\\"Requestor is owner\\\"\ndescription: \\\"Determines if requestor is the document owner\\\"\nexpression: \\\"document.owner == request.auth.claims.email\\\" Example\n(Logic):\ntitle: \\\"Public documents\\\"\ndescription: \\\"Determine whether the document should be publicly visible\\\"\nexpression: \\\"document.type != 'private' \u0026\u0026 document.type != 'internal'\\\"\nExample (Data Manipulation):\ntitle: \\\"Notification string\\\"\ndescription: \\\"Create a notification string with a timestamp.\\\"\nexpression: \\\"'New message received at ' + string(document.create_time)\\\"\nThe exact variables and functions that may be referenced within an expression are\ndetermined by the service that evaluates it. See the service documentation for\nadditional information.","description_kind":"plain"},"max_items":1},"target":{"nesting_mode":"list","block":{"attributes":{"principal_set":{"type":"string","description":"Required. Immutable. The resource name of the policy to be bound.\nThe binding parent and policy must belong to the same Organization (or Project).","description_kind":"plain","optional":true}},"description":"Target is the full resource name of the resource to which the policy will be bound. Immutable once set.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_principal_access_boundary_policy":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User defined annotations. See https://google.aip.dev/148#annotations\nfor more details such as format and size limitations\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time when the principal access boundary policy was created.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The description of the principal access boundary policy. Must be less than or equal to 63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The etag for the principal access boundary. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location the principal access boundary policy is in.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of the principal access boundary policy. The following format is supported:\n 'organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}'","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent organization of the principal access boundary policy.","description_kind":"plain","required":true},"principal_access_boundary_policy_id":{"type":"string","description":"The ID to use to create the principal access boundary policy.\nThis value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. The globally unique ID of the principal access boundary policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the principal access boundary policy was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"details":{"nesting_mode":"list","block":{"attributes":{"enforcement_version":{"type":"string","description":"The version number that indicates which Google Cloud services\nare included in the enforcement (e.g. \\\"latest\\\", \\\"1\\\", ...). If empty, the\nPAB policy version will be set to the current latest version, and this version\nwon't get updated when new versions are released.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.","description_kind":"plain","optional":true},"effect":{"type":"string","description":"The access relationship of principals to the resources in this rule.\nPossible values: ALLOW","description_kind":"plain","required":true},"resources":{"type":["list","string"],"description":"A list of Cloud Resource Manager resources. The resource\nand all the descendants are included. The number of resources in a policy\nis limited to 500 across all rules.\nThe following resource types are supported:\n* Organizations, such as '//cloudresourcemanager.googleapis.com/organizations/123'.\n* Folders, such as '//cloudresourcemanager.googleapis.com/folders/123'.\n* Projects, such as '//cloudresourcemanager.googleapis.com/projects/123'\nor '//cloudresourcemanager.googleapis.com/projects/my-project-id'.","description_kind":"plain","required":true}},"description":"A list of principal access boundary policy rules. The number of rules in a policy is limited to 500.","description_kind":"plain"},"min_items":1}},"description":"Principal access boundary policy details","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_projects_policy_binding":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time when the policy binding was created.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. The description of the policy binding. Must be less than or equal to 63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Policy Binding","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the policy binding in the format '{binding_parent/locations/{location}/policyBindings/{policy_binding_id}'","description_kind":"plain","computed":true},"policy":{"type":"string","description":"Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).","description_kind":"plain","required":true},"policy_binding_id":{"type":"string","description":"The Policy Binding ID.","description_kind":"plain","required":true},"policy_kind":{"type":"string","description":"Immutable. The kind of the policy to attach in this binding. This\nfield must be one of the following: - Left empty (will be automatically set\nto the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS","description_kind":"plain","optional":true},"policy_uid":{"type":"string","description":"Output only. The globally unique ID of the policy to be bound.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the policy binding was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language\n(CEL) syntax. CEL is a C-like expression language. The syntax and semantics of\nCEL are documented at https://github.com/google/cel-spec.\nExample (Comparison):\ntitle: \\\"Summary size limit\\\"\ndescription: \\\"Determines if a summary is less than 100 chars\\\"\nexpression: \\\"document.summary.size() \u003c 100\\\"\nExample\n(Equality):\ntitle: \\\"Requestor is owner\\\"\ndescription: \\\"Determines if requestor is the document owner\\\"\nexpression: \\\"document.owner == request.auth.claims.email\\\" Example\n(Logic):\ntitle: \\\"Public documents\\\"\ndescription: \\\"Determine whether the document should be publicly visible\\\"\nexpression: \\\"document.type != 'private' \u0026\u0026 document.type != 'internal'\\\"\nExample (Data Manipulation):\ntitle: \\\"Notification string\\\"\ndescription: \\\"Create a notification string with a timestamp.\\\"\nexpression: \\\"'New message received at ' + string(document.create_time)\\\"\nThe exact variables and functions that may be referenced within an expression are\ndetermined by the service that evaluates it. See the service documentation for\nadditional information.","description_kind":"plain"},"max_items":1},"target":{"nesting_mode":"list","block":{"attributes":{"principal_set":{"type":"string","description":"Required. Immutable. The resource name of the policy to be bound.\nThe binding parent and policy must belong to the same Organization (or Project).","description_kind":"plain","optional":true}},"description":"Target is the full resource name of the resource to which the policy will be bound. Immutable once set.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A user-specified description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,\nor use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the pool.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Immutable. The resource name of the parent. Format: 'organizations/{org-id}'.","description_kind":"plain","required":true},"session_duration":{"type":"string","description":"Duration that the Google Cloud access tokens, console sign-in sessions,\nand 'gcloud' sign-in sessions from this pool are valid.\nMust be greater than 15 minutes (900s) and less than 12 hours (43200s).\nIf 'sessionDuration' is not configured, minted credentials have a default duration of one hour (3600s).\nA duration in seconds with up to nine fractional digits, ending with ''s''. Example: \"'3.5s'\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"Output only. The state of the pool.\n * STATE_UNSPECIFIED: State unspecified.\n * ACTIVE: The pool is active, and may be used in Google Cloud policies.\n * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted\n after approximately 30 days. You can restore a soft-deleted pool using\n [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).\n You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.\n While a pool is deleted, you cannot use it to exchange tokens, or use\n existing tokens to access resources. If the pool is undeleted, existing\n tokens grant access again.","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,\ndigits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"access_restrictions":{"nesting_mode":"list","block":{"attributes":{"disable_programmatic_signin":{"type":"bool","description":"Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.\nSee [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).","description_kind":"plain","optional":true}},"block_types":{"allowed_services":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the service.\nExample: console.cloud.google","description_kind":"plain","optional":true}},"description":"Services allowed for web sign-in with the workforce pool.\nIf not set by default there are no restrictions.","description_kind":"plain"}}},"description":"Configure access restrictions on the workforce pool users. This is an optional field. If specified web\nsign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"A [Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n 'google.profile_photo' and 'google.display_name' are not supported.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters.\nIf unspecified, all valid authentication credentials will be accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from the authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings.\n This is also the subject that appears in Cloud Logging logs. This is a required field and\n the mapped subject cannot exceed 127 bytes.\n * 'google.groups': Groups the authenticating user belongs to. You can grant groups access to\n resources using an IAM 'principalSet' binding; access applies to all members of the group.\n * 'google.display_name': The name of the authenticated user. This is an optional field and\n the mapped display name cannot exceed 100 bytes. If not set, 'google.subject' will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n * 'google.profile_photo': The URL that specifies the authenticated user's thumbnail photo.\n This is an optional field. When set, the image will be visible as the user's profile picture.\n If not set, a generic user icon will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}', where {custom_attribute}\nis the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.\nThe maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a workforce pool\nto Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor OIDC providers, you must supply a custom mapping that includes the 'google.subject' attribute.\nFor example, the following maps the sub claim of the incoming credential to the 'subject' attribute\non a Google token:\n'''\n{\"google.subject\": \"assertion.sub\"}\n'''\n\nAn object containing a list of '\"key\": value' pairs.\nExample: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-specified description of the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the provider.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}'","description_kind":"plain","computed":true},"provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name.\nThis value must be 4-32 characters, and may contain the characters [a-z0-9-].\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently\n deleted after approximately 30 days. You can restore a soft-deleted provider using\n [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name.\nThe IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.\nIt must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"extra_attributes_oauth2_client":{"nesting_mode":"list","block":{"attributes":{"attributes_type":{"type":"string","description":"Represents the IdP and type of claims that should be fetched.\n* AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided\nin ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.\nSee https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on\n'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: [\"AZURE_AD_GROUPS_MAIL\"]","description_kind":"plain","required":true},"client_id":{"type":"string","description":"The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.","description_kind":"plain"},"min_items":1,"max_items":1},"query_parameters":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the\nfilter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The\ngroups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.","description_kind":"plain","optional":true}},"description":"Represents the parameters to control which claims are fetched from an IdP.","description_kind":"plain"},"max_items":1}},"description":"The configuration for OAuth 2.0 client used to get the additional user\nattributes. This should be used when users can't get the desired claims\nin authentication credentials. Currently this configuration is only\nsupported with OIDC protocol.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID. Must match the audience claim of the JWT issued by the identity provider.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URI. Must be a valid URI using the 'https' scheme.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true,"sensitive":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The optional client secret. Required to enable Authorization Code flow for web sign-in.","description_kind":"plain"},"max_items":1},"web_sso_config":{"nesting_mode":"list","block":{"attributes":{"additional_scopes":{"type":["list","string"],"description":"Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the 'openid', 'profile' and 'email' scopes that are supported by the identity provider are requested.\nEach additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.","description_kind":"plain","optional":true},"assertion_claims_behavior":{"type":"string","description":"The behavior for how OIDC Claims are included in the 'assertion' object used for attribute mapping and attribute condition.\n* MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.\n* ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values: [\"MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS\", \"ONLY_ID_TOKEN_CLAIMS\"]","description_kind":"plain","required":true},"response_type":{"type":"string","description":"The Response Type to request for in the OIDC Authorization Request for web sign-in.\n\nThe 'CODE' Response Type is recommended to avoid the Implicit Flow, for security reasons.\n* CODE: The 'response_type=code' selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.\n* ID_TOKEN: The 'response_type=id_token' selection uses the Implicit Flow for web sign-in. Possible values: [\"CODE\", \"ID_TOKEN\"]","description_kind":"plain","required":true}},"description":"Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.","description_kind":"plain"},"max_items":1}},"description":"Represents an OpenId Connect 1.0 identity provider.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.\nThe xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).\nThe max size of the acceptable xml document will be bounded to 128k characters.\n\nThe metadata xml document should satisfy the following constraints:\n1) Must contain an Identity Provider Entity ID.\n2) Must contain at least one non-expired signing key certificate.\n3) For each signing key:\n a) Valid from should be no more than 7 days from now.\n b) Valid to should be no more than 10 years in the future.\n4) Up to 3 IdP signing keys are allowed in the metadata xml.\n\nWhen updating the provider's metadata xml, at least one non-expired signing key\nmust overlap with the existing metadata. This requirement is skipped if there are\nno non-expired signing keys present in the existing metadata.","description_kind":"plain","required":true}},"description":"Represents a SAML identity provider.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use\nexisting tokens to access resources. If the pool is re-enabled, existing tokens grant\naccess again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the pool. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the pool as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pool.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The pool is active, and may be used in Google Cloud policies.\n* DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after\n approximately 30 days. You can restore a soft-deleted pool using\n UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is\n permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or\n use existing tokens to access resources. If the pool is undeleted, existing tokens grant\n access again.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"[A Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters. If\nunspecified, all valid authentication credential are accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups'\nvalue of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value\n in IAM bindings. This is also the subject that appears in Cloud Logging logs.\n Cannot exceed 127 characters.\n * 'google.groups': Groups the external identity belongs to. You can grant groups\n access to resources using an IAM 'principalSet' binding; access applies to all\n members of the group.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}',\nwhere '{custom_attribute}' is the name of the custom attribute to be mapped. You can\ndefine a maximum of 50 custom attributes. The maximum length of a mapped attribute key\nis 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a\nworkload to Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor AWS providers, the following rules apply:\n - If no attribute mapping is defined, the following default mapping applies:\n '''\n {\n \"google.subject\":\"assertion.arn\",\n \"attribute.aws_role\":\n \"assertion.arn.contains('assumed-role')\"\n \" ? assertion.arn.extract('{account_arn}assumed-role/')\"\n \" + 'assumed-role/'\"\n \" + assertion.arn.extract('assumed-role/{role_name}/')\"\n \" : assertion.arn\",\n }\n '''\n - If any custom attribute mappings are defined, they must include a mapping to the\n 'google.subject' attribute.\n\nFor OIDC providers, the following rules apply:\n - Custom attribute mappings must be defined, and must include a mapping to the\n 'google.subject' attribute. For example, the following maps the 'sub' claim of the\n incoming credential to the 'subject' attribute on a Google token.\n '''\n {\"google.subject\": \"assertion.sub\"}\n '''","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description for the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the provider as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active, and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted\n after approximately 30 days. You can restore a soft-deleted provider using\n UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider\n until it is permanently deleted.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID used for the pool, which is the final component of the pool resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"workload_identity_pool_provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name. This\nvalue must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"attributes":{"account_id":{"type":"string","description":"The AWS account ID.","description_kind":"plain","required":true}},"description":"An Amazon Web Services identity provider. Not compatible with the property oidc or saml.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"allowed_audiences":{"type":["list","string"],"description":"Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange\nrequests are rejected if the token audience does not match one of the configured\nvalues. Each audience may be at most 256 characters. A maximum of 10 audiences may\nbe configured.\n\nIf this list is empty, the OIDC token audience must be equal to the full canonical\nresource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.\nFor example:\n'''\n//iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\nhttps://iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\n'''","description_kind":"plain","optional":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URL.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"description":"An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.","description_kind":"plain","required":true}},"description":"An SAML 2.0 identity provider. Not compatible with the property oidc or aws.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"x509":{"nesting_mode":"list","block":{"block_types":{"trust_store":{"nesting_mode":"list","block":{"block_types":{"intermediate_cas":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM certificate of the PKI used for validation. Must only contain one\nca certificate(either root or intermediate cert).","description_kind":"plain","optional":true}},"description":"Set of intermediate CA certificates used for building the trust chain to\ntrust anchor.\nIMPORTANT: Intermediate CAs are only supported when configuring x509 federation.","description_kind":"plain"}},"trust_anchors":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM certificate of the PKI used for validation. Must only contain one\nca certificate(either root or intermediate cert).","description_kind":"plain","optional":true}},"description":"List of Trust Anchors to be used while performing validation\nagainst a given TrustStore. The incoming end entity's certificate\nmust be chained up to one of the trust anchors here.","description_kind":"plain"},"min_items":1}},"description":"A Trust store, use this trust store as a wrapper to config the trust\nanchor and optional intermediate cas to help build the trust chain for\nthe incoming end entity certificate. Follow the x509 guidelines to\ndefine those PEM encoded certs. Only 1 trust store is currently\nsupported.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An X.509-type identity provider represents a CA. It is trusted to assert a\nclient identity if the client has a certificate that chains up to this CA.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_brand":{"version":0,"block":{"attributes":{"application_title":{"type":"string","description":"Application name displayed on OAuth consent screen.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'\nNOTE: The name can also be expressed as 'projects/{project_id}/brands/{brand_id}', e.g. when importing.\nNOTE: The brand identification corresponds to the project number as only one\nbrand can be created per project.","description_kind":"plain","computed":true},"org_internal_only":{"type":"bool","description":"Whether the brand is only intended for usage inside the GSuite organization only.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"support_email":{"type":"string","description":"Support email displayed on the OAuth consent screen. Can be either a\nuser or group email. When a user email is specified, the caller must\nbe the user with the associated email address. When a group email is\nspecified, the caller can be either a user or a service account which\nis an owner of the specified group in Cloud Identity.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the IAP protected resource. Name can have below resources:\n* organizations/{organization_id}\n* folders/{folder_id}\n* projects/{project_id}\n* projects/{project_id}/iap_web\n* projects/{project_id}/iap_web/compute\n* projects/{project_id}/iap_web/compute-{region}\n* projects/{project_id}/iap_web/compute/services/{service_id}\n* projects/{project_id}/iap_web/compute-{region}/services/{service_id}\n* projects/{project_id}/iap_web/appengine-{app_id}\n* projects/{project_id}/iap_web/appengine-{app_id}/services/{service_id}\n* projects/{project_id}/iap_web/appengine-{app_id}/services/{service_id}/version/{version_id}","description_kind":"plain","required":true}},"block_types":{"access_settings":{"nesting_mode":"list","block":{"attributes":{"identity_sources":{"type":["list","string"],"description":"Identity sources that IAP can use to authenticate the end user. Only one identity source\ncan be configured. The possible values are:\n\n* 'WORKFORCE_IDENTITY_FEDERATION': Use external identities set up on Google Cloud Workforce\n \t\t\t\t Identity Federation. Possible values: [\"WORKFORCE_IDENTITY_FEDERATION\"]","description_kind":"plain","optional":true}},"block_types":{"allowed_domains_settings":{"nesting_mode":"list","block":{"attributes":{"domains":{"type":["list","string"],"description":"List of trusted domains.","description_kind":"plain","optional":true},"enable":{"type":"bool","description":"Configuration for customers to opt in for the feature.","description_kind":"plain","optional":true}},"description":"Settings to configure and enable allowed domains.","description_kind":"plain"},"max_items":1},"cors_settings":{"nesting_mode":"list","block":{"attributes":{"allow_http_options":{"type":"bool","description":"Configuration to allow HTTP OPTIONS calls to skip authorization.\nIf undefined, IAP will not apply any special logic to OPTIONS requests.","description_kind":"plain","optional":true}},"description":"Configuration to allow cross-origin requests via IAP.","description_kind":"plain"},"max_items":1},"gcip_settings":{"nesting_mode":"list","block":{"attributes":{"login_page_uri":{"type":"string","description":"Login page URI associated with the GCIP tenants. Typically, all resources within\nthe same project share the same login page, though it could be overridden at the\nsub resource level.","description_kind":"plain","optional":true},"tenant_ids":{"type":["list","string"],"description":"GCIP tenant ids that are linked to the IAP resource. tenantIds could be a string\nbeginning with a number character to indicate authenticating with GCIP tenant flow,\nor in the format of _ to indicate authenticating with GCIP agent flow. If agent flow\nis used, tenantIds should only contain one single element, while for tenant flow,\ntenantIds can contain multiple elements.","description_kind":"plain","optional":true}},"description":"GCIP claims and endpoint configurations for 3p identity providers.\n* Enabling gcipSetting significantly changes the way IAP authenticates users. Identity Platform does not support IAM, so IAP will not enforce any IAM policies for requests to your application.","description_kind":"plain"},"max_items":1},"oauth_settings":{"nesting_mode":"list","block":{"attributes":{"login_hint":{"type":"string","description":"Domain hint to send as hd=? parameter in OAuth request flow.\nEnables redirect to primary IDP by skipping Google's login screen.\n(https://developers.google.com/identity/protocols/OpenIDConnect#hd-param)\nNote: IAP does not verify that the id token's hd claim matches this value\nsince access behavior is managed by IAM policies.\n* loginHint setting is not a replacement for access control. Always enforce an appropriate access policy if you want to restrict access to users outside your domain.","description_kind":"plain","optional":true},"programmatic_clients":{"type":["list","string"],"description":"List of client ids allowed to use IAP programmatically.","description_kind":"plain","optional":true}},"description":"Settings to configure IAP's OAuth behavior.","description_kind":"plain"},"max_items":1},"reauth_settings":{"nesting_mode":"list","block":{"attributes":{"max_age":{"type":"string","description":"Reauth session lifetime, how long before a user has to reauthenticate again.\nA duration in seconds with up to nine fractional digits, ending with 's'.\nExample: \"3.5s\".","description_kind":"plain","required":true},"method":{"type":"string","description":"Reauth method requested. The possible values are:\n\n* 'LOGIN': Prompts the user to log in again.\n* 'SECURE_KEY': User must use their secure key 2nd factor device.\n* 'ENROLLED_SECOND_FACTORS': User can use any enabled 2nd factor. Possible values: [\"LOGIN\", \"SECURE_KEY\", \"ENROLLED_SECOND_FACTORS\"]","description_kind":"plain","required":true},"policy_type":{"type":"string","description":"How IAP determines the effective policy in cases of hierarchical policies.\nPolicies are merged from higher in the hierarchy to lower in the hierarchy.\nThe possible values are:\n\n* 'MINIMUM': This policy acts as a minimum to other policies, lower in the hierarchy.\n\t\t Effective policy may only be the same or stricter.\n* 'DEFAULT': This policy acts as a default if no other reauth policy is set. Possible values: [\"MINIMUM\", \"DEFAULT\"]","description_kind":"plain","required":true}},"description":"Settings to configure reauthentication policies in IAP.","description_kind":"plain"},"max_items":1},"workforce_identity_settings":{"nesting_mode":"list","block":{"attributes":{"workforce_pools":{"type":["list","string"],"description":"The workforce pool resources. Only one workforce pool is accepted.","description_kind":"plain","optional":true}},"block_types":{"oauth2":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The OAuth 2.0 client ID registered in the workforce identity\nfederation OAuth 2.0 Server.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"Input only. The OAuth 2.0 client secret created while registering\nthe client ID.","description_kind":"plain","optional":true,"sensitive":true},"client_secret_sha256":{"type":"string","description":"Output only. SHA256 hash value for the client secret. This field\nis returned by IAP when the settings are retrieved.","description_kind":"plain","computed":true}},"description":"OAuth 2.0 settings for IAP to perform OIDC flow with workforce identity\nfederation services.","description_kind":"plain"},"max_items":1}},"description":"Settings to configure the workforce identity federation, including workforce pools\nand OAuth 2.0 settings.","description_kind":"plain"},"max_items":1}},"description":"Top level wrapper for all access related setting in IAP.","description_kind":"plain"},"max_items":1},"application_settings":{"nesting_mode":"list","block":{"attributes":{"cookie_domain":{"type":"string","description":"The Domain value to set for cookies generated by IAP. This value is not validated by the API,\nbut will be ignored at runtime if invalid.","description_kind":"plain","optional":true}},"block_types":{"access_denied_page_settings":{"nesting_mode":"list","block":{"attributes":{"access_denied_page_uri":{"type":"string","description":"The URI to be redirected to when access is denied.","description_kind":"plain","optional":true},"generate_troubleshooting_uri":{"type":"bool","description":"Whether to generate a troubleshooting URL on access denied events to this application.","description_kind":"plain","optional":true},"remediation_token_generation_enabled":{"type":"bool","description":"Whether to generate remediation token on access denied events to this application.","description_kind":"plain","optional":true}},"description":"Customization for Access Denied page. IAP allows customers to define a custom URI\nto use as the error page when access is denied to users. If IAP prevents access\nto this page, the default IAP error page will be displayed instead.","description_kind":"plain"},"max_items":1},"attribute_propagation_settings":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether the provided attribute propagation settings should be evaluated on user requests.\nIf set to true, attributes returned from the expression will be propagated in the set output credentials.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Raw string CEL expression. Must return a list of attributes. A maximum of 45 attributes can\nbe selected. Expressions can select different attribute types from attributes:\nattributes.saml_attributes, attributes.iap_attributes.","description_kind":"plain","optional":true},"output_credentials":{"type":["list","string"],"description":"Which output credentials attributes selected by the CEL expression should be propagated in.\nAll attributes will be fully duplicated in each selected output credential.\nPossible values are:\n\n* 'HEADER': Propagate attributes in the headers with \"x-goog-iap-attr-\" prefix.\n* 'JWT': Propagate attributes in the JWT of the form:\n \"additional_claims\": { \"my_attribute\": [\"value1\", \"value2\"] }\n* 'RCTOKEN': Propagate attributes in the RCToken of the form: \"\n additional_claims\": { \"my_attribute\": [\"value1\", \"value2\"] } Possible values: [\"HEADER\", \"JWT\", \"RCTOKEN\"]","description_kind":"plain","optional":true}},"description":"Settings to configure attribute propagation.","description_kind":"plain"},"max_items":1},"csm_settings":{"nesting_mode":"list","block":{"attributes":{"rctoken_aud":{"type":"string","description":"Audience claim set in the generated RCToken. This value is not validated by IAP.","description_kind":"plain","optional":true}},"description":"Settings to configure IAP's behavior for a service mesh.","description_kind":"plain"},"max_items":1}},"description":"Top level wrapper for all application related settings in IAP.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_dest_group":{"version":0,"block":{"attributes":{"cidrs":{"type":["list","string"],"description":"List of CIDRs that this group applies to.","description_kind":"plain","optional":true},"fqdns":{"type":["list","string"],"description":"List of FQDNs that this group applies to.","description_kind":"plain","optional":true},"group_name":{"type":"string","description":"Unique tunnel destination group name.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full resource name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tunnel group. Must be the same as the network resources in the group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_binding":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_member":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_policy":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_identity_platform_config":{"version":0,"block":{"attributes":{"authorized_domains":{"type":["list","string"],"description":"List of domains authorized for OAuth redirects.","description_kind":"plain","optional":true,"computed":true},"autodelete_anonymous_users":{"type":"bool","description":"Whether anonymous users will be auto-deleted after a period of 30 days","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blocking_functions":{"nesting_mode":"list","block":{"block_types":{"forward_inbound_credentials":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's access token.","description_kind":"plain","optional":true},"id_token":{"type":"bool","description":"Whether to pass the user's OIDC identity provider's ID token.","description_kind":"plain","optional":true},"refresh_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's refresh token.","description_kind":"plain","optional":true}},"description":"The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.","description_kind":"plain"},"max_items":1},"triggers":{"nesting_mode":"set","block":{"attributes":{"event_type":{"type":"string","description_kind":"plain","required":true},"function_uri":{"type":"string","description":"HTTP URI trigger for the Cloud Function.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"When the trigger was changed.","description_kind":"plain","computed":true}},"description":"Map of Trigger to event type. Key should be one of the supported event types: \"beforeCreate\", \"beforeSignIn\".","description_kind":"plain"},"min_items":1}},"description":"Configuration related to blocking functions.","description_kind":"plain"},"max_items":1},"client":{"nesting_mode":"list","block":{"attributes":{"api_key":{"type":"string","description":"API key that can be used when making requests for this project.","description_kind":"plain","computed":true,"sensitive":true},"firebase_subdomain":{"type":"string","description":"Firebase subdomain.","description_kind":"plain","computed":true}},"block_types":{"permissions":{"nesting_mode":"list","block":{"attributes":{"disabled_user_deletion":{"type":"bool","description":"When true, end users cannot delete their account on the associated project through any of our API methods","description_kind":"plain","optional":true},"disabled_user_signup":{"type":"bool","description":"When true, end users cannot sign up for a new account on the associated project through any of our API methods","description_kind":"plain","optional":true}},"description":"Configuration related to restricting a user's ability to affect their account.","description_kind":"plain"},"max_items":1}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"mfa":{"nesting_mode":"list","block":{"attributes":{"enabled_providers":{"type":["list","string"],"description":"A list of usable second factors for this project. Possible values: [\"PHONE_SMS\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"provider_configs":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"totp_provider_config":{"nesting_mode":"list","block":{"attributes":{"adjacent_intervals":{"type":"number","description":"The allowed number of adjacent intervals that will be used for verification to avoid clock skew.","description_kind":"plain","optional":true}},"description":"TOTP MFA provider config for this project.","description_kind":"plain"},"max_items":1}},"description":"A list of usable second factors for this project along with their configurations.\nThis field does not support phone based MFA, for that use the 'enabledProviders' field.","description_kind":"plain"}}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"monitoring":{"nesting_mode":"list","block":{"block_types":{"request_logging":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether logging is enabled for this project or not.","description_kind":"plain","optional":true}},"description":"Configuration for logging requests made to this project to Stackdriver Logging","description_kind":"plain"},"max_items":1}},"description":"Configuration related to monitoring project activity.","description_kind":"plain"},"max_items":1},"multi_tenant":{"nesting_mode":"list","block":{"attributes":{"allow_tenants":{"type":"bool","description":"Whether this project can have tenants or not.","description_kind":"plain","optional":true},"default_tenant_location":{"type":"string","description":"The default cloud parent org or folder that the tenant project should be created under.\nThe parent resource name should be in the format of \"/\", such as \"folders/123\" or \"organizations/456\".\nIf the value is not set, the tenant will be created under the same organization or folder as the agent project.","description_kind":"plain","optional":true}},"description":"Configuration related to multi-tenant functionality.","description_kind":"plain"},"max_items":1},"quota":{"nesting_mode":"list","block":{"block_types":{"sign_up_quota_config":{"nesting_mode":"list","block":{"attributes":{"quota":{"type":"number","description":"A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000.","description_kind":"plain","optional":true},"quota_duration":{"type":"string","description":"How long this quota will be active for. It is measurred in seconds, e.g., Example: \"9.615s\".","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"When this quota will take affect.","description_kind":"plain","optional":true}},"description":"Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to quotas.","description_kind":"plain"},"max_items":1},"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","required":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","required":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"sms_region_config":{"nesting_mode":"list","block":{"block_types":{"allow_by_default":{"nesting_mode":"list","block":{"attributes":{"disallowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.","description_kind":"plain"},"max_items":1},"allowlist_only":{"nesting_mode":"list","block":{"attributes":{"allowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of only allowing regions by explicitly adding them to an allowlist.","description_kind":"plain"},"max_items":1}},"description":"Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the DefaultSupportedIdpConfig resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The IdP's x509 certificate.","description_kind":"plain","optional":true}},"description":"The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","optional":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","optional":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant":{"version":0,"block":{"attributes":{"allow_password_signup":{"type":"bool","description":"Whether to allow email/password user authentication.","description_kind":"plain","optional":true},"disable_auth":{"type":"bool","description":"Whether authentication is disabled for the tenant. If true, the users under\nthe disabled tenant are not allowed to sign-in. Admins of the disabled tenant\nare not able to manage its users.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name of the tenant.","description_kind":"plain","required":true},"enable_email_link_signin":{"type":"bool","description":"Whether to enable email link user authentication.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the tenant that is generated by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the default supported IDP config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this DefaultSupportedIdpConfig resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this inbound SAML config resource exists","description_kind":"plain","required":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The x509 certificate","description_kind":"plain","optional":true}},"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","required":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","required":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this OIDC IDP configuration resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_connection":{"version":0,"block":{"attributes":{"connection_revision":{"type":"string","description":"Connection revision. This field is only updated when the connection is created or updated by User.","description_kind":"plain","computed":true},"connector_version":{"type":"string","description":"connectorVersion of the Connector.","description_kind":"plain","required":true},"connector_version_infra_config":{"type":["list",["object",{"ratelimit_threshold":"string"}]],"description":"This configuration provides infra configs like rate limit threshold which need to be configurable for every connector version.","description_kind":"plain","computed":true},"connector_version_launch_stage":{"type":"string","description":"Flag to mark the version indicating the launch stage.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An arbitrary description for the Connection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"eventing_enablement_type":{"type":"string","description":"Eventing enablement type. Will be nil if eventing is not enabled. Possible values: [\"EVENTING_AND_CONNECTION\", \"ONLY_EVENTING\"]","description_kind":"plain","optional":true},"eventing_runtime_data":{"type":["list",["object",{"events_listener_endpoint":"string","status":["list",["object",{"description":"string","state":"string"}]]}]],"description":"Eventing Runtime Data.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Connection needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Connection needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Service account needed for runtime plane to access Google Cloud resources.","description_kind":"plain","optional":true,"computed":true},"service_directory":{"type":"string","description":"The name of the Service Directory service name. Used for Private Harpoon to resolve the ILB address.\ne.g. \"projects/cloud-connectors-e2e-testing/locations/us-central1/namespaces/istio-system/services/istio-ingressgateway-connectors\"","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"description":"string","state":"string","status":"string"}]],"description":"Status of the Integration Connector.","description_kind":"plain","computed":true},"subscription_type":{"type":"string","description":"This subscription type enum states the subscription type of the project.","description_kind":"plain","computed":true},"suspended":{"type":"bool","description":"Suspended indicates if a user has suspended a connection or not.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"AUTH_TYPE_UNSPECIFIED\", \"USER_PASSWORD\", \"OAUTH2_JWT_BEARER\", \"OAUTH2_CLIENT_CREDENTIALS\", \"SSH_PUBLIC_KEY\", \"OAUTH2_AUTH_CODE_FLOW\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encryption key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"oauth2_auth_code_flow":{"nesting_mode":"list","block":{"attributes":{"auth_uri":{"type":"string","description":"Auth URL for Authorization Code Flow.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"Client ID for user-provided OAuth app.","description_kind":"plain","optional":true},"enable_pkce":{"type":"bool","description":"Whether to enable PKCE when the user performs the auth code flow.","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description":"Scopes the connection will request when the user performs the auth code flow.","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Client secret for user-provided OAuth app.","description_kind":"plain"},"max_items":1}},"description":"Parameters to support Oauth 2.0 Auth Code Grant Authentication.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"Secret version of Password for Authentication.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing the client secret.","description_kind":"plain"},"max_items":1}},"description":"OAuth3 Client Credentials for Authentication.","description_kind":"plain"},"max_items":1},"oauth2_jwt_bearer":{"nesting_mode":"list","block":{"block_types":{"client_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing a PKCS#8 PEM-encoded private key associated with the Client Certificate.\nThis private key will be used to sign JWTs used for the jwt-bearer authorization grant.\nSpecified in the form as: projects/*/secrets/*/versions/*.","description_kind":"plain"},"max_items":1},"jwt_claims":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Value for the \"aud\" claim.","description_kind":"plain","optional":true},"issuer":{"type":"string","description":"Value for the \"iss\" claim.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"Value for the \"sub\" claim.","description_kind":"plain","optional":true}},"description":"JwtClaims providers fields to generate the token.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 JWT Bearer for Authentication.","description_kind":"plain"},"max_items":1},"ssh_public_key":{"nesting_mode":"list","block":{"attributes":{"cert_type":{"type":"string","description":"Format of SSH Client cert.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The user account used to authenticate.","description_kind":"plain","required":true}},"block_types":{"ssh_client_cert":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"SSH Client Cert. It should contain both public and private key.","description_kind":"plain"},"max_items":1},"ssh_client_cert_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password (passphrase) for ssh client certificate if it has one.","description_kind":"plain"},"max_items":1}},"description":"SSH Public Key for Authentication.","description_kind":"plain"},"max_items":1},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","required":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"authConfig for the connection.","description_kind":"plain"},"max_items":1},"config_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encryption key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"Config Variables for the connection.","description_kind":"plain"}},"destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The key is the destination identifier that is supported by the Connector.","description_kind":"plain","required":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"For publicly routable host.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port is the target port number that is accepted by the destination.","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"PSC service attachments. Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","optional":true}},"description":"The destinations for the key.","description_kind":"plain"}}},"description":"Define the Connectors target endpoint.","description_kind":"plain"}},"eventing_config":{"nesting_mode":"list","block":{"attributes":{"enrichment_enabled":{"type":"bool","description":"Enrichment Enabled.","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encryption key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encryption key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","optional":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"authConfig for Eventing Configuration.","description_kind":"plain"},"max_items":1},"registration_destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Key for the connection","description_kind":"plain","optional":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Host","description_kind":"plain","optional":true},"port":{"type":"number","description":"port number","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"Service Attachment","description_kind":"plain","optional":true}},"description":"destinations for the connection","description_kind":"plain"}}},"description":"registrationDestinationConfig","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Eventing Configuration of a connection","description_kind":"plain"},"max_items":1},"lock_config":{"nesting_mode":"list","block":{"attributes":{"locked":{"type":"bool","description":"Indicates whether or not the connection is locked.","description_kind":"plain","required":true},"reason":{"type":"string","description":"Describes why a connection is locked.","description_kind":"plain","optional":true}},"description":"Determines whether or no a connection is locked. If locked, a reason must be specified.","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enabled represents whether logging is enabled or not for a connection.","description_kind":"plain","required":true}},"description":"Log configuration for the connection.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true}},"description":"Node configuration for the connection.","description_kind":"plain"},"max_items":1},"ssl_config":{"nesting_mode":"list","block":{"attributes":{"client_cert_type":{"type":"string","description":"Type of Client Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"server_cert_type":{"type":"string","description":"Type of Server Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"trust_model":{"type":"string","description":"Enum for Trust Model Possible values: [\"PUBLIC\", \"PRIVATE\", \"INSECURE\"]","description_kind":"plain","optional":true},"type":{"type":"string","description":"Enum for controlling the SSL Type (TLS/MTLS) Possible values: [\"TLS\", \"MTLS\"]","description_kind":"plain","required":true},"use_ssl":{"type":"bool","description":"Bool for enabling SSL","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The\nexpected format: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encryption key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"Additional SSL related field values.","description_kind":"plain"}},"client_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Certificate","description_kind":"plain"},"max_items":1},"client_private_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Private Key","description_kind":"plain"},"max_items":1},"client_private_key_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret containing the passphrase protecting the Client Private Key","description_kind":"plain"},"max_items":1},"private_server_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Private Server Certificate. Needs to be specified if trust model is PRIVATE.","description_kind":"plain"},"max_items":1}},"description":"SSL Configuration of a connection","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_endpoint_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_global_access":{"type":"bool","description":"Enable global access for endpoint attachment.","description_kind":"plain","optional":true},"endpoint_ip":{"type":"string","description":"The Private Service Connect connection endpoint ip.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_attachment":{"type":"string","description":"The path of the service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_managed_zone":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the resource.","description_kind":"plain","optional":true},"dns":{"type":"string","description":"DNS Name of the resource.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of Managed Zone needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"target_project":{"type":"string","description":"The name of the Target Project.","description_kind":"plain","required":true},"target_vpc":{"type":"string","description":"The name of the Target Project VPC Network.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integrations_auth_config":{"version":0,"block":{"attributes":{"certificate_id":{"type":"string","description":"Certificate id for client certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp when the auth config is created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"creator_email":{"type":"string","description":"The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call.","description_kind":"plain","computed":true},"credential_type":{"type":"string","description":"Credential type of the encrypted credential.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the auth config.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of the auth config.","description_kind":"plain","required":true},"encrypted_credential":{"type":"string","description":"Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key.\n\nA base64-encoded string.","description_kind":"plain","computed":true},"expiry_notification_duration":{"type":["list","string"],"description":"User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modifier_email":{"type":"string","description":"The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location in which client needs to be provisioned.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the auth config.","description_kind":"plain","computed":true},"override_valid_time":{"type":"string","description":"User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reason":{"type":"string","description":"The reason / details of the current status.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The status of the auth config.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the auth config is modified.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_time":{"type":"string","description":"The time until the auth config is valid. Empty or max value is considered the auth config won't expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The visibility of the auth config. Possible values: [\"PRIVATE\", \"CLIENT_VISIBLE\"]","description_kind":"plain","optional":true}},"block_types":{"client_certificate":{"nesting_mode":"list","block":{"attributes":{"encrypted_private_key":{"type":"string","description":"The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.","description_kind":"plain","required":true},"passphrase":{"type":"string","description":"'passphrase' should be left unset if private key is not encrypted.\nNote that 'passphrase' is not the password for web server, but an extra layer of security to protected private key.","description_kind":"plain","optional":true},"ssl_certificate":{"type":"string","description":"The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.","description_kind":"plain","required":true}},"description":"Raw client certificate","description_kind":"plain"},"max_items":1},"decrypted_credential":{"nesting_mode":"list","block":{"attributes":{"credential_type":{"type":"string","description":"Credential type associated with auth configs.","description_kind":"plain","required":true}},"block_types":{"auth_token":{"nesting_mode":"list","block":{"attributes":{"token":{"type":"string","description":"The token for the auth type.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Authentication type, e.g. \"Basic\", \"Bearer\", etc.","description_kind":"plain","optional":true}},"description":"Auth token credential.","description_kind":"plain"},"max_items":1},"jwt":{"nesting_mode":"list","block":{"attributes":{"jwt":{"type":"string","description":"The token calculated by the header, payload and signature.","description_kind":"plain","computed":true},"jwt_header":{"type":"string","description":"Identifies which algorithm is used to generate the signature.","description_kind":"plain","optional":true},"jwt_payload":{"type":"string","description":"Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"User's pre-shared secret to sign the token.","description_kind":"plain","optional":true}},"description":"JWT credential.","description_kind":"plain"},"max_items":1},"oauth2_authorization_code":{"nesting_mode":"list","block":{"attributes":{"auth_endpoint":{"type":"string","description":"The auth url endpoint to send the auth code request to.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The client's id.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The client's secret.","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"token_endpoint":{"type":"string","description":"The token url endpoint to send the token request to.","description_kind":"plain","optional":true}},"description":"OAuth2 authorization code credential.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client's ID.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The client's secret.","description_kind":"plain","optional":true},"request_type":{"type":"string","description":"Represent how to pass parameters to fetch access token Possible values: [\"REQUEST_TYPE_UNSPECIFIED\", \"REQUEST_BODY\", \"QUERY_PARAMETERS\", \"ENCODED_HEADER\"]","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"token_endpoint":{"type":"string","description":"The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.","description_kind":"plain","optional":true}},"block_types":{"token_params":{"nesting_mode":"list","block":{"block_types":{"entries":{"nesting_mode":"list","block":{"block_types":{"key":{"nesting_mode":"list","block":{"block_types":{"literal_value":{"nesting_mode":"list","block":{"attributes":{"string_value":{"type":"string","description":"String.","description_kind":"plain","optional":true}},"description":"Passing a literal value","description_kind":"plain"},"max_items":1}},"description":"Key of the map entry.","description_kind":"plain"},"max_items":1},"value":{"nesting_mode":"list","block":{"block_types":{"literal_value":{"nesting_mode":"list","block":{"attributes":{"string_value":{"type":"string","description":"String.","description_kind":"plain","optional":true}},"description":"Passing a literal value","description_kind":"plain"},"max_items":1}},"description":"Value of the map entry.","description_kind":"plain"},"max_items":1}},"description":"A list of parameter map entries.","description_kind":"plain"}}},"description":"Token parameters for the auth request.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 client credentials.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The service account email to be used as the identity for the token.","description_kind":"plain","optional":true},"token":{"type":"string","description":"ID token obtained for the service account.","description_kind":"plain","computed":true},"token_expire_time":{"type":"string","description":"The approximate time until the token retrieved is valid.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description":"Google OIDC ID Token.","description_kind":"plain"},"max_items":1},"service_account_credentials":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Name of the service account that has the permission to make the request.","description_kind":"plain","optional":true}},"description":"Service account credential.","description_kind":"plain"},"max_items":1},"username_and_password":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password to be used.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username to be used.","description_kind":"plain","optional":true}},"description":"Username and password credential.","description_kind":"plain"},"max_items":1}},"description":"Raw auth credentials.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integrations_client":{"version":0,"block":{"attributes":{"create_sample_integrations":{"type":"bool","description":"Indicates if sample integrations should be created along with provisioning.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location in which client needs to be provisioned.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"run_as_service_account":{"type":"string","description":"User input run-as service account, if empty, will bring up a new default service account.","description_kind":"plain","optional":true}},"block_types":{"cloud_kms_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud KMS key is a named object containing one or more key versions, along\nwith metadata for the key. A key exists on exactly one key ring tied to a\nspecific location.","description_kind":"plain","required":true},"key_version":{"type":"string","description":"Each version of a key contains key material used for encryption or signing.\nA key's version is represented by an integer, starting at 1. To decrypt data\nor verify a signature, you must use the same key version that was used to\nencrypt or sign the data.","description_kind":"plain","optional":true},"kms_location":{"type":"string","description":"Location name of the key ring, e.g. \"us-west1\".","description_kind":"plain","required":true},"kms_project_id":{"type":"string","description":"The Google Cloud project id of the project where the kms key stored. If empty,\nthe kms key is stored at the same project as customer's project and ecrypted\nwith CMEK, otherwise, the kms key is stored in the tenant project and\nencrypted with GMEK.","description_kind":"plain","optional":true},"kms_ring":{"type":"string","description":"A key ring organizes keys in a specific Google Cloud location and allows you to\nmanage access control on groups of keys. A key ring's name does not need to be\nunique across a Google Cloud project, but must be unique within a given location.","description_kind":"plain","required":true}},"description":"Cloud KMS config for AuthModule to encrypt/decrypt credentials.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"crypto_key_backend":{"type":"string","description":"The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.\nThe resource name is in the format \"projects/*/locations/*/ekmConnections/*\" and only applies to \"EXTERNAL_VPC\" keys.","description_kind":"plain","optional":true,"computed":true},"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 30 days.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","optional":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion\nor 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_template":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use when creating a version based on this template.\nSee the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.","description_kind":"plain","required":true},"protection_level":{"type":"string","description":"The protection level to use when creating a version based on this template. Possible values include \"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\". Defaults to \"SOFTWARE\".","description_kind":"plain","optional":true}},"description":"A template describing settings for new crypto key versions.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_binding":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_member":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.","description_kind":"plain","computed":true},"attestation":{"type":["list",["object",{"cert_chains":["list",["object",{"cavium_certs":["list","string"],"google_card_certs":["list","string"],"google_partition_certs":["list","string"]}]],"content":"string","external_protection_level_options":["list",["object",{"ekm_connection_key_path":"string","external_key_uri":"string"}]],"format":"string"}]],"description":"Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly provided for key versions with protectionLevel HSM.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The name of the cryptoKey associated with the CryptoKeyVersions.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"generate_time":{"type":"string","description":"The time this CryptoKeyVersion key material was generated","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name for this CryptoKeyVersion.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the CryptoKeyVersion. Possible values: [\"PENDING_GENERATION\", \"ENABLED\", \"DISABLED\", \"DESTROYED\", \"DESTROY_SCHEDULED\", \"PENDING_IMPORT\", \"IMPORT_FAILED\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"external_protection_level_options":{"nesting_mode":"list","block":{"attributes":{"ekm_connection_key_path":{"type":"string","description":"The path to the external key material on the EKM when using EkmConnection e.g., \"v0/my/key\". Set this field instead of externalKeyUri when using an EkmConnection.","description_kind":"plain","optional":true},"external_key_uri":{"type":"string","description":"The URI for an external resource that this CryptoKeyVersion represents.","description_kind":"plain","optional":true}},"description":"ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_ekm_connection":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which the EkmConnection was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"crypto_space_path":{"type":"string","description":"Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.","description_kind":"plain","optional":true,"computed":true},"etag":{"type":"string","description":"Optional. Etag of the currently stored EkmConnection.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_management_mode":{"type":"string","description":"Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default value: \"MANUAL\" Possible values: [\"MANUAL\", \"CLOUD_KMS\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the EkmConnection.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the EkmConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"service_resolvers":{"nesting_mode":"list","block":{"attributes":{"endpoint_filter":{"type":"string","description":"Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"Required. The hostname of the EKM replica used at TLS and HTTP layers.","description_kind":"plain","required":true},"service_directory_service":{"type":"string","description":"Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/*","description_kind":"plain","required":true}},"block_types":{"server_certificates":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true.","description_kind":"plain","computed":true},"not_after_time":{"type":"string","description":"Output only. The certificate is not valid after this time. Only present if parsed is true.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"not_before_time":{"type":"string","description":"Output only. The certificate is not valid before this time. Only present if parsed is true.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"parsed":{"type":"bool","description":"Output only. True if the certificate was parsed successfully.","description_kind":"plain","computed":true},"raw_der":{"type":"string","description":"Required. The raw certificate bytes in DER format. A base64-encoded string.","description_kind":"plain","required":true},"serial_number":{"type":"string","description":"Output only. The certificate serial number as a hex string. Only present if parsed is true.","description_kind":"plain","computed":true},"sha256_fingerprint":{"type":"string","description":"Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.","description_kind":"plain","computed":true},"subject":{"type":"string","description":"Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true.","description_kind":"plain","computed":true},"subject_alternative_dns_names":{"type":["list","string"],"description":"Output only. The subject Alternative DNS names. Only present if parsed is true.","description_kind":"plain","optional":true,"computed":true}},"description":"Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.","description_kind":"plain"},"min_items":1}},"description":"A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_key_ring_import_job":{"version":0,"block":{"attributes":{"attestation":{"type":["list",["object",{"content":"string","format":"string"}]],"description":"Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.\nUse this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly present if the chosen ImportMethod is one with a protection level of HSM.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"The time at which this resource is scheduled for expiration and can no longer be used.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_job_id":{"type":"string","description":"It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}","description_kind":"plain","required":true},"import_method":{"type":"string","description":"The wrapping method to be used for incoming key material. Possible values: [\"RSA_OAEP_3072_SHA1_AES_256\", \"RSA_OAEP_4096_SHA1_AES_256\"]","description_kind":"plain","required":true},"key_ring":{"type":"string","description":"The KeyRing that this import job belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The protection level of the ImportJob. This must match the protectionLevel of the\nversionTemplate on the CryptoKey you attempt to import into. Possible values: [\"SOFTWARE\", \"HSM\", \"EXTERNAL\"]","description_kind":"plain","required":true},"public_key":{"type":["list",["object",{"pem":"string"}]],"description":"The public key with which to wrap key material prior to import. Only returned if state is 'ACTIVE'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the ImportJob, indicating if it can be used.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description":"The additional authenticated data used for integrity checks during encryption and decryption.","description_kind":"plain","optional":true,"sensitive":true},"ciphertext":{"type":"string","description":"Contains the result of encrypting the provided plaintext, encoded in base64.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The full name of the CryptoKey that will be used to encrypt the provided plaintext.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description":"The plaintext to be encrypted.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_billing_account_bucket_config":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_billing_account_exclusion":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_billing_account_sink":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The billing account exported to the sink.","description_kind":"plain","required":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_folder_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The folder to be exported to the sink. Note that either [FOLDER_ID] or \"folders/[FOLDER_ID]\" is accepted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included.","description_kind":"plain","optional":true},"intercept_children":{"type":"bool","description":"Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except _Required sinks. This sink will be visible to child resources when listing sinks.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_linked_dataset":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket to which the linked dataset is attached.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\"\nand \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this link. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"Output only. The linked dataset lifecycle state.","description_kind":"plain","computed":true},"link_id":{"type":"string","description":"The id of the linked dataset.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the linked dataset.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the linked dataset. The name can have up to 100 characters. A valid link id\n(at the end of the link name) must only have alphanumeric characters and underscores within it.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the linked dataset.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID\nof the link, so the link must match the naming restrictions of BigQuery datasets\n(alphanumeric characters and underscores only). The dataset will have a resource path of\n\"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]\"","description_kind":"plain","computed":true}},"description":"The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along\nwith it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery\nViews corresponding to the LogViews in the bucket.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_scope":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation timestamp of the log scopes.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this log scopes.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource. The only supported location is global so far.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the log scope. For example: \\'projects/my-project/locations/global/logScopes/my-log-scope\\'","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","optional":true,"computed":true},"resource_names":{"type":["list","string"],"description":"Names of one or more parent resources : * \\'projects/[PROJECT_ID]\\' May alternatively be one or more views : * \\'projects/[PROJECT_ID]/locations/[LOCATION_ID]/buckets/[BUCKET_ID]/views/[VIEW_ID]\\' A log scope can include a maximum of 50 projects and a maximum of 100 resources in total.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of the log scopes.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket of the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the view.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this view.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the view. For example: \\'projects/my-project/locations/global/buckets/my-bucket/views/my-view\\'","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of the view.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_log_view_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_logging_log_view_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_metric":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects\nare supported. The bucket has to be in the same project as the metric.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this metric, which is used in documentation. The maximum length of the\ndescription is 8000 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this metric is disabled and it does not generate any points.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which\nis used to match log entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key string to an extractor expression which is used to extract data from a log\nentry field and assign as the label value. Each label key specified in the LabelDescriptor must\nhave an associated extractor expression in this map. The syntax of the extractor expression is\nthe same as for the valueExtractor field.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The client-assigned metric identifier. Examples - \"error_count\", \"nginx/requests\".\nMetric identifiers are limited to 100 characters and can include only the following\ncharacters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash\ncharacter (/) denotes a hierarchy of name pieces, and it cannot be the first character\nof the name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"value_extractor":{"type":"string","description":"A valueExtractor is required when using a distribution logs-based metric to extract the values to\nrecord from a log entry. Two functions are supported for value extraction - EXTRACT(field) or\nREGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which\nthe value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax\n(https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified\nlog entry field. The value of the field is converted to a string before applying the regex. It is an\nerror to specify a regex that does not include exactly one capture group.","description_kind":"plain","optional":true}},"block_types":{"bucket_options":{"nesting_mode":"list","block":{"block_types":{"explicit_buckets":{"nesting_mode":"list","block":{"attributes":{"bounds":{"type":["list","number"],"description":"The values must be monotonically increasing.","description_kind":"plain","required":true}},"description":"Specifies a set of buckets with arbitrary widths.","description_kind":"plain"},"max_items":1},"exponential_buckets":{"nesting_mode":"list","block":{"attributes":{"growth_factor":{"type":"number","description":"Must be greater than 1.","description_kind":"plain","required":true},"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"scale":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies an exponential sequence of buckets that have a width that is proportional to the value of\nthe lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.","description_kind":"plain"},"max_items":1},"linear_buckets":{"nesting_mode":"list","block":{"attributes":{"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"offset":{"type":"number","description":"Lower bound of the first bucket.","description_kind":"plain","required":true},"width":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies a linear sequence of buckets that all have the same width (except overflow and underflow).\nEach bucket represents a constant absolute uncertainty on the specific value in the bucket.","description_kind":"plain"},"max_items":1}},"description":"The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it\ndescribes the bucket boundaries used to create a histogram of the extracted values.","description_kind":"plain"},"max_items":1},"metric_descriptor":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case\nwithout an ending period, for example \"Request count\". This field is optional but it is\nrecommended to be set for any metrics associated with user-visible concepts, such as Quota.","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to DELTA. Possible values: [\"DELTA\", \"GAUGE\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"unit":{"type":"string","description":"The unit in which the metric value is reported. It is only applicable if the valueType is\n'INT64', 'DOUBLE', or 'DISTRIBUTION'. The supported units are a subset of\n[The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to INT64. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\", \"MONEY\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The label key.","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"BOOL\", \"INT64\", \"STRING\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. For\nexample, the appengine.googleapis.com/http/server/response_latencies metric type has a label\nfor the HTTP response code, response_code, so you can look at latencies for successful responses\nor just for responses that failed.","description_kind":"plain"}}},"description":"The optional metric descriptor associated with the logs-based metric.\nIf unspecified, it uses a default metric descriptor with a DELTA metric kind,\nINT64 value type, with no labels and a unit of \"1\". Such a metric counts the\nnumber of log entries matching the filter expression.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_organization_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve or configure settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.","description_kind":"plain","optional":true},"intercept_children":{"type":"bool","description":"Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except _Required sinks. This sink will be visible to child resources when listing sinks.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization to be exported to the sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_project_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"enable_analytics":{"type":"bool","description":"Enable log analytics for the bucket. Cannot be disabled once enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"locked":{"type":"bool","description":"Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"project":{"type":"string","description":"The parent project that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_project_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_logging_project_sink":{"version":0,"block":{"attributes":{"custom_writer_identity":{"type":"string","description":"A service account provided by the caller that will be used to write the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are routing logs to a destination outside this sink's project. If not specified, a Logging service account will automatically be generated.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project to create the sink in. If omitted, the project associated with the provider is used.","description_kind":"plain","optional":true,"computed":true},"unique_writer_identity":{"type":"bool","description":"Whether or not to create a unique identity associated with this sink. If false (the legacy behavior), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (default), then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.","description_kind":"plain","optional":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_looker_instance":{"version":0,"block":{"attributes":{"consumer_network":{"type":"string","description":"Network name in the consumer project in the format of: projects/{project}/global/networks/{network}\nNote that the consumer network may be in a different GCP project than the consumer\nproject that is hosting the Looker Instance.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the cluster should be deleted forcefully.\nIf setting deletion_policy = \"FORCE\", the Looker instance will be deleted regardless\nof its nested resources. If set to \"DEFAULT\", Looker instances that still have\nnested resources will return an error. Possible values: DEFAULT, FORCE","description_kind":"plain","optional":true},"egress_public_ip":{"type":"string","description":"Public Egress IP (IPv4).","description_kind":"plain","computed":true},"fips_enabled":{"type":"bool","description":"FIPS 140-2 Encryption enablement for Looker (Google Cloud Core).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_private_ip":{"type":"string","description":"Private Ingress IP (IPv4).","description_kind":"plain","computed":true},"ingress_public_ip":{"type":"string","description":"Public Ingress IP (IPv4).","description_kind":"plain","computed":true},"looker_uri":{"type":"string","description":"Looker instance URI which can be used to access the Looker Instance UI.","description_kind":"plain","computed":true},"looker_version":{"type":"string","description":"The Looker version that the instance is using.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"platform_edition":{"type":"string","description":"Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values:\n- LOOKER_CORE_TRIAL: trial instance (Currently Unavailable)\n- LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable)\n- LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance\n- LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance\n- LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\n- LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance\n- LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: nonprod subscription enterprise instance\n- LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\", \"LOOKER_CORE_NONPROD_STANDARD_ANNUAL\", \"LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_NONPROD_EMBED_ANNUAL\"]","description_kind":"plain","optional":true},"private_ip_enabled":{"type":"bool","description":"Whether private IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_enabled":{"type":"bool","description":"Whether Public Service Connect (PSC) is enabled on the Looker instance","description_kind":"plain","optional":true},"public_ip_enabled":{"type":"bool","description":"Whether public IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the Looker region of the instance.","description_kind":"plain","optional":true,"computed":true},"reserved_range":{"type":"string","description":"Name of a reserved IP address range within the consumer network, to be used for\nprivate service access connection. User may or may not specify this in a request.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time the instance was updated in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true}},"block_types":{"admin_settings":{"nesting_mode":"list","block":{"attributes":{"allowed_email_domains":{"type":["list","string"],"description":"Email domain allowlist for the instance.\n\nDefine the email domains to which your users can deliver Looker (Google Cloud core) content.\nUpdating this list will restart the instance. Updating the allowed email domains from terraform\nmeans the value provided will be considered as the entire list and not an amendment to the\nexisting list of allowed email domains.","description_kind":"plain","optional":true}},"description":"Looker instance Admin settings.","description_kind":"plain"},"max_items":1},"custom_domain":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name","description_kind":"plain","optional":true},"state":{"type":"string","description":"Status of the custom domain.","description_kind":"plain","computed":true}},"description":"Custom domain settings for a Looker instance.","description_kind":"plain"},"max_items":1},"deny_maintenance_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance denial period for this instance.\n\nYou must allow at least 14 days of maintenance availability\nbetween any two deny maintenance periods.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Name of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","optional":true},"kms_key_name_version":{"type":"string","description":"Full name and version of the CMEK key currently in use to encrypt Looker data.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Status of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","computed":true}},"description":"Looker instance encryption settings.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"Required. Day of the week for this MaintenanceWindow (in UTC).\n\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance window for an instance.\n\nMaintenance of your instance takes place once a month, and will require\nyour instance to be restarted during updates, which will temporarily\ndisrupt service.","description_kind":"plain"},"max_items":1},"oauth_config":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID for the Oauth config.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for the Oauth config.","description_kind":"plain","required":true}},"description":"Looker Instance OAuth login settings.","description_kind":"plain"},"min_items":1,"max_items":1},"psc_config":{"nesting_mode":"list","block":{"attributes":{"allowed_vpcs":{"type":["list","string"],"description":"List of VPCs that are allowed ingress into the Looker instance.","description_kind":"plain","optional":true},"looker_service_attachment_uri":{"type":"string","description":"URI of the Looker service attachment.","description_kind":"plain","computed":true}},"block_types":{"service_attachments":{"nesting_mode":"list","block":{"attributes":{"connection_status":{"type":"string","description":"Status of the service attachment connection.","description_kind":"plain","computed":true},"local_fqdn":{"type":"string","description":"Fully qualified domain name that will be used in the private DNS record created for the service attachment.","description_kind":"plain","optional":true},"target_service_attachment_uri":{"type":"string","description":"URI of the service attachment to connect to.","description_kind":"plain","optional":true}},"description":"List of egress service attachment configurations.","description_kind":"plain"}}},"description":"Information for Private Service Connect (PSC) setup for a Looker instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"user_metadata":{"nesting_mode":"list","block":{"attributes":{"additional_developer_user_count":{"type":"number","description":"Number of additional Developer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_standard_user_count":{"type":"number","description":"Number of additional Standard Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_viewer_user_count":{"type":"number","description":"Number of additional Viewer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true}},"description":"Metadata about users for a Looker instance.\n\nThese settings are only available when platform edition LOOKER_CORE_STANDARD is set.\n\nThere are ten Standard and two Developer users included in the cost of the product.\nYou can allocate additional Standard, Viewer, and Developer users for this instance.\nIt is an optional step and can be modified later.\n\nWith the Standard edition of Looker (Google Cloud core), you can provision up to 50\ntotal users, distributed across Viewer, Standard, and Developer.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_managed_kafka_cluster":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description":"The ID to use for the cluster, which will become the final component of the cluster's name. The ID must be 1-63 characters long, and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' to comply with RFC 1035. This value is structured like: 'my-cluster-id'.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the cluster was created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"List of label KEY=VALUE pairs to add. Keys must start with a lowercase character and contain only hyphens (-), underscores ( ), lowercase characters, and numbers. Values must contain only hyphens (-), underscores ( ), lowercase characters, and numbers.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the cluster. Structured like: 'projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the cluster. Possible values: 'STATE_UNSPECIFIED', 'CREATING', 'ACTIVE', 'DELETING'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the cluster was last updated.","description_kind":"plain","computed":true}},"block_types":{"capacity_config":{"nesting_mode":"list","block":{"attributes":{"memory_bytes":{"type":"string","description":"The memory to provision for the cluster in bytes. The value must be between 1 GiB and 8 GiB per vCPU. Ex. 1024Mi, 4Gi.","description_kind":"plain","required":true},"vcpu_count":{"type":"string","description":"The number of vCPUs to provision for the cluster. The minimum is 3.","description_kind":"plain","required":true}},"description":"A capacity configuration of a Kafka cluster.","description_kind":"plain"},"min_items":1,"max_items":1},"gcp_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS Key name to use for encryption. The key must be located in the same region as the cluster and cannot be changed. Must be in the format 'projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY'.","description_kind":"plain","optional":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"block_types":{"network_configs":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"Name of the VPC subnet from which the cluster is accessible. Both broker and bootstrap server IP addresses and DNS entries are automatically created in the subnet. The subnet must be located in the same region as the cluster. The project may differ. The name of the subnet must be in the format 'projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET'.","description_kind":"plain","required":true}},"description":"Virtual Private Cloud (VPC) subnets where IP addresses for the Kafka cluster are allocated. To make the cluster available in a VPC, you must specify at least one subnet per network. You must specify between 1 and 10 subnets. Additional subnets may be specified with additional 'network_configs' blocks.","description_kind":"plain"},"min_items":1}},"description":"The configuration of access to the Kafka cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration properties for a Kafka cluster deployed to Google Cloud Platform.","description_kind":"plain"},"min_items":1,"max_items":1},"rebalance_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"The rebalance behavior for the cluster. When not specified, defaults to 'NO_REBALANCE'. Possible values: 'MODE_UNSPECIFIED', 'NO_REBALANCE', 'AUTO_REBALANCE_ON_SCALE_UP'.","description_kind":"plain","optional":true}},"description":"Defines rebalancing behavior of a Kafka cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_managed_kafka_topic":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The cluster name.","description_kind":"plain","required":true},"configs":{"type":["map","string"],"description":"Configuration for the topic that are overridden from the cluster defaults. The key of the map is a Kafka topic property name, for example: 'cleanup.policy=compact', 'compression.type=producer'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the topic. The 'topic' segment is used when connecting directly to the cluster. Must be in the format 'projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/topics/TOPIC_ID'.","description_kind":"plain","computed":true},"partition_count":{"type":"number","description":"The number of partitions in a topic. You can increase the partition count for a topic, but you cannot decrease it. Increasing partitions for a topic that uses a key might change how messages are distributed.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"replication_factor":{"type":"number","description":"The number of replicas of each partition. A replication factor of 3 is recommended for high availability.","description_kind":"plain","required":true},"topic_id":{"type":"string","description":"The ID to use for the topic, which will become the final component of the topic's name. This value is structured like: 'my-topic-name'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_memcache_instance":{"version":0,"block":{"attributes":{"authorized_network":{"type":"string","description":"The full name of the GCE network to connect the instance to. If not provided,\n'default' will be used.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"discovery_endpoint":{"type":"string","description":"Endpoint for Discovery API","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-visible name for the instance.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Output only. Published maintenance schedule.","description_kind":"plain","computed":true},"memcache_full_version":{"type":"string","description":"The full version of memcached server running on this instance.","description_kind":"plain","computed":true},"memcache_nodes":{"type":["list",["object",{"host":"string","node_id":"string","port":"number","state":"string","zone":"string"}]],"description":"Additional information about the instance state, if available.","description_kind":"plain","computed":true},"memcache_version":{"type":"string","description":"The major version of Memcached software. If not provided, latest supported version will be used.\nCurrently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically\ndetermined by our system based on the latest supported minor version. Default value: \"MEMCACHE_1_5\" Possible values: [\"MEMCACHE_1_5\", \"MEMCACHE_1_6_15\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"Number of nodes in the memcache instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Memcache instance. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range_id":{"type":["list","string"],"description":"Contains the name of allocated IP address ranges associated with\nthe private service access connection for example, \"test-default\"\nassociated with IP range 10.0.0.0/29.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zones":{"type":["set","string"],"description":"Zones where memcache nodes should be provisioned. If not\nprovided, all zones will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Required. The length of the maintenance window, ranging from 3 hours to 8 hours.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number of weekly_maintenance_windows\nis expected to be one.","description_kind":"plain"},"min_items":1}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"memcache_parameters":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"This is a unique ID associated with this set of parameters.","description_kind":"plain","computed":true},"params":{"type":["map","string"],"description":"User-defined set of parameters to use in the memcache process.","description_kind":"plain","optional":true}},"description":"User-specified parameters for this memcache instance.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"Number of CPUs per node.","description_kind":"plain","required":true},"memory_size_mb":{"type":"number","description":"Memory size in Mebibytes for each memcache node.","description_kind":"plain","required":true}},"description":"Configuration for memcache nodes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_memorystore_instance":{"version":0,"block":{"attributes":{"authorization_mode":{"type":"string","description":"Optional. Immutable. Authorization mode of the instance. Possible values:\n AUTH_DISABLED\nIAM_AUTH","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Output only. Creation timestamp of the instance.","description_kind":"plain","computed":true},"deletion_protection_enabled":{"type":"bool","description":"Optional. If set to true deletion of the instance will fail.","description_kind":"plain","optional":true},"discovery_endpoints":{"type":["list",["object",{"address":"string","network":"string","port":"number"}]],"description":"Output only. Endpoints clients can connect to the instance through. Currently only one\ndiscovery endpoint is supported.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoints":{"type":["list",["list","string"]],"description":"Endpoints for the instance.","description_kind":"plain","computed":true},"engine_configs":{"type":["map","string"],"description":"Optional. User-provided engine configurations for the instance.","description_kind":"plain","optional":true},"engine_version":{"type":"string","description":"Optional. Immutable. Engine version of the instance.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Required. The ID to use for the instance, which will become the final component of\nthe instance's resource name.\n\nThis value is subject to the following restrictions:\n\n* Must be 4-63 characters in length\n* Must begin with a letter or digit\n* Must contain only lowercase letters, digits, and hyphens\n* Must not end with a hyphen\n* Must be unique within a location","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Optional. Labels to represent user-provided metadata. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type 'memorystore.googleapis.com/CertificateAuthority'.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Optional. Standalone or cluster. \n Possible values:\n CLUSTER\nSTANDALONE Possible values: [\"CLUSTER\", \"STANDALONE\"]","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Identifier. Unique name of the instance.\nFormat: projects/{project}/locations/{location}/instances/{instance}","description_kind":"plain","computed":true},"node_config":{"type":["list",["object",{"size_gb":"number"}]],"description":"Represents configuration for nodes of the instance.","description_kind":"plain","computed":true},"node_type":{"type":"string","description":"Optional. Immutable. Machine type for individual nodes of the instance. \n Possible values:\n SHARED_CORE_NANO\nHIGHMEM_MEDIUM\nHIGHMEM_XLARGE\nSTANDARD_SMALL","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_auto_connections":{"type":["list",["object",{"connection_type":"string","forwarding_rule":"string","ip_address":"string","network":"string","port":"number","project_id":"string","psc_connection_id":"string","psc_connection_status":"string","service_attachment":"string"}]],"description":"Output only. User inputs and resource details of the auto-created PSC connections.","description_kind":"plain","computed":true},"replica_count":{"type":"number","description":"Optional. Number of replica nodes per shard. If omitted the default is 0 replicas.","description_kind":"plain","optional":true,"computed":true},"shard_count":{"type":"number","description":"Required. Number of shards for the instance.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. Current state of the instance. \n Possible values:\n CREATING\nACTIVE\nUPDATING\nDELETING","description_kind":"plain","computed":true},"state_info":{"type":["list",["object",{"update_info":["list",["object",{"target_replica_count":"number","target_shard_count":"number"}]]}]],"description":"Additional information about the state of the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"Optional. Immutable. In-transit encryption mode of the instance. \n Possible values:\n TRANSIT_ENCRYPTION_DISABLED\nSERVER_AUTHENTICATION","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. System assigned, unique identifier for the instance.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Latest update timestamp of the instance.","description_kind":"plain","computed":true}},"block_types":{"desired_psc_auto_connections":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. The consumer network where the IP address resides, in the form of\nprojects/{project_id}/global/networks/{network_id}.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Required. The consumer project_id where the forwarding rule is created from.","description_kind":"plain","required":true}},"description":"Required. Immutable. User inputs for the auto-created PSC connections.","description_kind":"plain"},"min_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Optional. Current persistence mode. \n Possible values:\nDISABLED\nRDB\nAOF Possible values: [\"DISABLED\", \"RDB\", \"AOF\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aof_config":{"nesting_mode":"list","block":{"attributes":{"append_fsync":{"type":"string","description":"Optional. The fsync mode. \n Possible values:\n NEVER\nEVERY_SEC\nALWAYS","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for AOF based persistence.","description_kind":"plain"},"max_items":1},"rdb_config":{"nesting_mode":"list","block":{"attributes":{"rdb_snapshot_period":{"type":"string","description":"Optional. Period between RDB snapshots. \n Possible values:\n ONE_HOUR\nSIX_HOURS\nTWELVE_HOURS\nTWENTY_FOUR_HOURS","description_kind":"plain","optional":true,"computed":true},"rdb_snapshot_start_time":{"type":"string","description":"Optional. Time that the first snapshot was/will be attempted, and to which future\nsnapshots will be aligned. If not provided, the current time will be\nused.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for RDB based persistence.","description_kind":"plain"},"max_items":1}},"description":"Represents persistence configuration for a instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"zone_distribution_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Optional. Current zone distribution mode. Defaults to MULTI_ZONE. \n Possible values:\n MULTI_ZONE\nSINGLE_ZONE Possible values: [\"MULTI_ZONE\", \"SINGLE_ZONE\"]","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Optional. Defines zone where all resources will be allocated with SINGLE_ZONE mode.\nIgnored for MULTI_ZONE mode.","description_kind":"plain","optional":true}},"description":"Zone distribution configuration for allocation of instance resources.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_migration_center_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The description of the group.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group_id":{"type":"string","description":"Required. User specified ID for the group. It will become the last component of the group name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression: '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the group.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the group.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the group was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_preference_set":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the preference set was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the preference set.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-friendly display name. Maximum length is 63 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the preference set.","description_kind":"plain","computed":true},"preference_set_id":{"type":"string","description":"Required. User specified ID for the preference set. It will become the last component of the preference set name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the preference set was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. Possible values: 'COMMITMENT_PLAN_UNSPECIFIED', 'COMMITMENT_PLAN_NONE', 'COMMITMENT_PLAN_ONE_YEAR', 'COMMITMENT_PLAN_THREE_YEARS'","description_kind":"plain","optional":true},"sizing_optimization_strategy":{"type":"string","description":"Sizing optimization strategy specifies the preferred strategy used when extrapolating usage data to calculate insights and recommendations for a virtual machine. If you are unsure which value to set, a moderate sizing optimization strategy is often a good value to start with. Possible values: 'SIZING_OPTIMIZATION_STRATEGY_UNSPECIFIED', 'SIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE', 'SIZING_OPTIMIZATION_STRATEGY_MODERATE', 'SIZING_OPTIMIZATION_STRATEGY_AGGRESSIVE'","description_kind":"plain","optional":true},"target_product":{"type":"string","description":"Target product for assets using this preference set. Specify either target product or business goal, but not both. Possible values: 'COMPUTE_MIGRATION_TARGET_PRODUCT_UNSPECIFIED', 'COMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE', 'COMPUTE_MIGRATION_TARGET_PRODUCT_VMWARE_ENGINE', 'COMPUTE_MIGRATION_TARGET_PRODUCT_SOLE_TENANCY'","description_kind":"plain","optional":true}},"block_types":{"compute_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"license_type":{"type":"string","description":"License type to consider when calculating costs for virtual machine insights and recommendations. If unspecified, costs are calculated based on the default licensing plan. Possible values: 'LICENSE_TYPE_UNSPECIFIED', 'LICENSE_TYPE_DEFAULT', 'LICENSE_TYPE_BRING_YOUR_OWN_LICENSE'","description_kind":"plain","optional":true}},"block_types":{"machine_preferences":{"nesting_mode":"list","block":{"block_types":{"allowed_machine_series":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"string","description":"Code to identify a Compute Engine machine series. Consult https://cloud.google.com/compute/docs/machine-resource#machine_type_comparison for more details on the available series.","description_kind":"plain","optional":true}},"description":"Compute Engine machine series to consider for insights and recommendations. If empty, no restriction is applied on the machine series.","description_kind":"plain"}}},"description":"The type of machines to consider when calculating virtual machine migration insights and recommendations. Not all machine types are available in all zones and regions.","description_kind":"plain"},"max_items":1}},"description":"The user preferences relating to Compute Engine target platform.","description_kind":"plain"},"max_items":1},"region_preferences":{"nesting_mode":"list","block":{"attributes":{"preferred_regions":{"type":["list","string"],"description":"A list of preferred regions, ordered by the most preferred region first. Set only valid Google Cloud region names. See https://cloud.google.com/compute/docs/regions-zones for available regions.","description_kind":"plain","optional":true}},"description":"The user preferences relating to target regions.","description_kind":"plain"},"max_items":1},"sole_tenancy_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. Possible values: 'COMMITMENT_PLAN_UNSPECIFIED', 'ON_DEMAND', 'COMMITMENT_1_YEAR', 'COMMITMENT_3_YEAR'","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 2.0 inclusive.","description_kind":"plain","optional":true},"host_maintenance_policy":{"type":"string","description":"Sole Tenancy nodes maintenance policy. Possible values: 'HOST_MAINTENANCE_POLICY_UNSPECIFIED', 'HOST_MAINTENANCE_POLICY_DEFAULT', 'HOST_MAINTENANCE_POLICY_RESTART_IN_PLACE', 'HOST_MAINTENANCE_POLICY_MIGRATE_WITHIN_NODE_GROUP'","description_kind":"plain","optional":true}},"block_types":{"node_types":{"nesting_mode":"list","block":{"attributes":{"node_name":{"type":"string","description":"Name of the Sole Tenant node. Consult https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes","description_kind":"plain","optional":true}},"description":"A list of sole tenant node types. An empty list means that all possible node types will be considered.","description_kind":"plain"}}},"description":"Preferences concerning Sole Tenancy nodes and VMs.","description_kind":"plain"},"max_items":1},"vmware_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. Possible values: 'COMMITMENT_PLAN_UNSPECIFIED', 'ON_DEMAND', 'COMMITMENT_1_YEAR_MONTHLY_PAYMENTS', 'COMMITMENT_3_YEAR_MONTHLY_PAYMENTS', 'COMMITMENT_1_YEAR_UPFRONT_PAYMENT', 'COMMITMENT_3_YEAR_UPFRONT_PAYMENT',","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 8.0, with 0.1 increment.","description_kind":"plain","optional":true},"memory_overcommit_ratio":{"type":"number","description":"Memory overcommit ratio. Acceptable values are 1.0, 1.25, 1.5, 1.75 and 2.0.","description_kind":"plain","optional":true},"storage_deduplication_compression_ratio":{"type":"number","description":"The Deduplication and Compression ratio is based on the logical (Used Before) space required to store data before applying deduplication and compression, in relation to the physical (Used After) space required after applying deduplication and compression. Specifically, the ratio is the Used Before space divided by the Used After space. For example, if the Used Before space is 3 GB, but the physical Used After space is 1 GB, the deduplication and compression ratio is 3x. Acceptable values are between 1.0 and 4.0.","description_kind":"plain","optional":true}},"description":"The user preferences relating to Google Cloud VMware Engine target platform.","description_kind":"plain"},"max_items":1}},"description":"VirtualMachinePreferences enables you to create sets of assumptions, for example, a geographical location and pricing track, for your migrated virtual machines. The set of preferences influence recommendations for migrating virtual machine assets.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_ml_engine_model":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"The description specified for the model when it was created.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"One or more labels that you can add, to organize your models.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the model.","description_kind":"plain","required":true},"online_prediction_console_logging":{"type":"bool","description":"If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging","description_kind":"plain","optional":true},"online_prediction_logging":{"type":"bool","description":"If true, online prediction access logs are sent to StackDriver Logging.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"regions":{"type":["list","string"],"description":"The list of regions where the model is going to be deployed.\nCurrently only one region per model is supported","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"default_version":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name specified for the version when it was created.","description_kind":"plain","required":true}},"description":"The default version of the model. This version will be used to handle\nprediction requests that do not specify a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_alert_policy":{"version":0,"block":{"attributes":{"combiner":{"type":"string","description":"How to combine the results of multiple conditions to\ndetermine if an incident should be opened. Possible values: [\"AND\", \"OR\", \"AND_WITH_MATCHING_RESOURCE\"]","description_kind":"plain","required":true},"creation_record":{"type":["list",["object",{"mutate_time":"string","mutated_by":"string"}]],"description":"A read-only record of the creation of the alerting policy.\nIf provided in a call to create or update, this field will\nbe ignored.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A short name or phrase used to identify the policy in\ndashboards, notifications, and incidents. To avoid confusion, don't use\nthe same display name for multiple policies in the same project. The\nname is limited to 512 Unicode characters.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether or not the policy is enabled. The default is true.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique resource name for this policy.\nIts syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]","description_kind":"plain","computed":true},"notification_channels":{"type":["list","string"],"description":"Identifies the notification channels to which notifications should be\nsent when incidents are opened or closed or when new violations occur\non an already opened incident. Each element of this array corresponds\nto the name field in each of the NotificationChannel objects that are\nreturned from the notificationChannels.list method. The syntax of the\nentries in this field is\n'projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The severity of an alert policy indicates how important incidents generated\nby that policy are. The severity level will be displayed on the Incident\ndetail page and in notifications. Possible values: [\"CRITICAL\", \"ERROR\", \"WARNING\"]","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"alert_strategy":{"nesting_mode":"list","block":{"attributes":{"auto_close":{"type":"string","description":"If an alert policy that was active has no data for this long, any open incidents will close.","description_kind":"plain","optional":true},"notification_prompts":{"type":["list","string"],"description":"Control when notifications will be sent out. Possible values: [\"NOTIFICATION_PROMPT_UNSPECIFIED\", \"OPENED\", \"CLOSED\"]","description_kind":"plain","optional":true}},"block_types":{"notification_channel_strategy":{"nesting_mode":"list","block":{"attributes":{"notification_channel_names":{"type":["list","string"],"description":"The notification channels that these settings apply to. Each of these\ncorrespond to the name field in one of the NotificationChannel objects\nreferenced in the notification_channels field of this AlertPolicy. The format is\n'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"renotify_interval":{"type":"string","description":"The frequency at which to send reminder notifications for open incidents.","description_kind":"plain","optional":true}},"description":"Control over how the notification channels in 'notification_channels'\nare notified when this alert fires, on a per-channel basis.","description_kind":"plain"}},"notification_rate_limit":{"nesting_mode":"list","block":{"attributes":{"period":{"type":"string","description":"Not more than one notification per period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"60.5s\".","description_kind":"plain","optional":true}},"description":"Required for alert policies with a LogMatch condition.\nThis limit is not implemented for alert policies that are not log-based.","description_kind":"plain"},"max_items":1}},"description":"Control over how this alert policy's notification channels are notified.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short name or phrase used to identify the\ncondition in dashboards, notifications, and\nincidents. To avoid confusion, don't use the same\ndisplay name for multiple conditions in the same\npolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique resource name for this condition.\nIts syntax is:\nprojects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID]\n[CONDITION_ID] is assigned by Stackdriver Monitoring when\nthe condition is created as part of a new or updated alerting\npolicy.","description_kind":"plain","computed":true}},"block_types":{"condition_absent":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nfail to report new data to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g. 60s, 120s, or 300s\n--are supported.","description_kind":"plain","required":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.","description_kind":"plain"}},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations.","description_kind":"plain"},"max_items":1}},"description":"A condition that checks that a time series\ncontinues to receive new data points.","description_kind":"plain"},"max_items":1},"condition_matched_log":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A logs-based filter.","description_kind":"plain","required":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key to an extractor expression, which is used to\nextract the value for this label key. Each entry in this map is\na specification for how data should be extracted from log entries that\nmatch filter. Each combination of extracted values is treated as\na separate rule for the purposes of triggering notifications.\nLabel keys and corresponding values can be used in notifications\ngenerated by this condition.","description_kind":"plain","optional":true}},"description":"A condition that checks for log messages matching given constraints.\nIf set, no other conditions can be present.","description_kind":"plain"},"max_items":1},"condition_monitoring_query_language":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"Monitoring Query Language query that outputs a boolean stream.","description_kind":"plain","required":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A Monitoring Query Language query that outputs a boolean stream","description_kind":"plain"},"max_items":1},"condition_prometheus_query_language":{"nesting_mode":"list","block":{"attributes":{"alert_rule":{"type":"string","description":"The alerting rule name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.","description_kind":"plain","optional":true},"disable_metric_validation":{"type":"bool","description":"Whether to disable metric existence validation for this condition.\n\nThis allows alerting policies to be defined on metrics that do not yet\nexist, improving advanced customer workflows such as configuring\nalerting policies using Terraform.\n\nUsers with the 'monitoring.alertPolicyViewer' role are able to see the\nname of the non-existent metric in the alerting policy condition.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Alerts are considered firing once their PromQL expression evaluated\nto be \"true\" for this long. Alerts whose PromQL expression was not\nevaluated to be \"true\" for long enough are considered pending. The\ndefault value is zero. Must be zero or positive.","description_kind":"plain","optional":true},"evaluation_interval":{"type":"string","description":"How often this rule should be evaluated. Must be a positive multiple\nof 30 seconds or missing. The default value is 30 seconds. If this\nPrometheusQueryLanguageCondition was generated from a Prometheus\nalerting rule, then this value should be taken from the enclosing\nrule group.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to add to or overwrite in the PromQL query result. Label names\nmust be valid.\n\nLabel values can be templatized by using variables. The only available\nvariable names are the names of the labels in the PromQL result, including\n\"__name__\" and \"value\". \"labels\" may be empty. This field is intended to be\nused for organizing and identifying the AlertPolicy","description_kind":"plain","optional":true},"query":{"type":"string","description":"The PromQL expression to evaluate. Every evaluation cycle this\nexpression is evaluated at the current time, and all resultant time\nseries become pending/firing alerts. This field must not be empty.","description_kind":"plain","required":true},"rule_group":{"type":"string","description":"The rule group name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future. This field is optional.","description_kind":"plain","optional":true}},"description":"A condition type that allows alert policies to be defined using\nPrometheus Query Language (PromQL).\n\nThe PrometheusQueryLanguageCondition message contains information\nfrom a Prometheus alerting rule and its associated rule group.","description_kind":"plain"},"max_items":1},"condition_threshold":{"nesting_mode":"list","block":{"attributes":{"comparison":{"type":"string","description":"The comparison to apply between the time\nseries (indicated by filter and aggregation)\nand the threshold (indicated by\nthreshold_value). The comparison is applied\non each time series, with the time series on\nthe left-hand side and the threshold on the\nright-hand side. Only COMPARISON_LT and\nCOMPARISON_GT are supported currently. Possible values: [\"COMPARISON_GT\", \"COMPARISON_GE\", \"COMPARISON_LT\", \"COMPARISON_LE\", \"COMPARISON_EQ\", \"COMPARISON_NE\"]","description_kind":"plain","required":true},"denominator_filter":{"type":"string","description":"A filter that identifies a time series that\nshould be used as the denominator of a ratio\nthat will be compared with the threshold. If\na denominator_filter is specified, the time\nseries specified by the filter field will be\nused as the numerator.The filter is similar\nto the one that is specified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"threshold_value":{"type":"number","description":"A value against which to compare the time\nseries.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.This field is similar to the\none in the MetricService.ListTimeSeries\nrequest. It is advisable to use the\nListTimeSeries method when debugging this\nfield.","description_kind":"plain"}},"denominator_aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series selected by\ndenominatorFilter as well as how to combine\nthe retrieved time series together (such as\nwhen aggregating multiple streams on each\nresource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).When\ncomputing ratios, the aggregations and\ndenominator_aggregations fields must use the\nsame alignment period and produce time\nseries that have the same periodicity and\nlabels.This field is similar to the one in\nthe MetricService.ListTimeSeries request. It\nis advisable to use the ListTimeSeries\nmethod when debugging this field.","description_kind":"plain"}},"forecast_options":{"nesting_mode":"list","block":{"attributes":{"forecast_horizon":{"type":"string","description":"The length of time into the future to forecast\nwhether a timeseries will violate the threshold.\nIf the predicted value is found to violate the\nthreshold, and the violation is observed in all\nforecasts made for the Configured 'duration',\nthen the timeseries is considered to be failing.","description_kind":"plain","required":true}},"description":"When this field is present, the 'MetricThreshold'\ncondition forecasts whether the time series is\npredicted to violate the threshold within the\n'forecastHorizon'. When this field is not set, the\n'MetricThreshold' tests the current value of the\ntimeseries against the threshold.","description_kind":"plain"},"max_items":1},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A condition that compares a time series against a\nthreshold.","description_kind":"plain"},"max_items":1}},"description":"A list of conditions for the policy. The conditions are combined by\nAND or OR according to the combiner field. If the combined conditions\nevaluate to true, then an incident is created. A policy can have from\none to six conditions.","description_kind":"plain"},"min_items":1},"documentation":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The text of the documentation, interpreted according to mimeType.\nThe content may not exceed 8,192 Unicode characters and may not\nexceed more than 10,240 bytes when encoded in UTF-8 format,\nwhichever is smaller.","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"The format of the content field. Presently, only the value\n\"text/markdown\" is supported.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"The subject line of the notification. The subject line may not\nexceed 10,240 bytes. In notifications generated by this policy the contents\nof the subject line after variable expansion will be truncated to 255 bytes\nor shorter at the latest UTF-8 character boundary.","description_kind":"plain","optional":true}},"block_types":{"links":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short display name for the link. The display name must not be empty or exceed 63 characters. Example: \"playbook\".","description_kind":"plain","optional":true},"url":{"type":"string","description":"The url of a webpage. A url can be templatized by using variables in the path or the query parameters. The total length of a URL should not exceed 2083 characters before and after variable expansion. Example: \"https://my_domain.com/playbook?name=${resource.name}\".","description_kind":"plain","optional":true}},"description":"Links to content such as playbooks, repositories, and other resources. This field can contain up to 3 entries.","description_kind":"plain"}}},"description":"Documentation that is included with notifications and incidents related\nto this policy. Best practice is for the documentation to include information\nto help responders understand, mitigate, escalate, and correct the underlying\nproblems detected by the alerting policy. Notification channels that have\nlimited capacity might not show this documentation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_custom_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"telemetry":{"nesting_mode":"list","block":{"attributes":{"resource_name":{"type":"string","description":"The full name of the resource that defines this service.\nFormatted as described in\nhttps://cloud.google.com/apis/design/resource_names.","description_kind":"plain","optional":true}},"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_dashboard":{"version":0,"block":{"attributes":{"dashboard_json":{"type":"string","description":"The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_group":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A user-assigned name for this group, used only for display\npurposes.","description_kind":"plain","required":true},"filter":{"type":"string","description":"The filter used to determine which monitored resources\nbelong to this group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_cluster":{"type":"bool","description":"If true, the members of this group are considered to be a\ncluster. The system can perform additional analysis on\ngroups that are clusters.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for this group. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\".","description_kind":"plain","computed":true},"parent_name":{"type":"string","description":"The name of the group's parent, if it has one. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\". For\ngroups with no parent, parentName is the empty string, \"\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_metric_descriptor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A detailed description of the metric, which can be used in documentation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"launch_stage":{"type":"string","description":"The launch stage of the metric definition. Possible values: [\"LAUNCH_STAGE_UNSPECIFIED\", \"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"METRIC_KIND_UNSPECIFIED\", \"GAUGE\", \"DELTA\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"monitored_resource_types":{"type":["set","string"],"description":"If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the metric descriptor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/.","description_kind":"plain","required":true},"unit":{"type":"string","description":"The units in which the metric value is reported. It is only applicable if the\nvalueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of\nthe stored metric values.\n\nDifferent systems may scale the values to be more easily displayed (so a value of\n0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as\n3.5MBy). However, if the unit is KBy, then the value of the metric is always in\nthousands of bytes, no matter how it may be displayed.\n\nIf you want a custom metric to record the exact number of CPU-seconds used by a job,\nyou can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently\n1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as\n12005.\n\nAlternatively, if you want a custom metric to record data in a more granular way, you\ncan create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value\n12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024).\nThe supported units are a subset of The Unified Code for Units of Measure standard.\nMore info can be found in the API documentation\n(https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors).","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]*","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"STRING\", \"BOOL\", \"INT64\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels.","description_kind":"plain"}},"metadata":{"nesting_mode":"list","block":{"attributes":{"ingest_delay":{"type":"string","description":"The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true},"sample_period":{"type":"string","description":"The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true}},"description":"Metadata which can be used to guide usage of the metric.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_monitored_project":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when this 'MonitoredProject' was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metrics_scope":{"type":"string","description":"Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the 'MonitoredProject'. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: 'locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER}'","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","required":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"block_types":{"sensitive_labels":{"nesting_mode":"list","block":{"attributes":{"auth_token":{"type":"string","description":"An authorization token for a notification channel. Channel types that support this field include: slack","description_kind":"plain","optional":true,"sensitive":true},"password":{"type":"string","description":"An password for a notification channel. Channel types that support this field include: webhook_basicauth","description_kind":"plain","optional":true,"sensitive":true},"service_key":{"type":"string","description":"An servicekey token for a notification channel. Channel types that support this field include: pagerduty","description_kind":"plain","optional":true,"sensitive":true}},"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"basic_service":{"nesting_mode":"list","block":{"attributes":{"service_labels":{"type":["map","string"],"description":"Labels that specify the resource that emits the monitoring data\nwhich is used for SLO reporting of this 'Service'.","description_kind":"plain","optional":true},"service_type":{"type":"string","description":"The type of service that this basic service defines, e.g.\nAPP_ENGINE service type","description_kind":"plain","optional":true}},"description":"A well-known service type, defined by its service type and service labels.\nValid values of service types and services labels are described at\nhttps://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_slo":{"version":0,"block":{"attributes":{"calendar_period":{"type":"string","description":"A calendar period, semantically \"since the start of the current\n\u003ccalendarPeriod\u003e\". Possible values: [\"DAY\", \"WEEK\", \"FORTNIGHT\", \"MONTH\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Name used for UI elements listing this SLO.","description_kind":"plain","optional":true},"goal":{"type":"number","description":"The fraction of service that must be good in order for this objective\nto be met. 0 \u003c goal \u003c= 0.999","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rolling_period_days":{"type":"number","description":"A rolling time period, semantically \"in the past X days\".\nMust be between 1 to 30 days, inclusive.","description_kind":"plain","optional":true},"service":{"type":"string","description":"ID of the service to which this SLO belongs.","description_kind":"plain","required":true},"slo_id":{"type":"string","description":"The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"basic_sli":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic Service-Level Indicator (SLI) on a well-known service type.\nPerformance will be computed on the basis of pre-defined metrics.\n\nSLIs are used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"request_based_sli":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided.\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1}},"description":"A request-based SLI defines a SLI for which atomic units of\nservice are counted directly.\n\nA SLI describes a good service.\nIt is used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"windows_based_sli":{"nesting_mode":"list","block":{"attributes":{"good_bad_metric_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nwith ValueType = BOOL. The window is good if any true values\nappear in the window. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain","optional":true},"window_period":{"type":"string","description":"Duration over which window quality is evaluated, given as a\nduration string \"{X}s\" representing X seconds. Must be an\ninteger fraction of a day and at least 60s.","description_kind":"plain","optional":true}},"block_types":{"good_total_ratio_threshold":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"number","description":"If window performance \u003e= threshold, the window is counted\nas good.","description_kind":"plain","optional":true}},"block_types":{"basic_sli_performance":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to 'true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1},"performance":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.","description_kind":"plain"},"max_items":1}},"description":"Request-based SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1}},"description":"Criterion that describes a window as good if its performance is\nhigh enough. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1},"metric_mean_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nThe provided TimeSeries must have ValueType = INT64 or\nValueType = DOUBLE and MetricKind = GAUGE. Mean value 'X'\nshould satisfy 'range.min \u003c= X \u003c= range.max'\nunder good service.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Mean value 'X' of 'time_series'\nvalues should satisfy 'range.min \u003c= X \u003c= range.max' for a\ngood service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *averaged* across returned streams.\nOne of 'good_bad_metric_filter',\n\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.\nAverage value X of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"max_items":1},"metric_sum_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nquality. The provided TimeSeries must have\nValueType = INT64 or ValueType = DOUBLE and\nMetricKind = GAUGE.\n\nSummed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Summed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *summed* across returned streams.\nSummed value 'X' of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.\n\nOne of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1}},"description":"A windows-based SLI defines the criteria for time windows.\ngood_service is defined based off the count of these time windows\nfor which the provided service was of good quality.\n\nA SLI describes a good service. It is used to measure and calculate\nthe quality of the Service's performance with respect to a single\naspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_monitoring_uptime_check_config":{"version":0,"block":{"attributes":{"checker_type":{"type":"string","description":"The checker type to use for the check. If the monitored resource type is 'servicedirectory_service', 'checker_type' must be set to 'VPC_CHECKERS'. Possible values: [\"STATIC_IP_CHECKERS\", \"VPC_CHECKERS\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique resource name for this UptimeCheckConfig. The format is 'projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]'.","description_kind":"plain","computed":true},"period":{"type":"string","description":"How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selected_regions":{"type":["list","string"],"description":"The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). [See the accepted formats]( https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration)","description_kind":"plain","required":true},"uptime_check_id":{"type":"string","description":"The id of the uptime check","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data to be used for organizing and identifying the 'UptimeCheckConfig' objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"content_matchers":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"String or regex content to match (max 1024 bytes)","description_kind":"plain","required":true},"matcher":{"type":"string","description":"The type of content matcher that will be applied to the server output, compared to the content string when the check is run. Default value: \"CONTAINS_STRING\" Possible values: [\"CONTAINS_STRING\", \"NOT_CONTAINS_STRING\", \"MATCHES_REGEX\", \"NOT_MATCHES_REGEX\", \"MATCHES_JSON_PATH\", \"NOT_MATCHES_JSON_PATH\"]","description_kind":"plain","optional":true}},"block_types":{"json_path_matcher":{"nesting_mode":"list","block":{"attributes":{"json_matcher":{"type":"string","description":"Options to perform JSONPath content matching. Default value: \"EXACT_MATCH\" Possible values: [\"EXACT_MATCH\", \"REGEX_MATCH\"]","description_kind":"plain","optional":true},"json_path":{"type":"string","description":"JSONPath within the response output pointing to the expected 'ContentMatcher::content' to match against.","description_kind":"plain","required":true}},"description":"Information needed to perform a JSONPath content match. Used for 'ContentMatcherOption::MATCHES_JSON_PATH' and 'ContentMatcherOption::NOT_MATCHES_JSON_PATH'.","description_kind":"plain"},"max_items":1}},"description":"The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required.","description_kind":"plain"}},"http_check":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"The request body associated with the HTTP POST request. If 'content_type' is 'URL_ENCODED', the body passed in must be URL-encoded. Users can provide a 'Content-Length' header via the 'headers' field or the API will do so. If the 'request_method' is 'GET' and 'body' is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. 'foo=bar' in URL-encoded form is 'foo%3Dbar' and in base64 encoding is 'Zm9vJTI1M0RiYXI='.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"The content type to use for the check. Possible values: [\"TYPE_UNSPECIFIED\", \"URL_ENCODED\", \"USER_PROVIDED\"]","description_kind":"plain","optional":true},"custom_content_type":{"type":"string","description":"A user provided content type header to use for the check. The invalid configurations outlined in the 'content_type' field apply to custom_content_type', as well as the following 1. 'content_type' is 'URL_ENCODED' and 'custom_content_type' is set. 2. 'content_type' is 'USER_PROVIDED' and 'custom_content_type' is not set.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in [RFC 2616 (page 31)](https://www.w3.org/Protocols/rfc2616/rfc2616.txt). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100.","description_kind":"plain","optional":true,"computed":true},"mask_headers":{"type":"bool","description":"Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if 'mask_headers' is set to 'true' then the headers will be obscured with '******'.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with '/', a '/' will be prepended automatically. Optional (defaults to '/').","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with 'host' (specified within the ['monitored_resource'](#nested_monitored_resource)) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL).","description_kind":"plain","optional":true,"computed":true},"request_method":{"type":"string","description":"The HTTP request method to use for the check. If set to 'METHOD_UNSPECIFIED' then 'request_method' defaults to 'GET'. Default value: \"GET\" Possible values: [\"METHOD_UNSPECIFIED\", \"GET\", \"POST\"]","description_kind":"plain","optional":true},"use_ssl":{"type":"bool","description":"If true, use HTTPS instead of HTTP to run the check.","description_kind":"plain","optional":true},"validate_ssl":{"type":"bool","description":"Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where 'monitored_resource' is set to 'uptime_url'. If 'use_ssl' is 'false', setting 'validate_ssl' to 'true' has no effect.","description_kind":"plain","optional":true}},"block_types":{"accepted_response_status_codes":{"nesting_mode":"list","block":{"attributes":{"status_class":{"type":"string","description":"A class of status codes to accept. Possible values: [\"STATUS_CLASS_1XX\", \"STATUS_CLASS_2XX\", \"STATUS_CLASS_3XX\", \"STATUS_CLASS_4XX\", \"STATUS_CLASS_5XX\", \"STATUS_CLASS_ANY\"]","description_kind":"plain","optional":true},"status_value":{"type":"number","description":"A status code to accept.","description_kind":"plain","optional":true}},"description":"If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299.","description_kind":"plain"}},"auth_info":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password to authenticate.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"The username to authenticate.","description_kind":"plain","required":true}},"description":"The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields.","description_kind":"plain"},"max_items":1},"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to an HTTP check.","description_kind":"plain"},"max_items":1},"service_agent_authentication":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of authentication to use. Possible values: [\"SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED\", \"OIDC_TOKEN\"]","description_kind":"plain","optional":true}},"description":"The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make an HTTP or HTTPS check.","description_kind":"plain"},"max_items":1},"monitored_resource":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels 'project_id', 'instance_id', and 'zone'.","description_kind":"plain","required":true},"type":{"type":"string","description":"The monitored resource type. This field must match the type field of a ['MonitoredResourceDescriptor'](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is 'gce_instance'. For a list of types, see [Monitoring resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list).","description_kind":"plain","required":true}},"description":"The [monitored resource]\n(https://cloud.google.com/monitoring/api/resources) associated with the\nconfiguration. The following monitored resource types are supported for\nuptime checks:\n* 'aws_ec2_instance'\n* 'aws_elb_load_balancer'\n* 'gae_app'\n* 'gce_instance'\n* 'k8s_service'\n* 'servicedirectory_service'\n* 'uptime_url'","description_kind":"plain"},"max_items":1},"resource_group":{"nesting_mode":"list","block":{"attributes":{"group_id":{"type":"string","description":"The group of resources being monitored. Should be the 'name' of a group","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The resource type of the group members. Possible values: [\"RESOURCE_TYPE_UNSPECIFIED\", \"INSTANCE\", \"AWS_ELB_LOAD_BALANCER\"]","description_kind":"plain","optional":true}},"description":"The group resource associated with the configuration.","description_kind":"plain"},"max_items":1},"synthetic_monitor":{"nesting_mode":"list","block":{"block_types":{"cloud_function_v2":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The fully qualified name of the cloud function resource.","description_kind":"plain","required":true}},"description":"Target a Synthetic Monitor GCFv2 Instance","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A Synthetic Monitor deployed to a Cloud Functions V2 instance.","description_kind":"plain"},"max_items":1},"tcp_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with host (specified within the 'monitored_resource') to construct the full URL.","description_kind":"plain","required":true}},"block_types":{"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to a TCP check.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make a TCP check.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_active_directory":{"version":0,"block":{"attributes":{"administrators":{"type":["list","string"],"description":"Domain user accounts to be added to the local Administrators group of the SMB service. Comma-separated list of domain users or groups. The Domain Admin group is automatically added when the service joins your domain as a hidden group.","description_kind":"plain","optional":true},"aes_encryption":{"type":"bool","description":"Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.","description_kind":"plain","optional":true},"backup_operators":{"type":["list","string"],"description":"Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns":{"type":"string","description":"Comma separated list of DNS server IP addresses for the Active Directory domain.","description_kind":"plain","required":true},"domain":{"type":"string","description":"Fully qualified domain name for the Active Directory domain.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encrypt_dc_connections":{"type":"bool","description":"If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kdc_hostname":{"type":"string","description":"Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only required for volumes using kerberized NFSv4.1","description_kind":"plain","optional":true},"kdc_ip":{"type":"string","description":"IP address of the Active Directory server used as Kerberos Key Distribution Center.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_signing":{"type":"bool","description":"Specifies whether or not the LDAP traffic needs to be signed.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Active Directory pool. Needs to be unique per location.","description_kind":"plain","required":true},"net_bios_prefix":{"type":"string","description":"NetBIOS name prefix of the server to be created.\nA five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:\n'\\\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\\SHARE_NAME'","description_kind":"plain","required":true},"nfs_users_with_ldap":{"type":"bool","description":"Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.\nThis option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).","description_kind":"plain","optional":true},"organizational_unit":{"type":"string","description":"Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.\nDefaults to 'CN=Computers' if left empty.","description_kind":"plain","optional":true,"computed":true},"password":{"type":"string","description":"Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_operators":{"type":["list","string"],"description":"Domain accounts that require elevated privileges such as 'SeSecurityPrivilege' to manage security logs. Comma-separated list.","description_kind":"plain","optional":true},"site":{"type":"string","description":"Specifies an Active Directory site to manage domain controller selection.\nUse when Active Directory domain controllers in multiple regions are configured. Defaults to 'Default-First-Site-Name' if left empty.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of the Active Directory policy (not the Active Directory itself).","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"The state details of the Active Directory.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup":{"version":0,"block":{"attributes":{"backup_type":{"type":"string","description":"Type of backup, manually created or created by a backup policy. Possible Values : [TYPE_UNSPECIFIED, MANUAL, SCHEDULED]","description_kind":"plain","computed":true},"chain_storage_bytes":{"type":"string","description":"Backups of a volume build incrementally on top of each other. They form a \"backup chain\".\nTotal size of all backups in a chain in bytes = baseline backup size + sum(incremental backup size)","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the backup. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"If specified, backup will be created from the given snapshot. If not specified,\nthere will be a new snapshot taken to initiate the backup creation.\nFormat: 'projects/{{projectId}}/locations/{{location}}/volumes/{{volumename}}/snapshots/{{snapshotname}}''","description_kind":"plain","optional":true},"source_volume":{"type":"string","description":"ID of volumes this backup belongs to. Format: 'projects/{{projects_id}}/locations/{{location}}/volumes/{{name}}''","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of the Backup Vault. Possible Values : [STATE_UNSPECIFIED, CREATING, UPLOADING, READY, DELETING, ERROR, UPDATING]","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"vault_name":{"type":"string","description":"Name of the backup vault to store the backup in.","description_kind":"plain","required":true},"volume_usage_bytes":{"type":"string","description":"Size of the file system when the backup was created. When creating a new volume from the backup, the volume capacity will have to be at least as big.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_policy":{"version":0,"block":{"attributes":{"assigned_volume_count":{"type":"number","description":"The total number of volumes assigned by this backup policy.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the backup policy. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"daily_backup_limit":{"type":"number","description":"Number of daily backups to keep. Note that the minimum daily backup limit is 2.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"If enabled, make backups automatically according to the schedules.\nThis will be applied to all volumes that have this policy attached and enforced on volume level.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"monthly_backup_limit":{"type":"number","description":"Number of monthly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the backup policy. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the backup policy.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"weekly_backup_limit":{"type":"number","description":"Number of weekly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_vault":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the backup vault. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location (region) of the backup vault.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup vault. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Backup Vault.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_kmsconfig":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Resource name of the KMS key to use. Only regional keys are supported. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description for the CMEK policy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instructions":{"type":"string","description":"Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access.\n\nTo make the policy work, a CMEK policy check is required, which verifies key access.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the policy location. CMEK policies apply to the whole region.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the CMEK policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Service account which needs to have access to the provided KMS key.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_storage_pool":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Specifies the Active Directory policy to be used. Format: 'projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"allow_auto_tiering":{"type":"bool","description":"Optional. True if the storage pool supports Auto Tiering enabled volumes. Default is false.\nAuto-tiering can be enabled after storage pool creation but it can't be disabled once enabled.","description_kind":"plain","optional":true},"capacity_gib":{"type":"string","description":"Capacity of the storage pool (in GiB).","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports if volumes in the pool are encrypted using a Google-managed encryption key or CMEK.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_config":{"type":"string","description":"Specifies the CMEK policy to be used for volume encryption. Format: 'projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"When enabled, the volumes uses Active Directory as LDAP name service for UID/GID lookups. Required to enable extended group support for NFSv3,\nusing security identifiers for NFSv4.1 or principal names for kerberized NFSv4.1.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the location. For zonal Flex pools specify a zone name, in all other cases a region name.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the storage pool. Needs to be unique per location/region.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"replica_zone":{"type":"string","description":"Specifies the replica zone for regional Flex pools. 'zone' and 'replica_zone' values can be swapped to initiate a\n[zone switch](https://cloud.google.com/netapp/volumes/docs/configure-and-use/storage-pools/edit-or-delete-storage-pool#switch_active_and_replica_zones).","description_kind":"plain","optional":true},"service_level":{"type":"string","description":"Service level of the storage pool. Possible values: [\"PREMIUM\", \"EXTREME\", \"STANDARD\", \"FLEX\"]","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"volume_capacity_gib":{"type":"string","description":"Size allocated to volumes in the storage pool (in GiB).","description_kind":"plain","computed":true},"volume_count":{"type":"number","description":"Number of volume in the storage pool.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Specifies the active zone for regional Flex pools. 'zone' and 'replica_zone' values can be swapped to initiate a\n[zone switch](https://cloud.google.com/netapp/volumes/docs/configure-and-use/storage-pools/edit-or-delete-storage-pool#switch_active_and_replica_zones).\nIf you want to create a zonal Flex pool, specify a zone name for 'location' and omit 'zone'.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Reports the resource name of the Active Directory policy being used. Inherited from storage pool.","description_kind":"plain","computed":true},"capacity_gib":{"type":"string","description":"Capacity of the volume (in GiB).","description_kind":"plain","required":true},"cold_tier_size_gib":{"type":"string","description":"Output only. Size of the volume cold tier data in GiB.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the volume. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the volume should be deleted forcefully.\nVolumes may have nested snapshot resources. Deleting such a volume will fail.\nSetting this parameter to FORCE will delete volumes including nested snapshots.\nPossible values: DEFAULT, FORCE.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports the data-at-rest encryption type of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"has_replication":{"type":"bool","description":"Indicates whether the volume is part of a volume replication relationship.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kerberos_enabled":{"type":"bool","description":"Flag indicating if the volume is a kerberos volume or not, export policy rules control kerberos security modes (krb5, krb5i, krb5p).","description_kind":"plain","optional":true},"kms_config":{"type":"string","description":"Reports the CMEK policy resurce name being used for volume encryption. Inherited from storage pool.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"large_capacity":{"type":"bool","description":"Optional. Flag indicating if the volume will be a large capacity volume or a regular volume.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"Flag indicating if the volume is NFS LDAP enabled or not. Inherited from storage pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Name of the pool location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"mount_options":{"type":["list",["object",{"export":"string","export_full":"string","instructions":"string","protocol":"string"}]],"description":"Reports mount instructions for this volume.","description_kind":"plain","computed":true},"multiple_endpoints":{"type":"bool","description":"Optional. Flag indicating if the volume will have an IP address per node for volumes supporting multiple IP endpoints.\nOnly the volume with largeCapacity will be allowed to have multiple endpoints.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'. Inherited from storage pool.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocols":{"type":["list","string"],"description":"The protocol of the volume. Allowed combinations are '['NFSV3']', '['NFSV4']', '['SMB']', '['NFSV3', 'NFSV4']', '['SMB', 'NFSV3']' and '['SMB', 'NFSV4']'. Possible values: [\"NFSV3\", \"NFSV4\", \"SMB\"]","description_kind":"plain","required":true},"psa_range":{"type":"string","description":"Name of the Private Service Access allocated range. Inherited from storage pool.","description_kind":"plain","computed":true},"replica_zone":{"type":"string","description":"Specifies the replica zone for regional volume.","description_kind":"plain","computed":true},"restricted_actions":{"type":["list","string"],"description":"List of actions that are restricted on this volume. Possible values: [\"DELETE\"]","description_kind":"plain","optional":true},"security_style":{"type":"string","description":"Security Style of the Volume. Use UNIX to use UNIX or NFSV4 ACLs for file permissions.\nUse NTFS to use NTFS ACLs for file permissions. Can only be set for volumes which use SMB together with NFS as protocol. Possible values: [\"NTFS\", \"UNIX\"]","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the volume. Inherited from storage pool. Supported values are : PREMIUM, EXTREME, STANDARD, FLEX.","description_kind":"plain","computed":true},"share_name":{"type":"string","description":"Share name (SMB) or export path (NFS) of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"smb_settings":{"type":["list","string"],"description":"Settings for volumes with SMB access. Possible values: [\"ENCRYPT_DATA\", \"BROWSABLE\", \"CHANGE_NOTIFY\", \"NON_BROWSABLE\", \"OPLOCKS\", \"SHOW_SNAPSHOT\", \"SHOW_PREVIOUS_VERSIONS\", \"ACCESS_BASED_ENUMERATION\", \"CONTINUOUSLY_AVAILABLE\"]","description_kind":"plain","optional":true,"computed":true},"snapshot_directory":{"type":"bool","description":"If enabled, a NFS volume will contain a read-only .snapshot directory which provides access to each of the volume's snapshots. Will enable \"Previous Versions\" support for SMB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the volume.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the volume.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"Name of the storage pool to create the volume in. Pool needs enough spare capacity to accommodate the volume.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unix_permissions":{"type":"string","description":"Unix permission the mount point will be created with. Default is 0770. Applicable for UNIX security style volumes only.","description_kind":"plain","optional":true,"computed":true},"used_gib":{"type":"string","description":"Used capacity of the volume (in GiB). This is computed periodically and it does not represent the realtime usage.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Specifies the active zone for regional volume.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"backup_policies":{"type":["list","string"],"description":"Specify a single backup policy ID for scheduled backups. Format: 'projects/{{projectId}}/locations/{{location}}/backupPolicies/{{backupPolicyName}}'","description_kind":"plain","optional":true},"backup_vault":{"type":"string","description":"ID of the backup vault to use. A backup vault is reqired to create manual or scheduled backups.\nFormat: 'projects/{{projectId}}/locations/{{location}}/backupVaults/{{backupVaultName}}'","description_kind":"plain","optional":true},"scheduled_backup_enabled":{"type":"bool","description":"When set to true, scheduled backup is enabled on the volume. Omit if no backup_policy is specified.","description_kind":"plain","optional":true}},"description":"Backup configuration for the volume.","description_kind":"plain"},"max_items":1},"export_policy":{"nesting_mode":"list","block":{"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"Defines the access type for clients matching the 'allowedClients' specification. Possible values: [\"READ_ONLY\", \"READ_WRITE\", \"READ_NONE\"]","description_kind":"plain","optional":true},"allowed_clients":{"type":"string","description":"Defines the client ingress specification (allowed clients) as a comma separated list with IPv4 CIDRs or IPv4 host addresses.","description_kind":"plain","optional":true},"has_root_access":{"type":"string","description":"If enabled, the root user (UID = 0) of the specified clients doesn't get mapped to nobody (UID = 65534). This is also known as no_root_squash.","description_kind":"plain","optional":true},"kerberos5_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode. The 'kerberos5ReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5i_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5i_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode. The 'kerberos5iReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5p_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5p_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. The 'kerberos5pReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"nfsv3":{"type":"bool","description":"Enable to apply the export rule to NFSV3 clients.","description_kind":"plain","optional":true},"nfsv4":{"type":"bool","description":"Enable to apply the export rule to NFSV4.1 clients.","description_kind":"plain","optional":true}},"description":"Export rules (up to 5) control NFS volume access.","description_kind":"plain"},"min_items":1}},"description":"Export policy of the volume for NFSV3 and/or NFSV4.1 access.","description_kind":"plain"},"max_items":1},"restore_parameters":{"nesting_mode":"list","block":{"attributes":{"source_backup":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/backupVaults/{{backupVaultId}}/backups/{{backup}}'.","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/volumes/{{volume}}/snapshots/{{snapshot}}'.","description_kind":"plain","optional":true}},"description":"Used to create this volume from a snapshot (= cloning) or an backup.","description_kind":"plain"},"max_items":1},"snapshot_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables automated snapshot creation according to defined schedule. Default is false.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain","optional":true}},"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the daily schedule.","description_kind":"plain","required":true}},"description":"Daily schedule policy.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the hourly schedule.","description_kind":"plain","required":true}},"description":"Hourly schedule policy.","description_kind":"plain"},"max_items":1},"monthly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_month":{"type":"string","description":"Set the day or days of the month to make a snapshot (1-31). Accepts a comma separated number of days. Defaults to '1'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the monthly schedule","description_kind":"plain","required":true}},"description":"Monthly schedule policy.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Set the day or days of the week to make a snapshot. Accepts a comma separated days of the week. Defaults to 'Sunday'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the weekly schedule.","description_kind":"plain","required":true}},"description":"Weekly schedule policy.","description_kind":"plain"},"max_items":1}},"description":"Snapshot policy defines the schedule for automatic snapshot creation.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain"},"max_items":1},"tiering_policy":{"nesting_mode":"list","block":{"attributes":{"cooling_threshold_days":{"type":"number","description":"Optional. Time in days to mark the volume's data block as cold and make it eligible for tiering, can be range from 7-183.\nDefault is 31.","description_kind":"plain","optional":true},"tier_action":{"type":"string","description":"Optional. Flag indicating if the volume has tiering policy enable/pause. Default is PAUSED. Default value: \"PAUSED\" Possible values: [\"ENABLED\", \"PAUSED\"]","description_kind":"plain","optional":true}},"description":"Tiering policy for the volume.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_replication":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"delete_destination_volume":{"type":"bool","description":"A destination volume is created as part of replication creation. The destination volume will not became\nunder Terraform management unless you import it manually. If you delete the replication, this volume\nwill remain.\nSetting this parameter to true will delete the *current* destination volume when destroying the\nreplication. If you reversed the replication direction, this will be your former source volume!\nFor production use, it is recommended to keep this parameter false to avoid accidental volume\ndeletion. Handle with care. Default is false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An description of this resource.","description_kind":"plain","optional":true},"destination_volume":{"type":"string","description":"Full resource name of destination volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_stopping":{"type":"bool","description":"Only replications with mirror_state=MIRRORED can be stopped. A replication in mirror_state=TRANSFERRING\ncurrently receives an update and stopping the update might be undesirable. Set this parameter to true\nto stop anyway. All data transferred to the destination will be discarded and content of destination\nvolume will remain at the state of the last successful update. Default is false.","description_kind":"plain","optional":true},"healthy":{"type":"bool","description":"Condition of the relationship. Can be one of the following:\n - true: The replication relationship is healthy. It has not missed the most recent scheduled transfer.\n - false: The replication relationship is not healthy. It has missed the most recent scheduled transfer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of region for this resource. The resource needs to be created in the region of the destination volume.","description_kind":"plain","required":true},"mirror_state":{"type":"string","description":"Indicates the state of the mirror between source and destination volumes. Depending on the amount of data\nin your source volume, PREPARING phase can take hours or days. mirrorState = MIRRORED indicates your baseline\ntransfer ended and destination volume became accessible read-only. TRANSFERRING means a MIRRORED volume\ncurrently receives an update. Updated every 5 minutes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the replication. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"replication_enabled":{"type":"bool","description":"Set to false to stop/break the mirror. Stopping the mirror makes the destination volume read-write\nand act independently from the source volume.\nSet to true to enable/resume the mirror. WARNING: Resuming a mirror overwrites any changes\ndone to the destination volume with the content of the source volume.","description_kind":"plain","optional":true},"replication_schedule":{"type":"string","description":"Specifies the replication interval. Possible values: [\"EVERY_10_MINUTES\", \"HOURLY\", \"DAILY\"]","description_kind":"plain","required":true},"role":{"type":"string","description":"Reverting a replication can swap source and destination volume roles. This field indicates if the 'location' hosts\nthe source or destination volume. For resume and revert and resume operations it is critical to understand\nwhich volume is the source volume, since it will overwrite changes done to the destination volume.","description_kind":"plain","computed":true},"source_volume":{"type":"string","description":"Full resource name of source volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"state":{"type":"string","description":"Indicates the state of replication resource. State of the mirror itself is indicated in mirrorState.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the replication resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_stats":{"type":["list",["object",{"lag_duration":"string","last_transfer_bytes":"string","last_transfer_duration":"string","last_transfer_end_time":"string","last_transfer_error":"string","total_transfer_duration":"string","transfer_bytes":"string","update_time":"string"}]],"description":"Replication transfer statistics. All statistics are updated every 5 minutes.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the existing source volume.","description_kind":"plain","required":true},"wait_for_mirror":{"type":"bool","description":"Replication resource state is independent of mirror_state. With enough data, it can take many hours\nfor mirror_state to reach MIRRORED. If you want Terraform to wait for the mirror to finish on\ncreate/stop/resume operations, set this parameter to true. Default is false.","description_kind":"plain","optional":true}},"block_types":{"destination_volume_parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description for the destination volume.","description_kind":"plain","optional":true},"share_name":{"type":"string","description":"Share name for destination volume. If not specified, name of source volume's share name will be used.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"Name of an existing storage pool for the destination volume with format: 'projects/{{project}}/locations/{{location}}/storagePools/{{poolId}}'","description_kind":"plain","required":true},"volume_id":{"type":"string","description":"Name for the destination volume to be created. If not specified, the name of the source volume will be used.","description_kind":"plain","optional":true,"computed":true}},"description":"Destination volume parameters.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_snapshot":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description for the snapshot.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the snapshot location. Snapshots are child resources of volumes and live in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the snapshot.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"used_bytes":{"type":"number","description":"Storage used to store blocks unique to this snapshot.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the volume to create the snapshot in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the hub was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the group.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hub":{"type":"string","description":"The name of the hub. Hub names must be unique. They use the following form: projects/{projectNumber}/locations/global/hubs/{hubId}","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the group. Group names must be unique. Possible values: [\"default\", \"center\", \"edge\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"route_table":{"type":"string","description":"Output only. The name of the route table that corresponds to this group. They use the following form: 'projects/{projectNumber}/locations/global/hubs/{hubId}/routeTables/{route_table_id}'","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this hub.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. The Google-generated UUID for the group. This value is unique across all group resources. If a group is deleted and another with the same name is created, the new route table is assigned a different uniqueId.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the hub was last updated.","description_kind":"plain","computed":true}},"block_types":{"auto_accept":{"nesting_mode":"list","block":{"attributes":{"auto_accept_projects":{"type":["list","string"],"description":"A list of project ids or project numbers for which you want to enable auto-accept. The auto-accept setting is applied to spokes being created or updated in these projects.","description_kind":"plain","required":true}},"description":"Optional. The auto-accept setting for this group.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_hub":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the hub was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the hub.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"export_psc":{"type":"bool","description":"Whether Private Service Connect transitivity is enabled for the hub. If true, Private Service Connect endpoints in VPC spokes attached to the hub are made accessible to other VPC spokes attached to the hub. The default value is false.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Immutable. The name of the hub. Hub names must be unique. They use the following form: 'projects/{project_number}/locations/global/hubs/{hub_id}'","description_kind":"plain","optional":true,"computed":true},"preset_topology":{"type":"string","description":"Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. Possible values: [\"MESH\", \"STAR\"]","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_vpcs":{"type":["list",["object",{"uri":"string"}]],"description":"The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this hub.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the hub was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_internal_range":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP range that this internal range defines.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"overlaps":{"type":["list","string"],"description":"Optional. Types of resources that are allowed to overlap with the current internal range. Possible values: [\"OVERLAP_ROUTE_RANGE\", \"OVERLAP_EXISTING_SUBNET_RANGE\"]","description_kind":"plain","optional":true},"peering":{"type":"string","description":"The type of peering set for this internal range. Possible values: [\"FOR_SELF\", \"FOR_PEER\", \"NOT_SHARED\"]","description_kind":"plain","required":true},"prefix_length":{"type":"number","description":"An alternate to ipCidrRange. Can be set when trying to create a reservation that automatically finds a free range of the given size.\nIf both ipCidrRange and prefixLength are set, there is an error if the range sizes do not match. Can also be used during updates to change the range size.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"target_cidr_range":{"type":["list","string"],"description":"Optional. Can be set to narrow down or pick a different address space while searching for a free range.\nIf not set, defaults to the \"10.0.0.0/8\" address space. This can be used to search in other rfc-1918 address spaces like \"172.16.0.0/12\" and \"192.168.0.0/16\" or non-rfc-1918 address spaces used in the VPC.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"usage":{"type":"string","description":"The type of usage set for this InternalRange. Possible values: [\"FOR_VPC\", \"EXTERNAL_TO_VPC\", \"FOR_MIGRATION\"]","description_kind":"plain","required":true},"users":{"type":["list","string"],"description":"Output only. The list of resources that refer to this internal range.\nResources that use the internal range for their range allocation are referred to as users of the range.\nOther resources mark themselves as users while doing so by creating a reference to this internal range. Having a user, based on this reference, prevents deletion of the internal range referred to. Can be empty.","description_kind":"plain","computed":true}},"block_types":{"migration":{"nesting_mode":"list","block":{"attributes":{"source":{"type":"string","description":"Resource path as an URI of the source resource, for example a subnet.\nThe project for the source resource should match the project for the\nInternalRange.\nAn example /projects/{project}/regions/{region}/subnetworks/{subnet}","description_kind":"plain","required":true},"target":{"type":"string","description":"Resource path of the target resource. The target project can be\ndifferent, as in the cases when migrating to peer networks. The resource\nmay not exist yet.\nFor example /projects/{project}/regions/{region}/subnetworks/{subnet}","description_kind":"plain","required":true}},"description":"Specification for migration with source and target resource names.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_policy_based_route":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of this resource.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"next_hop_ilb_ip":{"type":"string","description":"The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets.","description_kind":"plain","optional":true},"next_hop_other_routes":{"type":"string","description":"Other routes that will be referenced to determine the next hop of the packet. Possible values: [\"DEFAULT_ROUTING\"]","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"warnings":{"type":["list",["object",{"code":"string","data":["map","string"],"warning_message":"string"}]],"description":"If potential misconfigurations are detected for this route, this field will be populated with warning messages.","description_kind":"plain","computed":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"dest_range":{"type":"string","description":"The destination IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true},"ip_protocol":{"type":"string","description":"The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.","description_kind":"plain","optional":true},"protocol_version":{"type":"string","description":"Internet protocol versions this policy-based route applies to. Possible values: [\"IPV4\"]","description_kind":"plain","required":true},"src_range":{"type":"string","description":"The source IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true}},"description":"The filter to match L4 traffic.","description_kind":"plain"},"min_items":1,"max_items":1},"interconnect_attachment":{"nesting_mode":"list","block":{"attributes":{"region":{"type":"string","description":"Cloud region to install this policy-based route on for Interconnect attachments. Use 'all' to install it on all Interconnect attachments.","description_kind":"plain","required":true}},"description":"The interconnect attachments that this policy-based route applies to.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here will install this PBR.","description_kind":"plain","required":true}},"description":"VM instances to which this policy-based route applies to.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_connectivity_regional_endpoint":{"version":0,"block":{"attributes":{"access_type":{"type":"string","description":"The access type of this regional endpoint. This field is reflected in the PSC Forwarding Rule configuration to enable global access. Possible values: [\"GLOBAL\", \"REGIONAL\"]","description_kind":"plain","required":true},"address":{"type":"string","description":"The IP Address of the Regional Endpoint. When no address is provided, an IP from the subnetwork is allocated. Use one of the following formats: * IPv4 address as in '10.0.0.1' * Address resource URI as in 'projects/{project}/regions/{region}/addresses/{address_name}'\n\n~\u003e **Note:** This field accepts both a reference to a Compute Address resource, which is the resource name of which format is given in the description, and IP literal value. If the user chooses to input a reserved address value; they need to make sure that the reserved address is in IPv4 version, its purpose is GCE_ENDPOINT, its type is INTERNAL and its status is RESERVED. If the user chooses to input an IP literal, they need to make sure that it's a valid IPv4 address (x.x.x.x) within the subnetwork.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Time when the RegionalEndpoint was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the RegionalEndpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the RegionalEndpoint.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC network for this private regional endpoint. Format: 'projects/{project}/global/networks/{network}'","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_forwarding_rule":{"type":"string","description":"The resource reference of the PSC Forwarding Rule created on behalf of the customer. Format: '//compute.googleapis.com/projects/{project}/regions/{region}/forwardingRules/{forwarding_rule_name}'","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork from which the IP address will be allocated. Format: 'projects/{project}/regions/{region}/subnetworks/{subnetwork}'","description_kind":"plain","optional":true,"computed":true},"target_google_api":{"type":"string","description":"The service endpoint this private regional endpoint connects to. Format: '{apiname}.{region}.p.rep.googleapis.com' Example: \\\"cloudkms.us-central1.p.rep.googleapis.com\\\".","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time when the RegionalEndpoint was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_service_connection_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"infrastructure":{"type":"string","description":"The type of underlying resources used to create the connection.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the ServiceConnectionPolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names","description_kind":"plain","required":true},"network":{"type":"string","description":"The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"consumer_address":"string","consumer_forwarding_rule":"string","consumer_target_project":"string","error":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"error_info":["list",["object",{"domain":"string","metadata":["map","string"],"reason":"string"}]],"error_type":"string","gce_operation":"string","psc_connection_id":"string","state":"string"}]],"description":"Information about each Private Service Connect connection.","description_kind":"plain","computed":true},"service_class":{"type":"string","description":"The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.\nIt is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"psc_config":{"nesting_mode":"list","block":{"attributes":{"limit":{"type":"string","description":"Max number of PSC connections for this policy.","description_kind":"plain","optional":true},"subnetworks":{"type":["list","string"],"description":"IDs of the subnetworks or fully qualified identifiers for the subnetworks","description_kind":"plain","required":true}},"description":"Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_spoke":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the spoke was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the spoke.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group":{"type":"string","description":"The name of the group that this spoke is associated with.","description_kind":"plain","optional":true,"computed":true},"hub":{"type":"string","description":"Immutable. The URI of the hub that this spoke is attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the spoke. Spoke names must be unique.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this spoke.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the spoke was last updated.","description_kind":"plain","computed":true}},"block_types":{"linked_interconnect_attachments":{"nesting_mode":"list","block":{"attributes":{"include_import_ranges":{"type":["list","string"],"description":"IP ranges allowed to be included during import from hub (does not control transit connectivity).\nThe only allowed value for now is \"ALL_IPV4_RANGES\".","description_kind":"plain","optional":true},"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked interconnect attachment resources","description_kind":"plain","required":true}},"description":"A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.","description_kind":"plain"},"max_items":1},"linked_producer_vpc_network":{"nesting_mode":"list","block":{"attributes":{"exclude_export_ranges":{"type":["list","string"],"description":"IP ranges encompassing the subnets to be excluded from peering.","description_kind":"plain","optional":true},"include_export_ranges":{"type":["list","string"],"description":"IP ranges allowed to be included from peering.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The URI of the Service Consumer VPC that the Producer VPC is peered with.","description_kind":"plain","required":true},"peering":{"type":"string","description":"The name of the VPC peering between the Service Consumer VPC and the Producer VPC (defined in the Tenant project) which is added to the NCC hub. This peering must be in ACTIVE state.","description_kind":"plain","required":true},"producer_network":{"type":"string","description":"The URI of the Producer VPC.","description_kind":"plain","computed":true}},"description":"Producer VPC network that is associated with the spoke.","description_kind":"plain"},"max_items":1},"linked_router_appliance_instances":{"nesting_mode":"list","block":{"attributes":{"include_import_ranges":{"type":["list","string"],"description":"IP ranges allowed to be included during import from hub (does not control transit connectivity).\nThe only allowed value for now is \"ALL_IPV4_RANGES\".","description_kind":"plain","optional":true},"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The IP address on the VM to use for peering.","description_kind":"plain","required":true},"virtual_machine":{"type":"string","description":"The URI of the virtual machine resource","description_kind":"plain","required":true}},"description":"The list of router appliance instances","description_kind":"plain"},"min_items":1}},"description":"The URIs of linked Router appliance resources","description_kind":"plain"},"max_items":1},"linked_vpc_network":{"nesting_mode":"list","block":{"attributes":{"exclude_export_ranges":{"type":["list","string"],"description":"IP ranges encompassing the subnets to be excluded from peering.","description_kind":"plain","optional":true},"include_export_ranges":{"type":["list","string"],"description":"IP ranges allowed to be included from peering.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the VPC network resource.","description_kind":"plain","required":true}},"description":"VPC network that is associated with the spoke.","description_kind":"plain"},"max_items":1},"linked_vpn_tunnels":{"nesting_mode":"list","block":{"attributes":{"include_import_ranges":{"type":["list","string"],"description":"IP ranges allowed to be included during import from hub (does not control transit connectivity).\nThe only allowed value for now is \"ALL_IPV4_RANGES\".","description_kind":"plain","optional":true},"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked VPN tunnel resources.","description_kind":"plain","required":true}},"description":"The URIs of linked VPN tunnel resources","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_management_connectivity_test":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The user-supplied description of the Connectivity Test.\nMaximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the connectivity test.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"IP Protocol of the test. When not provided, \"TCP\" is assumed.","description_kind":"plain","optional":true},"related_projects":{"type":["list","string"],"description":"Other projects that may be relevant for reachability analysis.\nThis is applicable to scenarios where a test can cross project\nboundaries.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n1. Only the IP address is specified, and the IP address is within\na GCP project. 2. When you are using Shared VPC and the IP address\nthat you provide is from the service project. In this case, the\nnetwork that the IP address resides in is defined in the host\nproject.","description_kind":"plain","optional":true}},"description":"Required. Destination specification of the Connectivity Test.\n\nYou can use a combination of destination IP address, Compute\nEngine VM instance, or VPC network to uniquely identify the\ndestination location.\n\nEven if the destination IP address is not unique, the source IP\nlocation is unique. Usually, the analysis can infer the destination\nendpoint from route information.\n\nIf the destination you specify is a VM instance and the instance has\nmultiple network interfaces, then you must also specify either a\ndestination IP address or VPC network to identify the destination\ninterface.\n\nA reachability analysis proceeds even if the destination location\nis ambiguous. However, the result can include endpoints that you\ndon't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"source":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"Type of the network where the endpoint is located. Possible values: [\"GCP_NETWORK\", \"NON_GCP_NETWORK\"]","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n\n1. Only the IP address is specified, and the IP address is\n within a GCP project.\n2. When you are using Shared VPC and the IP address\n that you provide is from the service project. In this case,\n the network that the IP address resides in is defined in the\n host project.","description_kind":"plain","optional":true}},"description":"Required. Source specification of the Connectivity Test.\n\nYou can use a combination of source IP address, virtual machine\n(VM) instance, or Compute Engine network to uniquely identify the\nsource location.\n\nExamples: If the source IP address is an internal IP address within\na Google Cloud Virtual Private Cloud (VPC) network, then you must\nalso specify the VPC network. Otherwise, specify the VM instance,\nwhich already contains its internal IP address and VPC network\ninformation.\n\nIf the source of the test is within an on-premises network, then\nyou must provide the destination VPC network.\n\nIf the source endpoint is a Compute Engine VM instance with multiple\nnetwork interfaces, the instance itself is not sufficient to\nidentify the endpoint. So, you must also specify the source IP\naddress or VPC network.\n\nA reachability analysis proceeds even if the source location is\nambiguous. However, the test result may include endpoints that\nyou don't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_management_vpc_flow_logs_config":{"version":0,"block":{"attributes":{"aggregation_interval":{"type":"string","description":"Optional. The aggregation interval for the logs. Default value is\nINTERVAL_5_SEC. Possible values: AGGREGATION_INTERVAL_UNSPECIFIED INTERVAL_5_SEC INTERVAL_30_SEC INTERVAL_1_MIN INTERVAL_5_MIN INTERVAL_10_MIN INTERVAL_15_MIN\"","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Output only. The time the config was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The user-supplied description of the VPC Flow Logs configuration. Maximum\nof 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter_expr":{"type":"string","description":"Optional. Export filter used to define which VPC Flow Logs should be logged.","description_kind":"plain","optional":true},"flow_sampling":{"type":"number","description":"Optional. The value of the field must be in (0, 1]. The sampling rate\nof VPC Flow Logs where 1.0 means all collected logs are reported. Setting the\nsampling rate to 0.0 is not allowed. If you want to disable VPC Flow Logs, use\nthe state field instead. Default value is 1.0.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachment":{"type":"string","description":"Traffic will be logged from the Interconnect Attachment. Format: projects/{project_id}/regions/{region}/interconnectAttachments/{name}","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Optional. Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. It identifies the resource\nwithin its parent collection as described in https://google.aip.dev/122. See documentation\nfor resource type 'networkmanagement.googleapis.com/VpcFlowLogsConfig'.","description_kind":"plain","required":true},"metadata":{"type":"string","description":"Optional. Configures whether all, none or a subset of metadata fields\nshould be added to the reported VPC flow logs. Default value is INCLUDE_ALL_METADATA.\n Possible values: METADATA_UNSPECIFIED INCLUDE_ALL_METADATA EXCLUDE_ALL_METADATA CUSTOM_METADATA","description_kind":"plain","optional":true,"computed":true},"metadata_fields":{"type":["list","string"],"description":"Optional. Custom metadata fields to include in the reported VPC flow\nlogs. Can only be specified if \\\"metadata\\\" was set to CUSTOM_METADATA.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifier. Unique name of the configuration using the form: 'projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Optional. The state of the VPC Flow Log configuration. Default value\nis ENABLED. When creating a new configuration, it must be enabled. Possible","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the config was updated.","description_kind":"plain","computed":true},"vpc_flow_logs_config_id":{"type":"string","description":"Required. ID of the 'VpcFlowLogsConfig'.","description_kind":"plain","required":true},"vpn_tunnel":{"type":"string","description":"Traffic will be logged from the VPN Tunnel. Format: projects/{project_id}/regions/{region}/vpnTunnels/{name}","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group":{"version":0,"block":{"attributes":{"capacity":{"type":"number","description":"Capacity of the Address Group.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"items":{"type":["list","string"],"description":"List of items.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the AddressGroup resource.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the AddressGroup resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the Address Group. Possible values are \"IPV4\" or \"IPV6\". Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_network_security_authz_policy":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"When the action is CUSTOM, customProvider must be specified.\nWhen the action is ALLOW, only requests matching the policy will be allowed.\nWhen the action is DENY, only requests matching the policy will be denied.\n\nWhen a request arrives, the policies are evaluated in the following order:\n1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.\n2. If there are any DENY policies that match the request, the request is denied.\n3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.\n4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. Possible values: [\"ALLOW\", \"DENY\", \"CUSTOM\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the AuthzExtension resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. Name of the AuthzPolicy resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"custom_provider":{"nesting_mode":"list","block":{"block_types":{"authz_extension":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.","description_kind":"plain","required":true}},"description":"Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified.","description_kind":"plain"},"max_items":1},"cloud_iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Cloud IAP at the AuthzPolicy level.","description_kind":"plain","required":true}},"description":"Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places.","description_kind":"plain"},"max_items":1}},"description":"Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified.","description_kind":"plain"},"max_items":1},"http_rules":{"nesting_mode":"list","block":{"attributes":{"when":{"type":"string","description":"CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.","description_kind":"plain","optional":true}},"block_types":{"from":{"nesting_mode":"list","block":{"block_types":{"not_sources":{"nesting_mode":"list","block":{"block_types":{"principals":{"nesting_mode":"list","block":{"attributes":{"contains":{"type":"string","description":"The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def","description_kind":"plain","optional":true},"exact":{"type":"string","description":"The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.","description_kind":"plain","optional":true},"prefix":{"type":"string","description":"The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz","description_kind":"plain","optional":true},"suffix":{"type":"string","description":"The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc","description_kind":"plain","optional":true}},"description":"A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.\nLimited to 5 principals.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"block_types":{"iam_service_account":{"nesting_mode":"list","block":{"attributes":{"contains":{"type":"string","description":"The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def","description_kind":"plain","optional":true},"exact":{"type":"string","description":"The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.","description_kind":"plain","optional":true},"prefix":{"type":"string","description":"The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz","description_kind":"plain","optional":true},"suffix":{"type":"string","description":"The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc","description_kind":"plain","optional":true}},"description":"An IAM service account to match against the source service account of the VM sending the request.","description_kind":"plain"},"max_items":1},"tag_value_id_set":{"nesting_mode":"list","block":{"attributes":{"ids":{"type":["list","string"],"description":"A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.\nLimited to 5 matches.","description_kind":"plain","optional":true}},"description":"A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.","description_kind":"plain"},"max_items":1}},"description":"A list of resources to match against the resource of the source VM of a request.\nLimited to 5 resources.","description_kind":"plain"}}},"description":"Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.","description_kind":"plain"}},"sources":{"nesting_mode":"list","block":{"block_types":{"principals":{"nesting_mode":"list","block":{"attributes":{"contains":{"type":"string","description":"The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def","description_kind":"plain","optional":true},"exact":{"type":"string","description":"The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.","description_kind":"plain","optional":true},"prefix":{"type":"string","description":"The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz","description_kind":"plain","optional":true},"suffix":{"type":"string","description":"The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc","description_kind":"plain","optional":true}},"description":"A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.\nLimited to 5 principals.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"block_types":{"iam_service_account":{"nesting_mode":"list","block":{"attributes":{"contains":{"type":"string","description":"The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def","description_kind":"plain","optional":true},"exact":{"type":"string","description":"The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.","description_kind":"plain","optional":true},"prefix":{"type":"string","description":"The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz","description_kind":"plain","optional":true},"suffix":{"type":"string","description":"The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc","description_kind":"plain","optional":true}},"description":"An IAM service account to match against the source service account of the VM sending the request.","description_kind":"plain"},"max_items":1},"tag_value_id_set":{"nesting_mode":"list","block":{"attributes":{"ids":{"type":["list","string"],"description":"A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.\nLimited to 5 matches.","description_kind":"plain","optional":true}},"description":"A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.","description_kind":"plain"},"max_items":1}},"description":"A list of resources to match against the resource of the source VM of a request.\nLimited to 5 resources.","description_kind":"plain"}}},"description":"Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.","description_kind":"plain"}}},"description":"Describes properties of one or more sources of a request.","description_kind":"plain"},"max_items":1},"to":{"nesting_mode":"list","block":{"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"methods":{"type":["list","string"],"description":"A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.","description_kind":"plain","optional":true}},"block_types":{"header_set":{"nesting_mode":"list","block":{"block_types":{"headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Specifies the name of the header in the request.","description_kind":"plain","optional":true}},"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"contains":{"type":"string","description":"The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def","description_kind":"plain","optional":true},"exact":{"type":"string","description":"The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.","description_kind":"plain","optional":true},"prefix":{"type":"string","description":"The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz","description_kind":"plain","optional":true},"suffix":{"type":"string","description":"The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc","description_kind":"plain","optional":true}},"description":"Specifies how the header match will be performed.","description_kind":"plain"},"max_items":1}},"description":"A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.","description_kind":"plain"}}},"description":"A list of headers to match against in http header.","description_kind":"plain"},"max_items":1},"hosts":{"nesting_mode":"list","block":{"attributes":{"contains":{"type":"string","description":"The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def","description_kind":"plain","optional":true},"exact":{"type":"string","description":"The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.","description_kind":"plain","optional":true},"prefix":{"type":"string","description":"The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz","description_kind":"plain","optional":true},"suffix":{"type":"string","description":"The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc","description_kind":"plain","optional":true}},"description":"A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.\nLimited to 5 matches.","description_kind":"plain"}},"paths":{"nesting_mode":"list","block":{"attributes":{"contains":{"type":"string","description":"The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def","description_kind":"plain","optional":true},"exact":{"type":"string","description":"The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.","description_kind":"plain","optional":true},"prefix":{"type":"string","description":"The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz","description_kind":"plain","optional":true},"suffix":{"type":"string","description":"The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc","description_kind":"plain","optional":true}},"description":"A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.\nLimited to 5 matches.\nNote that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.","description_kind":"plain"}}},"description":"Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.","description_kind":"plain"}}},"description":"Describes properties of one or more targets of a request","description_kind":"plain"},"max_items":1}},"description":"A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action.\nLimited to 5 rules.","description_kind":"plain"}},"target":{"nesting_mode":"list","block":{"attributes":{"load_balancing_scheme":{"type":"string","description":"All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme.\nFor more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). Possible values: [\"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","required":true},"resources":{"type":["list","string"],"description":"A list of references to the Forwarding Rules on which this policy will be applied.","description_kind":"plain","optional":true}},"description":"Specifies the set of resources to which this policy should be applied to.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_client_tls_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the ClientTlsPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the ClientTlsPolicy resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the client tls policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the ClientTlsPolicy resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"sni":{"type":"string","description":"Server Name Indication string to present to the server during TLS handshake. E.g: \"secure.example.com\".","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the ClientTlsPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"client_certificate":{"nesting_mode":"list","block":{"block_types":{"certificate_provider_instance":{"nesting_mode":"list","block":{"attributes":{"plugin_instance":{"type":"string","description":"Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.","description_kind":"plain","required":true}},"description":"The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.","description_kind":"plain"},"max_items":1},"grpc_endpoint":{"nesting_mode":"list","block":{"attributes":{"target_uri":{"type":"string","description":"The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \"unix:\".","description_kind":"plain","required":true}},"description":"gRPC specific configuration to access the gRPC server to obtain the cert and private key.","description_kind":"plain"},"max_items":1}},"description":"Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.","description_kind":"plain"},"max_items":1},"server_validation_ca":{"nesting_mode":"list","block":{"block_types":{"certificate_provider_instance":{"nesting_mode":"list","block":{"attributes":{"plugin_instance":{"type":"string","description":"Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.","description_kind":"plain","required":true}},"description":"The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.","description_kind":"plain"},"max_items":1},"grpc_endpoint":{"nesting_mode":"list","block":{"attributes":{"target_uri":{"type":"string","description":"The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \"unix:\".","description_kind":"plain","required":true}},"description":"gRPC specific configuration to access the gRPC server to obtain the cert and private key.","description_kind":"plain"},"max_items":1}},"description":"Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate. If empty, client does not validate the server certificate.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_firewall_endpoint":{"version":0,"block":{"attributes":{"associated_networks":{"type":["list","string"],"description":"List of networks that are associated with this endpoint in the local zone.\nThis is a projection of the FirewallEndpointAssociations pointing at this\nendpoint. A network will only appear in this list after traffic routing is\nfully configured. Format: projects/{project}/global/networks/{name}.","description_kind":"plain","computed":true},"billing_project_id":{"type":"string","description":"Project to bill on endpoint uptime usage.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the firewall endpoint was created in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location (zone) of the firewall endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the firewall endpoint resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this firewall endpoint belongs to.\nFormat: organizations/{organization_id}.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"Whether reconciling is in progress, recommended per https://google.aip.dev/128.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the endpoint.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the firewall endpoint was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_firewall_endpoint_association":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the firewall endpoint was created in UTC.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the association is disabled. True indicates that traffic will not be intercepted.\n\n~\u003e **Note:** The API will reject the request if this value is set to true when creating the resource,\notherwise on an update the association can be disabled.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"firewall_endpoint":{"type":"string","description":"The URL of the firewall endpoint that is being associated.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location (zone) of the firewall endpoint association.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the firewall endpoint association resource.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network that is being associated.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this firewall endpoint association belongs to.\nFormat: projects/{project_id}.","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Whether reconciling is in progress, recommended per https://google.aip.dev/128.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the endpoint.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tls_inspection_policy":{"type":"string","description":"The URL of the TlsInspectionPolicy that is being associated.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Time the firewall endpoint was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}\ngatewaySecurityPolicy should match the pattern:(^a-z?$).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"tls_inspection_policy":{"type":"string","description":"Name of a TlsInspectionPolicy resource that defines how TLS inspection is performed for any rule that enables it.\nNote: google_network_security_tls_inspection_policy resource is still in [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) therefore it will need to import the provider.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy_rule":{"version":0,"block":{"attributes":{"application_matcher":{"type":"string","description":"CEL expression for matching on L7/application level criteria.","description_kind":"plain","optional":true},"basic_profile":{"type":"string","description":"Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values: [\"BASIC_PROFILE_UNSPECIFIED\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether the rule is enforced.","description_kind":"plain","required":true},"gateway_security_policy":{"type":"string","description":"The name of the gatewat security policy this rule belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule}\nrule should match the pattern: (^a-z?$).","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority of the rule. Lower number corresponds to higher precedence.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"session_matcher":{"type":"string","description":"CEL expression for matching on session criteria.","description_kind":"plain","required":true},"tls_inspection_enabled":{"type":"bool","description":"Flag to enable TLS inspection of traffic matching on. Can only be true if the\nparent GatewaySecurityPolicy references a TLSInspectionConfig.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_security_profile":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the security profile was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the security profile. The Max length is 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an up-to-date\nvalue before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the security profile.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the security profile resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this security profile belongs to.\nFormat: organizations/{organization_id}.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of security profile. Possible values: [\"THREAT_PREVENTION\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the security profile was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"threat_prevention_profile":{"nesting_mode":"list","block":{"block_types":{"severity_overrides":{"nesting_mode":"list","block":{"attributes":{"action":{"type":"string","description":"Threat action override. Possible values: [\"ALERT\", \"ALLOW\", \"DEFAULT_ACTION\", \"DENY\"]","description_kind":"plain","required":true},"severity":{"type":"string","description":"Severity level to match. Possible values: [\"CRITICAL\", \"HIGH\", \"INFORMATIONAL\", \"LOW\", \"MEDIUM\"]","description_kind":"plain","required":true}},"description":"The configuration for overriding threats actions by severity match.","description_kind":"plain"}},"threat_overrides":{"nesting_mode":"list","block":{"attributes":{"action":{"type":"string","description":"Threat action. Possible values: [\"ALERT\", \"ALLOW\", \"DEFAULT_ACTION\", \"DENY\"]","description_kind":"plain","required":true},"threat_id":{"type":"string","description":"Vendor-specific ID of a threat to override.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of threat.","description_kind":"plain","computed":true}},"description":"The configuration for overriding threats actions by threat id match.\nIf a threat is matched both by configuration provided in severity overrides\nand threat overrides, the threat overrides action is applied.","description_kind":"plain"}}},"description":"The threat prevention configuration for the security profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_security_profile_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the security profile group was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the profile. The Max length is 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an up-to-date\nvalue before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A map of key/value label pairs to assign to the resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the security profile group.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the security profile group resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this security profile group belongs to.\nFormat: organizations/{organization_id}.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"threat_prevention_profile":{"type":"string","description":"Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Time the security profile group was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_server_tls_policy":{"version":0,"block":{"attributes":{"allow_open":{"type":"bool","description":"This field applies only for Traffic Director policies. It is must be set to false for external HTTPS load balancer policies.\nDetermines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.\nConsider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the ServerTlsPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the ServerTlsPolicy resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the server tls policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the ServerTlsPolicy resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the ServerTlsPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"mtls_policy":{"nesting_mode":"list","block":{"attributes":{"client_validation_mode":{"type":"string","description":"When the client presents an invalid certificate or no certificate to the load balancer, the clientValidationMode specifies how the client connection is handled.\nRequired if the policy is to be used with the external HTTPS load balancing. For Traffic Director it must be empty. Possible values: [\"CLIENT_VALIDATION_MODE_UNSPECIFIED\", \"ALLOW_INVALID_OR_MISSING_CLIENT_CERT\", \"REJECT_INVALID\"]","description_kind":"plain","optional":true},"client_validation_trust_config":{"type":"string","description":"Reference to the TrustConfig from certificatemanager.googleapis.com namespace.\nIf specified, the chain validation will be performed against certificates configured in the given TrustConfig.\nAllowed only if the policy is to be used with external HTTPS load balancers.","description_kind":"plain","optional":true}},"block_types":{"client_validation_ca":{"nesting_mode":"list","block":{"block_types":{"certificate_provider_instance":{"nesting_mode":"list","block":{"attributes":{"plugin_instance":{"type":"string","description":"Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.","description_kind":"plain","required":true}},"description":"Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty.\nDefines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported.","description_kind":"plain"},"max_items":1},"grpc_endpoint":{"nesting_mode":"list","block":{"attributes":{"target_uri":{"type":"string","description":"The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \"unix:\".","description_kind":"plain","required":true}},"description":"gRPC specific configuration to access the gRPC server to obtain the cert and private key.","description_kind":"plain"},"max_items":1}},"description":"Required if the policy is to be used with Traffic Director. For external HTTPS load balancers it must be empty.\nDefines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.","description_kind":"plain"}}},"description":"This field is required if the policy is used with external HTTPS load balancers. This field can be empty for Traffic Director.\nDefines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allowOpen and mtlsPolicy are set, server allows both plain text and mTLS connections.","description_kind":"plain"},"max_items":1},"server_certificate":{"nesting_mode":"list","block":{"block_types":{"certificate_provider_instance":{"nesting_mode":"list","block":{"attributes":{"plugin_instance":{"type":"string","description":"Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.","description_kind":"plain","required":true}},"description":"Optional if policy is to be used with Traffic Director. For external HTTPS load balancer must be empty.\nDefines a mechanism to provision server identity (public and private keys). Cannot be combined with allowOpen as a permissive mode that allows both plain text and TLS is not supported.","description_kind":"plain"},"max_items":1},"grpc_endpoint":{"nesting_mode":"list","block":{"attributes":{"target_uri":{"type":"string","description":"The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \"unix:\".","description_kind":"plain","required":true}},"description":"gRPC specific configuration to access the gRPC server to obtain the cert and private key.","description_kind":"plain"},"max_items":1}},"description":"Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_tls_inspection_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue interception certificates.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"custom_tls_features":{"type":["list","string"],"description":"List of custom TLS cipher suites selected. This field is valid only if the selected tls_feature_profile is CUSTOM. The compute.SslPoliciesService.ListAvailableFeatures method returns the set of features that can be specified in this list. Note that Secure Web Proxy does not yet honor this field.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"exclude_public_ca_set":{"type":"bool","description":"If FALSE (the default), use our default set of public CAs in addition to any CAs specified in trustConfig. These public CAs are currently based on the Mozilla Root Program and are subject to change over time. If TRUE, do not accept our default set of public CAs. Only CAs specified in trustConfig will be accepted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the tls inspection policy.","description_kind":"plain","optional":true},"min_tls_version":{"type":"string","description":"Minimum TLS version that the firewall should use when negotiating connections with both clients and servers. If this is not set, then the default value is to allow the broadest set of clients and servers (TLS 1.0 or higher). Setting this to more restrictive values may improve security, but may also prevent the firewall from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field. Possible values: [\"TLS_VERSION_UNSPECIFIED\", \"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\", \"TLS_1_3\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the TlsInspectionPolicy resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tls_feature_profile":{"type":"string","description":"The selected Profile. If this is not set, then the default value is to allow the broadest set of clients and servers (\\\"PROFILE_COMPATIBLE\\\"). Setting this to more restrictive values may improve security, but may also prevent the TLS inspection proxy from connecting to some clients or servers. Note that Secure Web Proxy does not yet honor this field. Possible values: [\"PROFILE_UNSPECIFIED\", \"PROFILE_COMPATIBLE\", \"PROFILE_MODERN\", \"PROFILE_RESTRICTED\", \"PROFILE_CUSTOM\"]","description_kind":"plain","optional":true},"trust_config":{"type":"string","description":"A TrustConfig resource used when making a connection to the TLS server. This is a relative resource path following the form \\\"projects/{project}/locations/{location}/trustConfigs/{trust_config}\\\". This is necessary to intercept TLS connections to servers with certificates signed by a private CA or self-signed certificates. Trust config and the TLS inspection policy must be in the same region. Note that Secure Web Proxy does not yet honor this field.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_url_lists":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time when the security policy was created.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the url lists.","description_kind":"plain","required":true},"name":{"type":"string","description":"Short name of the UrlList resource to be created.\nThis value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. 'urlList'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. Time when the security policy was updated.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"values":{"type":["list","string"],"description":"FQDNs and URLs.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_authz_extension":{"version":0,"block":{"attributes":{"authority":{"type":"string","description":"The :authority header in the gRPC request sent from Envoy to the extension service.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"fail_open":{"type":"bool","description":"Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:\n* If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.\n* If response headers have been delivered, then the HTTP stream to the downstream client is reset.","description_kind":"plain","optional":true,"computed":true},"forward_headers":{"type":["list","string"],"description":"List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the AuthzExtension resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). Possible values: [\"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.\u003cresourceName\u003e. The following variables are supported in the metadata Struct:\n\n{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifier. Name of the AuthzExtension resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The reference to the service that runs the extension.\nTo configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format:\nhttps://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"string","description":"Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true},"wire_format":{"type":"string","description":"The format of communication supported by the callout extension. Default value: \"EXT_PROC_GRPC\" Possible values: [\"WIRE_FORMAT_UNSPECIFIED\", \"EXT_PROC_GRPC\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_keyset":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]*\nwhich means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"managed":{"type":"bool","description":"Set to true to have the CDN automatically manage this public key value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes).\nRepresentations or encodings of the public key other than this will be rejected with an error.","description_kind":"plain","optional":true,"sensitive":true}},"description":"An ordered list of Ed25519 public keys to use for validating signed requests.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.\nYou may specify no more than one Google-managed public key.\nIf you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys.\n\nEd25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key.\nEnsure that the private key is kept secret, and that only authorized users can add public keys to a keyset.","description_kind":"plain"},"max_items":3},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"validation_shared_keys":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the secret version in Secret Manager.\n\nThe resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves.\nThe secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.\n* If you are using HMAC-SHA1, we suggest 20-byte secrets.\n* If you are using HMAC-SHA256, we suggest 32-byte secrets.\nSee RFC 2104, Section 3 for more details on these recommendations.","description_kind":"plain","required":true}},"description":"An ordered list of shared keys to use for validating signed requests.\nShared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset.\nYou can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.","description_kind":"plain"},"max_items":3}},"description_kind":"plain"}},"google_network_services_edge_cache_origin":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"failover_origin":{"type":"string","description":"The Origin resource to try when the current origin cannot be reached.\nAfter maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request.\n\nThe value of timeout.maxAttemptsTimeout dictates the timeout across all origins.\nA reference to a Topic resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_attempts":{"type":"number","description":"The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions.\n\nOnce maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts,\nretryConditions and failoverOrigin to control its own cache fill failures.\n\nThe total number of allowed attempts to cache fill across this and failover origins is limited to four.\nThe total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.\n\nThe last valid, non-retried response from all origins will be returned to the client.\nIf no origin returns a valid response, an HTTP 502 will be returned to the client.\n\nDefaults to 1. Must be a value greater than 0 and less than 4.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"origin_address":{"type":"string","description":"A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.\n\nThis address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname\n\nWhen providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes.\nIf a Cloud Storage bucket is provided, it must be in the canonical \"gs://bucketname\" format. Other forms, such as \"storage.googleapis.com\", will be rejected.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port to connect to the origin on.\nDefaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security \u0026 performance.\n\nWhen using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: [\"HTTP2\", \"HTTPS\", \"HTTP\"]","description_kind":"plain","optional":true,"computed":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more retry conditions for the configured origin.\n\nIf the failure mode during a connection attempt to the origin matches the configured retryCondition(s),\nthe origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request.\n\nThe default retryCondition is \"CONNECT_FAILURE\".\n\nretryConditions apply to this origin, and not subsequent failoverOrigin(s),\nwhich may specify their own retryConditions and maxAttempts.\n\nValid values are:\n\n- CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts.\n- HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams.\n- GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n- RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)\n- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.\n- FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: [\"CONNECT_FAILURE\", \"HTTP_5XX\", \"GATEWAY_ERROR\", \"RETRIABLE_4XX\", \"NOT_FOUND\", \"FORBIDDEN\"]","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"The access key ID your origin uses to identify the key.","description_kind":"plain","required":true},"origin_region":{"type":"string","description":"The name of the AWS region that your origin is in.","description_kind":"plain","required":true},"secret_access_key_version":{"type":"string","description":"The Secret Manager secret version of the secret access key used by your origin.\n\nThis is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require.","description_kind":"plain","required":true}},"description":"Enable AWS Signature Version 4 origin authentication.","description_kind":"plain"},"max_items":1},"origin_override_action":{"nesting_mode":"list","block":{"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.\n\nBy default, added header values are appended\nto the response or request headers with the\nsame field names. The added values are\nseparated by commas.\n\nTo overwrite existing values, set 'replace' to 'true'.","description_kind":"plain","optional":true}},"description":"Describes a header to add.\n\nYou may add a maximum of 25 request headers.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding and removing\nheaders, for request handled by this origin.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected\norigin, the request's host header is replaced with\ncontents of the hostRewrite.\n\nThis value must be between 1 and 255 characters.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for request that are\nhandled by this origin.","description_kind":"plain"},"max_items":1}},"description":"The override actions, including url rewrites and header\nadditions, for requests that use this origin.","description_kind":"plain"},"max_items":1},"origin_redirect":{"nesting_mode":"list","block":{"attributes":{"redirect_conditions":{"type":["list","string"],"description":"The set of redirect response codes that the CDN\nfollows. Values of\n[RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions)\nare accepted.","description_kind":"plain","optional":true}},"description":"Follow redirects from this origin.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"string","description":"The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.\n\nDefaults to 5 seconds. The timeout must be a value between 1s and 15s.\n\nThe connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.","description_kind":"plain","optional":true},"max_attempts_timeout":{"type":"string","description":"The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nIf a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.","description_kind":"plain","optional":true},"read_timeout":{"type":"string","description":"The maximum duration to wait between reads of a single HTTP connection/stream.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nThe readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true},"response_timeout":{"type":"string","description":"The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.\n\nDefaults to 30 seconds. The timeout must be a value between 1s and 120s.\n\nThe responseTimeout starts after the connection has been established.\n\nThis also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true}},"description":"The connection and HTTP timeout configuration for this origin.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_service":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"disable_http2":{"type":"bool","description":"Disables HTTP/2.\n\nHTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.\n\nSome legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.","description_kind":"plain","optional":true},"disable_quic":{"type":"bool","description":"HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.","description_kind":"plain","optional":true,"computed":true},"edge_security_policy":{"type":"string","description":"Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService.","description_kind":"plain","optional":true},"edge_ssl_certificates":{"type":["list","string"],"description":"URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.\n\nNote that only \"global\" certificates with a \"scope\" of \"EDGE_CACHE\" can be attached to an EdgeCacheService.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_addresses":{"type":["list","string"],"description":"The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"ipv6_addresses":{"type":["list","string"],"description":"The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"require_tls":{"type":"bool","description":"Require TLS (HTTPS) for all clients connecting to this service.\n\nClients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).\nYou must have at least one (1) edgeSslCertificate specified to enable this.","description_kind":"plain","optional":true,"computed":true},"ssl_policy":{"type":"string","description":"URL of the SslPolicy resource that will be associated with the EdgeCacheService.\n\nIf not set, the EdgeCacheService has no SSL policy configured, and will default to the \"COMPATIBLE\" policy.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Specifies whether to enable logging for traffic served by this service.","description_kind":"plain","optional":true,"computed":true},"sample_rate":{"type":"number","description":"Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].\n\nThis field can only be specified if logging is enabled for this service.","description_kind":"plain","optional":true}},"description":"Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"routing":{"nesting_mode":"list","block":{"block_types":{"host_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the hostRule.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"The list of host patterns to match.\n\nHost patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.\n\nWhen multiple hosts are specified, hosts are matched in the following priority:\n\n 1. Exact domain names: ''www.foo.com''.\n 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''.\n 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''.\n 4. Special wildcard ''*'' matching any domain.\n\n Notes:\n\n The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service.\n\n Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the \":authority\" header, from the incoming request.\n\n You may specify up to 10 hosts.","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the pathMatcher associated with this hostRule.","description_kind":"plain","required":true}},"description":"The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply.","description_kind":"plain"},"min_items":1,"max_items":50},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"route_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the routeRule.","description_kind":"plain","optional":true},"origin":{"type":"string","description":"The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names (\"my-origin\") or fully-qualified resource URLs - e.g. \"networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin\"\n\nOnly one of origin or urlRedirect can be set.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"The priority of this route rule, where 1 is the highest priority.\n\nYou cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers\nto which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Describes a header to add.","description_kind":"plain"},"max_items":25},"request_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to remove.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25},"response_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Headers to add to the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain"},"max_items":25},"response_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"Headers to remove from the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding \u0026 removing headers, for requests that match this route.","description_kind":"plain"},"max_items":1},"match_rule":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.","description_kind":"plain","optional":true,"computed":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /.","description_kind":"plain","optional":true}},"block_types":{"header_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value of the header should exactly match contents of exactMatch.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The header name to match on.","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false (default), the headerMatch is considered a match if the match criteria above are met.\nIf set to true, the headerMatch is considered a match if the match criteria above are NOT met.","description_kind":"plain","optional":true,"computed":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch.","description_kind":"plain","optional":true}},"description":"Specifies a list of header match criteria, all of which must match corresponding headers in the request.","description_kind":"plain"},"max_items":3},"query_parameter_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request.","description_kind":"plain"},"max_items":5}},"description":"The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates\nwithin a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.","description_kind":"plain"},"min_items":1,"max_items":5},"route_action":{"nesting_mode":"list","block":{"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.\n\nFor all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: [\"CACHE_ALL_STATIC\", \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"BYPASS_CACHE\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"string","description":"Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.\n\n- The TTL must be \u003e 0 and \u003c= 86400s (1 day)\n- The clientTtl cannot be larger than the defaultTtl (if set)\n- Fractions of a second are not allowed.\n\nOmit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true},"default_ttl":{"type":"string","description":"Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).\n\nDefaults to 3600s (1 hour).\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\" (equivalent to must-revalidate)\n- The value of defaultTTL cannot be set to a value greater than that of maxTTL.\n- Fractions of a second are not allowed.\n- When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses.\n\nNote that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Specifies the maximum allowed TTL for cached content served by this origin.\n\nDefaults to 86400s (1 day).\n\nCache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\"\n- The value of maxTtl must be equal to or greater than defaultTtl.\n- Fractions of a second are not allowed.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.\n\nBy default, the CDNPolicy will apply the following default TTLs to these status codes:\n\n- HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m\n- HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s\n- HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s\n\nThese defaults can be overridden in negativeCachingPolicy","description_kind":"plain","optional":true},"negative_caching_policy":{"type":["map","string"],"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\n\n- Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching.\n- TTLs must be \u003e= 0 (where 0 is \"always revalidate\") and \u003c= 86400s (1 day)\n\nNote that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists.","description_kind":"plain","optional":true},"signed_request_keyset":{"type":"string","description":"The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.","description_kind":"plain","optional":true,"computed":true},"signed_request_maximum_expiration_ttl":{"type":"string","description":"Limit how far into the future the expiration time of a signed request may be.\n\nWhen set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.\n\n- The TTL must be \u003e 0.\n- Fractions of a second are not allowed.\n\nBy default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future.","description_kind":"plain","optional":true},"signed_request_mode":{"type":"string","description":"Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.\n\nYou must also set a signedRequestKeyset to enable signed requests.\n\nWhen set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: [\"DISABLED\", \"REQUIRE_SIGNATURES\", \"REQUIRE_TOKENS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"add_signatures":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"The actions to take to add signatures to responses. Possible values: [\"GENERATE_COOKIE\", \"GENERATE_TOKEN_HLS_COOKIELESS\", \"PROPAGATE_TOKEN_HLS_COOKIELESS\"]","description_kind":"plain","required":true},"copied_parameters":{"type":["list","string"],"description":"The parameters to copy from the verified token to the generated token.\n\nOnly the following parameters may be copied:\n\n * 'PathGlobs'\n * 'paths'\n * 'acl'\n * 'URLPrefix'\n * 'IPRanges'\n * 'SessionID'\n * 'id'\n * 'Data'\n * 'data'\n * 'payload'\n * 'Headers'\n\nYou may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"keyset":{"type":"string","description":"The keyset to use for signature generation.\n\nThe following are both valid paths to an EdgeCacheKeyset resource:\n\n * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset'\n * 'yourKeyset'\n\nThis must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to put the generated token.\n\nIf not specified, defaults to 'edge-cache-token'.\n\nIf specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nThis field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"token_ttl":{"type":"string","description":"The duration the token is valid starting from the moment the token is first generated.\n\nDefaults to '86400s' (1 day).\n\nThe TTL must be \u003e= 0 and \u003c= 604,800 seconds (1 week).\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Enable signature generation or propagation on this route.\n\nThis field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"exclude_host":{"type":"bool","description":"If true, requests to different hosts will be cached separately.\n\nNote: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.","description_kind":"plain","optional":true,"computed":true},"exclude_query_string":{"type":"bool","description":"If true, exclude query string parameters from the cache key\n\nIf false (the default), include the query string parameters in\nthe cache key according to includeQueryParameters and\nexcludeQueryParameters. If neither includeQueryParameters nor\nexcludeQueryParameters is set, the entire query string will be\nincluded.","description_kind":"plain","optional":true},"excluded_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to exclude from cache keys. All other parameters will be included.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true,"computed":true},"included_cookie_names":{"type":["list","string"],"description":"Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.\n\nCookie names:\n - must be valid RFC 6265 \"cookie-name\" tokens\n - are case sensitive\n - cannot start with \"Edge-Cache-\" (case insensitive)\n\n Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.\n\n You may specify up to three cookie names.","description_kind":"plain","optional":true},"included_header_names":{"type":["list","string"],"description":"Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.\n\n- Header names must be valid HTTP RFC 7230 header field values.\n- Header field names are case insensitive\n- To include the HTTP method, use \":method\"\n\nNote that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.","description_kind":"plain","optional":true},"included_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys. All other parameters will be excluded.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"Defines the request parameters that contribute to the cache key.","description_kind":"plain"},"max_items":1},"signed_token_options":{"nesting_mode":"list","block":{"attributes":{"allowed_signature_algorithms":{"type":["list","string"],"description":"The allowed signature algorithms to use.\n\nDefaults to using only ED25519.\n\nYou may specify up to 3 signature algorithms to use. Possible values: [\"ED25519\", \"HMAC_SHA_256\", \"HMAC_SHA1\"]","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to find the token.\n\nThe name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nDefaults to 'edge-cache-token'.","description_kind":"plain","optional":true}},"description":"Additional options for signed tokens.\n\nsignedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1}},"description":"The policy to use for defining caching and signed request behaviour for requests that match this route.","description_kind":"plain"},"max_items":1},"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\n\nThis translates to the Access-Control-Allow-Credentials response header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods response header.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\n\nThis translates to the Access-Control-Allow-Origin response header.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"max_age":{"type":"string","description":"Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).\n\n- Setting the value to -1 forces a pre-flight check for all requests (not recommended)\n- A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval.\n- This translates to the Access-Control-Max-Age header.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"description":"CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was supplied in the request.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.\n\nThis can only be set if there is at least one (1) edgeSslCertificate set on the service.","description_kind":"plain","optional":true,"computed":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was supplied in the request.\n\npathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.\n\nThe path value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.\n\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction.\n\nThe supported values are:\n\n- 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301.\n- 'FOUND', which corresponds to 302.\n- 'SEE_OTHER' which corresponds to 303.\n- 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained.\n- 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: [\"MOVED_PERMANENTLY_DEFAULT\", \"FOUND\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\", \"PERMANENT_REDIRECT\"]","description_kind":"plain","optional":true,"computed":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained.","description_kind":"plain","optional":true,"computed":true}},"description":"The URL redirect configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.","description_kind":"plain"},"min_items":1,"max_items":200}},"description":"The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion.","description_kind":"plain"},"min_items":1,"max_items":50}},"description":"Defines how requests are routed, modified, cached and/or which origin content is filled from.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_gateway":{"version":0,"block":{"attributes":{"addresses":{"type":["list","string"],"description":"Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,\nan IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.\nGateways of type 'OPEN_MESH' listen on 0.0.0.0.","description_kind":"plain","optional":true,"computed":true},"certificate_urls":{"type":["list","string"],"description":"A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.\nThis feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"delete_swg_autogen_router_on_destroy":{"type":"bool","description":"When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation.\nIf there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway_security_policy":{"type":"string","description":"A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.\nFor example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'.\nThis policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the Gateway resource to be created.","description_kind":"plain","required":true},"network":{"type":"string","description":"The relative resource name identifying the VPC network that is using this configuration.\nFor example: 'projects/*/global/networks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"ports":{"type":["list","number"],"description":"One or more port numbers (1-65535), on which the Gateway will receive traffic.\nThe proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are\nlimited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_mode":{"type":"string","description":"The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY. Possible values: [\"NEXT_HOP_ROUTING_MODE\"]","description_kind":"plain","optional":true},"scope":{"type":"string","description":"Immutable. Scope determines how configuration across multiple Gateway instances are merged.\nThe configuration for multiple Gateway instances with the same scope will be merged as presented as\na single coniguration to the proxy/load balancer.\nMax length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.\nIf empty, TLS termination is disabled.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"The relative resource name identifying the subnetwork in which this SWG is allocated.\nFor example: 'projects/*/regions/us-central1/subnetworks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY. Possible values: [\"TYPE_UNSPECIFIED\", \"OPEN_MESH\", \"SECURE_WEB_GATEWAY\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_lb_route_extension":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rules":{"type":["list","string"],"description":"A list of references to the forwarding rules to which this service extension is attached to.\nAt least one forwarding rule is required. There can be only one LbRouteExtension resource per forwarding rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the LbRouteExtension resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service) and\n[Supported application load balancers](https://cloud.google.com/service-extensions/docs/callouts-overview#supported-lbs). Possible values: [\"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the route extension","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the LbRouteExtension resource in the following format: projects/{project}/locations/{location}/lbRouteExtensions/{lbRouteExtension}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"extension_chains":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name for this extension chain. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last character must be a letter or a number.","description_kind":"plain","required":true}},"block_types":{"extensions":{"nesting_mode":"list","block":{"attributes":{"authority":{"type":"string","description":"The :authority header in the gRPC request sent from Envoy to the extension service.","description_kind":"plain","optional":true},"fail_open":{"type":"bool","description":"Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error.\nAny subsequent extensions in the extension chain are also executed.\nWhen set to FALSE: * If response headers have not been delivered to the downstream client,\na generic 500 error is returned to the client. The error response can be tailored by\nconfiguring a custom error response in the load balancer.","description_kind":"plain","optional":true},"forward_headers":{"type":["list","string"],"description":"List of the HTTP headers to forward to the extension (from the client or backend).\nIf omitted, all headers are sent. Each element is a string indicating the header name.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this extension. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last a letter or a number.","description_kind":"plain","required":true},"service":{"type":"string","description":"The reference to the service that runs the extension. Must be a reference to a backend service","description_kind":"plain","required":true},"timeout":{"type":"string","description":"Specifies the timeout for each individual message on the stream. The timeout must be between 10-1000 milliseconds.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"A set of extensions to execute for the matching request.\nAt least one extension is required. Up to 3 extensions can be defined for each extension chain for\nLbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain.","description_kind":"plain"},"min_items":1},"match_condition":{"nesting_mode":"list","block":{"attributes":{"cel_expression":{"type":"string","description":"A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed.","description_kind":"plain","required":true}},"description":"Conditions under which this chain is invoked for a request.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A set of ordered extension chains that contain the match conditions and extensions to execute.\nMatch conditions for each extension chain are evaluated in sequence for a given request.\nThe first extension chain that has a condition that matches the request is executed.\nAny subsequent extension chains do not execute. Limited to 5 extension chains per resource.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_lb_traffic_extension":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rules":{"type":["list","string"],"description":"A list of references to the forwarding rules to which this service extension is attached to.\nAt least one forwarding rule is required. There can be only one LBTrafficExtension resource per forwarding rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the LbTrafficExtension resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service) and\n[Supported application load balancers](https://cloud.google.com/service-extensions/docs/callouts-overview#supported-lbs). Possible values: [\"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the traffic extension","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the LbTrafficExtension resource in the following format: projects/{project}/locations/{location}/lbTrafficExtensions/{lbTrafficExtension}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"extension_chains":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name for this extension chain. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last a letter or a number.","description_kind":"plain","required":true}},"block_types":{"extensions":{"nesting_mode":"list","block":{"attributes":{"authority":{"type":"string","description":"The :authority header in the gRPC request sent from Envoy to the extension service.","description_kind":"plain","optional":true},"fail_open":{"type":"bool","description":"Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error.\nAny subsequent extensions in the extension chain are also executed.\nWhen set to FALSE: * If response headers have not been delivered to the downstream client,\na generic 500 error is returned to the client. The error response can be tailored by\nconfiguring a custom error response in the load balancer.","description_kind":"plain","optional":true},"forward_headers":{"type":["list","string"],"description":"List of the HTTP headers to forward to the extension (from the client or backend).\nIf omitted, all headers are sent. Each element is a string indicating the header name.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this extension. The name is logged as part of the HTTP request logs.\nThe name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens,\nand can have a maximum length of 63 characters. Additionally, the first character must be a letter\nand the last a letter or a number.","description_kind":"plain","required":true},"service":{"type":"string","description":"The reference to the service that runs the extension. Must be a reference to a backend service","description_kind":"plain","required":true},"supported_events":{"type":["list","string"],"description":"A set of events during request or response processing for which this extension is called.\nThis field is required for the LbTrafficExtension resource. It's not relevant for the LbRouteExtension\nresource. Possible values:'EVENT_TYPE_UNSPECIFIED', 'REQUEST_HEADERS', 'REQUEST_BODY', 'RESPONSE_HEADERS',\n'RESPONSE_BODY', 'RESPONSE_BODY' and 'RESPONSE_BODY'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Specifies the timeout for each individual message on the stream. The timeout must be between 10-1000 milliseconds.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"A set of extensions to execute for the matching request.\nAt least one extension is required. Up to 3 extensions can be defined for each extension chain for\nLbTrafficExtension resource. LbRouteExtension chains are limited to 1 extension per extension chain.","description_kind":"plain"},"min_items":1},"match_condition":{"nesting_mode":"list","block":{"attributes":{"cel_expression":{"type":"string","description":"A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed.","description_kind":"plain","required":true}},"description":"Conditions under which this chain is invoked for a request.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A set of ordered extension chains that contain the match conditions and extensions to execute.\nMatch conditions for each extension chain are evaluated in sequence for a given request.\nThe first extension chain that has a condition that matches the request is executed.\nAny subsequent extension chains do not execute. Limited to 5 extension chains per resource.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_environment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of this environment for the UI.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name specified for the Environment instance.\nFormat: projects/{project_id}/locations/{location}/environments/{environmentId}","description_kind":"plain","required":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance fully boots up.\nThe path must be a URL or Cloud Storage path. Example: \"gs://path-to-file/file-name\"","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance":{"version":1,"block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","optional":true,"computed":true},"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"number","description":"The size of the data disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB).\nYou can choose the size of the data disk based on how big your notebooks and data are.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Notebook Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disk_encryption":{"type":"string","description":"Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values: [\"DISK_ENCRYPTION_UNSPECIFIED\", \"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"install_gpu_driver":{"type":"bool","description":"Whether the end user authorizes Google Cloud to install GPU driver\non this instance. If this field is empty or set to false, the GPU driver\nwon't be installed. Only applicable to instances with GPUs.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"The list of owners of this instance after creation.\nFormat: alias@example.com.\nCurrently supports one owner only.\nIf not specified, all of the service account users of\nyour VM instance's service account can use the instance.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK.\nFormat: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this instance. These can be later modified by the setLabels method.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"machine_type":{"type":"string","description":"A reference to a machine type which defines VM kind.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Custom metadata to apply to this instance.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the Notebook instance.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC that this instance is in.\nFormat: projects/{project_id}/global/networks/{network_id}","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC driver. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"no_proxy_access":{"type":"bool","description":"The notebook instance will not register with the proxy..","description_kind":"plain","optional":true},"no_public_ip":{"type":"bool","description":"No public IP will be assigned to this instance.","description_kind":"plain","optional":true},"no_remove_data_disk":{"type":"bool","description":"If true, the data disk will not be auto deleted when deleting the instance.","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a\nnotebook instance fully boots up. The path must be a URL\nor Cloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the Jupyter notebook.\nOnly returned when the resource is in a 'PROVISIONED' state. If\nneeded you can utilize 'terraform apply -refresh-only' to await\nthe population of this value.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account on this instance, giving access to other\nGoogle Cloud services. You can use any service account within\nthe same project, but you must have the service account user\npermission to use the instance. If not specified,\nthe Compute Engine default service account is used.","description_kind":"plain","optional":true,"computed":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances.\nIf not specified, the following scopes are defined:\n- https://www.googleapis.com/auth/cloud-platform\n- https://www.googleapis.com/auth/userinfo.email","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this instance.","description_kind":"plain","computed":true},"subnet":{"type":"string","description":"The name of the subnet that this instance is in.\nFormat: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id}","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to instance.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Instance update time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of this accelerator. Possible values: [\"ACCELERATOR_TYPE_UNSPECIFIED\", \"NVIDIA_TESLA_K80\", \"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\", \"NVIDIA_TESLA_A100\", \"TPU_V2\", \"TPU_V3\"]","description_kind":"plain","required":true}},"description":"The hardware accelerator used on this instance. If you use accelerators,\nmake sure that your configuration has enough vCPUs and memory to support the\nmachineType you have selected.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"The type of Compute Reservation. Possible values: [\"NO_RESERVATION\", \"ANY_RESERVATION\", \"SPECIFIC_RESERVATION\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the\nboot integrity of the instance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image when the instance is created.\nEnabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs\nauthentic software by verifying the digital signature of all boot components, and halting the boot process\nif signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. Check [Images using supported Shielded VM features]\nNot all combinations are valid","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain","deprecated":true}},"google_notebooks_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_location":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Location resource.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_runtime":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"The health state of this runtime. For a list of possible output\nvalues, see 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#healthstate'.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"metrics":{"type":["list",["object",{"system_metrics":["map","string"]}]],"description":"Contains Runtime daemon metrics such as Service status and JupyterLab\nstatus","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name specified for the Notebook runtime.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this runtime.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"The type of access mode this instance. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#RuntimeAccessType'.","description_kind":"plain","optional":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the runtime.","description_kind":"plain","computed":true},"runtime_owner":{"type":"string","description":"The owner of this runtime after creation. Format: 'alias@example.com'.\nCurrently supports one owner only.","description_kind":"plain","optional":true}},"description":"The config settings for accessing runtime.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"enable_health_monitoring":{"type":"bool","description":"Verifies core internal services are running. Default: True.","description_kind":"plain","optional":true},"idle_shutdown":{"type":"bool","description":"Runtime will automatically shutdown after idle_shutdown_time.\nDefault: True","description_kind":"plain","optional":true},"idle_shutdown_timeout":{"type":"number","description":"Time in minutes to wait before shuting down runtime.\nDefault: 180 minutes","description_kind":"plain","optional":true},"install_gpu_driver":{"type":"bool","description":"Install Nvidia Driver automatically.","description_kind":"plain","optional":true},"notebook_upgrade_schedule":{"type":"string","description":"Cron expression in UTC timezone for schedule instance auto upgrade.\nPlease follow the [cron format](https://en.wikipedia.org/wiki/Cron).","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance\nfully boots up. The path must be a URL or\nCloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"post_startup_script_behavior":{"type":"string","description":"Behavior for the post startup script. Possible values: [\"POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED\", \"RUN_EVERY_START\", \"DOWNLOAD_AND_RUN_EVERY_START\"]","description_kind":"plain","optional":true},"upgradeable":{"type":"bool","description":"Bool indicating whether an newer image is available in an image family.","description_kind":"plain","computed":true}},"block_types":{"kernels":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to use as Kernels in the notebook instance.","description_kind":"plain"}}},"description":"The config settings for software inside the runtime.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"instance_id":{"type":"string","description":"The unique identifier of the Managed Compute Engine instance.","description_kind":"plain","computed":true},"instance_name":{"type":"string","description":"The user-friendly name of the Managed Compute Engine instance.","description_kind":"plain","computed":true}},"block_types":{"virtual_machine_config":{"nesting_mode":"list","block":{"attributes":{"guest_attributes":{"type":["map","string"],"description":"The Compute Engine guest attributes. (see [Project and instance\nguest attributes](https://cloud.google.com/compute/docs/\nstoring-retrieving-metadata#guest_attributes)).","description_kind":"plain","computed":true},"internal_ip_only":{"type":"bool","description":"If true, runtime will only have internal IP addresses. By default,\nruntimes are not restricted to internal IP addresses, and will\nhave ephemeral external IP addresses assigned to each vm. This\n'internal_ip_only' restriction can only be enabled for subnetwork\nenabled networks, and all dependencies must be configured to be\naccessible without external IP addresses.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for runtimes.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to virtual machine.\n(see [Project and instance metadata](https://cloud.google.com\n/compute/docs/storing-retrieving-metadata#project_and_instance\n_metadata)).","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine network to be used for machine communications.\nCannot be specified with subnetwork. If neither 'network' nor\n'subnet' is specified, the \"default\" network of the project is\nused, if it exists. A full URL or partial URI. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/global/default'\n * 'projects/[project_id]/regions/global/default'\nRuntimes are managed resources inside Google Infrastructure.\nRuntimes support the following network configurations:\n * Google Managed Network (Network \u0026 subnet are empty)\n * Consumer Project VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.\n * Shared VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. This may be gVNIC\nor VirtioNet. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"reserved_ip_range":{"type":"string","description":"Reserved IP Range name is used for VPC Peering. The\nsubnetwork allocation will use the range *name* if it's assigned.","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"The Compute Engine subnetwork to be used for machine\ncommunications. Cannot be specified with network. A full URL or\npartial URI are valid. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/us-east1/subnetworks/sub0'\n * 'projects/[project_id]/regions/us-east1/subnetworks/sub0'","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to runtime (see [Tagging instances]\n(https://cloud.google.com/compute/docs/\nlabel-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone where the virtual machine is located.","description_kind":"plain","computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Accelerator model. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#AcceleratorType'","description_kind":"plain","optional":true}},"description":"The Compute Engine accelerator configuration for this runtime.","description_kind":"plain"},"max_items":1},"container_images":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to start the notebook instance.","description_kind":"plain"}},"data_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Optional. Specifies whether the disk will be auto-deleted\nwhen the instance is deleted (but not when the disk is\ndetached from the instance).","description_kind":"plain","computed":true},"boot":{"type":"bool","description":"Optional. Indicates that this is a boot disk. The virtual\nmachine will use the first partition of the disk for its\nroot filesystem.","description_kind":"plain","computed":true},"device_name":{"type":"string","description":"Optional. Specifies a unique device name of your choice\nthat is reflected into the /dev/disk/by-id/google-* tree\nof a Linux operating system running within the instance.\nThis name can be used to reference the device for mounting,\nresizing, and so on, from within the instance.\nIf not specified, the server chooses a default device name\nto apply to this disk, in the form persistent-disk-x, where\nx is a number assigned by Google Compute Engine. This field\nis only applicable for persistent disks.","description_kind":"plain","computed":true},"guest_os_features":{"type":["list","string"],"description":"Indicates a list of features to enable on the guest operating\nsystem. Applicable only for bootable images. To see a list of\navailable features, read 'https://cloud.google.com/compute/docs/\nimages/create-delete-deprecate-private-images#guest-os-features'\noptions. ''","description_kind":"plain","computed":true},"index":{"type":"number","description":"Output only. A zero-based index to this disk, where 0 is\nreserved for the boot disk. If you have many disks attached\nto an instance, each disk would have a unique index number.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"\"Specifies the disk interface to use for attaching this disk,\nwhich is either SCSI or NVME. The default is SCSI. Persistent\ndisks must always use SCSI and the request will fail if you attempt\nto attach a persistent disk in any other format than SCSI. Local SSDs\ncan use either NVME or SCSI. For performance characteristics of SCSI\nover NVMe, see Local SSD performance. Valid values: * NVME * SCSI\".","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Type of the resource. Always compute#attachedDisk for attached\ndisks.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Output only. Any valid publicly visible licenses.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE\nor READ_ONLY. If not specified, the default is to attach\nthe disk in READ_WRITE mode.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Specifies a valid partial or full URL to an existing\nPersistent Disk resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the disk, either SCRATCH or PERSISTENT.\nIf not specified, the default is PERSISTENT.","description_kind":"plain","optional":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Provide this property when creating the disk.","description_kind":"plain","optional":true},"disk_name":{"type":"string","description":"Specifies the disk name. If not specified, the default is\nto use the name of the instance. If the disk with the\ninstance name exists already in the given zone/region, a\nnew name will be automatically generated.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Specifies the size of the disk in base-2 GB. If not\nspecified, the disk will be the same size as the image\n(usually 10GB). If specified, the size must be equal to\nor larger than 10GB. Default 100 GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"The type of the boot disk attached to this runtime,\ndefaults to standard persistent disk. For valid values,\nsee 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#disktype'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. These can be later modified\nby the disks.setLabels method. This field is only\napplicable for persistent disks.","description_kind":"plain","optional":true,"computed":true}},"description":"Input only. Specifies the parameters for a new disk that will\nbe created alongside the new instance. Use initialization\nparameters to create boot disks or local SSDs attached to the\nnew instance. This property is mutually exclusive with the\nsource property; you can only define one or the other, but not\nboth.","description_kind":"plain"},"max_items":1}},"description":"Data disk option configuration settings.","description_kind":"plain"},"min_items":1,"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS resource identifier of the customer-managed\nencryption key used to protect a resource, such as a disks.\nIt has the following format:\n'projects/{PROJECT_ID}/locations/{REGION}/keyRings/\n{KEY_RING_NAME}/cryptoKeys/{KEY_NAME}'","description_kind":"plain","optional":true}},"description":"Encryption settings for virtual machine data disk.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.\nEnables monitoring and attestation of the boot integrity of\nthe instance. The attestation is performed against the\nintegrity policy baseline. This baseline is initially derived\nfrom the implicitly trusted boot image when the instance is\ncreated. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.Secure\nBoot helps ensure that the system only runs authentic software\nby verifying the digital signature of all boot components, and\nhalting the boot process if signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled. Enabled by\ndefault.","description_kind":"plain","optional":true}},"description":"Shielded VM Instance configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Virtual Machine configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Use a Compute Engine VM image to start the managed notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_oracle_database_autonomous_database":{"version":0,"block":{"attributes":{"admin_password":{"type":"string","description":"The password for the default ADMIN user.","description_kind":"plain","optional":true},"autonomous_database_id":{"type":"string","description":"The ID of the Autonomous Database to create. This value is restricted\nto (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$) and must be a maximum of 63\ncharacters in length. The value must start with a letter and end with\na letter or a number.","description_kind":"plain","required":true},"cidr":{"type":"string","description":"The subnet CIDR range for the Autonmous Database.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The date and time that the Autonomous Database was created.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The name of the Autonomous Database. The database name must be unique in\nthe project. The name must begin with a letter and can\ncontain a maximum of 30 alphanumeric characters.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the Autonomous Database. The name does not have to\nbe unique within your project.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitlement_id":{"type":"string","description":"The ID of the subscription entitlement associated with the Autonomous\nDatabase.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels or tags associated with the Autonomous Database. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. See documentation for resource type 'oracledatabase.googleapis.com/AutonomousDatabaseBackup'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the Autonomous Database resource in the following format:\nprojects/{project}/locations/{region}/autonomousDatabases/{autonomous_database}","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name of the VPC network used by the Autonomous Database.\nFormat: projects/{project}/global/networks/{network}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"actual_used_data_storage_size_tb":{"type":"number","description":"The amount of storage currently being used for user and system data, in\nterabytes.","description_kind":"plain","computed":true},"allocated_storage_size_tb":{"type":"number","description":"The amount of storage currently allocated for the database tables and\nbilled for, rounded up in terabytes.","description_kind":"plain","computed":true},"apex_details":{"type":["list",["object",{"apex_version":"string","ords_version":"string"}]],"description":"Oracle APEX Application Development.\nhttps://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseApex","description_kind":"plain","computed":true},"are_primary_allowlisted_ips_used":{"type":"bool","description":"This field indicates the status of Data Guard and Access control for the\nAutonomous Database. The field's value is null if Data Guard is disabled\nor Access Control is disabled. The field's value is TRUE if both Data Guard\nand Access Control are enabled, and the Autonomous Database is using\nprimary IP access control list (ACL) for standby. The field's value is\nFALSE if both Data Guard and Access Control are enabled, and the Autonomous\nDatabase is using a different IP access control list (ACL) for standby\ncompared to primary.","description_kind":"plain","computed":true},"autonomous_container_database_id":{"type":"string","description":"The Autonomous Container Database OCID.","description_kind":"plain","computed":true},"available_upgrade_versions":{"type":["list","string"],"description":"The list of available Oracle Database upgrade versions for an Autonomous\nDatabase.","description_kind":"plain","computed":true},"backup_retention_period_days":{"type":"number","description":"The retention period for the Autonomous Database. This field is specified\nin days, can range from 1 day to 60 days, and has a default value of\n60 days.","description_kind":"plain","optional":true,"computed":true},"character_set":{"type":"string","description":"The character set for the Autonomous Database. The default is AL32UTF8.","description_kind":"plain","optional":true},"compute_count":{"type":"number","description":"The number of compute servers for the Autonomous Database.","description_kind":"plain","optional":true,"computed":true},"connection_strings":{"type":["list",["object",{"all_connection_strings":["list",["object",{"high":"string","low":"string","medium":"string"}]],"dedicated":"string","high":"string","low":"string","medium":"string","profiles":["list",["object",{"consumer_group":"string","display_name":"string","host_format":"string","is_regional":"bool","protocol":"string","session_mode":"string","syntax_format":"string","tls_authentication":"string","value":"string"}]]}]],"description":"The connection string used to connect to the Autonomous Database.\nhttps://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseConnectionStrings","description_kind":"plain","computed":true},"connection_urls":{"type":["list",["object",{"apex_uri":"string","database_transforms_uri":"string","graph_studio_uri":"string","machine_learning_notebook_uri":"string","machine_learning_user_management_uri":"string","mongo_db_uri":"string","ords_uri":"string","sql_dev_web_uri":"string"}]],"description":"The URLs for accessing Oracle Application Express (APEX) and SQL Developer\nWeb with a browser from a Compute instance.\nhttps://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseConnectionUrls","description_kind":"plain","computed":true},"data_safe_state":{"type":"string","description":"The current state of the Data Safe registration for the\nAutonomous Database. \n Possible values:\n DATA_SAFE_STATE_UNSPECIFIED\nREGISTERING\nREGISTERED\nDEREGISTERING\nNOT_REGISTERED\nFAILED","description_kind":"plain","computed":true},"data_storage_size_gb":{"type":"number","description":"The size of the data stored in the database, in gigabytes.","description_kind":"plain","optional":true,"computed":true},"data_storage_size_tb":{"type":"number","description":"The size of the data stored in the database, in terabytes.","description_kind":"plain","optional":true,"computed":true},"database_management_state":{"type":"string","description":"The current state of database management for the Autonomous Database. \n Possible values:\n DATABASE_MANAGEMENT_STATE_UNSPECIFIED\nENABLING\nENABLED\nDISABLING\nNOT_ENABLED\nFAILED_ENABLING\nFAILED_DISABLING","description_kind":"plain","computed":true},"db_edition":{"type":"string","description":"The edition of the Autonomous Databases. \n Possible values:\n DATABASE_EDITION_UNSPECIFIED\nSTANDARD_EDITION\nENTERPRISE_EDITION","description_kind":"plain","optional":true},"db_version":{"type":"string","description":"The Oracle Database version for the Autonomous Database.","description_kind":"plain","optional":true},"db_workload":{"type":"string","description":"Possible values:\n DB_WORKLOAD_UNSPECIFIED\nOLTP\nDW\nAJD\nAPEX","description_kind":"plain","required":true},"failed_data_recovery_duration":{"type":"string","description":"This field indicates the number of seconds of data loss during a Data\nGuard failover.","description_kind":"plain","computed":true},"is_auto_scaling_enabled":{"type":"bool","description":"This field indicates if auto scaling is enabled for the Autonomous Database\nCPU core count.","description_kind":"plain","optional":true},"is_local_data_guard_enabled":{"type":"bool","description":"This field indicates whether the Autonomous Database has local (in-region)\nData Guard enabled.","description_kind":"plain","computed":true},"is_storage_auto_scaling_enabled":{"type":"bool","description":"This field indicates if auto scaling is enabled for the Autonomous Database\nstorage.","description_kind":"plain","optional":true,"computed":true},"license_type":{"type":"string","description":"The license type used for the Autonomous Database. \n Possible values:\n LICENSE_TYPE_UNSPECIFIED\nLICENSE_INCLUDED\nBRING_YOUR_OWN_LICENSE","description_kind":"plain","required":true},"lifecycle_details":{"type":"string","description":"The details of the current lifestyle state of the Autonomous Database.","description_kind":"plain","computed":true},"local_adg_auto_failover_max_data_loss_limit":{"type":"number","description":"This field indicates the maximum data loss limit for an Autonomous\nDatabase, in seconds.","description_kind":"plain","computed":true},"local_disaster_recovery_type":{"type":"string","description":"This field indicates the local disaster recovery (DR) type of an\nAutonomous Database. \n Possible values:\n LOCAL_DISASTER_RECOVERY_TYPE_UNSPECIFIED\nADG\nBACKUP_BASED","description_kind":"plain","computed":true},"local_standby_db":{"type":["list",["object",{"data_guard_role_changed_time":"string","disaster_recovery_role_changed_time":"string","lag_time_duration":"string","lifecycle_details":"string","state":"string"}]],"description":"Autonomous Data Guard standby database details.\nhttps://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/AutonomousDatabaseStandbySummary","description_kind":"plain","computed":true},"maintenance_begin_time":{"type":"string","description":"The date and time when maintenance will begin.","description_kind":"plain","computed":true},"maintenance_end_time":{"type":"string","description":"The date and time when maintenance will end.","description_kind":"plain","computed":true},"maintenance_schedule_type":{"type":"string","description":"The maintenance schedule of the Autonomous Database. \n Possible values:\n MAINTENANCE_SCHEDULE_TYPE_UNSPECIFIED\nEARLY\nREGULAR","description_kind":"plain","optional":true,"computed":true},"memory_per_oracle_compute_unit_gbs":{"type":"number","description":"The amount of memory enabled per ECPU, in gigabytes.","description_kind":"plain","computed":true},"memory_table_gbs":{"type":"number","description":"The memory assigned to in-memory tables in an Autonomous Database.","description_kind":"plain","computed":true},"mtls_connection_required":{"type":"bool","description":"This field specifies if the Autonomous Database requires mTLS connections.","description_kind":"plain","optional":true},"n_character_set":{"type":"string","description":"The national character set for the Autonomous Database. The default is\nAL16UTF16.","description_kind":"plain","optional":true},"next_long_term_backup_time":{"type":"string","description":"The long term backup schedule of the Autonomous Database.","description_kind":"plain","computed":true},"oci_url":{"type":"string","description":"The Oracle Cloud Infrastructure link for the Autonomous Database.","description_kind":"plain","computed":true},"ocid":{"type":"string","description":"OCID of the Autonomous Database.\nhttps://docs.oracle.com/en-us/iaas/Content/General/Concepts/identifiers.htm#Oracle","description_kind":"plain","computed":true},"open_mode":{"type":"string","description":"This field indicates the current mode of the Autonomous Database. \n Possible values:\n OPEN_MODE_UNSPECIFIED\nREAD_ONLY\nREAD_WRITE","description_kind":"plain","computed":true},"operations_insights_state":{"type":"string","description":"Possible values:\n OPERATIONS_INSIGHTS_STATE_UNSPECIFIED\nENABLING\nENABLED\nDISABLING\nNOT_ENABLED\nFAILED_ENABLING\nFAILED_DISABLING","description_kind":"plain","optional":true,"computed":true},"peer_db_ids":{"type":["list","string"],"description":"The list of OCIDs of standby databases located in Autonomous Data Guard\nremote regions that are associated with the source database.","description_kind":"plain","computed":true},"permission_level":{"type":"string","description":"The permission level of the Autonomous Database. \n Possible values:\n PERMISSION_LEVEL_UNSPECIFIED\nRESTRICTED\nUNRESTRICTED","description_kind":"plain","computed":true},"private_endpoint":{"type":"string","description":"The private endpoint for the Autonomous Database.","description_kind":"plain","computed":true},"private_endpoint_ip":{"type":"string","description":"The private endpoint IP address for the Autonomous Database.","description_kind":"plain","optional":true,"computed":true},"private_endpoint_label":{"type":"string","description":"The private endpoint label for the Autonomous Database.","description_kind":"plain","optional":true,"computed":true},"refreshable_mode":{"type":"string","description":"The refresh mode of the cloned Autonomous Database. \n Possible values:\n REFRESHABLE_MODE_UNSPECIFIED\nAUTOMATIC\nMANUAL","description_kind":"plain","computed":true},"refreshable_state":{"type":"string","description":"The refresh State of the clone. \n Possible values:\n REFRESHABLE_STATE_UNSPECIFIED\nREFRESHING\nNOT_REFRESHING","description_kind":"plain","computed":true},"role":{"type":"string","description":"The Data Guard role of the Autonomous Database. \n Possible values:\n ROLE_UNSPECIFIED\nPRIMARY\nSTANDBY\nDISABLED_STANDBY\nBACKUP_COPY\nSNAPSHOT_STANDBY","description_kind":"plain","computed":true},"scheduled_operation_details":{"type":["list",["object",{"day_of_week":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]],"stop_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]],"description":"The list and details of the scheduled operations of the Autonomous\nDatabase.","description_kind":"plain","computed":true},"sql_web_developer_url":{"type":"string","description":"The SQL Web Developer URL for the Autonomous Database.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Possible values:\n STATE_UNSPECIFIED\nPROVISIONING\nAVAILABLE\nSTOPPING\nSTOPPED\nSTARTING\nTERMINATING\nTERMINATED\nUNAVAILABLE\nRESTORE_IN_PROGRESS\nRESTORE_FAILED\nBACKUP_IN_PROGRESS\nSCALE_IN_PROGRESS\nAVAILABLE_NEEDS_ATTENTION\nUPDATING\nMAINTENANCE_IN_PROGRESS\nRESTARTING\nRECREATING\nROLE_CHANGE_IN_PROGRESS\nUPGRADING\nINACCESSIBLE\nSTANDBY","description_kind":"plain","computed":true},"supported_clone_regions":{"type":["list","string"],"description":"The list of available regions that can be used to create a clone for the\nAutonomous Database.","description_kind":"plain","computed":true},"total_auto_backup_storage_size_gbs":{"type":"number","description":"The storage space used by automatic backups of Autonomous Database, in\ngigabytes.","description_kind":"plain","computed":true},"used_data_storage_size_tbs":{"type":"number","description":"The storage space used by Autonomous Database, in gigabytes.","description_kind":"plain","computed":true}},"block_types":{"customer_contacts":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The email address used by Oracle to send notifications regarding databases\nand infrastructure.","description_kind":"plain","required":true}},"description":"The list of customer contacts.","description_kind":"plain"}}},"description":"The properties of an Autonomous Database.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_oracle_database_cloud_exadata_infrastructure":{"version":0,"block":{"attributes":{"cloud_exadata_infrastructure_id":{"type":"string","description":"The ID of the Exadata Infrastructure to create. This value is restricted\nto (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$) and must be a maximum of 63\ncharacters in length. The value must start with a letter and end with\na letter or a number.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The date and time that the Exadata Infrastructure was created.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly name for this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitlement_id":{"type":"string","description":"Entitlement ID of the private offer against which this infrastructure\nresource is provisioned.","description_kind":"plain","computed":true},"gcp_oracle_zone":{"type":"string","description":"GCP location where Oracle Exadata is hosted.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels or tags associated with the resource. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. See documentation for resource type 'oracledatabase.googleapis.com/DbServer'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the Exadata Infrastructure resource with the following format:\nprojects/{project}/locations/{region}/cloudExadataInfrastructures/{cloud_exadata_infrastructure}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"activated_storage_count":{"type":"number","description":"The requested number of additional storage servers activated for the\nExadata Infrastructure.","description_kind":"plain","computed":true},"additional_storage_count":{"type":"number","description":"The requested number of additional storage servers for the Exadata\nInfrastructure.","description_kind":"plain","computed":true},"available_storage_size_gb":{"type":"number","description":"The available storage can be allocated to the Exadata Infrastructure\nresource, in gigabytes (GB).","description_kind":"plain","computed":true},"compute_count":{"type":"number","description":"The number of compute servers for the Exadata Infrastructure.","description_kind":"plain","optional":true},"cpu_count":{"type":"number","description":"The number of enabled CPU cores.","description_kind":"plain","computed":true},"data_storage_size_tb":{"type":"number","description":"Size, in terabytes, of the DATA disk group.","description_kind":"plain","computed":true},"db_node_storage_size_gb":{"type":"number","description":"The local node storage allocated in GBs.","description_kind":"plain","computed":true},"db_server_version":{"type":"string","description":"The software version of the database servers (dom0) in the Exadata\nInfrastructure.","description_kind":"plain","computed":true},"max_cpu_count":{"type":"number","description":"The total number of CPU cores available.","description_kind":"plain","computed":true},"max_data_storage_tb":{"type":"number","description":"The total available DATA disk group size.","description_kind":"plain","computed":true},"max_db_node_storage_size_gb":{"type":"number","description":"The total local node storage available in GBs.","description_kind":"plain","computed":true},"max_memory_gb":{"type":"number","description":"The total memory available in GBs.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"The memory allocated in GBs.","description_kind":"plain","computed":true},"monthly_db_server_version":{"type":"string","description":"The monthly software version of the database servers (dom0)\nin the Exadata Infrastructure. Example: 20.1.15","description_kind":"plain","computed":true},"monthly_storage_server_version":{"type":"string","description":"The monthly software version of the storage servers (cells)\nin the Exadata Infrastructure. Example: 20.1.15","description_kind":"plain","computed":true},"next_maintenance_run_id":{"type":"string","description":"The OCID of the next maintenance run.","description_kind":"plain","computed":true},"next_maintenance_run_time":{"type":"string","description":"The time when the next maintenance run will occur.","description_kind":"plain","computed":true},"next_security_maintenance_run_time":{"type":"string","description":"The time when the next security maintenance run will occur.","description_kind":"plain","computed":true},"oci_url":{"type":"string","description":"Deep link to the OCI console to view this resource.","description_kind":"plain","computed":true},"ocid":{"type":"string","description":"OCID of created infra.\nhttps://docs.oracle.com/en-us/iaas/Content/General/Concepts/identifiers.htm#Oracle","description_kind":"plain","computed":true},"shape":{"type":"string","description":"The shape of the Exadata Infrastructure. The shape determines the\namount of CPU, storage, and memory resources allocated to the instance.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current lifecycle state of the Exadata Infrastructure. \n Possible values:\n STATE_UNSPECIFIED\nPROVISIONING\nAVAILABLE\nUPDATING\nTERMINATING\nTERMINATED\nFAILED\nMAINTENANCE_IN_PROGRESS","description_kind":"plain","computed":true},"storage_count":{"type":"number","description":"The number of Cloud Exadata storage servers for the Exadata Infrastructure.","description_kind":"plain","optional":true},"storage_server_version":{"type":"string","description":"The software version of the storage servers (cells) in the Exadata\nInfrastructure.","description_kind":"plain","computed":true},"total_storage_size_gb":{"type":"number","description":"The total storage allocated to the Exadata Infrastructure\nresource, in gigabytes (GB).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"customer_contacts":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The email address used by Oracle to send notifications regarding databases\nand infrastructure.","description_kind":"plain","required":true}},"description":"The list of customer contacts.","description_kind":"plain"}},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"custom_action_timeout_mins":{"type":"number","description":"Determines the amount of time the system will wait before the start of each\ndatabase server patching operation. Custom action timeout is in minutes and\nvalid value is between 15 to 120 (inclusive).","description_kind":"plain","optional":true,"computed":true},"days_of_week":{"type":["list","string"],"description":"Days during the week when maintenance should be performed.","description_kind":"plain","optional":true,"computed":true},"hours_of_day":{"type":["list","number"],"description":"The window of hours during the day when maintenance should be performed.\nThe window is a 4 hour slot. Valid values are:\n 0 - represents time slot 0:00 - 3:59 UTC\n 4 - represents time slot 4:00 - 7:59 UTC\n 8 - represents time slot 8:00 - 11:59 UTC\n 12 - represents time slot 12:00 - 15:59 UTC\n 16 - represents time slot 16:00 - 19:59 UTC\n 20 - represents time slot 20:00 - 23:59 UTC","description_kind":"plain","optional":true,"computed":true},"is_custom_action_timeout_enabled":{"type":"bool","description":"If true, enables the configuration of a custom action timeout (waiting\nperiod) between database server patching operations.","description_kind":"plain","optional":true,"computed":true},"lead_time_week":{"type":"number","description":"Lead time window allows user to set a lead time to prepare for a down time.\nThe lead time is in weeks and valid value is between 1 to 4.","description_kind":"plain","optional":true,"computed":true},"months":{"type":["list","string"],"description":"Months during the year when maintenance should be performed.","description_kind":"plain","optional":true,"computed":true},"patching_mode":{"type":"string","description":"Cloud CloudExadataInfrastructure node patching method, either \"ROLLING\"\n or \"NONROLLING\". Default value is ROLLING. \n Possible values:\n PATCHING_MODE_UNSPECIFIED\nROLLING\nNON_ROLLING","description_kind":"plain","optional":true,"computed":true},"preference":{"type":"string","description":"The maintenance window scheduling preference. \n Possible values:\n MAINTENANCE_WINDOW_PREFERENCE_UNSPECIFIED\nCUSTOM_PREFERENCE\nNO_PREFERENCE","description_kind":"plain","optional":true,"computed":true},"weeks_of_month":{"type":["list","number"],"description":"Weeks during the month when maintenance should be performed. Weeks start on\nthe 1st, 8th, 15th, and 22nd days of the month, and have a duration of 7\ndays. Weeks start and end based on calendar dates, not days of the week.","description_kind":"plain","optional":true,"computed":true}},"description":"Maintenance window as defined by Oracle.\nhttps://docs.oracle.com/en-us/iaas/api/#/en/database/20160918/datatypes/MaintenanceWindow","description_kind":"plain"},"max_items":1}},"description":"Various properties of Exadata Infrastructure.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_oracle_database_cloud_vm_cluster":{"version":0,"block":{"attributes":{"backup_subnet_cidr":{"type":"string","description":"CIDR range of the backup subnet.","description_kind":"plain","required":true},"cidr":{"type":"string","description":"Network settings. CIDR to use for cluster IP allocation.","description_kind":"plain","required":true},"cloud_vm_cluster_id":{"type":"string","description":"The ID of the VM Cluster to create. This value is restricted\nto (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$) and must be a maximum of 63\ncharacters in length. The value must start with a letter and end with\na letter or a number.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The date and time that the VM cluster was created.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the cluster. Deleting this cluster via terraform destroy or terraform apply will only succeed if this field is false in the Terraform state.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly name for this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"exadata_infrastructure":{"type":"string","description":"The name of the Exadata Infrastructure resource on which VM cluster\nresource is created, in the following format:\nprojects/{project}/locations/{region}/cloudExadataInfrastuctures/{cloud_extradata_infrastructure}","description_kind":"plain","required":true},"gcp_oracle_zone":{"type":"string","description":"GCP location where Oracle Exadata is hosted. It is same as GCP Oracle zone\nof Exadata infrastructure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels or tags associated with the VM Cluster. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. See documentation for resource type 'oracledatabase.googleapis.com/DbNode'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the VM Cluster resource with the format:\nprojects/{project}/locations/{region}/cloudVmClusters/{cloud_vm_cluster}","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name of the VPC network.\nFormat: projects/{project}/global/networks/{network}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"OCI Cluster name.","description_kind":"plain","optional":true,"computed":true},"compartment_id":{"type":"string","description":"Compartment ID of cluster.","description_kind":"plain","computed":true},"cpu_core_count":{"type":"number","description":"Number of enabled CPU cores.","description_kind":"plain","required":true},"data_storage_size_tb":{"type":"number","description":"The data disk group size to be allocated in TBs.","description_kind":"plain","optional":true,"computed":true},"db_node_storage_size_gb":{"type":"number","description":"Local storage per VM","description_kind":"plain","optional":true,"computed":true},"db_server_ocids":{"type":["list","string"],"description":"OCID of database servers.","description_kind":"plain","optional":true,"computed":true},"disk_redundancy":{"type":"string","description":"The type of redundancy. \n Possible values:\n DISK_REDUNDANCY_UNSPECIFIED\nHIGH\nNORMAL","description_kind":"plain","optional":true,"computed":true},"dns_listener_ip":{"type":"string","description":"DNS listener IP.","description_kind":"plain","computed":true},"domain":{"type":"string","description":"Parent DNS domain where SCAN DNS and hosts names are qualified.\nex: ocispdelegated.ocisp10jvnet.oraclevcn.com","description_kind":"plain","computed":true},"gi_version":{"type":"string","description":"Grid Infrastructure Version.","description_kind":"plain","optional":true},"hostname":{"type":"string","description":"host name without domain.\nformat: \"-\" with some suffix.\nex: sp2-yi0xq where \"sp2\" is the hostname_prefix.","description_kind":"plain","computed":true},"hostname_prefix":{"type":"string","description":"Prefix for VM cluster host names.","description_kind":"plain","optional":true},"license_type":{"type":"string","description":"License type of VM Cluster. \n Possible values:\n LICENSE_TYPE_UNSPECIFIED\nLICENSE_INCLUDED\nBRING_YOUR_OWN_LICENSE","description_kind":"plain","required":true},"local_backup_enabled":{"type":"bool","description":"Use local backup.","description_kind":"plain","optional":true},"memory_size_gb":{"type":"number","description":"Memory allocated in GBs.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"Number of database servers.","description_kind":"plain","optional":true,"computed":true},"oci_url":{"type":"string","description":"Deep link to the OCI console to view this resource.","description_kind":"plain","computed":true},"ocid":{"type":"string","description":"Oracle Cloud Infrastructure ID of VM Cluster.","description_kind":"plain","computed":true},"ocpu_count":{"type":"number","description":"OCPU count per VM. Minimum is 0.1.","description_kind":"plain","optional":true,"computed":true},"scan_dns":{"type":"string","description":"SCAN DNS name.\nex: sp2-yi0xq-scan.ocispdelegated.ocisp10jvnet.oraclevcn.com","description_kind":"plain","computed":true},"scan_dns_record_id":{"type":"string","description":"OCID of scan DNS record.","description_kind":"plain","computed":true},"scan_ip_ids":{"type":["list","string"],"description":"OCIDs of scan IPs.","description_kind":"plain","computed":true},"scan_listener_port_tcp":{"type":"number","description":"SCAN listener port - TCP","description_kind":"plain","computed":true},"scan_listener_port_tcp_ssl":{"type":"number","description":"SCAN listener port - TLS","description_kind":"plain","computed":true},"shape":{"type":"string","description":"Shape of VM Cluster.","description_kind":"plain","computed":true},"sparse_diskgroup_enabled":{"type":"bool","description":"Use exadata sparse snapshots.","description_kind":"plain","optional":true,"computed":true},"ssh_public_keys":{"type":["list","string"],"description":"SSH public keys to be stored with cluster.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the cluster. \n Possible values:\n STATE_UNSPECIFIED\nPROVISIONING\nAVAILABLE\nUPDATING\nTERMINATING\nTERMINATED\nFAILED\nMAINTENANCE_IN_PROGRESS","description_kind":"plain","computed":true},"storage_size_gb":{"type":"number","description":"The storage allocation for the disk group, in gigabytes (GB).","description_kind":"plain","computed":true},"system_version":{"type":"string","description":"Operating system version of the image.","description_kind":"plain","computed":true}},"block_types":{"diagnostics_data_collection_options":{"nesting_mode":"list","block":{"attributes":{"diagnostics_events_enabled":{"type":"bool","description":"Indicates whether diagnostic collection is enabled for the VM cluster","description_kind":"plain","optional":true},"health_monitoring_enabled":{"type":"bool","description":"Indicates whether health monitoring is enabled for the VM cluster","description_kind":"plain","optional":true},"incident_logs_enabled":{"type":"bool","description":"Indicates whether incident logs and trace collection are enabled for the VM\ncluster","description_kind":"plain","optional":true}},"description":"Data collection options for diagnostics.","description_kind":"plain"},"max_items":1},"time_zone":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\".","description_kind":"plain","optional":true,"computed":true}},"description":"Represents a time zone from the\n[IANA Time Zone Database](https://www.iana.org/time-zones).","description_kind":"plain"},"max_items":1}},"description":"Various properties and settings associated with Exadata VM cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_org_policy_custom_constraint":{"version":0,"block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The timestamp representing when the constraint was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_org_policy_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * 'projects/{project_number}/policies/{constraint_name}' * 'folders/{folder_id}/policies/{constraint_name}' * 'organizations/{organization_id}/policies/{constraint_name}' For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: 'projects/{project_id}/policies/{constraint_name}' is also an acceptable name for API requests, but responses will return the name using the equivalent project number.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","required":true}},"block_types":{"dry_run_spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a 'CreatePolicy' request. When the policy' is returned from either a 'GetPolicy' or a 'ListPolicies' request, this 'etag' indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a 'GetEffectivePolicy' request, the 'etag' will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this policy. If 'inherit_from_parent' is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the 'constraint_default' enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, 'rules' must be empty and 'inherit_from_parent' must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to 'CreatePolicy' or 'UpdatePolicy' was made for that policy.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If '\"TRUE\"', then the 'Policy' is enforced. If '\"FALSE\"', then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true},"parameters":{"type":"string","description":"Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\\"allowedLocations\\\" : [\\\"us-east1\\\", \\\"us-west1\\\"], \\\"allowAll\\\" : true }","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the 'expression' field in the 'Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set 'enforced' to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the 'Policy', used for concurrency control. This field is ignored if used in a 'CreatePolicy' request. When the 'Policy' is returned from either a 'GetPolicy' or a 'ListPolicies' request, this 'etag' indicates the version of the current 'Policy' to use when executing a read-modify-write loop. When the 'Policy' is returned from a 'GetEffectivePolicy' request, the 'etag' will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this 'Policy'. If 'inherit_from_parent' is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the 'constraint_default' enforcement behavior of the specific 'Constraint' at this resource. This field can be set in policies for either list or boolean constraints. If set, 'rules' must be empty and 'inherit_from_parent' must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to 'CreatePolicy' or 'UpdatePolicy' was made for that 'Policy'.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to '\"TRUE\"' means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If '\"TRUE\"', then the 'Policy' is enforced. If '\"FALSE\"', then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true},"parameters":{"type":"string","description":"Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\\"allowedLocations\\\" : [\\\"us-east1\\\", \\\"us-west1\\\"], \\\"allowAll\\\" : true }","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the 'expression' field in the 'Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set 'enforced' to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Basic information about the Organization Policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"organizations/{organization_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"organization_id":{"type":"string","description":"ID of the organization of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can be done for individual services.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_organization_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to create a custom role.","description_kind":"plain","required":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The role id to use for this role.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_os_policy_assignment":{"version":0,"block":{"attributes":{"baseline":{"type":"bool","description":"Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision.\nFor a given OS policy assignment, there is only one revision with a value of 'true' for this field.","description_kind":"plain","computed":true},"deleted":{"type":"bool","description":"Output only. Indicates that this revision deletes the OS policy assignment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"OS policy assignment description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Indicates that reconciliation is in progress for the revision. This value is 'true' when the 'rollout_state' is one of:\n* IN_PROGRESS\n* CANCELLING","description_kind":"plain","computed":true},"revision_create_time":{"type":"string","description":"Output only. The timestamp that the revision was created.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment","description_kind":"plain","computed":true},"rollout_state":{"type":"string","description":"Output only. OS policy assignment rollout state","description_kind":"plain","computed":true},"skip_await_rollout":{"type":"bool","description":"Set to true to skip awaiting rollout during resource creation and update.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server generated unique id for the OS policy assignment resource.","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VMs in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true}},"block_types":{"exclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM exclusion.\nIf the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM inclusion.\nIf the list has more than one 'LabelSet', the VM is included if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inventories":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*' An empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventories to select VMs.\nA VM is selected if its inventory data matches at least one of the following inventories.","description_kind":"plain"}}},"description":"Filter to select VMs.","description_kind":"plain"},"min_items":1,"max_items":1},"os_policies":{"nesting_mode":"list","block":{"attributes":{"allow_no_resource_group_match":{"type":"bool","description":"This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to 'true' if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Policy description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The id of the OS policy with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the assignment.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Policy mode Possible values: [\"MODE_UNSPECIFIED\", \"VALIDATION\", \"ENFORCEMENT\"]","description_kind":"plain","required":true}},"block_types":{"resource_groups":{"nesting_mode":"list","block":{"block_types":{"inventory_filters":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version\nPrefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*'\nAn empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventory filters for the resource group.\nThe resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters.\nFor example, to apply this resource group to VMs running either 'RHEL' or 'CentOS' operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos'\nIf the list is empty, this resource group will be applied to the target VM unconditionally.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The id of the resource with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the OS policy.","description_kind":"plain","required":true}},"block_types":{"exec":{"nesting_mode":"list","block":{"block_types":{"enforce":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to bring this resource into the desired state. An exit code of 100 indicates \"success\", any other exit code indicates a failure running enforce.","description_kind":"plain"},"max_items":1},"validate":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to validate this resource is in the desired state. An exit code of 100 indicates \"in desired state\", and exit code of 101 indicates \"not in desired state\". Any other exit code indicates a failure running validate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Exec resource","description_kind":"plain"},"max_items":1},"file":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"A a file with this content. The size of the content is limited to 1024 characters.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The absolute path of the file within the VM.","description_kind":"plain","required":true},"permissions":{"type":"string","description":"Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755.\nBelow are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4","description_kind":"plain","computed":true},"state":{"type":"string","description":"Desired state of the file. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"PRESENT\", \"ABSENT\", \"CONTENTS_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local source.","description_kind":"plain"},"max_items":1}},"description":"File resource","description_kind":"plain"},"max_items":1},"pkg":{"nesting_mode":"list","block":{"attributes":{"desired_state":{"type":"string","description":"The desired state the agent should maintain for this package. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"INSTALLED\", \"REMOVED\"]","description_kind":"plain","required":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Apt.","description_kind":"plain"},"max_items":1},"deb":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'dpkg -i package' - install when true: 'apt-get update \u0026\u0026 apt-get -y install package.deb'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A deb package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A deb package file.","description_kind":"plain"},"max_items":1},"googet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by GooGet.","description_kind":"plain"},"max_items":1},"msi":{"nesting_mode":"list","block":{"attributes":{"properties":{"type":["list","string"],"description":"Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of 'ACTION=INSTALL REBOOT=ReallySuppress'.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"The MSI package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An MSI package.","description_kind":"plain"},"max_items":1},"rpm":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'rpm --upgrade --replacepkgs package.rpm' - install when true: 'yum -y install package.rpm' or 'zypper -y install package.rpm'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"An rpm package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An rpm package file.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by YUM.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Zypper.","description_kind":"plain"},"max_items":1}},"description":"Package resource","description_kind":"plain"},"max_items":1},"repository":{"nesting_mode":"list","block":{"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"archive_type":{"type":"string","description":"Type of archive files in this repository. Possible values: [\"ARCHIVE_TYPE_UNSPECIFIED\", \"DEB\", \"DEB_SRC\"]","description_kind":"plain","required":true},"components":{"type":["list","string"],"description":"List of components for this repository. Must contain at least one item.","description_kind":"plain","required":true},"distribution":{"type":"string","description":"Distribution of this repository.","description_kind":"plain","required":true},"gpg_key":{"type":"string","description":"URI of the key file for this repository. The agent maintains a keyring at '/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg'.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI for this repository.","description_kind":"plain","required":true}},"description":"An Apt Repository.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the repository.","description_kind":"plain","required":true},"url":{"type":"string","description":"The url of the repository.","description_kind":"plain","required":true}},"description":"A Goo Repository.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the yum config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for resource conflicts.","description_kind":"plain","required":true}},"description":"A Yum Repository.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the zypper config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.","description_kind":"plain","required":true}},"description":"A Zypper Repository.","description_kind":"plain"},"max_items":1}},"description":"Package repository resource","description_kind":"plain"},"max_items":1}},"description":"List of resources configured for this resource group. The resources are executed in the exact order specified here.","description_kind":"plain"},"min_items":1}},"description":"List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored.\nIf none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag 'allow_no_resource_group_match'","description_kind":"plain"},"min_items":1}},"description":"List of OS policies to be applied to the VMs.","description_kind":"plain"},"min_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"min_wait_duration":{"type":"string","description":"This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the 'disruption_budget' at least until this duration of time has passed after configuration changes are applied.","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_patch_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the patch deployment was created. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the patch deployment. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Duration of the patch. After the duration ends, the patch times out.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_execute_time":{"type":"string","description":"The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the patch deployment resource in a project.\nThe patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.","description_kind":"plain","computed":true},"patch_deployment_id":{"type":"string","description":"A name for the patch deployment in the project. When creating a name the following rules apply:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the project.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Time the patch deployment was last updated. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VM instances in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true},"instance_name_prefixes":{"type":["list","string"],"description":"Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group\nVMs when targeting configs, for example prefix=\"prod-\".","description_kind":"plain","optional":true},"instances":{"type":["list","string"],"description":"Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',\n'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or\n'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'","description_kind":"plain","optional":true},"zones":{"type":["list","string"],"description":"Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone.","description_kind":"plain","optional":true}},"block_types":{"group_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Compute Engine instance labels that must be present for a VM instance to be targeted by this filter","description_kind":"plain","required":true}},"description":"Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances.","description_kind":"plain"}}},"description":"VM instances to patch.","description_kind":"plain"},"min_items":1,"max_items":1},"one_time_schedule":{"nesting_mode":"list","block":{"attributes":{"execute_time":{"type":"string","description":"The desired patch job execution time. A timestamp in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"Schedule a one-time execution.","description_kind":"plain"},"max_items":1},"patch_config":{"nesting_mode":"list","block":{"attributes":{"mig_instances_allowed":{"type":"bool","description":"Allows the patch job to run on Managed instance groups (MIGs).","description_kind":"plain","optional":true},"reboot_config":{"type":"string","description":"Post-patch reboot settings. Possible values: [\"DEFAULT\", \"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"type":{"type":"string","description":"By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. Possible values: [\"DIST\", \"UPGRADE\"]","description_kind":"plain","optional":true}},"description":"Apt update settings. Use this setting to override the default apt patch rules.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain","required":true}},"description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain"},"max_items":1},"post_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run after the patch update.","description_kind":"plain"},"max_items":1},"pre_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run before the patch update.","description_kind":"plain"},"max_items":1},"windows_update":{"nesting_mode":"list","block":{"attributes":{"classifications":{"type":["list","string"],"description":"Only apply updates of these windows update classifications. If empty, all updates are applied. Possible values: [\"CRITICAL\", \"SECURITY\", \"DEFINITION\", \"DRIVER\", \"FEATURE_PACK\", \"SERVICE_PACK\", \"TOOL\", \"UPDATE_ROLLUP\", \"UPDATE\"]","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of KBs to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of kbs to be updated. These are the only patches that will be updated.\nThis field must not be used with other patch configurations.","description_kind":"plain","optional":true}},"description":"Windows update settings. Use this setting to override the default Windows patch rules.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"minimal":{"type":"bool","description":"Will cause patch to run yum update-minimal instead.","description_kind":"plain","optional":true},"security":{"type":"bool","description":"Adds the --security flag to yum update. Not supported on all platforms.","description_kind":"plain","optional":true}},"description":"Yum update settings. Use this setting to override the default yum patch rules.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"categories":{"type":["list","string"],"description":"Install only patches with these categories. Common categories include security, recommended, and feature.","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of packages to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.\nThis field must not be used with any other patch configuration fields.","description_kind":"plain","optional":true},"severities":{"type":["list","string"],"description":"Install only patches with these severities. Common severities include critical, important, moderate, and low.","description_kind":"plain","optional":true},"with_optional":{"type":"bool","description":"Adds the --with-optional flag to zypper patch.","description_kind":"plain","optional":true},"with_update":{"type":"bool","description":"Adds the --with-update flag, to zypper patch.","description_kind":"plain","optional":true}},"description":"zypper update settings. Use this setting to override the default zypper patch rules.","description_kind":"plain"},"max_items":1}},"description":"Patch configuration that is applied.","description_kind":"plain"},"max_items":1},"recurring_schedule":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The end time at which a recurring patch deployment schedule is no longer active.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_execute_time":{"type":"string","description":"The time the last patch job ran successfully.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"next_execute_time":{"type":"string","description":"The time the next patch job is scheduled to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"start_time":{"type":"string","description":"The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"monthly":{"nesting_mode":"list","block":{"attributes":{"month_day":{"type":"number","description":"One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.\nMonths without the target day will be skipped. For example, a schedule to run \"every month on the 31st\"\nwill not run in February, April, June, etc.","description_kind":"plain","optional":true}},"block_types":{"week_day_of_month":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"A day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"day_offset":{"type":"number","description":"Represents the number of days before or after the given week day of month that the patch deployment is scheduled for.","description_kind":"plain","optional":true},"week_ordinal":{"type":"number","description":"Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month.","description_kind":"plain","required":true}},"description":"Week day in a month.","description_kind":"plain"},"max_items":1}},"description":"Schedule with monthly executions.","description_kind":"plain"},"max_items":1},"time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Time of the day to run a recurring deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"time_zone":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\".","description_kind":"plain","required":true},"version":{"type":"string","description":"IANA Time Zone Database version number, e.g. \"2019a\".","description_kind":"plain","optional":true}},"description":"Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are\ndetermined by the chosen time zone.","description_kind":"plain"},"min_items":1,"max_items":1},"weekly":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\". Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"description":"Schedule with weekly executions.","description_kind":"plain"},"max_items":1}},"description":"Schedule recurring executions.","description_kind":"plain"},"max_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode of the patch rollout. Possible values: [\"ZONE_BY_ZONE\", \"CONCURRENT_ZONES\"]","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.\nDuring patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.\nA VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.\nFor zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.\nFor example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout strategy of the patch job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_login_ssh_public_key":{"version":0,"block":{"attributes":{"expiration_time_usec":{"type":"string","description":"An expiration time in microseconds since epoch.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The SHA-256 fingerprint of the SSH public key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Public key text in SSH format, defined by RFC4253 section 6.6.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project ID of the Google Cloud Platform project.","description_kind":"plain","optional":true},"user":{"type":"string","description":"The user email.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_parallelstore_instance":{"version":0,"block":{"attributes":{"access_points":{"type":["list","string"],"description":"Output only. List of access_points.\nContains a list of IPv4 addresses used for client side configuration.","description_kind":"plain","computed":true},"capacity_gib":{"type":"string","description":"Required. Immutable. Storage capacity of Parallelstore instance in Gibibytes (GiB).","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the instance was created.","description_kind":"plain","computed":true},"daos_version":{"type":"string","description":"The version of DAOS software running in the instance.","description_kind":"plain","computed":true},"deployment_type":{"type":"string","description":"Parallelstore Instance deployment type.\n Possible values:\n DEPLOYMENT_TYPE_UNSPECIFIED\n SCRATCH\n PERSISTENT","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the instance. 2048 characters or less.","description_kind":"plain","optional":true},"directory_stripe_level":{"type":"string","description":"Stripe level for directories.\nMIN when directory has a small number of files.\nMAX when directory has a large number of files.\n Possible values:\n DIRECTORY_STRIPE_LEVEL_UNSPECIFIED\n DIRECTORY_STRIPE_LEVEL_MIN\n DIRECTORY_STRIPE_LEVEL_BALANCED\n DIRECTORY_STRIPE_LEVEL_MAX","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_reserved_ip_range":{"type":"string","description":"Immutable. Contains the id of the allocated IP address\nrange associated with the private service access connection for example, \\\"test-default\\\"\nassociated with IP range 10.0.0.0/29. This field is populated by the service\nand contains the value currently used by the service.","description_kind":"plain","computed":true},"file_stripe_level":{"type":"string","description":"Stripe level for files.\nMIN better suited for small size files.\nMAX higher throughput performance for larger files.\n Possible values:\n FILE_STRIPE_LEVEL_UNSPECIFIED\n FILE_STRIPE_LEVEL_MIN\n FILE_STRIPE_LEVEL_BALANCED\n FILE_STRIPE_LEVEL_MAX","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The logical name of the Parallelstore instance in the user project with the following restrictions:\n * Must contain only lowercase letters, numbers, and hyphens.\n * Must start with a letter.\n * Must be between 1-63 characters.\n * Must end with a number or a letter.\n * Must be unique within the customer project/ location","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Cloud Labels are a flexible and lightweight mechanism for\norganizing cloud resources into groups that reflect a customer's organizational\nneeds and deployment strategies. Cloud Labels can be used to filter collections\nof resources. They can be used to control how resource metrics are aggregated.\nAnd they can be used as arguments to policy management rules (e.g. route, firewall,\nload balancing, etc.).\n\n* Label keys must be between 1 and 63 characters long and must conform to\n the following regular expression: 'a-z{0,62}'.\n* Label values must be between 0 and 63 characters long and must conform\n to the regular expression '[a-z0-9_-]{0,63}'.\n* No more than 64 labels can be associated with a given resource.\n\nSee https://goo.gl/xmQnxf for more information on and examples of labels.\n\nIf you plan to use labels in your own code, please note that additional\ncharacters may be allowed in the future. Therefore, you are advised to use\nan internal label representation, such as JSON, which doesn't rely upon\nspecific characters being disallowed. For example, representing labels\nas the string: 'name + \"_\" + value' would prove problematic if we were to\nallow '\"_\"' in a future release. \"\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of the instance, in the format\n'projects/{project}/locations/{location}/instances/{instance_id}'","description_kind":"plain","computed":true},"network":{"type":"string","description":"Immutable. The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc)\nto which the instance is connected.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"Immutable. Contains the id of the allocated IP address range\nassociated with the private service access connection for example, \\\"test-default\\\"\nassociated with IP range 10.0.0.0/29. If no range id is provided all ranges will\nbe considered.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The instance state.\n Possible values:\n STATE_UNSPECIFIED\n CREATING\n ACTIVE\n DELETING\n FAILED\n UPGRADING","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the instance was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CaPool. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this CaPool.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The Tier of this CaPool. Possible values: [\"ENTERPRISE\", \"DEVOPS\"]","description_kind":"plain","required":true}},"block_types":{"issuance_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_lifetime":{"type":"string","description":"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority\nexpires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true}},"block_types":{"allowed_issuance_modes":{"nesting_mode":"list","block":{"attributes":{"allow_config_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CertificateConfig.","description_kind":"plain","required":true},"allow_csr_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CSR.","description_kind":"plain","required":true}},"description":"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.","description_kind":"plain"},"max_items":1},"allowed_key_types":{"nesting_mode":"list","block":{"block_types":{"elliptic_curve":{"nesting_mode":"list","block":{"attributes":{"signature_algorithm":{"type":"string","description":"The algorithm used. Possible values: [\"ECDSA_P256\", \"ECDSA_P384\", \"EDDSA_25519\"]","description_kind":"plain","required":true}},"description":"Represents an allowed Elliptic Curve key type.","description_kind":"plain"},"max_items":1},"rsa":{"nesting_mode":"list","block":{"attributes":{"max_modulus_size":{"type":"string","description":"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice will not enforce an explicit upper bound on RSA modulus sizes.","description_kind":"plain","optional":true},"min_modulus_size":{"type":"string","description":"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice-level min RSA modulus size will continue to apply.","description_kind":"plain","optional":true}},"description":"Describes an RSA key that may be used in a Certificate issued from a CaPool.","description_kind":"plain"},"max_items":1}},"description":"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here.\nOtherwise, any key may be used.","description_kind":"plain"}},"baseline_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request\nincludes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate\nrequest uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate\nissuance request will fail.","description_kind":"plain"},"max_items":1},"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate.\nOtherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"If this is set, the Subject field may be copied from a certificate request into the signed certificate.\nOtherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a\ncertificate is signed. To see the full allowed syntax and some examples,\nsee https://cloud.google.com/certificate-authority-service/docs/cel-guide","description_kind":"plain"},"max_items":1}},"description":"Describes constraints on identities that may appear in Certificates issued through this CaPool.\nIf this is omitted, then this CaPool will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1}},"description":"The IssuancePolicy to control how Certificates will be issued from this CaPool.","description_kind":"plain"},"max_items":1},"publishing_options":{"nesting_mode":"list","block":{"attributes":{"encoding_format":{"type":"string","description":"Specifies the encoding format of each CertificateAuthority's CA\ncertificate and CRLs. If this is omitted, CA certificates and CRLs\nwill be published in PEM. Possible values: [\"PEM\", \"DER\"]","description_kind":"plain","optional":true},"publish_ca_cert":{"type":"bool","description":"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\"\nX.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding\nX.509 extension will not be written in issued certificates.","description_kind":"plain","required":true},"publish_crl":{"type":"bool","description":"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension\nin all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not\nbe written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are\nalso rebuilt shortly after a certificate is revoked.","description_kind":"plain","required":true}},"description":"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_binding":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_member":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate":{"version":0,"block":{"attributes":{"certificate_authority":{"type":"string","description":"The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from\na Certificate Authority with resource name 'projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca',\nargument 'pool' should be set to 'projects/my-project/locations/us-central1/caPools/my-pool', argument 'certificate_authority'\nshould be set to 'my-ca'.","description_kind":"plain","optional":true},"certificate_description":{"type":["list",["object",{"aia_issuing_certificate_urls":["list","string"],"authority_key_id":["list",["object",{"key_id":"string"}]],"cert_fingerprint":["list",["object",{"sha256_hash":"string"}]],"crl_distribution_points":["list","string"],"public_key":["list",["object",{"format":"string","key":"string"}]],"subject_description":["list",["object",{"hex_serial_number":"string","lifetime":"string","not_after_time":"string","not_before_time":"string","subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"custom_sans":["list",["object",{"critical":"bool","obect_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_description":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.","description_kind":"plain","computed":true},"certificate_template":{"type":"string","description":"The resource name for a CertificateTemplate used to issue this certificate,\nin the format 'projects/*/locations/*/certificateTemplates/*'. If this is specified,\nthe caller must have the necessary permission to use this template. If this is\nomitted, no template will be used. This template must be in the same location\nas the Certificate.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_certificate_authority":{"type":"string","description":"The resource name of the issuing CertificateAuthority in the format 'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Certificate. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this Certificate.","description_kind":"plain","required":true},"pem_certificate":{"type":"string","description":"Output only. The pem-encoded, signed X.509 certificate.","description_kind":"plain","computed":true},"pem_certificate_chain":{"type":["list","string"],"description":"The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description":"Immutable. A pem-encoded X.509 certificate signing request (CSR).","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"revocation_details":{"type":["list",["object",{"revocation_state":"string","revocation_time":"string"}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is\nconsidered revoked if and only if this field is present.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateAuthority was updated.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"format":{"type":"string","description":"The format of the public key. Currently, only PEM format is supported. Possible values: [\"KEY_TYPE_UNSPECIFIED\", \"PEM\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.","description_kind":"plain","optional":true}},"description":"A PublicKey describes a public key.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_key_id":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The value of the KeyId in lowercase hexadecimal.","description_kind":"plain","optional":true}},"description":"When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..","description_kind":"plain"},"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the CertificateAuthority.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the CertificateAuthority will fail.\nWhen the field is set to false, deleting the CertificateAuthority is allowed.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.\nPossible values: ENABLED, DISABLED, STAGED.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","optional":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_key_id":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The value of the KeyId in lowercase hexadecimal.","description_kind":"plain","optional":true}},"description":"When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..","description_kind":"plain"},"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","required":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0\nrequires setting 'zero_max_issuer_path_length = true'.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nIf both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"key_spec":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use for creating a managed Cloud KMS key for a for a simplified\nexperience. All managed keys will be have their ProtectionLevel as HSM. Possible values: [\"SIGN_HASH_ALGORITHM_UNSPECIFIED\", \"RSA_PSS_2048_SHA256\", \"RSA_PSS_3072_SHA256\", \"RSA_PSS_4096_SHA256\", \"RSA_PKCS1_2048_SHA256\", \"RSA_PKCS1_3072_SHA256\", \"RSA_PKCS1_4096_SHA256\", \"EC_P256_SHA256\", \"EC_P384_SHA384\"]","description_kind":"plain","optional":true},"cloud_kms_key_version":{"type":"string","description":"The resource name for an existing Cloud KMS CryptoKeyVersion in the format\n'projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*'.","description_kind":"plain","optional":true}},"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"subordinate_config":{"nesting_mode":"list","block":{"attributes":{"certificate_authority":{"type":"string","description":"This can refer to a CertificateAuthority that was used to create a\nsubordinate CertificateAuthority. This field is used for information\nand usability purposes only. The resource name is in the format\n'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","optional":true}},"block_types":{"pem_issuer_chain":{"nesting_mode":"list","block":{"attributes":{"pem_certificates":{"type":["list","string"],"description":"Expected to be in leaf-to-root order according to RFC 5246.","description_kind":"plain","optional":true}},"description":"Contains the PEM certificate chain for the issuers of this CertificateAuthority,\nbut not pem certificate for this CA itself.","description_kind":"plain"},"max_items":1}},"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human-readable description of scenarios this template is intended for.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels with user-defined metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"maximum_lifetime":{"type":"string","description":"Optional. The maximum lifetime allowed for all issued certificates that use this template. If the issuing CaPool's IssuancePolicy specifies a maximum lifetime the minimum of the two durations will be the maximum lifetime for issued. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateTemplate in the format 'projects/*/locations/*/certificateTemplates/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was updated.","description_kind":"plain","computed":true}},"block_types":{"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel","description_kind":"plain"},"max_items":1}},"description":"Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1},"passthrough_extensions":{"nesting_mode":"list","block":{"attributes":{"known_extensions":{"type":["list","string"],"description":"Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.","description_kind":"plain"}}},"description":"Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.","description_kind":"plain"},"max_items":1},"predefined_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value of this X.509 extension.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Required. The OID for this X.509 extension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Describes custom X.509 extensions.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Detailed scenarios in which a key may be used.","description_kind":"plain"},"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","description_kind":"plain"}}},"description":"Optional. Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_binding":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_member":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privileged_access_manager_entitlement":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"entitlement_id":{"type":"string","description":"The ID to use for this Entitlement. This will become the last part of the resource name.\nThis value should be 4-63 characters, and valid characters are \"[a-z]\", \"[0-9]\", and \"-\". The first character should be from [a-z].\nThis value should be unique among all other Entitlements under the specified 'parent'.","description_kind":"plain","required":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The region of the Entitlement resource.","description_kind":"plain","required":true},"max_request_duration":{"type":"string","description":"The maximum amount of time for which access would be granted for a request.\nA requester can choose to ask for access for less than this duration but never more.\nFormat: calculate the time in seconds and concatenate it with 's' i.e. 2 hours = \"7200s\", 45 minutes = \"2700s\"","description_kind":"plain","required":true},"name":{"type":"string","description":"Output Only. The entitlement's name follows a hierarchical structure, comprising the organization, folder, or project, alongside the region and a unique entitlement ID.\nFormats: organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}, folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}, and projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Format: projects/{project-id|project-number} or organizations/{organization-number} or folders/{folder-number}","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the Entitlement.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"additional_notification_targets":{"nesting_mode":"list","block":{"attributes":{"admin_email_recipients":{"type":["set","string"],"description":"Optional. Additional email addresses to be notified when a principal(requester) is granted access.","description_kind":"plain","optional":true},"requester_email_recipients":{"type":["set","string"],"description":"Optional. Additional email address to be notified about an eligible entitlement.","description_kind":"plain","optional":true}},"description":"AdditionalNotificationTargets includes email addresses to be notified.","description_kind":"plain"},"max_items":1},"approval_workflow":{"nesting_mode":"list","block":{"block_types":{"manual_approvals":{"nesting_mode":"list","block":{"attributes":{"require_approver_justification":{"type":"bool","description":"Optional. Do the approvers need to provide a justification for their actions?","description_kind":"plain","optional":true}},"block_types":{"steps":{"nesting_mode":"list","block":{"attributes":{"approvals_needed":{"type":"number","description":"How many users from the above list need to approve.\nIf there are not enough distinct users in the list above then the workflow\nwill indefinitely block. Should always be greater than 0. Currently 1 is the only\nsupported value.","description_kind":"plain","optional":true},"approver_email_recipients":{"type":["set","string"],"description":"Optional. Additional email addresses to be notified when a grant is pending approval.","description_kind":"plain","optional":true}},"block_types":{"approvers":{"nesting_mode":"list","block":{"attributes":{"principals":{"type":["set","string"],"description":"Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1","description_kind":"plain","required":true}},"description":"The potential set of approvers in this step. This list should contain at only one entry.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"List of approval steps in this workflow. These steps would be followed in the specified order sequentially. 1 step is supported for now.","description_kind":"plain"},"min_items":1}},"description":"A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for an Grant.\nThe workflow can consist of multiple serial steps where each step defines who can act as Approver in that step and how many of those users should approve before the workflow moves to the next step.\nThis can be used to create approval workflows such as\n* Require an approval from any user in a group G.\n* Require an approval from any k number of users from a Group G.\n* Require an approval from any user in a group G and then from a user U. etc.\nA single user might be part of 'approvers' ACL for multiple steps in this workflow but they can only approve once and that approval will only be considered to satisfy the approval step at which it was granted.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The approvals needed before access will be granted to a requester.\nNo approvals will be needed if this field is null. Different types of approval workflows that can be used to gate privileged access granting.","description_kind":"plain"},"max_items":1},"eligible_users":{"nesting_mode":"list","block":{"attributes":{"principals":{"type":["set","string"],"description":"Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at \"https://cloud.google.com/iam/docs/principal-identifiers#v1\"","description_kind":"plain","required":true}},"description":"Who can create Grants using Entitlement. This list should contain at most one entry","description_kind":"plain"},"min_items":1},"privileged_access":{"nesting_mode":"list","block":{"block_types":{"gcp_iam_access":{"nesting_mode":"list","block":{"attributes":{"resource":{"type":"string","description":"Name of the resource.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of this resource.","description_kind":"plain","required":true}},"block_types":{"role_bindings":{"nesting_mode":"list","block":{"attributes":{"condition_expression":{"type":"string","description":"The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement would be able to access the resource only if this condition evaluates to true for their request.\nhttps://cloud.google.com/iam/docs/conditions-overview#attributes.","description_kind":"plain","optional":true},"role":{"type":"string","description":"IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview.","description_kind":"plain","required":true}},"description":"Role bindings to be created on successful grant.","description_kind":"plain"},"min_items":1}},"description":"GcpIamAccess represents IAM based access control on a GCP resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Privileged access that this service can be used to gate.","description_kind":"plain"},"min_items":1,"max_items":1},"requester_justification_config":{"nesting_mode":"list","block":{"block_types":{"not_mandatory":{"nesting_mode":"list","block":{"description":"The justification is not mandatory but can be provided in any of the supported formats.","description_kind":"plain"},"max_items":1},"unstructured":{"nesting_mode":"list","block":{"description":"The requester has to provide a justification in the form of free flowing text.","description_kind":"plain"},"max_items":1}},"description":"Defines the ways in which a requester should provide the justification while requesting for access.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","optional":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","optional":true},"deletion_policy":{"type":"string","description":"The deletion policy for the Project. Setting PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"PREVENT\", \"ABANDON\", \"DELETE\"","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","required":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"(ReadOnly) The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Project has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"projects/{project_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project id.","description_kind":"plain","deprecated":true,"optional":true},"project_id":{"type":"string","description":"ID of the project of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_default_service_accounts":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE, DELETE, DISABLE.\n\t\t\t\tNote that DEPRIVILEGE action will ignore the REVERT configuration in the restore_policy.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID where service accounts are created.","description_kind":"plain","required":true},"restore_policy":{"type":"string","description":"The action to be performed in the default service accounts on the resource destroy.\n\t\t\t\tValid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.","description_kind":"plain","optional":true},"service_accounts":{"type":["map","string"],"description":"The Service Accounts changed by this resource. It is used for revert the action on the destroy.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_project_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format projects/{{project}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"role_id":{"type":"string","description":"The camel case role id to use for this role. Cannot contain - characters.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_member_remove":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The IAM principal that should not have the target role.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project id of the target project.","description_kind":"plain","required":true},"role":{"type":"string","description":"The target role that should be removed.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","optional":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_usage_export_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to store reports in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description":"A prefix for the reports, for instance, the project name.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project to set the export bucket on. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_public_ca_external_account_key":{"version":0,"block":{"attributes":{"b64_mac_key":{"type":"string","description":"Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService\nwhen the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"location":{"type":"string","description":"Location for the externalAccountKey. Currently only 'global' is supported.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name. projects/{project}/locations/{location}/externalAccountKeys/{keyId}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the reservation.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite reservation.","description_kind":"plain","optional":true},"throughput_capacity":{"type":"number","description":"The reserved throughput capacity. Every unit of throughput capacity is\nequivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed\nmessages.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_subscription":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","required":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"delivery_config":{"nesting_mode":"list","block":{"attributes":{"delivery_requirement":{"type":"string","description":"When this subscription should send messages to subscribers relative to messages persistence in storage. Possible values: [\"DELIVER_IMMEDIATELY\", \"DELIVER_AFTER_STORED\", \"DELIVERY_REQUIREMENT_UNSPECIFIED\"]","description_kind":"plain","required":true}},"description":"The settings for this subscription's message delivery.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"partition_config":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of partitions in the topic. Must be at least 1.","description_kind":"plain","required":true}},"block_types":{"capacity":{"nesting_mode":"list","block":{"attributes":{"publish_mib_per_sec":{"type":"number","description":"Subscribe throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true},"subscribe_mib_per_sec":{"type":"number","description":"Publish throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true}},"description":"The capacity configuration.","description_kind":"plain"},"max_items":1}},"description":"The settings for this topic's partitions.","description_kind":"plain"},"max_items":1},"reservation_config":{"nesting_mode":"list","block":{"attributes":{"throughput_reservation":{"type":"string","description":"The Reservation to use for this topic's throughput capacity.","description_kind":"plain","optional":true}},"description":"The settings for this topic's Reservation usage.","description_kind":"plain"},"max_items":1},"retention_config":{"nesting_mode":"list","block":{"attributes":{"per_partition_bytes":{"type":"string","description":"The provisioned storage, in bytes, per partition. If the number of bytes stored\nin any of the topic's partitions grows beyond this value, older messages will be\ndropped to make room for newer ones, regardless of the value of period.","description_kind":"plain","required":true},"period":{"type":"string","description":"How long a published message is retained. If unset, messages will be retained as\nlong as the bytes retained for each partition is below perPartitionBytes. A\nduration in seconds with up to nine fractional digits, terminated by 's'.\nExample: \"3.5s\".","description_kind":"plain","optional":true}},"description":"The settings for a topic's message retention.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema":{"version":0,"block":{"attributes":{"definition":{"type":"string","description":"The definition of the schema.\nThis should contain a string representing the full definition of the schema\nthat is a valid schema definition of the type specified in type. Changes\nto the definition commit new [schema revisions](https://cloud.google.com/pubsub/docs/commit-schema-revision).\nA schema can only have up to 20 revisions, so updates that fail with an\nerror indicating that the limit has been reached require manually\n[deleting old revisions](https://cloud.google.com/pubsub/docs/delete-schema-revision).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID to use for the schema, which will become the final component of the schema's resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the schema definition Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"PROTOCOL_BUFFER\", \"AVRO\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","optional":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 31 days ('\"2678400s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","required":true}},"block_types":{"bigquery_config":{"nesting_mode":"list","block":{"attributes":{"drop_unknown_fields":{"type":"bool","description":"When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that\nare not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync\nand any messages with extra fields are not written and remain in the subscription's backlog.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The service account to use to write to BigQuery. If not specified, the Pub/Sub\n[service agent](https://cloud.google.com/iam/docs/service-agents),\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com, is used.","description_kind":"plain","optional":true},"table":{"type":"string","description":"The name of the table to which to write data, of the form {projectId}.{datasetId}.{tableId}","description_kind":"plain","required":true},"use_table_schema":{"type":"bool","description":"When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages\nmust be published in JSON format. Only one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"use_topic_schema":{"type":"bool","description":"When true, use the topic's schema as the columns to write to in BigQuery, if it exists.\nOnly one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table.\nThe subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.","description_kind":"plain","optional":true}},"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"cloud_storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like \"gs://\".","description_kind":"plain","required":true},"filename_datetime_format":{"type":"string","description":"User-provided format string specifying how to represent datetimes in Cloud Storage filenames.","description_kind":"plain","optional":true},"filename_prefix":{"type":"string","description":"User-provided prefix for Cloud Storage filename.","description_kind":"plain","optional":true},"filename_suffix":{"type":"string","description":"User-provided suffix for Cloud Storage filename. Must not end in \"/\".","description_kind":"plain","optional":true},"max_bytes":{"type":"number","description":"The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB.\nThe maxBytes limit may be exceeded in cases where messages are larger than the limit.","description_kind":"plain","optional":true},"max_duration":{"type":"string","description":"The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes.\nMay not exceed the subscription's acknowledgement deadline.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"max_messages":{"type":"number","description":"The maximum messages that can be written to a Cloud Storage file before a new file is created. Min 1000 messages.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The service account to use to write to Cloud Storage. If not specified, the Pub/Sub\n[service agent](https://cloud.google.com/iam/docs/service-agents),\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com, is used.","description_kind":"plain","optional":true},"state":{"type":"string","description":"An output-only field that indicates whether or not the subscription can receive messages.","description_kind":"plain","computed":true}},"block_types":{"avro_config":{"nesting_mode":"list","block":{"attributes":{"use_topic_schema":{"type":"bool","description":"When true, the output Cloud Storage file will be serialized using the topic schema, if it exists.","description_kind":"plain","optional":true},"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey as additional fields in the output.","description_kind":"plain","optional":true}},"description":"If set, message data will be written to Cloud Storage in Avro format.","description_kind":"plain"},"max_items":1}},"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"dead_letter_policy":{"nesting_mode":"list","block":{"attributes":{"dead_letter_topic":{"type":"string","description":"The name of the topic to which dead letter messages should be published.\nFormat is 'projects/{project}/topics/{topic}'.\n\nThe Cloud Pub/Sub service account associated with the enclosing subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Publish() to this topic.\n\nThe operation will fail if the topic does not exist.\nUsers should ensure that there is a subscription attached to this topic\nsince messages published to a topic with no subscriptions are lost.","description_kind":"plain","optional":true},"max_delivery_attempts":{"type":"number","description":"The maximum number of delivery attempts for any message. The value must be\nbetween 5 and 100.\n\nThe number of delivery attempts is defined as 1 + (the sum of number of\nNACKs and number of times the acknowledgement deadline has been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline with a 0 deadline. Note that\nclient libraries may automatically extend ack_deadlines.\n\nThis field will be honored on a best effort basis.\n\nIf this parameter is 0, a default value of 5 is used.","description_kind":"plain","optional":true}},"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain"},"max_items":1},"expiration_policy":{"nesting_mode":"list","block":{"attributes":{"ttl":{"type":"string","description":"Specifies the \"time-to-live\" duration for an associated resource. The\nresource expires if it is not active for a period of ttl.\nIf ttl is set to \"\", the associated resource never expires.\nA duration in seconds with up to nine fractional digits, terminated by 's'.\nExample - \"3.5s\".","description_kind":"plain","required":true}},"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain"},"max_items":1},"push_config":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Endpoint configuration attributes.\n\nEvery endpoint has a set of API supported attributes that can\nbe used to control different aspects of the message delivery.\n\nThe currently supported attribute is x-goog-version, which you\ncan use to change the format of the pushed message. This\nattribute indicates the version of the data expected by\nthe endpoint. This controls the shape of the pushed message\n(i.e., its fields and metadata). The endpoint version is\nbased on the version of the Pub/Sub API.\n\nIf not present during the subscriptions.create call,\nit will default to the version of the API used to make\nsuch call. If not present during a subscriptions.modifyPushConfig\ncall, its value will not be changed. subscriptions.get\ncalls will always return a valid version, even if the\nsubscription was created without this attribute.\n\nThe possible values for this attribute are:\n\n- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.\n- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.","description_kind":"plain","optional":true},"push_endpoint":{"type":"string","description":"A URL locating the endpoint to which messages should be pushed.\nFor example, a Webhook endpoint might use\n\"https://example.com/push\".","description_kind":"plain","required":true}},"block_types":{"no_wrapper":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, writes the Pub/Sub message metadata to\n'x-goog-pubsub-\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request. Writes the\nPub/Sub message attributes to '\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request.","description_kind":"plain","required":true}},"description":"When set, the payload to the push endpoint is not wrapped.Sets the\n'data' field as the HTTP body for delivery.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim\nidentifies the recipients that the JWT is intended for. The audience\nvalue is a single case-sensitive string. Having multiple values (array)\nfor the audience field is not supported. More info about the OIDC JWT\ntoken audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3\nNote: if not specified, the Push endpoint URL will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating the OIDC token.\nThe caller (for subscriptions.create, subscriptions.patch, and\nsubscriptions.modifyPushConfig RPCs) must have the\niam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, Pub/Sub will generate and attach an OIDC JWT token as\nan Authorization header in the HTTP request for every pushed message.","description_kind":"plain"},"max_items":1}},"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_backoff":{"type":"string","description":"The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"minimum_backoff":{"type":"string","description":"The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_subscription_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"ingestion_data_source_settings":{"nesting_mode":"list","block":{"block_types":{"aws_kinesis":{"nesting_mode":"list","block":{"attributes":{"aws_role_arn":{"type":"string","description":"AWS role ARN to be used for Federated Identity authentication with\nKinesis. Check the Pub/Sub docs for how to set up this role and the\nrequired permissions that need to be attached to it.","description_kind":"plain","required":true},"consumer_arn":{"type":"string","description":"The Kinesis consumer ARN to used for ingestion in\nEnhanced Fan-Out mode. The consumer must be already\ncreated and ready to be used.","description_kind":"plain","required":true},"gcp_service_account":{"type":"string","description":"The GCP service account to be used for Federated Identity authentication\nwith Kinesis (via a 'AssumeRoleWithWebIdentity' call for the provided\nrole). The 'awsRoleArn' must be set up with 'accounts.google.com:sub'\nequals to this service account number.","description_kind":"plain","required":true},"stream_arn":{"type":"string","description":"The Kinesis stream ARN to ingest data from.","description_kind":"plain","required":true}},"description":"Settings for ingestion from Amazon Kinesis Data Streams.","description_kind":"plain"},"max_items":1},"cloud_storage":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Cloud Storage bucket. The bucket name must be without any\nprefix like \"gs://\". See the bucket naming requirements:\nhttps://cloud.google.com/storage/docs/buckets#naming.","description_kind":"plain","required":true},"match_glob":{"type":"string","description":"Glob pattern used to match objects that will be ingested. If unset, all\nobjects will be ingested. See the supported patterns:\nhttps://cloud.google.com/storage/docs/json_api/v1/objects/list#list-objects-and-prefixes-using-glob","description_kind":"plain","optional":true},"minimum_object_create_time":{"type":"string","description":"The timestamp set in RFC3339 text format. If set, only objects with a\nlarger or equal timestamp will be ingested. Unset by default, meaning\nall objects will be ingested.","description_kind":"plain","optional":true}},"block_types":{"avro_format":{"nesting_mode":"list","block":{"description":"Configuration for reading Cloud Storage data in Avro binary format. The\nbytes of each object will be set to the 'data' field of a Pub/Sub message.","description_kind":"plain"},"max_items":1},"pubsub_avro_format":{"nesting_mode":"list","block":{"description":"Configuration for reading Cloud Storage data written via Cloud Storage\nsubscriptions(See https://cloud.google.com/pubsub/docs/cloudstorage). The\ndata and attributes fields of the originally exported Pub/Sub message\nwill be restored when publishing.","description_kind":"plain"},"max_items":1},"text_format":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"The delimiter to use when using the 'text' format. Each line of text as\nspecified by the delimiter will be set to the 'data' field of a Pub/Sub\nmessage. When unset, '\\n' is used.","description_kind":"plain","optional":true}},"description":"Configuration for reading Cloud Storage data in text format. Each line of\ntext as specified by the delimiter will be set to the 'data' field of a\nPub/Sub message.","description_kind":"plain"},"max_items":1}},"description":"Settings for ingestion from Cloud Storage.","description_kind":"plain"},"max_items":1},"platform_logs_settings":{"nesting_mode":"list","block":{"attributes":{"severity":{"type":"string","description":"The minimum severity level of Platform Logs that will be written. If unspecified,\nno Platform Logs will be written. Default value: \"SEVERITY_UNSPECIFIED\" Possible values: [\"SEVERITY_UNSPECIFIED\", \"DISABLED\", \"DEBUG\", \"INFO\", \"WARNING\", \"ERROR\"]","description_kind":"plain","optional":true}},"description":"Settings for Platform Logs regarding ingestion to Pub/Sub. If unset,\nno Platform Logs will be generated.'","description_kind":"plain"},"max_items":1}},"description":"Settings for ingestion from a data source into this topic.","description_kind":"plain"},"max_items":1},"message_storage_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_persistence_regions":{"type":["list","string"],"description":"A list of IDs of GCP regions where messages that are published to\nthe topic may be persisted in storage. Messages published by\npublishers running in non-allowed GCP regions (or running outside\nof GCP altogether) will be routed for storage in one of the\nallowed regions. An empty list means that no regions are allowed,\nand is not a valid configuration.","description_kind":"plain","required":true}},"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain"},"max_items":1},"schema_settings":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of messages validated against schema. Default value: \"ENCODING_UNSPECIFIED\" Possible values: [\"ENCODING_UNSPECIFIED\", \"JSON\", \"BINARY\"]","description_kind":"plain","optional":true},"schema":{"type":"string","description":"The name of the schema that messages published should be\nvalidated against. Format is projects/{project}/schemas/{schema}.\nThe value of this field will be _deleted-schema_\nif the schema has been deleted.","description_kind":"plain","required":true}},"description":"Settings for validating messages published against a schema.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_topic_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_recaptcha_enterprise_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp corresponding to the creation of this Key.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-readable display name of this key. Modifiable by user.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"See [Creating and managing labels](https://cloud.google.com/recaptcha-enterprise/docs/labels).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id for the Key, which is the same as the Site Key itself.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"android_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_package_names":{"type":"bool","description":"If set to true, it means allowed_package_names will not be enforced.","description_kind":"plain","optional":true},"allowed_package_names":{"type":["list","string"],"description":"Android package names of apps allowed to use the key. Example: 'com.companyname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by Android apps.","description_kind":"plain"},"max_items":1},"ios_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_bundle_ids":{"type":"bool","description":"If set to true, it means allowed_bundle_ids will not be enforced.","description_kind":"plain","optional":true},"allowed_bundle_ids":{"type":["list","string"],"description":"iOS bundle ids of apps allowed to use the key. Example: 'com.companyname.productname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by iOS apps.","description_kind":"plain"},"max_items":1},"testing_options":{"nesting_mode":"list","block":{"attributes":{"testing_challenge":{"type":"string","description":"For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE","description_kind":"plain","optional":true,"computed":true},"testing_score":{"type":"number","description":"All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.","description_kind":"plain","optional":true}},"description":"Options for user acceptance testing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"waf_settings":{"nesting_mode":"list","block":{"attributes":{"waf_feature":{"type":"string","description":"Supported WAF features. For more information, see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, EXPRESS","description_kind":"plain","required":true},"waf_service":{"type":"string","description":"The WAF service that uses this key. Possible values: CA, FASTLY","description_kind":"plain","required":true}},"description":"Settings specific to keys that can be used for WAF (Web Application Firewall).","description_kind":"plain"},"max_items":1},"web_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_domains":{"type":"bool","description":"If set to true, it means allowed_domains will not be enforced.","description_kind":"plain","optional":true},"allow_amp_traffic":{"type":"bool","description":"If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type.","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com'","description_kind":"plain","optional":true},"challenge_security_preference":{"type":"string","description":"Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY","description_kind":"plain","optional":true,"computed":true},"integration_type":{"type":"string","description":"Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE","description_kind":"plain","required":true}},"description":"Settings for keys that can be used by websites.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_cluster":{"version":0,"block":{"attributes":{"authorization_mode":{"type":"string","description":"Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. Default value: \"AUTH_MODE_DISABLED\" Possible values: [\"AUTH_MODE_UNSPECIFIED\", \"AUTH_MODE_IAM_AUTH\", \"AUTH_MODE_DISABLED\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp associated with the cluster creation request. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection_enabled":{"type":"bool","description":"Optional. Indicates if the cluster is deletion protected or not.\nIf the value if set to true, any delete cluster operation will fail.\nDefault value is true.","description_kind":"plain","optional":true},"discovery_endpoints":{"type":["list",["object",{"address":"string","port":"number","psc_config":["list",["object",{"network":"string"}]]}]],"description":"Output only. Endpoints created on each given network,\nfor Redis clients to connect to the cluster.\nCurrently only one endpoint is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name of the resource in this scope including project and location using the form:\nprojects/{projectId}/locations/{locationId}/clusters/{clusterId}","description_kind":"plain","optional":true,"computed":true},"node_type":{"type":"string","description":"The nodeType for the Redis cluster.\nIf not provided, REDIS_HIGHMEM_MEDIUM will be used as default Possible values: [\"REDIS_SHARED_CORE_NANO\", \"REDIS_HIGHMEM_MEDIUM\", \"REDIS_HIGHMEM_XLARGE\", \"REDIS_STANDARD_SMALL\"]","description_kind":"plain","optional":true,"computed":true},"precise_size_gb":{"type":"number","description":"Output only. Redis memory precise size in GB for the entire cluster.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"address":"string","forwarding_rule":"string","network":"string","project_id":"string","psc_connection_id":"string"}]],"description":"Output only. PSC connections for discovery of the cluster topology and accessing the cluster.","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Configure Redis Cluster behavior using a subset of native Redis configuration parameters.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/cluster/supported-instance-configurations","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the region of the Redis cluster.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes per shard.","description_kind":"plain","optional":true},"shard_count":{"type":"number","description":"Required. Number of shards for the Redis cluster.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Output only. Redis memory size in GB for the entire cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster. Can be CREATING, READY, UPDATING, DELETING and SUSPENDED","description_kind":"plain","computed":true},"state_info":{"type":["list",["object",{"update_info":["list",["object",{"target_replica_count":"number","target_shard_count":"number"}]]}]],"description":"Output only. Additional information about the current state of the cluster.","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"Optional. The in-transit encryption for the Redis cluster.\nIf not provided, encryption is disabled for the cluster. Default value: \"TRANSIT_ENCRYPTION_MODE_DISABLED\" Possible values: [\"TRANSIT_ENCRYPTION_MODE_UNSPECIFIED\", \"TRANSIT_ENCRYPTION_MODE_DISABLED\", \"TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System assigned, unique identifier for the cluster.","description_kind":"plain","computed":true}},"block_types":{"cross_cluster_replication_config":{"nesting_mode":"list","block":{"attributes":{"cluster_role":{"type":"string","description":"The role of the cluster in cross cluster replication. Supported values are:\n\n1. 'CLUSTER_ROLE_UNSPECIFIED': This is an independent cluster that has never participated in cross cluster replication. It allows both reads and writes.\n\n1. 'NONE': This is an independent cluster that previously participated in cross cluster replication(either as a 'PRIMARY' or 'SECONDARY' cluster). It allows both reads and writes.\n\n1. 'PRIMARY': This cluster serves as the replication source for secondary clusters that are replicating from it. Any data written to it is automatically replicated to its secondary clusters. It allows both reads and writes.\n\n1. 'SECONDARY': This cluster replicates data from the primary cluster. It allows only reads. Possible values: [\"CLUSTER_ROLE_UNSPECIFIED\", \"NONE\", \"PRIMARY\", \"SECONDARY\"]","description_kind":"plain","optional":true},"membership":{"type":["list",["object",{"primary_cluster":["list",["object",{"cluster":"string","uid":"string"}]],"secondary_clusters":["list",["object",{"cluster":"string","uid":"string"}]]}]],"description":"An output only view of all the member clusters participating in cross cluster replication. This field is populated for all the member clusters irrespective of their cluster role.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last time cross cluster replication config was updated.","description_kind":"plain","computed":true}},"block_types":{"primary_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The full resource path of the primary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}","description_kind":"plain","optional":true},"uid":{"type":"string","description":"The unique id of the primary cluster.","description_kind":"plain","computed":true}},"description":"Details of the primary cluster that is used as the replication source for this secondary cluster. This is allowed to be set only for clusters whose cluster role is of type 'SECONDARY'.","description_kind":"plain"},"max_items":1},"secondary_clusters":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The full resource path of the secondary cluster in the format: projects/{project}/locations/{region}/clusters/{cluster-id}","description_kind":"plain","optional":true},"uid":{"type":"string","description":"The unique id of the secondary cluster.","description_kind":"plain","computed":true}},"description":"List of secondary clusters that are replicating from this primary cluster. This is allowed to be set only for clusters whose cluster role is of type 'PRIMARY'.","description_kind":"plain"}}},"description":"Cross cluster replication config","description_kind":"plain"},"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.","description_kind":"plain"}}},"description":"Maintenance policy for a cluster","description_kind":"plain"},"max_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence (both backup and restore) is disabled for the cluster.\n- RDB: RDB based Persistence is enabled.\n- AOF: AOF based Persistence is enabled. Possible values: [\"PERSISTENCE_MODE_UNSPECIFIED\", \"DISABLED\", \"RDB\", \"AOF\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aof_config":{"nesting_mode":"list","block":{"attributes":{"append_fsync":{"type":"string","description":"Optional. Available fsync modes.\n\n- NO - Do not explicitly call fsync(). Rely on OS defaults.\n- EVERYSEC - Call fsync() once per second in a background thread. A balance between performance and durability.\n- ALWAYS - Call fsync() for earch write command. Possible values: [\"APPEND_FSYNC_UNSPECIFIED\", \"NO\", \"EVERYSEC\", \"ALWAYS\"]","description_kind":"plain","optional":true,"computed":true}},"description":"AOF configuration. This field will be ignored if mode is not AOF.","description_kind":"plain"},"max_items":1},"rdb_config":{"nesting_mode":"list","block":{"attributes":{"rdb_snapshot_period":{"type":"string","description":"Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"SNAPSHOT_PERIOD_UNSPECIFIED\", \"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]","description_kind":"plain","optional":true,"computed":true},"rdb_snapshot_start_time":{"type":"string","description":"The time that the first snapshot was/will be attempted, and to which\nfuture snapshots will be aligned.\nIf not provided, the current time will be used.","description_kind":"plain","optional":true,"computed":true}},"description":"RDB configuration. This field will be ignored if mode is not RDB.","description_kind":"plain"},"max_items":1}},"description":"Persistence config (RDB, AOF) for the cluster.","description_kind":"plain"},"max_items":1},"psc_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. The consumer network where the network address of\nthe discovery endpoint will be reserved, in the form of\nprojects/{network_project_id_or_number}/global/networks/{network_id}.","description_kind":"plain","required":true}},"description":"Required. Each PscConfig configures the consumer network where two\nnetwork addresses will be designated to the cluster for client access.\nCurrently, only one PscConfig is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"zone_distribution_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Immutable. The mode for zone distribution for Memorystore Redis cluster.\nIf not provided, MULTI_ZONE will be used as default Possible values: [\"MULTI_ZONE\", \"SINGLE_ZONE\"]","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Immutable. The zone for single zone Memorystore Redis cluster.","description_kind":"plain","optional":true}},"description":"Immutable. Zone distribution config for Memorystore Redis cluster.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","optional":true,"computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","optional":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true,"sensitive":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","optional":true,"computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","optional":true,"computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"The self service update maintenance version.","description_kind":"plain","optional":true,"computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","optional":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","optional":true,"computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","optional":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.","description_kind":"plain"}}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"persistence_mode":{"type":"string","description":"Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"]","description_kind":"plain","optional":true,"computed":true},"rdb_next_snapshot_time":{"type":"string","description":"Output only. The next time that a snapshot attempt is scheduled to occur.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up\nto nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"rdb_snapshot_period":{"type":"string","description":"Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]","description_kind":"plain","optional":true},"rdb_snapshot_start_time":{"type":"string","description":"Optional. Date and time that the first snapshot was/will be attempted,\nand to which future snapshots will be aligned. If not provided,\nthe current time will be used.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution\nand up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true,"computed":true}},"description":"Persistence configuration for an instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_resource_manager_lien":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time of creation","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A system-generated unique identifier for this Lien.","description_kind":"plain","computed":true},"origin":{"type":"string","description":"A stable, user-visible/meaningful string identifying the origin\nof the Lien, intended to be inspected programmatically. Maximum length of\n200 characters.","description_kind":"plain","required":true},"parent":{"type":"string","description":"A reference to the resource this Lien is attached to.\nThe server will validate the parent against those for which Liens are supported.\nSince a variety of objects can have Liens against them, you must provide the type\nprefix (e.g. \"projects/my-project-name\").","description_kind":"plain","required":true},"reason":{"type":"string","description":"Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.","description_kind":"plain","required":true},"restrictions":{"type":["list","string"],"description":"The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will validate\nthe permissions against those for which Liens are supported. An empty\nlist is meaningless and will be rejected.\ne.g. ['resourcemanager.projects.delete']","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_event_threat_detection_custom_module":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"Config for the module. For the resident module, its config value is defined at this level.\nFor the inherited module, its config value is inherited from the ancestor module.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The human readable name to be displayed for the module.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The state of enablement for the module at the given level of the hierarchy. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Event Threat Detection custom module.\nIts format is \"organizations/{organization}/eventThreatDetectionSettings/customModules/{module}\".","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"type":{"type":"string","description":"Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'folders/{{folder}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_scc_big_query_export":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the export (max of 1024 characters).","description_kind":"plain","required":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder where Cloud Security Command Center Big Query Export\nConfig lives in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'projects/{{project}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","computed":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_folder_security_health_analytics_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}\".\nThe id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","optional":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","optional":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_organization_event_threat_detection_custom_module":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"Config for the module. For the resident module, its config value is defined at this level.\nFor the inherited module, its config value is inherited from the ancestor module.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human readable name to be displayed for the module.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The state of enablement for the module at the given level of the hierarchy. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. Only global is supported at the moment.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Event Threat Detection custom module.\nIts format is \"organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{eventThreatDetectionCustomModule}\".","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"type":{"type":"string","description":"Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_organization_security_health_analytics_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}\".\nThe id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_management_project_security_health_analytics_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization,folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}\".\nThe id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/muteConfigs/{configId},\nfolders/{folder}/muteConfigs/{configId},\nor projects/{project}/muteConfigs/{configId}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Resource name of the new mute configs's parent. Its format is\n\"organizations/[organization_id]\", \"folders/[folder_id]\", or\n\"projects/[project_id]\".","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_organization_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_organization_scc_big_query_export":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \\\u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.\nThis field is set by the server and will be ignored if provided on export creation or update.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Big Query Export\nConfig lives in.","description_kind":"plain","required":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization,folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'projects/{{projectId}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_scc_big_query_export":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \\\u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.\nThis field is set by the server and will be ignored if provided on export creation or update.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'projects/{{project}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","computed":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_scc_v2_folder_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder whose Cloud Security Command Center the Mute\nConfig lives in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by folder. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor projects/{project}/locations/global/muteConfigs/{configId}","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the mute config.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_folder_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location ID of the parent organization. If not provided, 'global' will be used as the default location.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'folders/{{folder}}/locations/{{location}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_folder_scc_big_query_export":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization. It must consist of only lowercase letters,\nnumbers, and hyphens, must start with a letter, must end with either a letter or a number,\nand must be 63 characters or less.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The folder where Cloud Security Command Center Big Query Export\nConfig lives in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The BigQuery export configuration is stored in this location. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.\nThis field is set by the server and will be ignored if provided on export creation or update.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'folders/{{folder}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","computed":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor projects/{project}/locations/global/muteConfigs/{configId}","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Mute\nConfig lives in.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the mute config.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_scc_big_query_export":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.\nThis field is set by the server and will be ignored if provided on export creation or update.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Big Query Export\nConfig lives in.","description_kind":"plain","required":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_scc_big_query_exports":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.\nThis field is set by the server and will be ignored if provided on export creation or update.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'organizations/{{organization}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Big Query Export\nConfig lives in.","description_kind":"plain","required":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"google_scc_v2_organization_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_scc_v2_project_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by project. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\nprojects/{project}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor organizations/{organization}/locations/global/muteConfigs/{configId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the mute config.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_project_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location ID of the parent organization. Only global is supported at the moment.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_v2_project_scc_big_query_export":{"version":0,"block":{"attributes":{"big_query_export_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dataset":{"type":"string","description":"The dataset to write findings' updates to.\nIts format is \"projects/[projectId]/datasets/[bigquery_dataset_id]\".\nBigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_).","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of findings. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location Id is provided by organization. If not provided, Use global as default.","description_kind":"plain","optional":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the BigQuery export.\nThis field is set by the server and will be ignored if provided on export creation or update.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of this export, in the format\n'projects/{{project}}/locations/{{location}}/bigQueryExports/{{big_query_export_id}}'.\nThis field is provided in responses, and is ignored when provided in create requests.","description_kind":"plain","computed":true},"principal":{"type":"string","description":"The service account that needs permission to create table and upload data to the BigQuery dataset.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_regional_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the regional secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which the regional secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the regional secret is scheduled to expire. This is always provided on\noutput, regardless of what was sent on input. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\". Only one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this regional secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the regional secret. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the regional secret. Format:\n'projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the regional secret. A duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\". Only one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","optional":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires. It must be atleast 24h.","description_kind":"plain","optional":true}},"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.","description_kind":"plain","required":true}},"description":"The customer-managed encryption configuration of the regional secret.","description_kind":"plain"},"max_items":1},"rotation":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"The Duration between rotation notifications. Must be in seconds and at least 3600s (1h)\nand at most 3153600000s (100 years). If rotationPeriod is set, 'next_rotation_time' must\nbe set. 'next_rotation_time' will be advanced by this period when the service\nautomatically sends rotation notifications.","description_kind":"plain","optional":true}},"description":"The rotation time and period for a regional secret. At 'next_rotation_time', Secret Manager\nwill send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be\nset to configure rotation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"topics":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The resource name of the Pub/Sub topic that will be published to, in the following format:\nprojects/*/topics/*. For publication to succeed, the Secret Manager Service\nAgent service account must have pubsub.publisher permissions on the topic.","description_kind":"plain","required":true}},"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane\noperations are called on the regional secret or its versions.","description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_regional_secret_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_regional_secret_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_regional_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_regional_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the regional secret version was created.","description_kind":"plain","computed":true},"customer_managed_encryption":{"type":["list",["object",{"kms_key_version_name":"string"}]],"description":"The customer-managed encryption configuration of the regional secret.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the regional secret version. Setting 'ABANDON' allows the resource\nto be abandoned rather than deleted. Setting 'DISABLE' allows the resource to be\ndisabled rather than deleted. Default is 'DELETE'. Possible values are:\n * DELETE\n * DISABLE\n * ABANDON","description_kind":"plain","optional":true},"destroy_time":{"type":"string","description":"The time at which the regional secret version was destroyed. Only present if state is DESTROYED.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"The current state of the regional secret version.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description":"If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of Secret Manager regional secret resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the regional secret version. Format:\n'projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}}'","description_kind":"plain","computed":true},"secret":{"type":"string","description":"Secret Manager regional secret resource.","description_kind":"plain","required":true},"secret_data":{"type":"string","description":"The secret data. Must be no larger than 64KiB.","description_kind":"plain","required":true,"sensitive":true},"version":{"type":"string","description":"The version of the Regional Secret.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","optional":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires.","description_kind":"plain","optional":true}},"block_types":{"replication":{"nesting_mode":"list","block":{"block_types":{"auto":{"nesting_mode":"list","block":{"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.","description_kind":"plain","required":true}},"description":"The customer-managed encryption configuration of the Secret.\nIf no configuration is provided, Google-managed default\nencryption is used.","description_kind":"plain"},"max_items":1}},"description":"The Secret will automatically be replicated without any restrictions.","description_kind":"plain"},"max_items":1},"user_managed":{"nesting_mode":"list","block":{"block_types":{"replicas":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The canonical IDs of the location to replicate data. For example: \"us-east1\".","description_kind":"plain","required":true}},"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination secret.","description_kind":"plain","required":true}},"description":"Customer Managed Encryption for the secret.","description_kind":"plain"},"max_items":1}},"description":"The list of Replicas for this Secret. Cannot be empty.","description_kind":"plain"},"min_items":1}},"description":"The Secret will be replicated to the regions specified by the user.","description_kind":"plain"},"max_items":1}},"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain"},"min_items":1,"max_items":1},"rotation":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).\nIf rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.","description_kind":"plain","optional":true}},"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"topics":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*.\nFor publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.","description_kind":"plain","required":true}},"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the secret version. Setting 'ABANDON' allows the resource\nto be abandoned rather than deleted. Setting 'DISABLE' allows the resource to be\ndisabled rather than deleted. Default is 'DELETE'. Possible values are:\n * DELETE\n * DISABLE\n * ABANDON","description_kind":"plain","optional":true},"destroy_time":{"type":"string","description":"The time at which the Secret was destroyed. Only present if state is DESTROYED.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"The current state of the SecretVersion.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description":"If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the SecretVersion. Format:\n'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'","description_kind":"plain","computed":true},"secret":{"type":"string","description":"Secret Manager secret resource","description_kind":"plain","required":true},"secret_data":{"type":"string","description":"The secret data. Must be no larger than 64KiB.","description_kind":"plain","required":true,"sensitive":true},"version":{"type":"string","description":"The version of the Secret.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_branch_rule":{"version":0,"block":{"attributes":{"allow_stale_reviews":{"type":"bool","description":"Determines if allow stale reviews or approvals before merging to the branch.","description_kind":"plain","optional":true},"branch_rule_id":{"type":"string","description":"The ID for the BranchRule.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the BranchRule was created in UTC.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Determines if the branch rule is disabled or not.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_pattern":{"type":"string","description":"The BranchRule matches branches based on the specified regular expression. Use .* to match all branches.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the Repository.","description_kind":"plain","required":true},"minimum_approvals_count":{"type":"number","description":"The minimum number of approvals required for the branch rule to be matched.","description_kind":"plain","optional":true},"minimum_reviews_count":{"type":"number","description":"The minimum number of reviews required for the branch rule to be matched.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the BranchRule.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The ID for the Repository.","description_kind":"plain","required":true},"require_comments_resolved":{"type":"bool","description":"Determines if require comments resolved before merging to the branch.","description_kind":"plain","optional":true},"require_linear_history":{"type":"bool","description":"Determines if require linear history before merging to the branch.","description_kind":"plain","optional":true},"require_pull_request":{"type":"bool","description":"Determines if the branch rule requires a pull request or not.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Unique identifier of the BranchRule.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the BranchRule was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_config":{"type":["list",["object",{"api":"string","git_http":"string","git_ssh":"string","html":"string"}]],"description":"A list of hostnames for this instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The name for the Instance.","description_kind":"plain","required":true},"kms_key":{"type":"string","description":"Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the Instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the Instance.","description_kind":"plain","computed":true},"state_note":{"type":"string","description":"Provides information about the current instance state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"private_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"CA pool resource, resource must in the format of 'projects/{project}/locations/{location}/caPools/{ca_pool}'.","description_kind":"plain","required":true},"http_service_attachment":{"type":"string","description":"Service Attachment for HTTP, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true},"is_private":{"type":"bool","description":"'Indicate if it's private instance.'","description_kind":"plain","required":true},"ssh_service_attachment":{"type":"string","description":"Service Attachment for SSH, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true}},"description":"Private settings for private instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"workforce_identity_federation_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"'Whether Workforce Identity Federation is enabled.'","description_kind":"plain","required":true}},"description":"Configuration for Workforce Identity Federation to support third party identity provider.\nIf unset, defaults to the Google OIDC IdP.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secure_source_manager_repository":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the repository was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the repository, which cannot exceed 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the instance in which the repository is hosted.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the Repository.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Repository.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The ID for the Repository.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Unique identifier of the repository.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the repository was updated in UTC.","description_kind":"plain","computed":true},"uris":{"type":["list",["object",{"api":"string","git_https":"string","html":"string"}]],"description":"URIs for the repository.","description_kind":"plain","computed":true}},"block_types":{"initial_config":{"nesting_mode":"list","block":{"attributes":{"default_branch":{"type":"string","description":"Default branch name of the repository.","description_kind":"plain","optional":true},"gitignores":{"type":["list","string"],"description":"List of gitignore template names user can choose from.\nValid values can be viewed at https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.repositories#initialconfig.","description_kind":"plain","optional":true},"license":{"type":"string","description":"License template name user can choose from.\nValid values can be viewed at https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.repositories#initialconfig.","description_kind":"plain","optional":true},"readme":{"type":"string","description":"README template name.\nValid values can be viewed at https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.repositories#initialconfig.","description_kind":"plain","optional":true}},"description":"Initial configurations for the repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_securityposture_posture":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Posture was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the resource, eg: global.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Id of the posture. It is an immutable field.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Revision_id of the posture.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture. Update to state field should not be triggered along with\nwith other field updates. Possible values: [\"DEPRECATED\", \"DRAFT\", \"ACTIVE\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the Posture was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"policy_sets":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy set.","description_kind":"plain","optional":true},"policy_set_id":{"type":"string","description":"ID of the policy set.","description_kind":"plain","required":true}},"block_types":{"policies":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy.","description_kind":"plain","optional":true},"policy_id":{"type":"string","description":"ID of the policy.","description_kind":"plain","required":true}},"block_types":{"compliance_standards":{"nesting_mode":"list","block":{"attributes":{"control":{"type":"string","description":"Mapping of security controls for the policy.","description_kind":"plain","optional":true},"standard":{"type":"string","description":"Mapping of compliance standards for the policy.","description_kind":"plain","optional":true}},"description":"Mapping for policy to security standards and controls.","description_kind":"plain"}},"constraint":{"nesting_mode":"list","block":{"block_types":{"org_policy_constraint":{"nesting_mode":"list","block":{"attributes":{"canned_constraint_id":{"type":"string","description":"Organization policy canned constraint Id","description_kind":"plain","required":true}},"block_types":{"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy canned constraint definition.","description_kind":"plain"},"max_items":1},"org_policy_constraint_custom":{"nesting_mode":"list","block":{"block_types":{"custom_constraint":{"nesting_mode":"list","block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true}},"description":"Organization policy custom constraint definition.","description_kind":"plain"},"max_items":1},"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy custom constraint policy definition.","description_kind":"plain"},"max_items":1},"security_health_analytics_custom_module":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A server generated id of custom module.","description_kind":"plain","computed":true},"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to\nresolve the detected issue","description_kind":"plain","optional":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"SEVERITY_UNSPECIFIED\", \"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","required":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be\nspecified to return the value of the property or a text string enclosed\nin quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties. A set of optional name-value pairs that define custom source properties to\nreturn with each finding that is generated by the custom module. The custom\nsource properties that are defined here are included in the finding JSON\nunder 'sourceProperties'.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings.When the expression\nevaluates to true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom module details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Definition of Security Health Analytics Custom Module.","description_kind":"plain"},"max_items":1},"security_health_analytics_module":{"nesting_mode":"list","block":{"attributes":{"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"module_name":{"type":"string","description":"The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.","description_kind":"plain","required":true}},"description":"Security Health Analytics built-in detector definition.","description_kind":"plain"},"max_items":1}},"description":"Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"List of security policy","description_kind":"plain"},"min_items":1}},"description":"List of policy sets for the posture.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_securityposture_posture_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the posture deployment was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture deployment.","description_kind":"plain","optional":true},"desired_posture_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture to be deployed.","description_kind":"plain","computed":true},"desired_posture_revision_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture revision_id to be deployed.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"failure_message":{"type":"string","description":"This is a output only optional field which will be filled in case where\nPostureDeployment enters a failure state like UPDATE_FAILED or\nCREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's\nCREATE/UPDATE/DELETE methods.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource, eg. global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture deployment instance.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_deployment_id":{"type":"string","description":"ID of the posture deployment.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Relative name of the posture which needs to be deployed. It should be in the format:\n organizations/{organization_id}/locations/{location}/postures/{posture_id}","description_kind":"plain","required":true},"posture_revision_id":{"type":"string","description":"Revision_id the posture which needs to be deployed.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture deployment.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture deployment. A posture deployment can be in the following terminal states:\nACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.","description_kind":"plain","computed":true},"target_resource":{"type":"string","description":"The resource on which the posture should be deployed. This can be in one of the following formats:\nprojects/{project_number},\nfolders/{folder_number},\norganizations/{organization_id}","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the posture deployment was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035. Changing this forces a new service account to be created.","description_kind":"plain","required":true},"create_ignore_already_exists":{"type":"bool","description":"If set to true, skip service account creation if a service account with the same email already exists.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the service account is disabled. Defaults to false","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the service account. Can be updated without creating a new resource.","description_kind":"plain","optional":true},"email":{"type":"string","description":"The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully-qualified name of the service account.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description":"The unique id of the service account.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keepers":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger recreation of resource.","description_kind":"plain","optional":true},"key_algorithm":{"type":"string","description":"The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: \"KEY_ALG_RSA_1024\", \"KEY_ALG_RSA_2048\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name used for this key pair","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_type":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description":"The public key, base64 encoded","description_kind":"plain","computed":true},"public_key_data":{"type":"string","description":"A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.","description_kind":"plain","optional":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true},"service_account_id":{"type":"string","description":"The ID of the parent service account of the key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}, where {ACCOUNT} is the email address or unique id of the service account. If the {ACCOUNT} syntax is used, the project will be inferred from the provider's configuration.","description_kind":"plain","required":true},"valid_after":{"type":"string","description":"The key can be used after this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_before":{"type":"string","description":"The key can be used before this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_networking_connection":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"When set to ABANDON, terraform will abandon management of the resource instead of deleting it. Prevents terraform apply failures with CloudSQL. Note: The resource will still exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"Name of VPC network connected with service producers using VPC peering.","description_kind":"plain","required":true},"peering":{"type":"string","description_kind":"plain","computed":true},"reserved_peering_ranges":{"type":["list","string"],"description":"Named IP address range(s) of PEERING type reserved for this service provider. Note that invoking this method with a different range when connection is already established will not reallocate already provisioned service producer subnetworks.","description_kind":"plain","required":true},"service":{"type":"string","description":"Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true},"update_on_creation_fail":{"type":"bool","description":"When set to true, enforce an update of the reserved peering ranges on the existing service networking connection in case of a new connection creation failure.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description":"The DNS domain name suffix of the peered DNS domain.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the peered DNS domain.","description_kind":"plain","required":true},"network":{"type":"string","description":"Network in the consumer project to peer with.","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to create a peered DNS domain for, e.g. servicenetworking.googleapis.com","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_vpc_service_controls":{"version":0,"block":{"attributes":{"enabled":{"type":"bool","description":"Desired VPC Service Controls state service producer VPC network, as\ndescribed at the top of this page.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The network that the consumer is using to connect with services.","description_kind":"plain","required":true},"project":{"type":"string","description":"The id of the Google Cloud project containing the consumer network.","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service that is managing peering connectivity for a service\nproducer's organization. For Google services that support this\nfunctionality, this value is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_site_verification_owner":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email address of the owner.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_resource_id":{"type":"string","description":"The id of the Web Resource to add this owner to, in the form \"webResource/\u003cweb-resource-id\u003e\".","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_site_verification_web_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"owners":{"type":["list","string"],"description":"The email addresses of all direct, verified owners of this exact property. Indirect owners —\nfor example verified owners of the containing domain—are not included in this list.","description_kind":"plain","computed":true},"verification_method":{"type":"string","description":"The verification method for the Site Verification system to use to verify\nthis site or domain. Possible values: [\"ANALYTICS\", \"DNS_CNAME\", \"DNS_TXT\", \"FILE\", \"META\", \"TAG_MANAGER\"]","description_kind":"plain","required":true},"web_resource_id":{"type":"string","description":"The string used to identify this web resource.","description_kind":"plain","computed":true}},"block_types":{"site":{"nesting_mode":"list","block":{"attributes":{"identifier":{"type":"string","description":"The site identifier. If the type is set to SITE, the identifier is a URL. If the type is\nset to INET_DOMAIN, the identifier is a domain name.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of resource to be verified. Possible values: [\"INET_DOMAIN\", \"SITE\"]","description_kind":"plain","required":true}},"description":"Container for the address and type of a site for which a verification token will be verified.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"create_ignore_already_exists":{"type":"bool","description":"If set to true, skip repository creation if a repository with the same name already exists.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"block_types":{"pubsub_configs":{"nesting_mode":"set","block":{"attributes":{"message_format":{"type":"string","description":"The format of the Cloud Pub/Sub messages.\n- PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent.\n- JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: [\"PROTOBUF\", \"JSON\"]","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":"Email address of the service account used for publishing Cloud Pub/Sub messages.\nThis service account needs to be in the same project as the PubsubConfig. When added,\nthe caller needs to have iam.serviceAccounts.actAs permission on this service account.\nIf unspecified, it defaults to the compute engine default service account.","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_backup_schedule":{"version":0,"block":{"attributes":{"database":{"type":"string","description":"The database to create the backup schedule on.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the backup schedule, which cannot be changed after\nthe backup schedule is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retention_duration":{"type":"string","description":"At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'.\nYou can set this to a value up to 366 days.","description_kind":"plain","required":true}},"block_types":{"full_backup_spec":{"nesting_mode":"list","block":{"description":"The schedule creates only full backups..","description_kind":"plain"},"max_items":1},"incremental_backup_spec":{"nesting_mode":"list","block":{"description":"The schedule creates incremental backup chains.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"block_types":{"cron_spec":{"nesting_mode":"list","block":{"attributes":{"text":{"type":"string","description":"Textual representation of the crontab. User can customize the\nbackup frequency and the backup version time using the cron\nexpression. The version time must be in UTC timzeone.\nThe backup will contain an externally consistent copy of the\ndatabase at the version time. Allowed frequencies are 12 hour, 1 day,\n1 week and 1 month. Examples of valid cron specifications:\n 0 2/12 * * * : every 12 hours at (2, 14) hours past midnight in UTC.\n 0 2,14 * * * : every 12 hours at (2,14) hours past midnight in UTC.\n 0 2 * * * : once a day at 2 past midnight in UTC.\n 0 2 * * 0 : once a week every Sunday at 2 past midnight in UTC.\n 0 2 8 * * : once a month on 8th day at 2 past midnight in UTC.","description_kind":"plain","optional":true}},"description":"Cron style schedule specification..","description_kind":"plain"},"max_items":1}},"description":"Defines specifications of the backup schedule.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_database":{"version":0,"block":{"attributes":{"database_dialect":{"type":"string","description":"The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"]","description_kind":"plain","optional":true,"computed":true},"ddl":{"type":["list","string"],"description":"An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the database. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the database,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the database will fail.\nWhen the field is set to false, deleting the database is allowed.","description_kind":"plain","optional":true},"enable_drop_protection":{"type":"bool","description":"Whether drop protection is enabled for this database. Defaults to false.\nDrop protection is different from\nthe \"deletion_protection\" attribute in the following ways:\n(1) \"deletion_protection\" only protects the database from deletions in Terraform.\nwhereas setting “enableDropProtection” to true protects the database from deletions in all interfaces.\n(2) Setting \"enableDropProtection\" to true also prevents the deletion of the parent instance containing the database.\n\"deletion_protection\" attribute does not provide protection against the deletion of the parent instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the database, which cannot be changed after the\ninstance is created. Values are of the form '[a-z][-_a-z0-9]*[a-z0-9]'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"An explanation of the status of the database.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Fully qualified name of the KMS key to use to encrypt this database. This key must exist\nin the same location as the Spanner Database.","description_kind":"plain","optional":true},"kms_key_names":{"type":["list","string"],"description":"Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist\nin the same locations as the Spanner Database.","description_kind":"plain","optional":true}},"description":"Encryption configuration for the database","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_database_iam_binding":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_member":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","required":true},"default_backup_schedule_type":{"type":"string","description":"Controls the default backup behavior for new databases within the instance.\nNote that 'AUTOMATIC' is not permitted for free instances, as backups and backup schedules are not allowed for free instances.\nif unset or NONE, no default backup schedule will be created for new databases within the instance. Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","required":true},"edition":{"type":"string","description":"The edition selected for this instance. Different editions provide different capabilities at different price points. Possible values: [\"EDITION_UNSPECIFIED\", \"STANDARD\", \"ENTERPRISE\", \"ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","optional":true,"computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"block_types":{"asymmetric_autoscaling_options":{"nesting_mode":"list","block":{"block_types":{"overrides":{"nesting_mode":"list","block":{"block_types":{"autoscaling_limits":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"The maximum number of nodes for this specific replica.","description_kind":"plain","required":true},"min_nodes":{"type":"number","description":"The minimum number of nodes for this specific replica.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A nested object resource.","description_kind":"plain"},"min_items":1,"max_items":1},"replica_selection":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location of the replica to apply asymmetric autoscaling options.","description_kind":"plain","required":true}},"description":"A nested object resource.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Asymmetric autoscaling options for specific replicas.","description_kind":"plain"}},"autoscaling_limits":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Specifies maximum number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to min_nodes.","description_kind":"plain","optional":true},"max_processing_units":{"type":"number","description":"Specifies maximum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000 and be greater than or equal to\nmin_processing_units.","description_kind":"plain","optional":true},"min_nodes":{"type":"number","description":"Specifies number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to 1.","description_kind":"plain","optional":true},"min_processing_units":{"type":"number","description":"Specifies minimum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000.","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events. Users can define the minimum and\nmaximum compute capacity allocated to the instance, and the autoscaler will\nonly scale within that range. Users can either use nodes or processing\nunits to specify the limits, but should use the same unit to set both the\nmin_limit and max_limit.","description_kind":"plain"},"max_items":1},"autoscaling_targets":{"nesting_mode":"list","block":{"attributes":{"high_priority_cpu_utilization_percent":{"type":"number","description":"Specifies the target high priority cpu utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization)..","description_kind":"plain","optional":true},"storage_utilization_percent":{"type":"number","description":"Specifies the target storage utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization).","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1}},"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_config":{"version":0,"block":{"attributes":{"base_config":{"type":"string","description":"Base configuration name, e.g. nam3, based on which this configuration is created.\nOnly set for user managed configurations.\nbaseConfig must refer to a configuration of type GOOGLE_MANAGED in the same project as this configuration.","description_kind":"plain","optional":true,"computed":true},"config_type":{"type":"string","description":"Output only. Whether this instance config is a Google or User Managed Configuration.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The name of this instance configuration as it appears in UIs.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance configuration. Values are of the\nform projects/\u003cproject\u003e/instanceConfigs/[a-z][-a-z0-9]*","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"replicas":{"nesting_mode":"set","block":{"attributes":{"default_leader_location":{"type":"bool","description":"If true, this location is designated as the default leader location where\nleader replicas are placed.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the serving resources, e.g. \"us-central1\".","description_kind":"plain","optional":true},"type":{"type":"string","description":"Indicates the type of replica. See the [replica types\ndocumentation](https://cloud.google.com/spanner/docs/replication#replica_types)\nfor more details. Possible values: [\"READ_WRITE\", \"READ_ONLY\", \"WITNESS\"]","description_kind":"plain","optional":true}},"description":"The geographic placement of nodes in this instance configuration and their replication properties.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","optional":true,"computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","optional":true,"computed":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","optional":true,"computed":true},"replica_names":{"type":["list","string"],"description":"The replicas of the instance.","description_kind":"plain","optional":true,"computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","optional":true,"sensitive":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true,"sensitive":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true}},"block_types":{"clone":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"database_names":{"type":["list","string"],"description":"(SQL Server only, use with point_in_time) clone only the specified databases from the source instance. Clone all databases if empty.","description_kind":"plain","optional":true},"point_in_time":{"type":"string","description":"The timestamp of the point in time that should be restored.","description_kind":"plain","optional":true},"preferred_zone":{"type":"string","description":"(Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance.","description_kind":"plain","optional":true},"source_instance_name":{"type":"string","description":"The name of the instance from which the point in time should be restored.","description_kind":"plain","required":true}},"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain"},"max_items":1},"replica_configuration":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM representation of the trusted CA's x509 certificate.","description_kind":"plain","optional":true},"cascadable_replica":{"type":"bool","description":"Specifies if a SQL Server replica is a cascadable replica. A cascadable replica is a SQL Server cross region replica that supports replica(s) under it.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"PEM representation of the replica's x509 certificate.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.","description_kind":"plain","optional":true},"connect_retry_interval":{"type":"number","description":"The number of seconds between connect retries. MySQL's default is 60 seconds.","description_kind":"plain","optional":true},"dump_file_path":{"type":"string","description":"Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename.","description_kind":"plain","optional":true},"failover_target":{"type":"bool","description":"Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. Not supported for Postgres","description_kind":"plain","optional":true},"master_heartbeat_period":{"type":"number","description":"Time in ms between replication heartbeats.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the replication connection.","description_kind":"plain","optional":true,"sensitive":true},"ssl_cipher":{"type":"string","description":"Permissible ciphers for use in SSL encryption.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for replication connection.","description_kind":"plain","optional":true},"verify_server_certificate":{"type":"bool","description":"True if the master's common name value is checked during the SSL handshake.","description_kind":"plain","optional":true}},"description":"The configuration for replication.","description_kind":"plain"},"max_items":1},"restore_backup_context":{"nesting_mode":"list","block":{"attributes":{"backup_run_id":{"type":"number","description":"The ID of the backup run to restore from.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"The ID of the instance that the backup was taken from.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The full project ID of the source instance.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"The availability type of the Cloud SQL instance, high availability\n(REGIONAL) or single zone (ZONAL). For all instances, ensure that\nsettings.backup_configuration.enabled is set to true.\nFor MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true.\nFor Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled\nis set to true. Defaults to ZONAL.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The name of server instance collation.","description_kind":"plain","optional":true},"connector_enforcement":{"type":"string","description":"Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.","description_kind":"plain","optional":true,"computed":true},"deletion_protection_enabled":{"type":"bool","description":"Configuration to protect against accidental instance deletion.","description_kind":"plain","optional":true},"disk_autoresize":{"type":"bool","description":"Enables auto-resizing of the storage size. Defaults to true.","description_kind":"plain","optional":true},"disk_autoresize_limit":{"type":"number","description":"The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.","description_kind":"plain","optional":true,"computed":true},"enable_dataplex_integration":{"type":"bool","description":"Enables Dataplex Integration.","description_kind":"plain","optional":true},"enable_google_ml_integration":{"type":"bool","description":"Enables Vertex AI Integration.","description_kind":"plain","optional":true},"pricing_plan":{"type":"string","description":"Pricing plan for this instance, can only be PER_USE.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types.","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format.","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"A set of key/value user label pairs to assign to the instance.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"Used to make sure changes to the settings block are atomic.","description_kind":"plain","computed":true}},"block_types":{"active_directory_config":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the Active Directory for SQL Server (e.g., mydomain.com).","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. Can be 1 or 2.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"backup_configuration":{"nesting_mode":"list","block":{"attributes":{"binary_log_enabled":{"type":"bool","description":"True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"True if backup configuration is enabled.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup configuration.","description_kind":"plain","optional":true},"point_in_time_recovery_enabled":{"type":"bool","description":"True if Point-in-time recovery is enabled.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"HH:MM format time indicating when backup configuration starts.","description_kind":"plain","optional":true,"computed":true},"transaction_log_retention_days":{"type":"number","description":"The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backup_retention_settings":{"nesting_mode":"list","block":{"attributes":{"retained_backups":{"type":"number","description":"Number of backups to retain.","description_kind":"plain","required":true},"retention_unit":{"type":"string","description":"The unit that 'retainedBackups' represents. Defaults to COUNT","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"data_cache_config":{"nesting_mode":"list","block":{"attributes":{"data_cache_enabled":{"type":"bool","description":"Whether data cache is enabled for the instance.","description_kind":"plain","optional":true}},"description":"Data cache configurations.","description_kind":"plain"},"max_items":1},"database_flags":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the flag.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value of the flag.","description_kind":"plain","required":true}},"description_kind":"plain"}},"deny_maintenance_period":{"nesting_mode":"list","block":{"attributes":{"end_date":{"type":"string","description":"End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"start_date":{"type":"string","description":"Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"time":{"type":"string","description":"Time in UTC when the \"deny maintenance period\" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"insights_config":{"nesting_mode":"list","block":{"attributes":{"query_insights_enabled":{"type":"bool","description":"True if Query Insights feature is enabled.","description_kind":"plain","optional":true},"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.","description_kind":"plain","optional":true,"computed":true},"query_string_length":{"type":"number","description":"Maximum query length stored in bytes. Between 256 and 4500. Default to 1024.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"True if Query Insights will record application tags from query when enabled.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"True if Query Insights will record client address when enabled.","description_kind":"plain","optional":true}},"description":"Configuration of Query Insights.","description_kind":"plain"},"max_items":1},"ip_configuration":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"enable_private_path_for_google_cloud_services":{"type":"bool","description":"Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.","description_kind":"plain","optional":true},"ipv4_enabled":{"type":"bool","description":"Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"server_ca_mode":{"type":"string","description":"Specify how the server certificate's Certificate Authority is hosted.","description_kind":"plain","optional":true,"computed":true},"server_ca_pool":{"type":"string","description":"The resource name of the server CA pool for an instance with \"CUSTOMER_MANAGED_CAS_CA\" as the \"server_ca_mode\".","description_kind":"plain","optional":true},"ssl_mode":{"type":"string","description":"Specify how SSL connection should be enforced in DB connections.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"authorized_networks":{"nesting_mode":"set","block":{"attributes":{"expiration_time":{"type":"string","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true},"value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"psc_config":{"nesting_mode":"set","block":{"attributes":{"allowed_consumer_projects":{"type":["set","string"],"description":"List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).","description_kind":"plain","optional":true},"psc_enabled":{"type":"bool","description":"Whether PSC connectivity is enabled for this instance.","description_kind":"plain","optional":true}},"block_types":{"psc_auto_connections":{"nesting_mode":"list","block":{"attributes":{"consumer_network":{"type":"string","description":"The consumer network of this consumer endpoint. This must be a resource path that includes both the host project and the network name. The consumer host project of this network might be different from the consumer service project.","description_kind":"plain","required":true},"consumer_service_project_id":{"type":"string","description":"The project ID of consumer service project of this consumer endpoint.","description_kind":"plain","optional":true}},"description":"A comma-separated list of networks or a comma-separated list of network-project pairs. Each project in this list is represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be created automatically for the specified networks.","description_kind":"plain"}}},"description":"PSC settings for a Cloud SQL instance.","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"location_preference":{"nesting_mode":"list","block":{"attributes":{"follow_gae_application":{"type":"string","description":"A Google App Engine application whose zone to remain in. Must be in the same region as this instance.","description_kind":"plain","optional":true},"secondary_zone":{"type":"string","description":"The preferred Compute Engine zone for the secondary/failover","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The preferred compute engine zone.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of week (1-7), starting on Monday","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Hour of day (0-23), ignored if day not set","description_kind":"plain","optional":true},"update_track":{"type":"string","description":"Receive updates after one week (canary) or after two weeks (stable) or after five weeks (week5) of notification.","description_kind":"plain","optional":true}},"description":"Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time.","description_kind":"plain"},"max_items":1},"password_validation_policy":{"nesting_mode":"list","block":{"attributes":{"complexity":{"type":"string","description":"Password complexity.","description_kind":"plain","optional":true},"disallow_username_substring":{"type":"bool","description":"Disallow username as a part of the password.","description_kind":"plain","optional":true},"enable_password_policy":{"type":"bool","description":"Whether the password policy is enabled or not.","description_kind":"plain","required":true},"min_length":{"type":"number","description":"Minimum number of characters allowed.","description_kind":"plain","optional":true},"password_change_interval":{"type":"string","description":"Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL.","description_kind":"plain","optional":true},"reuse_interval":{"type":"number","description":"Number of previous passwords that cannot be reused.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"sql_server_audit_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The name of the destination bucket (e.g., gs://mybucket).","description_kind":"plain","optional":true},"retention_interval":{"type":"string","description":"How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"..","description_kind":"plain","optional":true},"upload_interval":{"type":"string","description":"How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_source_representation_instance":{"version":0,"block":{"attributes":{"ca_certificate":{"type":"string","description":"The CA certificate on the external server. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The MySQL version running on your source database server. Possible values: [\"MYSQL_5_6\", \"MYSQL_5_7\", \"MYSQL_8_0\", \"POSTGRES_9_6\", \"POSTGRES_10\", \"POSTGRES_11\", \"POSTGRES_12\", \"POSTGRES_13\", \"POSTGRES_14\"]","description_kind":"plain","required":true},"dump_file_path":{"type":"string","description":"A file in the bucket that contains the data from the external server.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the source representation instance. Use any valid Cloud SQL instance name.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the replication user account.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The externally accessible port for the source database server.\nDefaults to 3306.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created instance should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description":"The replication user account on the external server.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_ssl_cert":{"version":1,"block":{"attributes":{"cert":{"type":"string","description":"The actual certificate data for this client certificate.","description_kind":"plain","computed":true,"sensitive":true},"cert_serial_number":{"type":"string","description":"The serial number extracted from the certificate data.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"The private key associated with the client certificate.","description_kind":"plain","computed":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"server_ca_cert":{"type":"string","description":"The CA cert of the server this client cert was generated from.","description_kind":"plain","computed":true,"sensitive":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 Fingerprint of the certificate.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_user":{"version":1,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the user. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they\n\t\t\t\thave been granted SQL roles. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host":{"type":"string","description":"The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the user. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to\n\t\t\t\teither CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.","description_kind":"plain","optional":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"sql_server_user_details":{"type":["list",["object",{"disabled":"bool","server_roles":["list","string"]}]],"description_kind":"plain","computed":true},"type":{"type":"string","description":"The user type. It determines the method to authenticate the user during login.\n\t\t\t\tThe default is the database's built-in user type.","description_kind":"plain","optional":true}},"block_types":{"password_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_failed_attempts":{"type":"number","description":"Number of failed attempts allowed before the user get locked.","description_kind":"plain","optional":true},"enable_failed_attempts_check":{"type":"bool","description":"If true, the check that will lock user after too many failed login attempts will be enabled.","description_kind":"plain","optional":true},"enable_password_verification":{"type":"bool","description":"If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.","description_kind":"plain","optional":true},"password_expiration_duration":{"type":"string","description":"Password expiration duration with one week grace period.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"locked":"bool","password_expiration_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket":{"version":3,"block":{"attributes":{"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","optional":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"project_number":{"type":"number","description":"The project number of the project in which the resource belongs.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","optional":true,"computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","optional":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true}},"block_types":{"autoclass":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.","description_kind":"plain","required":true},"terminal_storage_class":{"type":"string","description":"The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's autoclass configuration.","description_kind":"plain"},"max_items":1},"cors":{"nesting_mode":"list","block":{"attributes":{"max_age_seconds":{"type":"number","description":"The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.","description_kind":"plain","optional":true},"method":{"type":["list","string"],"description":"The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".","description_kind":"plain","optional":true},"origin":{"type":["list","string"],"description":"The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".","description_kind":"plain","optional":true},"response_header":{"type":["list","string"],"description":"The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.","description_kind":"plain","optional":true}},"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain"}},"custom_placement_config":{"nesting_mode":"list","block":{"attributes":{"data_locations":{"type":["set","string"],"description":"The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.","description_kind":"plain","required":true}},"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain"},"max_items":1},"encryption":{"nesting_mode":"list","block":{"attributes":{"default_kms_key_name":{"type":"string","description":"A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in. See the docs for more details.","description_kind":"plain","required":true}},"description":"The bucket's encryption configuration.","description_kind":"plain"},"max_items":1},"hierarchical_namespace":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Set this field true to organize bucket with logical file system structure.","description_kind":"plain","required":true}},"description":"The bucket's HNS configuration, which defines bucket can organize folders in logical file system structure.","description_kind":"plain"},"max_items":1},"lifecycle_rule":{"nesting_mode":"list","block":{"block_types":{"action":{"nesting_mode":"set","block":{"attributes":{"storage_class":{"type":"string","description":"The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.","description_kind":"plain","required":true}},"description":"The Lifecycle Rule's action configuration. A single block of this type is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"condition":{"nesting_mode":"set","block":{"attributes":{"age":{"type":"number","description":"Minimum age of an object in days to satisfy this condition.","description_kind":"plain","optional":true},"created_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"custom_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"days_since_custom_time":{"type":"number","description":"Number of days elapsed since the user-specified timestamp set on an object.","description_kind":"plain","optional":true},"days_since_noncurrent_time":{"type":"number","description":"Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects.","description_kind":"plain","optional":true},"matches_prefix":{"type":["list","string"],"description":"One or more matching name prefixes to satisfy this condition.","description_kind":"plain","optional":true},"matches_storage_class":{"type":["list","string"],"description":"Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.","description_kind":"plain","optional":true},"matches_suffix":{"type":["list","string"],"description":"One or more matching name suffixes to satisfy this condition.","description_kind":"plain","optional":true},"noncurrent_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"num_newer_versions":{"type":"number","description":"Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.","description_kind":"plain","optional":true},"send_age_if_zero":{"type":"bool","description":"While set true, age value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the age field. It can be used alone or together with age.","description_kind":"plain","optional":true},"send_days_since_custom_time_if_zero":{"type":"bool","description":"While set true, days_since_custom_time value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the days_since_custom_time field. It can be used alone or together with days_since_custom_time.","description_kind":"plain","optional":true},"send_days_since_noncurrent_time_if_zero":{"type":"bool","description":"While set true, days_since_noncurrent_time value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the days_since_noncurrent_time field. It can be used alone or together with days_since_noncurrent_time.","description_kind":"plain","optional":true},"send_num_newer_versions_if_zero":{"type":"bool","description":"While set true, num_newer_versions value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the num_newer_versions field. It can be used alone or together with num_newer_versions.","description_kind":"plain","optional":true},"with_state":{"type":"string","description":"Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".","description_kind":"plain","optional":true,"computed":true}},"description":"The Lifecycle Rule's condition configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain"},"max_items":100},"logging":{"nesting_mode":"list","block":{"attributes":{"log_bucket":{"type":"string","description":"The bucket that will receive log objects.","description_kind":"plain","required":true},"log_object_prefix":{"type":"string","description":"The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"is_locked":{"type":"bool","description":"If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.","description_kind":"plain","optional":true},"retention_period":{"type":"number","description":"The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.","description_kind":"plain","required":true}},"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain"},"max_items":1},"soft_delete_policy":{"nesting_mode":"list","block":{"attributes":{"effective_time":{"type":"string","description":"Server-determined value that indicates the time from which the policy, or one with a greater retention, was effective. This value is in RFC 3339 format.","description_kind":"plain","computed":true},"retention_duration_seconds":{"type":"number","description":"The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800.","description_kind":"plain","optional":true}},"description":"The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"versioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, versioning is fully enabled for this bucket.","description_kind":"plain","required":true}},"description":"The bucket's Versioning configuration.","description_kind":"plain"},"max_items":1},"website":{"nesting_mode":"list","block":{"attributes":{"main_page_suffix":{"type":"string","description":"Behaves as the bucket's directory index where missing objects are treated as potential directories.","description_kind":"plain","optional":true},"not_found_page":{"type":"string","description":"The custom object to return when a requested resource is not found.","description_kind":"plain","optional":true}},"description":"Configuration if the bucket acts as a website.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n user-userId\n user-email\n group-groupId\n group-email\n domain-domain\n project-team-projectId\n allUsers\n allAuthenticatedUsers\nExamples:\n The user liz@example.com would be user-liz@example.com.\n The group example@googlegroups.com would be\n group-example@googlegroups.com.\n To refer to all members of the Google Apps for Business domain\n example.com, the entity would be domain-example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\", \"WRITER\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket it applies to.","description_kind":"plain","required":true},"default_acl":{"type":"string","description":"Configure this ACL to be the default ACL.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"predefined_acl":{"type":"string","description":"The canned GCS ACL to apply. Must be set if role_entity is not.","description_kind":"plain","optional":true},"role_entity":{"type":["list","string"],"description":"List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","optional":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","optional":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","optional":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","optional":true,"computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","optional":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","optional":true},"generation":{"type":"number","description":"The content generation of this object. Used for object versioning and soft delete.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","optional":true,"computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","optional":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","optional":true,"computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","optional":true}},"block_types":{"customer_encryption":{"nesting_mode":"list","block":{"attributes":{"encryption_algorithm":{"type":"string","description":"The encryption algorithm. Default: AES256","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"Base64 encoded customer supplied encryption key.","description_kind":"plain","required":true,"sensitive":true}},"description":"Encryption key; encoded using base64.","description_kind":"plain"},"max_items":1},"retention":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"The object retention mode. Supported values include: \"Unlocked\", \"Locked\".","description_kind":"plain","required":true},"retain_until_time":{"type":"string","description":"Time in RFC 3339 (e.g. 2030-01-01T02:03:04Z) until which object retention protects this object.","description_kind":"plain","required":true}},"description":"Object level retention configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object, if applied to an object.","description_kind":"plain","optional":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_folder":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket that contains the folder.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp at which this folder was created.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, items within folder if any will be force destroyed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metageneration":{"type":"string","description":"The metadata generation of the folder.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the folder expressed as a path. Must include\ntrailing '/'. For example, 'example_dir/example_dir2/', 'example@#/', 'a-b/d-f/'.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which this folder was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_hmac_key":{"version":0,"block":{"attributes":{"access_id":{"type":"string","description":"The access ID of the HMAC Key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"HMAC secret key material.","description_kind":"plain","computed":true,"sensitive":true},"service_account_email":{"type":"string","description":"The email address of the key's associated service account.","description_kind":"plain","required":true},"state":{"type":"string","description":"The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value: \"ACTIVE\" Possible values: [\"ACTIVE\", \"INACTIVE\"]","description_kind":"plain","optional":true},"time_created":{"type":"string","description":"'The creation time of the HMAC key in RFC 3339 format. '","description_kind":"plain","computed":true},"updated":{"type":"string","description":"'The last modification time of the HMAC key metadata in RFC 3339 format.'","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_insights_report_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The editable display name of the inventory report configuration. Has a limit of 256 characters. Can be empty.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the ReportConfig. The source and destination buckets specified in the ReportConfig\nmust be in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The UUID of the inventory report configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"The delimiter used to separate the fields in the inventory report CSV file.","description_kind":"plain","optional":true},"header_required":{"type":"bool","description":"The boolean that indicates whether or not headers are included in the inventory report CSV file.","description_kind":"plain","optional":true},"record_separator":{"type":"string","description":"The character used to separate the records in the inventory report CSV file.","description_kind":"plain","optional":true}},"description":"Options for configuring the format of the inventory report CSV file.","description_kind":"plain"},"min_items":1,"max_items":1},"frequency_options":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"The frequency in which inventory reports are generated. Values are DAILY or WEEKLY. Possible values: [\"DAILY\", \"WEEKLY\"]","description_kind":"plain","required":true}},"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to stop generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to stop generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to stop generating inventory reports","description_kind":"plain","required":true}},"description":"The date to stop generating inventory reports. For example, {\"day\": 15, \"month\": 9, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to start generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to start generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to start generating inventory reports","description_kind":"plain","required":true}},"description":"The date to start generating inventory reports. For example, {\"day\": 15, \"month\": 8, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options for configuring how inventory reports are generated.","description_kind":"plain"},"max_items":1},"object_metadata_report_options":{"nesting_mode":"list","block":{"attributes":{"metadata_fields":{"type":["list","string"],"description":"The metadata fields included in an inventory report.","description_kind":"plain","required":true}},"block_types":{"storage_destination_options":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The destination bucket that stores the generated inventory reports.","description_kind":"plain","required":true},"destination_path":{"type":"string","description":"The path within the destination bucket to store generated inventory reports.","description_kind":"plain","optional":true}},"description":"Options for where the inventory reports are stored.","description_kind":"plain"},"min_items":1,"max_items":1},"storage_filters":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The filter to use when specifying which bucket to generate inventory reports for.","description_kind":"plain","optional":true}},"description":"A nested object resource.","description_kind":"plain"},"max_items":1}},"description":"Options for including metadata in an inventory report.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_managed_folder":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket that contains the managed folder.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp at which this managed folder was created.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"Allows the deletion of a managed folder even if contains\nobjects. If a non-empty managed folder is deleted, any objects\nwithin the folder will remain in a simulated folder with the\nsame name.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metageneration":{"type":"string","description":"The metadata generation of the managed folder.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the managed folder expressed as a path. Must include\ntrailing '/'. For example, 'example_dir/example_dir2/'.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which this managed folder was most recently updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_managed_folder_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_managed_folder_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_managed_folder_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_notification":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"custom_attributes":{"type":["map","string"],"description":" A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription","description_kind":"plain","optional":true},"event_types":{"type":["set","string"],"description":"List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: \"OBJECT_FINALIZE\", \"OBJECT_METADATA_UPDATE\", \"OBJECT_DELETE\", \"OBJECT_ARCHIVE\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"notification_id":{"type":"string","description":"The ID of the created notification.","description_kind":"plain","computed":true},"object_name_prefix":{"type":"string","description":"Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired content of the Payload. One of \"JSON_API_V1\" or \"NONE\".","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The Cloud Pub/Sub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object to apply the access control to.","description_kind":"plain","required":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description_kind":"plain","required":true},"predefined_acl":{"type":"string","description_kind":"plain","optional":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_transfer_agent_pool":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Specifies the client-specified AgentPool description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID of the agent pool to create.\n\nThe agentPoolId must meet the following requirements:\n* Length of 128 characters or less.\n* Not start with the string goog.\n* Start with a lowercase ASCII character, followed by:\n * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~).\n * One or more numerals or lowercase ASCII characters.\n\nAs expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies the state of the AgentPool.","description_kind":"plain","computed":true}},"block_types":{"bandwidth_limit":{"nesting_mode":"list","block":{"attributes":{"limit_mbps":{"type":"string","description":"Bandwidth rate in megabytes per second, distributed across all the agents in the pool.","description_kind":"plain","required":true}},"description":"Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_transfer_job":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the Transfer Job was created.","description_kind":"plain","computed":true},"deletion_time":{"type":"string","description":"When the Transfer Job was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Unique description to identify the Transfer Job.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modification_time":{"type":"string","description":"When the Transfer Job was last modified.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the Transfer Job.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.","description_kind":"plain","optional":true}},"block_types":{"event_stream":{"nesting_mode":"list","block":{"attributes":{"event_stream_expiration_time":{"type":"string","description":"Specifies the data and time at which Storage Transfer Service stops listening for events from this stream. After this time, any transfers in progress will complete, but no new transfers are initiated","description_kind":"plain","optional":true},"event_stream_start_time":{"type":"string","description":"Specifies the date and time that Storage Transfer Service starts listening for events from this stream. If no start time is specified or start time is in the past, Storage Transfer Service starts listening immediately","description_kind":"plain","optional":true},"name":{"type":"string","description":"Specifies a unique name of the resource such as AWS SQS ARN in the form 'arn:aws:sqs:region:account_id:queue_name', or Pub/Sub subscription resource name in the form 'projects/{project}/subscriptions/{sub}'","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"attributes":{"event_types":{"type":["set","string"],"description":"Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are \"TRANSFER_OPERATION_SUCCESS\", \"TRANSFER_OPERATION_FAILED\", \"TRANSFER_OPERATION_ABORTED\".","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired format of the notification message payloads. One of \"NONE\" or \"JSON\".","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Topic.name of the Pub/Sub topic to which to publish notifications.","description_kind":"plain","required":true}},"description":"Notification configuration.","description_kind":"plain"},"max_items":1},"replication_spec":{"nesting_mode":"list","block":{"block_types":{"gcs_data_sink":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data sink.","description_kind":"plain"},"max_items":1},"gcs_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data source.","description_kind":"plain"},"max_items":1},"object_conditions":{"nesting_mode":"list","block":{"attributes":{"exclude_prefixes":{"type":["list","string"],"description":"exclude_prefixes must follow the requirements described for include_prefixes.","description_kind":"plain","optional":true},"include_prefixes":{"type":["list","string"],"description":"If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.","description_kind":"plain","optional":true},"last_modified_before":{"type":"string","description":"If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_modified_since":{"type":"string","description":"If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"max_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.","description_kind":"plain"},"max_items":1},"transfer_options":{"nesting_mode":"list","block":{"attributes":{"delete_objects_from_source_after_transfer":{"type":"bool","description":"Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.","description_kind":"plain","optional":true},"delete_objects_unique_in_sink":{"type":"bool","description":"Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.","description_kind":"plain","optional":true},"overwrite_objects_already_existing_in_sink":{"type":"bool","description":"Whether overwriting objects that already exist in the sink is allowed.","description_kind":"plain","optional":true},"overwrite_when":{"type":"string","description":"When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.","description_kind":"plain","optional":true}},"description":"Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.","description_kind":"plain"},"max_items":1}},"description":"Replication specification.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"repeat_interval":{"type":"string","description":"Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"schedule_end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once.","description_kind":"plain"},"max_items":1},"schedule_start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day.","description_kind":"plain"},"min_items":1,"max_items":1},"start_time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","required":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","required":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","required":true}},"description":"The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone.","description_kind":"plain"},"max_items":1}},"description":"Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run.","description_kind":"plain"},"max_items":1},"transfer_spec":{"nesting_mode":"list","block":{"attributes":{"sink_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true},"source_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws_s3_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"S3 Bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"S3 Bucket path in bucket to transfer.","description_kind":"plain","optional":true},"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.","description_kind":"plain","optional":true}},"block_types":{"aws_access_key":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"AWS Key ID.","description_kind":"plain","required":true,"sensitive":true},"secret_access_key":{"type":"string","description":"AWS Secret Access Key.","description_kind":"plain","required":true,"sensitive":true}},"description":"AWS credentials block.","description_kind":"plain"},"max_items":1}},"description":"An AWS S3 data source.","description_kind":"plain"},"max_items":1},"azure_blob_storage_data_source":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container to transfer from the Azure Storage account.","description_kind":"plain","required":true},"path":{"type":"string","description":"Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.","description_kind":"plain","optional":true,"computed":true},"storage_account":{"type":"string","description":"The name of the Azure Storage account.","description_kind":"plain","required":true}},"block_types":{"azure_credentials":{"nesting_mode":"list","block":{"attributes":{"sas_token":{"type":"string","description":"Azure shared access signature.","description_kind":"plain","required":true,"sensitive":true}},"description":" Credentials used to authenticate API requests to Azure.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An Azure Blob Storage data source.","description_kind":"plain"},"max_items":1},"gcs_data_sink":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data sink.","description_kind":"plain"},"max_items":1},"gcs_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data source.","description_kind":"plain"},"max_items":1},"hdfs_data_source":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Directory path to the filesystem.","description_kind":"plain","required":true}},"description":"An HDFS Storage data source.","description_kind":"plain"},"max_items":1},"http_data_source":{"nesting_mode":"list","block":{"attributes":{"list_url":{"type":"string","description":"The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.","description_kind":"plain","required":true}},"description":"A HTTP URL data source.","description_kind":"plain"},"max_items":1},"object_conditions":{"nesting_mode":"list","block":{"attributes":{"exclude_prefixes":{"type":["list","string"],"description":"exclude_prefixes must follow the requirements described for include_prefixes.","description_kind":"plain","optional":true},"include_prefixes":{"type":["list","string"],"description":"If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.","description_kind":"plain","optional":true},"last_modified_before":{"type":"string","description":"If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_modified_since":{"type":"string","description":"If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"max_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.","description_kind":"plain"},"max_items":1},"posix_data_sink":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data sink.","description_kind":"plain"},"max_items":1},"posix_data_source":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data source.","description_kind":"plain"},"max_items":1},"transfer_options":{"nesting_mode":"list","block":{"attributes":{"delete_objects_from_source_after_transfer":{"type":"bool","description":"Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.","description_kind":"plain","optional":true},"delete_objects_unique_in_sink":{"type":"bool","description":"Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.","description_kind":"plain","optional":true},"overwrite_objects_already_existing_in_sink":{"type":"bool","description":"Whether overwriting objects that already exist in the sink is allowed.","description_kind":"plain","optional":true},"overwrite_when":{"type":"string","description":"When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.","description_kind":"plain","optional":true}},"description":"Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.","description_kind":"plain"},"max_items":1}},"description":"Transfer specification.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_location_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagKey. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagKey.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagKey.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"Optional. A purpose cannot be changed once set.\n\nA purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: [\"GCE_FIREWALL\"]","description_kind":"plain","optional":true},"purpose_data":{"type":["map","string"],"description":"Optional. Purpose data cannot be changed once set.\n\nPurpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = \"\u003cproject-name\u003e/\u003cvpc-name\u003e\"'.","description_kind":"plain","optional":true},"short_name":{"type":"string","description":"Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace.\n\nThe short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes (\"), backslashes (\\\\), and forward slashes (/).","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagValue. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagValue.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey.\n\nThe short name can have a maximum length of 256 characters. The permitted character set for the shortName includes all UTF-8 encoded Unicode characters except single quotes ('), double quotes (\"), backslashes (\\\\), and forward slashes (/).","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_value_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_node":{"version":0,"block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of hardware accelerators associated with this node.","description_kind":"plain","required":true},"cidr_block":{"type":"string","description":"The CIDR block that the TPU node will use when selecting an IP\naddress. This CIDR block must be a /29 block; the Compute Engine\nnetworks API forbids a smaller block, and using a larger block would\nbe wasteful (a node can only consume one IP address).\n\nErrors will occur if the CIDR block has already been used for a\ncurrently existing TPU node, the CIDR block conflicts with any\nsubnetworks in the user's provided network, or the provided network\nis peered with another network that is using that CIDR block.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"The user-supplied description of the TPU. Maximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The immutable name of the TPU.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of a network to peer the TPU node to. It must be a\npreexisting Compute Engine network inside of the project on which\nthis API has been activated. If none is provided, \"default\" will be\nused.","description_kind":"plain","optional":true,"computed":true},"network_endpoints":{"type":["list",["object",{"ip_address":"string","port":"number"}]],"description":"The network endpoints where TPU workers can be accessed and sent work.\nIt is recommended that Tensorflow clients of the node first reach out\nto the first (index 0) entry.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used to run the tensor flow services within the\nnode. To share resources, including Google Cloud Storage data, with\nthe Tensorflow job running in the Node, this account must have\npermissions to that data.","description_kind":"plain","computed":true},"tensorflow_version":{"type":"string","description":"The version of Tensorflow running in the Node.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"use_service_networking":{"type":"bool","description":"Whether the VPC peering for the node is set up through Service Networking API.\nThe VPC Peering should be set up before provisioning the node. If this field is set,\ncidr_block field should not be specified. If the network that you want to peer the\nTPU Node to is a Shared VPC network, the node must be created with this this field enabled.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP location for the TPU. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"scheduling_config":{"nesting_mode":"list","block":{"attributes":{"preemptible":{"type":"bool","description":"Defines whether the TPU instance is preemptible.","description_kind":"plain","required":true}},"description":"Sets the scheduling options for this TPU instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_transcoder_job":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time the job was created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"end_time":{"type":"string","description":"The time the transcoding finished.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this job. You can use these to organize and group your jobs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the transcoding job resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the job.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time the transcoding started.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the job.","description_kind":"plain","computed":true},"template_id":{"type":"string","description":"Specify the templateId to use for populating Job.config.\nThe default is preset/web-hd, which is the only supported preset.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"ad_breaks":{"nesting_mode":"list","block":{"attributes":{"start_time_offset":{"type":"string","description":"Start time in seconds for the ad break, relative to the output file timeline","description_kind":"plain","optional":true,"computed":true}},"description":"Ad break.","description_kind":"plain"}},"edit_list":{"nesting_mode":"list","block":{"attributes":{"inputs":{"type":["list","string"],"description":"List of values identifying files that should be used in this atom.","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A unique key for this atom.","description_kind":"plain","optional":true,"computed":true},"start_time_offset":{"type":"string","description":"Start time in seconds for the atom, relative to the input file timeline. The default is '0s'.","description_kind":"plain","optional":true,"computed":true}},"description":"List of input assets stored in Cloud Storage.","description_kind":"plain"}},"elementary_streams":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A unique key for this atom.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"audio_stream":{"nesting_mode":"list","block":{"attributes":{"bitrate_bps":{"type":"number","description":"Audio bitrate in bits per second.","description_kind":"plain","required":true},"channel_count":{"type":"number","description":"Number of audio channels. The default is '2'.","description_kind":"plain","optional":true,"computed":true},"channel_layout":{"type":["list","string"],"description":"A list of channel names specifying layout of the audio channels. The default is [\"fl\", \"fr\"].","description_kind":"plain","optional":true,"computed":true},"codec":{"type":"string","description":"The codec for this audio stream. The default is 'aac'.","description_kind":"plain","optional":true,"computed":true},"sample_rate_hertz":{"type":"number","description":"The audio sample rate in Hertz. The default is '48000'.","description_kind":"plain","optional":true,"computed":true}},"description":"Encoding of an audio stream.","description_kind":"plain"},"max_items":1},"video_stream":{"nesting_mode":"list","block":{"block_types":{"h264":{"nesting_mode":"list","block":{"attributes":{"bitrate_bps":{"type":"number","description":"The video bitrate in bits per second.","description_kind":"plain","required":true},"crf_level":{"type":"number","description":"Target CRF level. The default is '21'.","description_kind":"plain","optional":true,"computed":true},"entropy_coder":{"type":"string","description":"The entropy coder to use. The default is 'cabac'.","description_kind":"plain","optional":true,"computed":true},"frame_rate":{"type":"number","description":"The target video frame rate in frames per second (FPS).","description_kind":"plain","required":true},"gop_duration":{"type":"string","description":"Select the GOP size based on the specified duration. The default is '3s'.","description_kind":"plain","optional":true,"computed":true},"height_pixels":{"type":"number","description":"The height of the video in pixels.","description_kind":"plain","optional":true,"computed":true},"pixel_format":{"type":"string","description":"Pixel format to use. The default is 'yuv420p'.","description_kind":"plain","optional":true,"computed":true},"preset":{"type":"string","description":"Enforces the specified codec preset. The default is 'veryfast'.","description_kind":"plain","optional":true,"computed":true},"profile":{"type":"string","description":"Enforces the specified codec profile.","description_kind":"plain","optional":true,"computed":true},"rate_control_mode":{"type":"string","description":"Specify the mode. The default is 'vbr'.","description_kind":"plain","optional":true,"computed":true},"vbv_fullness_bits":{"type":"number","description":"Initial fullness of the Video Buffering Verifier (VBV) buffer in bits.","description_kind":"plain","optional":true,"computed":true},"vbv_size_bits":{"type":"number","description":"Size of the Video Buffering Verifier (VBV) buffer in bits.","description_kind":"plain","optional":true,"computed":true},"width_pixels":{"type":"number","description":"The width of the video in pixels.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"hlg":{"nesting_mode":"list","block":{"description":"HLG color format setting for H264.","description_kind":"plain"},"max_items":1},"sdr":{"nesting_mode":"list","block":{"description":"SDR color format setting for H264.","description_kind":"plain"},"max_items":1}},"description":"H264 codec settings","description_kind":"plain"},"max_items":1}},"description":"Encoding of a video stream.","description_kind":"plain"},"max_items":1}},"description":"List of input assets stored in Cloud Storage.","description_kind":"plain"}},"encryptions":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"Identifier for this set of encryption options.","description_kind":"plain","required":true}},"block_types":{"aes128":{"nesting_mode":"list","block":{"description":"Configuration for AES-128 encryption.","description_kind":"plain"},"max_items":1},"drm_systems":{"nesting_mode":"list","block":{"block_types":{"clearkey":{"nesting_mode":"list","block":{"description":"Clearkey configuration.","description_kind":"plain"},"max_items":1},"fairplay":{"nesting_mode":"list","block":{"description":"Fairplay configuration.","description_kind":"plain"},"max_items":1},"playready":{"nesting_mode":"list","block":{"description":"Playready configuration.","description_kind":"plain"},"max_items":1},"widevine":{"nesting_mode":"list","block":{"description":"Widevine configuration.","description_kind":"plain"},"max_items":1}},"description":"DRM system(s) to use; at least one must be specified. If a DRM system is omitted, it is considered disabled.","description_kind":"plain"},"max_items":1},"mpeg_cenc":{"nesting_mode":"list","block":{"attributes":{"scheme":{"type":"string","description":"Specify the encryption scheme.","description_kind":"plain","required":true}},"description":"Configuration for MPEG Common Encryption (MPEG-CENC).","description_kind":"plain"},"max_items":1},"sample_aes":{"nesting_mode":"list","block":{"description":"Configuration for SAMPLE-AES encryption.","description_kind":"plain"},"max_items":1},"secret_manager_key_source":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the Secret Version containing the encryption key in the following format: projects/{project}/secrets/{secret_id}/versions/{version_number}.","description_kind":"plain","required":true}},"description":"Configuration for secrets stored in Google Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"List of encryption configurations for the content.","description_kind":"plain"}},"inputs":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A unique key for this input. Must be specified when using advanced mapping and edit lists.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the media. Input files must be at least 5 seconds in duration and stored in Cloud Storage (for example, gs://bucket/inputs/file.mp4).\nIf empty, the value is populated from Job.input_uri.","description_kind":"plain","optional":true,"computed":true}},"description":"List of input assets stored in Cloud Storage.","description_kind":"plain"}},"manifests":{"nesting_mode":"list","block":{"attributes":{"file_name":{"type":"string","description":"The name of the generated file. The default is 'manifest'.","description_kind":"plain","optional":true,"computed":true},"mux_streams":{"type":["list","string"],"description":"List of user supplied MuxStream.key values that should appear in this manifest.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of the manifest. Possible values: [\"MANIFEST_TYPE_UNSPECIFIED\", \"HLS\", \"DASH\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Manifest configuration.","description_kind":"plain"}},"mux_streams":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container format. The default is 'mp4'.","description_kind":"plain","optional":true,"computed":true},"elementary_streams":{"type":["list","string"],"description":"List of ElementaryStream.key values multiplexed in this stream.","description_kind":"plain","optional":true,"computed":true},"encryption_id":{"type":"string","description":"Identifier of the encryption configuration to use.","description_kind":"plain","optional":true,"computed":true},"file_name":{"type":"string","description":"The name of the generated file.","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A unique key for this multiplexed stream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"segment_settings":{"nesting_mode":"list","block":{"attributes":{"segment_duration":{"type":"string","description":"Duration of the segments in seconds. The default is '6.0s'.","description_kind":"plain","optional":true,"computed":true}},"description":"Segment settings for ts, fmp4 and vtt.","description_kind":"plain"},"max_items":1}},"description":"Multiplexing settings for output stream.","description_kind":"plain"}},"output":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"URI for the output file(s). For example, gs://my-bucket/outputs/.","description_kind":"plain","optional":true,"computed":true}},"description":"Location of output file(s) in a Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"overlays":{"nesting_mode":"list","block":{"block_types":{"animations":{"nesting_mode":"list","block":{"block_types":{"animation_fade":{"nesting_mode":"list","block":{"attributes":{"end_time_offset":{"type":"string","description":"The time to end the fade animation, in seconds.","description_kind":"plain","optional":true,"computed":true},"fade_type":{"type":"string","description":"Required. Type of fade animation: 'FADE_IN' or 'FADE_OUT'.\nThe possible values are:\n\n* 'FADE_TYPE_UNSPECIFIED': The fade type is not specified.\n\n* 'FADE_IN': Fade the overlay object into view.\n\n* 'FADE_OUT': Fade the overlay object out of view. Possible values: [\"FADE_TYPE_UNSPECIFIED\", \"FADE_IN\", \"FADE_OUT\"]","description_kind":"plain","required":true},"start_time_offset":{"type":"string","description":"The time to start the fade animation, in seconds.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"xy":{"nesting_mode":"list","block":{"attributes":{"x":{"type":"number","description":"Normalized x coordinate.","description_kind":"plain","optional":true,"computed":true},"y":{"type":"number","description":"Normalized y coordinate.","description_kind":"plain","optional":true,"computed":true}},"description":"Normalized coordinates based on output video resolution.","description_kind":"plain"},"max_items":1}},"description":"Display overlay object with fade animation.","description_kind":"plain"},"max_items":1}},"description":"List of animations. The list should be chronological, without any time overlap.","description_kind":"plain"}},"image":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"URI of the image in Cloud Storage. For example, gs://bucket/inputs/image.png.","description_kind":"plain","required":true}},"description":"Image overlay.","description_kind":"plain"},"max_items":1}},"description":"List of overlays on the output video, in descending Z-order.","description_kind":"plain"}},"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"The name of the Pub/Sub topic to publish job completion notification to. For example: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"description":"Pub/Sub destination.","description_kind":"plain"},"max_items":1}},"description":"The configuration for this template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_transcoder_job_template":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_template_id":{"type":"string","description":"ID to use for the Transcoding job template.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"The labels associated with this job template. You can use these to organize and group your job templates.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the transcoding job template resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the job template.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"ad_breaks":{"nesting_mode":"list","block":{"attributes":{"start_time_offset":{"type":"string","description":"Start time in seconds for the ad break, relative to the output file timeline","description_kind":"plain","optional":true,"computed":true}},"description":"Ad break.","description_kind":"plain"}},"edit_list":{"nesting_mode":"list","block":{"attributes":{"inputs":{"type":["list","string"],"description":"List of values identifying files that should be used in this atom.","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A unique key for this atom.","description_kind":"plain","optional":true,"computed":true},"start_time_offset":{"type":"string","description":"Start time in seconds for the atom, relative to the input file timeline. The default is '0s'.","description_kind":"plain","optional":true,"computed":true}},"description":"List of input assets stored in Cloud Storage.","description_kind":"plain"}},"elementary_streams":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A unique key for this atom.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"audio_stream":{"nesting_mode":"list","block":{"attributes":{"bitrate_bps":{"type":"number","description":"Audio bitrate in bits per second.","description_kind":"plain","required":true},"channel_count":{"type":"number","description":"Number of audio channels. The default is '2'.","description_kind":"plain","optional":true,"computed":true},"channel_layout":{"type":["list","string"],"description":"A list of channel names specifying layout of the audio channels. The default is [\"fl\", \"fr\"].","description_kind":"plain","optional":true,"computed":true},"codec":{"type":"string","description":"The codec for this audio stream. The default is 'aac'.","description_kind":"plain","optional":true,"computed":true},"sample_rate_hertz":{"type":"number","description":"The audio sample rate in Hertz. The default is '48000'.","description_kind":"plain","optional":true,"computed":true}},"description":"Encoding of an audio stream.","description_kind":"plain"},"max_items":1},"video_stream":{"nesting_mode":"list","block":{"block_types":{"h264":{"nesting_mode":"list","block":{"attributes":{"bitrate_bps":{"type":"number","description":"The video bitrate in bits per second.","description_kind":"plain","required":true},"crf_level":{"type":"number","description":"Target CRF level. The default is '21'.","description_kind":"plain","optional":true,"computed":true},"entropy_coder":{"type":"string","description":"The entropy coder to use. The default is 'cabac'.","description_kind":"plain","optional":true,"computed":true},"frame_rate":{"type":"number","description":"The target video frame rate in frames per second (FPS).","description_kind":"plain","required":true},"gop_duration":{"type":"string","description":"Select the GOP size based on the specified duration. The default is '3s'.","description_kind":"plain","optional":true,"computed":true},"height_pixels":{"type":"number","description":"The height of the video in pixels.","description_kind":"plain","optional":true,"computed":true},"pixel_format":{"type":"string","description":"Pixel format to use. The default is 'yuv420p'.","description_kind":"plain","optional":true,"computed":true},"preset":{"type":"string","description":"Enforces the specified codec preset. The default is 'veryfast'.","description_kind":"plain","optional":true,"computed":true},"profile":{"type":"string","description":"Enforces the specified codec profile.","description_kind":"plain","optional":true,"computed":true},"rate_control_mode":{"type":"string","description":"Specify the mode. The default is 'vbr'.","description_kind":"plain","optional":true,"computed":true},"vbv_fullness_bits":{"type":"number","description":"Initial fullness of the Video Buffering Verifier (VBV) buffer in bits.","description_kind":"plain","optional":true,"computed":true},"vbv_size_bits":{"type":"number","description":"Size of the Video Buffering Verifier (VBV) buffer in bits.","description_kind":"plain","optional":true,"computed":true},"width_pixels":{"type":"number","description":"The width of the video in pixels.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"hlg":{"nesting_mode":"list","block":{"description":"HLG color format setting for H264.","description_kind":"plain"},"max_items":1},"sdr":{"nesting_mode":"list","block":{"description":"SDR color format setting for H264.","description_kind":"plain"},"max_items":1}},"description":"H264 codec settings","description_kind":"plain"},"max_items":1}},"description":"Encoding of a video stream.","description_kind":"plain"},"max_items":1}},"description":"List of input assets stored in Cloud Storage.","description_kind":"plain"}},"encryptions":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"Identifier for this set of encryption options.","description_kind":"plain","required":true}},"block_types":{"aes128":{"nesting_mode":"list","block":{"description":"Configuration for AES-128 encryption.","description_kind":"plain"},"max_items":1},"drm_systems":{"nesting_mode":"list","block":{"block_types":{"clearkey":{"nesting_mode":"list","block":{"description":"Clearkey configuration.","description_kind":"plain"},"max_items":1},"fairplay":{"nesting_mode":"list","block":{"description":"Fairplay configuration.","description_kind":"plain"},"max_items":1},"playready":{"nesting_mode":"list","block":{"description":"Playready configuration.","description_kind":"plain"},"max_items":1},"widevine":{"nesting_mode":"list","block":{"description":"Widevine configuration.","description_kind":"plain"},"max_items":1}},"description":"DRM system(s) to use; at least one must be specified. If a DRM system is omitted, it is considered disabled.","description_kind":"plain"},"max_items":1},"mpeg_cenc":{"nesting_mode":"list","block":{"attributes":{"scheme":{"type":"string","description":"Specify the encryption scheme.","description_kind":"plain","required":true}},"description":"Configuration for MPEG Common Encryption (MPEG-CENC).","description_kind":"plain"},"max_items":1},"sample_aes":{"nesting_mode":"list","block":{"description":"Configuration for SAMPLE-AES encryption.","description_kind":"plain"},"max_items":1},"secret_manager_key_source":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the Secret Version containing the encryption key in the following format: projects/{project}/secrets/{secret_id}/versions/{version_number}.","description_kind":"plain","required":true}},"description":"Configuration for secrets stored in Google Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"List of encryption configurations for the content.","description_kind":"plain"}},"inputs":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A unique key for this input. Must be specified when using advanced mapping and edit lists.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the media. Input files must be at least 5 seconds in duration and stored in Cloud Storage (for example, gs://bucket/inputs/file.mp4).\nIf empty, the value is populated from Job.input_uri.","description_kind":"plain","optional":true,"computed":true}},"description":"List of input assets stored in Cloud Storage.","description_kind":"plain"}},"manifests":{"nesting_mode":"list","block":{"attributes":{"file_name":{"type":"string","description":"The name of the generated file. The default is 'manifest'.","description_kind":"plain","optional":true,"computed":true},"mux_streams":{"type":["list","string"],"description":"List of user supplied MuxStream.key values that should appear in this manifest.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of the manifest. Possible values: [\"MANIFEST_TYPE_UNSPECIFIED\", \"HLS\", \"DASH\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Manifest configuration.","description_kind":"plain"}},"mux_streams":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container format. The default is 'mp4'.","description_kind":"plain","optional":true,"computed":true},"elementary_streams":{"type":["list","string"],"description":"List of ElementaryStream.key values multiplexed in this stream.","description_kind":"plain","optional":true,"computed":true},"encryption_id":{"type":"string","description":"Identifier of the encryption configuration to use.","description_kind":"plain","optional":true,"computed":true},"file_name":{"type":"string","description":"The name of the generated file.","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A unique key for this multiplexed stream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"segment_settings":{"nesting_mode":"list","block":{"attributes":{"segment_duration":{"type":"string","description":"Duration of the segments in seconds. The default is '6.0s'.","description_kind":"plain","optional":true,"computed":true}},"description":"Segment settings for ts, fmp4 and vtt.","description_kind":"plain"},"max_items":1}},"description":"Multiplexing settings for output stream.","description_kind":"plain"}},"output":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"URI for the output file(s). For example, gs://my-bucket/outputs/.","description_kind":"plain","optional":true,"computed":true}},"description":"Location of output file(s) in a Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"overlays":{"nesting_mode":"list","block":{"block_types":{"animations":{"nesting_mode":"list","block":{"block_types":{"animation_fade":{"nesting_mode":"list","block":{"attributes":{"end_time_offset":{"type":"string","description":"The time to end the fade animation, in seconds.","description_kind":"plain","optional":true,"computed":true},"fade_type":{"type":"string","description":"Required. Type of fade animation: 'FADE_IN' or 'FADE_OUT'.\nThe possible values are:\n\n* 'FADE_TYPE_UNSPECIFIED': The fade type is not specified.\n\n* 'FADE_IN': Fade the overlay object into view.\n\n* 'FADE_OUT': Fade the overlay object out of view. Possible values: [\"FADE_TYPE_UNSPECIFIED\", \"FADE_IN\", \"FADE_OUT\"]","description_kind":"plain","required":true},"start_time_offset":{"type":"string","description":"The time to start the fade animation, in seconds.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"xy":{"nesting_mode":"list","block":{"attributes":{"x":{"type":"number","description":"Normalized x coordinate.","description_kind":"plain","optional":true,"computed":true},"y":{"type":"number","description":"Normalized y coordinate.","description_kind":"plain","optional":true,"computed":true}},"description":"Normalized coordinates based on output video resolution.","description_kind":"plain"},"max_items":1}},"description":"Display overlay object with fade animation.","description_kind":"plain"},"max_items":1}},"description":"List of animations. The list should be chronological, without any time overlap.","description_kind":"plain"}},"image":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"URI of the image in Cloud Storage. For example, gs://bucket/inputs/image.png.","description_kind":"plain","required":true}},"description":"Image overlay.","description_kind":"plain"},"max_items":1}},"description":"List of overlays on the output video, in descending Z-order.","description_kind":"plain"}},"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"The name of the Pub/Sub topic to publish job completion notification to. For example: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"description":"Pub/Sub destination.","description_kind":"plain"},"max_items":1}},"description":"The configuration for this template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_dataset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the dataset was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Dataset. This value is set by Google.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the dataset was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","optional":true}},"description":"Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_deployment_resource_pool":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of deployment resource pool. The maximum length is 63 characters, and valid characters are '/^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$/'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of deployment resource pool. eg us-central1","description_kind":"plain","optional":true}},"block_types":{"dedicated_resources":{"nesting_mode":"list","block":{"attributes":{"max_replica_count":{"type":"number","description":"The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, will use min_replica_count as the default value. The value of this field impacts the charge against Vertex CPU and GPU quotas. Specifically, you will be charged for max_replica_count * number of cores in the selected machine type) and (max_replica_count * number of GPUs per replica in the selected machine type).","description_kind":"plain","optional":true},"min_replica_count":{"type":"number","description":"The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1. If traffic against the DeployedModel increases, it may dynamically be deployed onto more replicas, and as traffic decreases, some of these extra replicas may be freed.","description_kind":"plain","required":true}},"block_types":{"autoscaling_metric_specs":{"nesting_mode":"list","block":{"attributes":{"metric_name":{"type":"string","description":"The resource metric name. Supported metrics: For Online Prediction: * 'aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle' * 'aiplatform.googleapis.com/prediction/online/cpu/utilization'","description_kind":"plain","required":true},"target":{"type":"number","description":"The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided.","description_kind":"plain","optional":true}},"description":"A list of the metric specifications that overrides a resource utilization metric.","description_kind":"plain"}},"machine_spec":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of accelerators to attach to the machine.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"The type of accelerator(s) that may be attached to the machine as per accelerator_count. See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType).","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The type of the machine. See the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types).","description_kind":"plain","optional":true}},"description":"The specification of a single machine used by the prediction","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The underlying dedicated resources that the deployment resource pool uses.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was created.","description_kind":"plain","computed":true},"dedicated_endpoint_dns":{"type":"string","description":"Output only. DNS of the dedicated endpoint. Will only be populated if dedicatedEndpointEnabled is true. Format: 'https://{endpointId}.{region}-{projectNumber}.prediction.vertexai.goog'.","description_kind":"plain","computed":true},"dedicated_endpoint_enabled":{"type":"bool","description":"If true, the endpoint will be exposed through a dedicated DNS [Endpoint.dedicated_endpoint_dns]. Your request to the dedicated DNS will be isolated from other users' traffic and will have better performance and reliability. Note: Once you enabled dedicated endpoint, you won't be able to send request to the shared DNS {region}-aiplatform.googleapis.com. The limitation will be removed soon.","description_kind":"plain","optional":true},"deployed_models":{"type":["list",["object",{"automatic_resources":["list",["object",{"max_replica_count":"number","min_replica_count":"number"}]],"create_time":"string","dedicated_resources":["list",["object",{"autoscaling_metric_specs":["list",["object",{"metric_name":"string","target":"number"}]],"machine_spec":["list",["object",{"accelerator_count":"number","accelerator_type":"string","machine_type":"string"}]],"max_replica_count":"number","min_replica_count":"number"}]],"display_name":"string","enable_access_logging":"bool","enable_container_logging":"bool","id":"string","model":"string","model_version_id":"string","private_endpoints":["list",["object",{"explain_http_uri":"string","health_http_uri":"string","predict_http_uri":"string","service_attachment":"string"}]],"service_account":"string","shared_resources":"string"}]],"description":"Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/).","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Endpoint.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates. If not set, a blind \"overwrite\" update happens.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"model_deployment_monitoring_job":{"type":"string","description":"Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: 'projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}'","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits.","description_kind":"plain","required":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. Where '{project}' is a project number, as in '12345', and '{network}' is network name. Only one of the fields, 'network' or 'privateServiceConnectConfig', can be set.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic_split":{"type":"string","description":"A map from a DeployedModel's id to the percentage of this Endpoint's traffic that should be forwarded to that DeployedModel.\nIf a DeployedModel's id is not listed in this map, then it receives no traffic.\nThe traffic percentage values must add up to 100, or map must be empty if the Endpoint is to not accept any traffic at a moment. See\nthe 'deployModel' [example](https://cloud.google.com/vertex-ai/docs/general/deployment#deploy_a_model_to_an_endpoint) and\n[documentation](https://cloud.google.com/vertex-ai/docs/reference/rest/v1beta1/projects.locations.endpoints/deployModel) for more information.\n\n~\u003e **Note:** To set the map to empty, set '\"{}\"', apply, and then remove the field from your config.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was last updated.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: 'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key.","description_kind":"plain"},"max_items":1},"predict_request_response_logging_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If logging is enabled or not.","description_kind":"plain","optional":true},"sampling_rate":{"type":"number","description":"Percentage of requests to be logged, expressed as a fraction in range(0,1]","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"output_uri":{"type":"string","description":"BigQuery URI to a project or table, up to 2000 characters long. When only the project is specified, the Dataset and Table is created. When the full table reference is specified, the Dataset must exist and table must not exist. Accepted forms: - BigQuery path. For example: 'bq://projectId' or 'bq://projectId.bqDatasetId' or 'bq://projectId.bqDatasetId.bqTableId'.","description_kind":"plain","optional":true}},"description":"BigQuery table for logging. If only given a project, a new dataset will be created with name 'logging_\u003cendpoint-display-name\u003e_\u003cendpoint-id\u003e' where will be made BigQuery-dataset-name compatible (e.g. most special characters will become underscores). If no table name is given, a new table will be created with name 'request_response_logging'","description_kind":"plain"},"max_items":1}},"description":"Configures the request-response logging for online prediction.","description_kind":"plain"},"max_items":1},"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"Required. If true, expose the IndexEndpoint via private service connect.","description_kind":"plain","required":true},"enable_secure_private_service_connect":{"type":"bool","description":"If set to true, enable secure private service connect with IAM authorization. Otherwise, private service connect will be done without authorization. Note latency will be slightly increased if authorization is enabled.","description_kind":"plain","optional":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Configuration for private service connect. 'network' and 'privateServiceConnectConfig' are mutually exclusive.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature group. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. If not provided defaults to entityId.","description_kind":"plain","optional":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"input_uri":{"type":"string","description":"BigQuery URI to a table, up to 2000 characters long. For example: 'bq://projectId.bqDatasetId.bqTableId.'","description_kind":"plain","required":true}},"description":"The BigQuery source URI that points to either a BigQuery Table or View.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Indicates that features for this group come from BigQuery Table/View. By default treats the source as a sparse time series source, which is required to have an entityId and a feature_timestamp column in the source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_group":{"type":"string","description":"The name of the Feature Group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group Feature.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the feature group's region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"version_column_name":{"type":"string","description":"The name of the BigQuery Table/View column hosting data for this version. If no value is provided, will use featureId.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the feature online store was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any FeatureViews and Features for this FeatureOnlineStore will also be deleted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your feature online stores.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Online Store. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature online store. eg us-central1","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Feature Online Store. See the possible states in [this link](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores#state).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the feature online store was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"bigtable":{"nesting_mode":"list","block":{"block_types":{"auto_scaling":{"nesting_mode":"list","block":{"attributes":{"cpu_utilization_target":{"type":"number","description":"A percentage of the cluster's CPU capacity. Can be from 10% to 80%. When a cluster's CPU utilization exceeds the target that you have set, Bigtable immediately adds nodes to the cluster. When CPU utilization is substantially lower than the target, Bigtable removes nodes. If not set will default to 50%.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than or equal to minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Autoscaling config applied to Bigtable Instance.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for Cloud Bigtable instance that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"dedicated_serving_endpoint":{"nesting_mode":"list","block":{"attributes":{"public_endpoint_domain_name":{"type":"string","description":"Domain name to use for this FeatureOnlineStore","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Name of the service attachment resource. Applicable only if private service connect is enabled and after FeatureViewSync is created.","description_kind":"plain","computed":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"If set to true, customers will use private service connection to send request. Otherwise, the connection will set to public endpoint.","description_kind":"plain","required":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Private service connect config.","description_kind":"plain"},"max_items":1}},"description":"The dedicated serving endpoint for this FeatureOnlineStore, which is different from common vertex service endpoint. Only need to be set when you choose Optimized storage type or enable EmbeddingManagement. Will use public endpoint by default.","description_kind":"plain"},"max_items":1},"optimized":{"nesting_mode":"list","block":{"description":"Settings for the Optimized store that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store_featureview":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_online_store":{"type":"string","description":"The name of the FeatureOnlineStore to use for the featureview.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this FeatureView.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the FeatureView. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the featureonlinestore region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Start by supporting 1 only.","description_kind":"plain","required":true},"uri":{"type":"string","description":"The BigQuery view URI that will be materialized on each sync trigger based on FeatureView.SyncConfig.","description_kind":"plain","required":true}},"description":"Configures how data is supposed to be extracted from a BigQuery source to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"feature_registry_source":{"nesting_mode":"list","block":{"attributes":{"project_number":{"type":"string","description":"The project number of the parent project of the feature Groups.","description_kind":"plain","optional":true}},"block_types":{"feature_groups":{"nesting_mode":"list","block":{"attributes":{"feature_group_id":{"type":"string","description":"Identifier of the feature group.","description_kind":"plain","required":true},"feature_ids":{"type":["list","string"],"description":"Identifiers of features under the feature group.","description_kind":"plain","required":true}},"description":"List of features that need to be synced to Online Store.","description_kind":"plain"},"min_items":1}},"description":"Configures the features from a Feature Registry source that need to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"sync_config":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) to launch scheduled runs.\nTo explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or \"TZ=${IANA_TIME_ZONE}\".","description_kind":"plain","optional":true,"computed":true}},"description":"Configures when data is to be synced/updated for this FeatureView. At the end of the sync the latest featureValues for each entityId of this FeatureView are made ready for online serving.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any EntityTypes and Features for this Featurestore will also be deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Featurestore.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"If set, both of the online and offline data storage will be secured by this key.","description_kind":"plain"},"max_items":1},"online_serving_config":{"nesting_mode":"list","block":{"attributes":{"fixed_node_count":{"type":"number","description":"The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating.","description_kind":"plain","optional":true}},"block_types":{"scaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other.","description_kind":"plain"},"max_items":1}},"description":"Config for online serving resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the EntityType.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"featurestore":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this EntityType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the EntityType.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"categorical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING).","description_kind":"plain"},"max_items":1},"import_features_analysis":{"nesting_mode":"list","block":{"attributes":{"anomaly_detection_baseline":{"type":"string","description":"Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below:\n* LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics.\n* MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists.\n* PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below:\n* DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled.\n* ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it.\n* DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it.","description_kind":"plain","optional":true}},"description":"The config for ImportFeatures Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1},"numerical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64).","description_kind":"plain"},"max_items":1},"snapshot_analysis":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it.","description_kind":"plain","optional":true},"monitoring_interval_days":{"type":"number","description":"Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1.\nIf both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used.","description_kind":"plain","optional":true},"staleness_days":{"type":"number","description":"Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days.","description_kind":"plain","optional":true}},"description":"The config for Snapshot Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1}},"description":"The default monitoring configuration for all Features under this EntityType.\n\nIf this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the entity type was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the feature.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitytype":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the feature.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the feature","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the entity type was most recently updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"value_type":{"type":"string","description":"Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"contents_delta_uri":{"type":"string","description":"Allows inserting, updating or deleting the contents of the Matching Engine Index.\nThe string must be a valid Cloud Storage directory path. If this\nfield is set when calling IndexService.UpdateIndex, then no other\nIndex field can be also updated as part of the same call.\nThe expected structure and format of the files this URI points to is\ndescribed at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format","description_kind":"plain","optional":true},"is_complete_overwrite":{"type":"bool","description":"If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex,\nthen existing content of the Index will be replaced by the data from the contentsDeltaUri.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"approximate_neighbors_count":{"type":"number","description":"The default number of neighbors to find via approximate search before exact reordering is\nperformed. Exact reordering is a procedure where results returned by an\napproximate search algorithm are reordered via a more expensive distance computation.\nRequired if tree-AH algorithm is used.","description_kind":"plain","optional":true},"dimensions":{"type":"number","description":"The number of dimensions of the input vectors.","description_kind":"plain","required":true},"distance_measure_type":{"type":"string","description":"The distance measure used in nearest neighbor search. The value must be one of the followings:\n* SQUARED_L2_DISTANCE: Euclidean (L_2) Distance\n* L1_DISTANCE: Manhattan (L_1) Distance\n* COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity.\n* DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product","description_kind":"plain","optional":true},"feature_norm_type":{"type":"string","description":"Type of normalization to be carried out on each vector. The value must be one of the followings:\n* UNIT_L2_NORM: Unit L2 normalization type\n* NONE: No normalization type is specified.","description_kind":"plain","optional":true},"shard_size":{"type":"string","description":"Index data is split into equal parts to be processed. These are called \"shards\".\nThe shard size must be specified when creating an index. The value must be one of the followings:\n* SHARD_SIZE_SMALL: Small (2GB)\n* SHARD_SIZE_MEDIUM: Medium (20GB)\n* SHARD_SIZE_LARGE: Large (50GB)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"algorithm_config":{"nesting_mode":"list","block":{"block_types":{"brute_force_config":{"nesting_mode":"list","block":{"description":"Configuration options for using brute force search, which simply implements the\nstandard linear search in the database for each query.","description_kind":"plain"},"max_items":1},"tree_ah_config":{"nesting_mode":"list","block":{"attributes":{"leaf_node_embedding_count":{"type":"number","description":"Number of embeddings on each leaf node. The default value is 1000 if not set.","description_kind":"plain","optional":true},"leaf_nodes_to_search_percent":{"type":"number","description":"The default percentage of leaf nodes that any query may be searched. Must be in\nrange 1-100, inclusive. The default value is 10 (means 10%) if not set.","description_kind":"plain","optional":true}},"description":"Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing).\nPlease refer to this paper for more details: https://arxiv.org/abs/1908.10396","description_kind":"plain"},"max_items":1}},"description":"The configuration with regard to the algorithms used for efficient search.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the Matching Engine Index.","description_kind":"plain"},"max_items":1}},"description":"An additional information about the Index","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered.\nPrivate services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network.\n[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'.\nWhere '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_endpoint_domain_name":{"type":"string","description":"If publicEndpointEnabled is true, this field will be populated with the domain name to use for this index endpoint.","description_kind":"plain","computed":true},"public_endpoint_enabled":{"type":"bool","description":"If true, the deployed index will be accessible through public endpoint.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index endpoint. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"If set to true, the IndexEndpoint is created without private service access.","description_kind":"plain","required":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for private service connect. 'network' and 'privateServiceConnectConfig' are mutually exclusive.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint_deployed_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_index_id":{"type":"string","description":"The user specified ID of the DeployedIndex. The ID can be up to 128 characters long and must start with a letter and only contain letters, numbers, and underscores. The ID must be unique within the project it is created in.","description_kind":"plain","required":true},"deployment_group":{"type":"string","description":"The deployment group can be no longer than 64 characters (eg: 'test', 'prod'). If not set, we will use the 'default' deployment group.\nCreating deployment_groups with reserved_ip_ranges is a recommended practice when the peered network has multiple peering ranges. This creates your deployments from predictable IP spaces for easier traffic administration. Also, one deployment_group (except 'default') can only be used with the same reserved_ip_ranges which means if the deployment_group has been used with reserved_ip_ranges: [a, b, c], using it with [a, b] or [d, e] is disallowed. [See the official documentation here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints#DeployedIndex.FIELDS.deployment_group).\nNote: we only support up to 5 deployment groups (not including 'default').","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","optional":true},"enable_access_logging":{"type":"bool","description":"If true, private endpoint's access logs are sent to Cloud Logging.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index":{"type":"string","description":"The name of the Index this is the deployment of.","description_kind":"plain","required":true},"index_endpoint":{"type":"string","description":"Identifies the index endpoint. Must be in the format\n'projects/{{project}}/locations/{{region}}/indexEndpoints/{{indexEndpoint}}'","description_kind":"plain","required":true},"index_sync_time":{"type":"string","description":"The DeployedIndex may depend on various data on its original Index. Additionally when certain changes to the original Index are being done (e.g. when what the Index contains is being changed) the DeployedIndex may be asynchronously updated in the background to reflect these changes. If this timestamp's value is at least the [Index.update_time](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexes#Index.FIELDS.update_time) of the original Index, it means that this DeployedIndex and the original Index are in sync. If this timestamp is older, then to see which updates this DeployedIndex already contains (and which it does not), one must [list](https://cloud.google.com/vertex-ai/docs/reference/rest/v1beta1/projects.locations.operations/list#google.longrunning.Operations.ListOperations) the operations that are running on the original Index. Only the successfully completed Operations with updateTime equal or before this sync time are contained in this DeployedIndex.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the DeployedIndex resource.","description_kind":"plain","computed":true},"private_endpoints":{"type":["list",["object",{"match_grpc_address":"string","psc_automated_endpoints":["list",["object",{"match_address":"string","network":"string","project_id":"string"}]],"service_attachment":"string"}]],"description":"Provides paths for users to send requests directly to the deployed index services running on Cloud via private services access. This field is populated if [network](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints#IndexEndpoint.FIELDS.network) is configured.","description_kind":"plain","computed":true},"reserved_ip_ranges":{"type":["list","string"],"description":"A list of reserved ip ranges under the VPC network that can be used for this DeployedIndex.\nIf set, we will deploy the index within the provided ip ranges. Otherwise, the index might be deployed to any ip ranges under the provided VPC network.\n\nThe value should be the name of the address (https://cloud.google.com/compute/docs/reference/rest/v1/addresses) Example: ['vertex-ai-ip-range'].\n\nFor more information about subnets and network IP ranges, please see https://cloud.google.com/vpc/docs/subnets#manually_created_subnet_ip_ranges.","description_kind":"plain","optional":true}},"block_types":{"automatic_resources":{"nesting_mode":"list","block":{"attributes":{"max_replica_count":{"type":"number","description":"The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If maxReplicaCount is not set, the default value is minReplicaCount. The max allowed replica count is 1000.\n\nThe maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, a no upper bound for scaling under heavy traffic will be assume, though Vertex AI may be unable to scale beyond certain replica number.","description_kind":"plain","optional":true,"computed":true},"min_replica_count":{"type":"number","description":"The minimum number of replicas this DeployedModel will be always deployed on. If minReplicaCount is not set, the default value is 2 (we don't provide SLA when minReplicaCount=1).\n\nIf traffic against it increases, it may dynamically be deployed onto more replicas up to [maxReplicaCount](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/AutomaticResources#FIELDS.max_replica_count), and as traffic decreases, some of these extra replicas may be freed. If the requested value is too large, the deployment will error.","description_kind":"plain","optional":true,"computed":true}},"description":"A description of resources that the DeployedIndex uses, which to large degree are decided by Vertex AI, and optionally allows only a modest additional configuration.","description_kind":"plain"},"max_items":1},"dedicated_resources":{"nesting_mode":"list","block":{"attributes":{"max_replica_count":{"type":"number","description":"The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If maxReplicaCount is not set, the default value is minReplicaCount","description_kind":"plain","optional":true,"computed":true},"min_replica_count":{"type":"number","description":"The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1.","description_kind":"plain","required":true}},"block_types":{"machine_spec":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The type of the machine.\n\nSee the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types)\n\nSee the [list of machine types supported for custom training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types).\n\nFor [DeployedModel](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.endpoints#DeployedModel) this field is optional, and the default value is n1-standard-2. For [BatchPredictionJob](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.batchPredictionJobs#BatchPredictionJob) or as part of [WorkerPoolSpec](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/CustomJobSpec#WorkerPoolSpec) this field is required.","description_kind":"plain","optional":true}},"description":"The minimum number of replicas this DeployedModel will be always deployed on.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A description of resources that are dedicated to the DeployedIndex, and that need a higher degree of manual configuration. The field minReplicaCount must be set to a value strictly greater than 0, or else validation will fail. We don't provide SLA when minReplicaCount=1. If maxReplicaCount is not set, the default value is minReplicaCount. The max allowed replica count is 1000.\n\nAvailable machine types for SMALL shard: e2-standard-2 and all machine types available for MEDIUM and LARGE shard.\n\nAvailable machine types for MEDIUM shard: e2-standard-16 and all machine types available for LARGE shard.\n\nAvailable machine types for LARGE shard: e2-highmem-16, n2d-standard-32.\n\nn1-standard-16 and n1-standard-32 are still available, but we recommend e2-standard-16 and e2-highmem-16 for cost efficiency.","description_kind":"plain"},"max_items":1},"deployed_index_auth_config":{"nesting_mode":"list","block":{"block_types":{"auth_provider":{"nesting_mode":"list","block":{"attributes":{"allowed_issuers":{"type":["list","string"],"description":"A list of allowed JWT issuers. Each entry must be a valid Google service account, in the following format: service-account-name@project-id.iam.gserviceaccount.com","description_kind":"plain","optional":true},"audiences":{"type":["list","string"],"description":"The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted.","description_kind":"plain","optional":true}},"description":"Defines the authentication provider that the DeployedIndex uses.","description_kind":"plain"},"max_items":1}},"description":"If set, the authentication is enabled for the private endpoint.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_tensorboard":{"version":0,"block":{"attributes":{"blob_storage_path_prefix":{"type":"string","description":"Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp of when the Tensorboard was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this Tensorboard.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User provided name of this Tensorboard.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Tensorboards.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Tensorboard.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tensorboard. eg us-central1","description_kind":"plain","optional":true,"computed":true},"run_count":{"type":"string","description":"The number of Runs stored in this Tensorboard.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Tensorboard was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"block_types":{"autoscaling_settings":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The minimum duration between consecutive autoscale operations.\nIt starts once addition or removal of nodes is fully completed.\nMinimum cool down period is 30m.\nCool down period must be in whole minutes (for example, 30m, 31m, 50m).\nMandatory for successful addition of autoscaling settings in cluster.","description_kind":"plain","optional":true},"max_cluster_node_count":{"type":"number","description":"Maximum number of nodes of any type in a cluster.\nMandatory for successful addition of autoscaling settings in cluster.","description_kind":"plain","optional":true},"min_cluster_node_count":{"type":"number","description":"Minimum number of nodes of any type in a cluster.\nMandatory for successful addition of autoscaling settings in cluster.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_policies":{"nesting_mode":"set","block":{"attributes":{"autoscale_policy_id":{"type":"string","description_kind":"plain","required":true},"node_type_id":{"type":"string","description":"The canonical identifier of the node type to add or remove.","description_kind":"plain","required":true},"scale_out_size":{"type":"number","description":"Number of nodes to add to a cluster during a scale-out operation.\nMust be divisible by 2 for stretched clusters.","description_kind":"plain","required":true}},"block_types":{"consumed_memory_thresholds":{"nesting_mode":"list","block":{"attributes":{"scale_in":{"type":"number","description":"The utilization triggering the scale-in operation in percent.","description_kind":"plain","required":true},"scale_out":{"type":"number","description":"The utilization triggering the scale-out operation in percent.","description_kind":"plain","required":true}},"description":"Utilization thresholds pertaining to amount of consumed memory.","description_kind":"plain"},"max_items":1},"cpu_thresholds":{"nesting_mode":"list","block":{"attributes":{"scale_in":{"type":"number","description":"The utilization triggering the scale-in operation in percent.","description_kind":"plain","required":true},"scale_out":{"type":"number","description":"The utilization triggering the scale-out operation in percent.","description_kind":"plain","required":true}},"description":"Utilization thresholds pertaining to CPU utilization.","description_kind":"plain"},"max_items":1},"storage_thresholds":{"nesting_mode":"list","block":{"attributes":{"scale_in":{"type":"number","description":"The utilization triggering the scale-in operation in percent.","description_kind":"plain","required":true},"scale_out":{"type":"number","description":"The utilization triggering the scale-out operation in percent.","description_kind":"plain","required":true}},"description":"Utilization thresholds pertaining to amount of consumed storage.","description_kind":"plain"},"max_items":1}},"description":"The map with autoscaling policies applied to the cluster.\nThe key is the identifier of the policy.\nIt must meet the following requirements:\n * Only contains 1-63 alphanumeric characters and hyphens\n * Begins with an alphabetical character\n * Ends with a non-hyphen character\n * Not formatted as a UUID\n * Complies with [RFC 1034](https://datatracker.ietf.org/doc/html/rfc1034) (section 3.5)\n\nCurrently the map must contain only one element\nthat describes the autoscaling policy for compute nodes.","description_kind":"plain"},"min_items":1}},"description":"Configuration of the autoscaling applied to this cluster","description_kind":"plain"},"max_items":1},"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nOnce the customer is created then corecount cannot be changed.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","optional":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","required":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"destination_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"external_address":{"type":"string","description":"The name of an 'ExternalAddress' resource.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain"},"min_items":1},"source_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"A single IP address.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","optional":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","optional":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","optional":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","required":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","optional":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"external_ip":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain"},"max_items":1},"internet_access":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"deletion_delay_hours":{"type":"number","description":"The number of hours to delay this request. You can set this value to an hour between 0 to 8, where setting it to 0 starts the deletion request immediately. If no value is set, a default value is set at the API Level.","description_kind":"plain","optional":true},"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","optional":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"send_deletion_delay_hours_if_zero":{"type":"bool","description":"While set true, deletion_delay_hours value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the deletion_delay_hours field. It can be used both alone and together with deletion_delay_hours.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\", \"STRETCHED\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"block_types":{"management_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The user-provided identifier of the new Cluster. The identifier must meet the following requirements:\n * Only contains 1-63 alphanumeric characters and hyphens\n * Begins with an alphabetical character\n * Ends with a non-hyphen character\n * Not formatted as a UUID\n * Complies with RFC 1034 (https://datatracker.ietf.org/doc/html/rfc1034) (section 3.5)","description_kind":"plain","required":true}},"block_types":{"autoscaling_settings":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The minimum duration between consecutive autoscale operations.\nIt starts once addition or removal of nodes is fully completed.\nMinimum cool down period is 30m.\nCool down period must be in whole minutes (for example, 30m, 31m, 50m).\nMandatory for successful addition of autoscaling settings in cluster.","description_kind":"plain","optional":true},"max_cluster_node_count":{"type":"number","description":"Maximum number of nodes of any type in a cluster.\nMandatory for successful addition of autoscaling settings in cluster.","description_kind":"plain","optional":true},"min_cluster_node_count":{"type":"number","description":"Minimum number of nodes of any type in a cluster.\nMandatory for successful addition of autoscaling settings in cluster.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_policies":{"nesting_mode":"set","block":{"attributes":{"autoscale_policy_id":{"type":"string","description_kind":"plain","required":true},"node_type_id":{"type":"string","description":"The canonical identifier of the node type to add or remove.","description_kind":"plain","required":true},"scale_out_size":{"type":"number","description":"Number of nodes to add to a cluster during a scale-out operation.\nMust be divisible by 2 for stretched clusters.","description_kind":"plain","required":true}},"block_types":{"consumed_memory_thresholds":{"nesting_mode":"list","block":{"attributes":{"scale_in":{"type":"number","description":"The utilization triggering the scale-in operation in percent.","description_kind":"plain","required":true},"scale_out":{"type":"number","description":"The utilization triggering the scale-out operation in percent.","description_kind":"plain","required":true}},"description":"Utilization thresholds pertaining to amount of consumed memory.","description_kind":"plain"},"max_items":1},"cpu_thresholds":{"nesting_mode":"list","block":{"attributes":{"scale_in":{"type":"number","description":"The utilization triggering the scale-in operation in percent.","description_kind":"plain","required":true},"scale_out":{"type":"number","description":"The utilization triggering the scale-out operation in percent.","description_kind":"plain","required":true}},"description":"Utilization thresholds pertaining to CPU utilization.","description_kind":"plain"},"max_items":1},"storage_thresholds":{"nesting_mode":"list","block":{"attributes":{"scale_in":{"type":"number","description":"The utilization triggering the scale-in operation in percent.","description_kind":"plain","required":true},"scale_out":{"type":"number","description":"The utilization triggering the scale-out operation in percent.","description_kind":"plain","required":true}},"description":"Utilization thresholds pertaining to amount of consumed storage.","description_kind":"plain"},"max_items":1}},"description":"The map with autoscaling policies applied to the cluster.\nThe key is the identifier of the policy.\nIt must meet the following requirements:\n * Only contains 1-63 alphanumeric characters and hyphens\n * Begins with an alphabetical character\n * Ends with a non-hyphen character\n * Not formatted as a UUID\n * Complies with [RFC 1034](https://datatracker.ietf.org/doc/html/rfc1034) (section 3.5)\n\nCurrently the map must contain only one element\nthat describes the autoscaling policy for compute nodes.","description_kind":"plain"},"min_items":1}},"description":"Configuration of the autoscaling applied to this cluster\nPrivate cloud must have a minimum of 3 nodes to add autoscale settings","description_kind":"plain"},"max_items":1},"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nThis cannot be changed once the PrivateCloud is created.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"stretched_cluster_config":{"nesting_mode":"list","block":{"attributes":{"preferred_location":{"type":"string","description":"Zone that will remain operational when connection between the two zones is lost.","description_kind":"plain","optional":true},"secondary_location":{"type":"string","description":"Additional zone for a higher level of availability and load balancing.","description_kind":"plain","optional":true}},"description":"The stretched cluster configuration for the private cloud.","description_kind":"plain"},"max_items":1}},"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain"},"min_items":1,"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"dns_server_ip":{"type":"string","description":"DNS Server IP of the Private Cloud.","description_kind":"plain","computed":true},"management_cidr":{"type":"string","description":"Management CIDR used by VMware management appliances.","description_kind":"plain","required":true},"management_ip_address_layout_version":{"type":"number","description":"The IP address layout version of the management IP address range.\nPossible versions include:\n* managementIpAddressLayoutVersion=1: Indicates the legacy IP address layout used by some existing private clouds. This is no longer supported for new private clouds\nas it does not support all features.\n* managementIpAddressLayoutVersion=2: Indicates the latest IP address layout\nused by all newly created private clouds. This version supports all current features.","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network attached to the private cloud.\nSpecify the name in the following form: projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}\nwhere {project} can either be a project number or a project ID.","description_kind":"plain","optional":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in\nthe form: projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be\nhigher than the value specified by min_instances.","description_kind":"plain","optional":true,"computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300. Refers to the expected throughput\nwhen using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by\nmin_throughput. Only one of 'max_throughput' and 'max_instances' can be specified. The use of max_throughput is discouraged in favor of max_instances.","description_kind":"plain","optional":true,"computed":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be\nlower than the value specified by max_instances.","description_kind":"plain","optional":true,"computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type.\nValue must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput.\nOnly one of 'min_throughput' and 'min_instances' can be specified. The use of min_throughput is discouraged in favor of min_instances.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true}},"block_types":{"subnet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is\nhttps://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}\"","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued.","description_kind":"plain","optional":true,"computed":true}},"description":"The subnet in which to house the connector","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Output only. Email address of entity that sent original CreateInstance request.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the Workbench Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disable_proxy_access":{"type":"bool","description":"Optional. If true, the workbench instance will not register with the proxy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_info":{"type":["list",["object",{}]],"description":"'Output only. Additional information about instance health. Example:\nhealthInfo\": { \"docker_proxy_agent_status\": \"1\", \"docker_status\": \"1\", \"jupyterlab_api_status\":\n\"-1\", \"jupyterlab_status\": \"-1\", \"updated\": \"2020-10-18 09:40:03.573409\" }'","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"Output only. Instance health_state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Required. User-defined unique ID of this instance.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"'Optional. Input only. The owner of this instance after creation. Format:\n'alias@example.com' Currently supports one owner only. If not specified, all of\nthe service account users of your VM instance''s service account can use the instance.\nIf specified, sets the access mode to 'Single user'. For more details, see\nhttps://cloud.google.com/vertex-ai/docs/workbench/instances/manage-access-jupyterlab'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Optional. Labels to apply to this instance. These can be later modified\nby the UpdateInstance method.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this workbench instance. Format: 'projects/{project_id}/locations/{location}/instances/{instance_id}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"Output only. The proxy endpoint that is used to access the Jupyter notebook.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of this instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"upgrade_history":{"type":["list",["object",{"action":"string","container_image":"string","create_time":"string","framework":"string","snapshot":"string","state":"string","target_version":"string","version":"string","vm_image":"string"}]],"description":"Output only. The upgrade history of this instance.","description_kind":"plain","computed":true}},"block_types":{"gce_setup":{"nesting_mode":"list","block":{"attributes":{"disable_public_ip":{"type":"bool","description":"Optional. If true, no external IP will be assigned to this VM instance.","description_kind":"plain","optional":true,"computed":true},"enable_ip_forwarding":{"type":"bool","description":"Optional. Flag to enable ip forwarding or not, default false/off.\nhttps://cloud.google.com/vpc/docs/using-routes#canipforward","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Optional. Custom metadata to apply to this instance.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Optional. The Compute Engine tags to add to instance (see [Tagging\ninstances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_configs":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"string","description":"Optional. Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Optional. Type of this accelerator. Possible values: [\"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_A100\", \"NVIDIA_A100_80GB\", \"NVIDIA_L4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\"]","description_kind":"plain","optional":true}},"description":"The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has\n[enough vCPUs and memory to support the 'machine_type' you have selected](https://cloud.google.com/compute/docs/gpus/#gpus-list).\nCurrently supports only one accelerator configuration.","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot and\ndata disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to the\nrecommended value of 150GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks, only\napplicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"The definition of a boot disk.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the workbench instance.","description_kind":"plain"},"max_items":1},"data_disks":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot\nand data disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the disk in GB attached to this VM instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to\n100.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Input only. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks,\nonly applicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"Data disks attached to the VM instance. Currently supports only one data disk.","description_kind":"plain"},"max_items":1},"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Optional. The name of the VPC that this VM instance is in.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"Optional. The type of vNIC to be used on this interface. This\nmay be gVNIC or VirtioNet. Possible values: [\"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"Optional. The name of the subnet that this VM instance is in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_configs":{"nesting_mode":"list","block":{"attributes":{"external_ip":{"type":"string","description":"An external IP address associated with this instance. Specify an unused\nstatic external IP address available to the project or leave this field\nundefined to use an IP from a shared ephemeral IP address pool. If you\nspecify a static external IP address, it must live in the same region as\nthe zone of the instance.","description_kind":"plain","required":true}},"description":"Optional. An array of configurations for this interface. Currently, only one access\nconfig, ONE_TO_ONE_NAT, is supported. If no accessConfigs specified, the\ninstance will have an external internet access through an ephemeral\nexternal IP address.","description_kind":"plain"}}},"description":"The network interfaces for the VM. Supports only one interface.","description_kind":"plain"}},"service_accounts":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Optional. Email address of the service account.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["list","string"],"description":"Output only. The list of scopes to be made available for this\nservice account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform","description_kind":"plain","computed":true}},"description":"The service account that serves as an identity for the VM instance. Currently supports only one service account.","description_kind":"plain"}},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether the VM instance has integrity monitoring\nenabled. Enables monitoring and attestation of the boot integrity of the VM\ninstance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image\nwhen the VM instance is created. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the VM instance has Secure Boot enabled.\nSecure Boot helps ensure that the system only runs authentic software by verifying\nthe digital signature of all boot components, and halting the boot process\nif signature verification fails. Disabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the VM instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. See [Images using supported Shielded\nVM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).\nNot all combinations are valid.","description_kind":"plain"},"max_items":1},"vm_image":{"nesting_mode":"list","block":{"attributes":{"family":{"type":"string","description":"Optional. Use this VM image family to find the image; the newest\nimage in this family will be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Optional. Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: {project_id}","description_kind":"plain","optional":true}},"description":"Definition of a custom Compute Engine virtual machine image for starting\na workbench instance with the environment installed directly on the VM.","description_kind":"plain"},"max_items":1}},"description":"The definition of how to configure a VM instance outside of Resources and Identity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_workflows_workflow":{"version":1,"block":{"attributes":{"call_log_level":{"type":"string","description":"Describes the level of platform logging to apply to calls and call responses during\nexecutions of this workflow. If both the workflow and the execution specify a logging level,\nthe execution level takes precedence. Possible values: [\"CALL_LOG_LEVEL_UNSPECIFIED\", \"LOG_ALL_CALLS\", \"LOG_ERRORS_ONLY\", \"LOG_NONE\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp of when the workflow was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"The KMS key used to encrypt workflow and execution data.\n\nFormat: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the workflow. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the workflow,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the workflow will fail.\nWhen the field is set to false, deleting the workflow is allowed.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the workflow provided by the user. Must be at most 1000 unicode characters long.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Workflow.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the workflow.","description_kind":"plain","optional":true},"revision_id":{"type":"string","description":"The revision of the workflow. A new one is generated if the service account or source contents is changed.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"Name of the service account associated with the latest workflow version. This service\naccount represents the identity of the workflow and determines what permissions the workflow has.\nFormat: projects/{project}/serviceAccounts/{account} or {account}.\nUsing - as a wildcard for the {project} or not providing one at all will infer the project from the account.\nThe {account} value can be the email address or the unique_id of the service account.\nIf not provided, workflow will use the project's default service account.\nModifying this field for an existing workflow results in a new workflow revision.","description_kind":"plain","optional":true,"computed":true},"source_contents":{"type":"string","description":"Workflow code to be executed. The size limit is 128KB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the workflow deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the workflow was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"user_env_vars":{"type":["map","string"],"description":"User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS\".","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"google_access_approval_folder_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"folder_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_access_approval_organization_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_approval_project_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_access_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"scopes":{"type":["list","string"],"description_kind":"plain","optional":true},"title":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_active_folder":{"version":0,"block":{"attributes":{"api_method":{"type":"string","description":"Provides the REST method through which to find the folder. LIST is recommended as it is strongly consistent.","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_alloydb_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list",["object",{"display_name":"string","labels":["map","string"],"location_id":"string","metadata":["map","string"],"name":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_alloydb_supported_database_flags":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"supported_database_flags":{"type":["list",["object",{"accepts_multiple_values":"bool","flag_name":"string","integer_restrictions":["list",["object",{"max_value":"string","min_value":"string"}]],"name":"string","requires_db_restart":"bool","string_restrictions":["list",["object",{"allowed_values":["list","string"]}]],"supported_db_versions":["list","string"],"value_type":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_app_engine_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apphub_application":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Required. The Application identifier.","description_kind":"plain","required":true},"attributes":{"type":["list",["object",{"business_owners":["list",["object",{"display_name":"string","email":"string"}]],"criticality":["list",["object",{"type":"string"}]],"developer_owners":["list",["object",{"display_name":"string","email":"string"}]],"environment":["list",["object",{"type":"string"}]],"operator_owners":["list",["object",{"display_name":"string","email":"string"}]]}]],"description":"Consumer provided attributes.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. User-defined description of an Application.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User-defined name for the Application.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"scope":{"type":["list",["object",{"type":"string"}]],"description":"Scope of an application.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Application state. \n Possible values:\n STATE_UNSPECIFIED\nCREATING\nACTIVE\nDELETING","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (in UUID4 format) for the 'Application'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apphub_discovered_service":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description_kind":"plain","computed":true},"service_reference":{"type":["list",["object",{"path":"string","uri":"string"}]],"description_kind":"plain","computed":true},"service_uri":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apphub_discovered_workload":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"workload_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description_kind":"plain","computed":true},"workload_reference":{"type":["list",["object",{"uri":"string"}]],"description_kind":"plain","computed":true},"workload_uri":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_artifact_registry_docker_image":{"version":0,"block":{"attributes":{"build_time":{"type":"string","description":"The time, as a RFC 3339 string, this image was built.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_name":{"type":"string","description":"The image name to fetch.","description_kind":"plain","required":true},"image_size_bytes":{"type":"string","description":"Calculated size of the image in bytes.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The region of the artifact registry repository. For example, \"us-west1\".","description_kind":"plain","required":true},"media_type":{"type":"string","description":"Media type of this image.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully qualified name of the fetched image.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"repository_id":{"type":"string","description":"The last part of the repository name to fetch from.","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI to access the image.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"All tags associated with the image.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time, as a RFC 3339 string, this image was updated.","description_kind":"plain","computed":true},"upload_time":{"type":"string","description":"The time, as a RFC 3339 string, the image was uploaded.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policies":{"type":["set",["object",{"action":"string","condition":["list",["object",{"newer_than":"string","older_than":"string","package_name_prefixes":["list","string"],"tag_prefixes":["list","string"],"tag_state":"string","version_name_prefixes":["list","string"]}]],"id":"string","most_recent_versions":["list",["object",{"keep_count":"number","package_name_prefixes":["list","string"]}]]}]],"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain","computed":true},"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","computed":true},"docker_config":{"type":["list",["object",{"immutable_tags":"bool"}]],"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are 'asia', 'europe', and 'us'.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\n[google_artifact_registry_locations](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/artifact_registry_locations)\ndata source for possible values.","description_kind":"plain","required":true},"maven_config":{"type":["list",["object",{"allow_snapshot_overwrites":"bool","version_policy":"string"}]],"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"remote_repository_config":{"type":["list",["object",{"apt_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]],"common_repository":["list",["object",{"uri":"string"}]],"description":"string","disable_upstream_validation":"bool","docker_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"maven_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"npm_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"python_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"upstream_credentials":["list",["object",{"username_password_credentials":["list",["object",{"password_secret_version":"string","username":"string"}]]}]],"yum_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]]}]],"description":"Configuration specific for a Remote Repository.","description_kind":"plain","computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true},"virtual_repository_config":{"type":["list",["object",{"upstream_policies":["list",["object",{"id":"string","priority":"number","repository":"string"}]]}]],"description":"Configuration specific for a Virtual Repository.","description_kind":"plain","computed":true},"vulnerability_scanning_config":{"type":["list",["object",{"enablement_config":"string","enablement_state":"string","enablement_state_reason":"string"}]],"description":"Configuration for vulnerability scanning of artifacts stored in this repository.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_backup_dr_backup":{"version":0,"block":{"attributes":{"backup_vault_id":{"type":"string","description_kind":"plain","required":true},"backups":{"type":["list",["object",{"backup_id":"string","backup_vault_id":"string","data_source_id":"string","location":"string","name":"string"}]],"description":"List of all backups under data source.","description_kind":"plain","computed":true},"data_source_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_backup_dr_backup_vault":{"version":0,"block":{"attributes":{"access_restriction":{"type":"string","description":"Access restriction for the backup vault. Default value is 'WITHIN_ORGANIZATION' if not provided during creation. Default value: \"WITHIN_ORGANIZATION\" Possible values: [\"ACCESS_RESTRICTION_UNSPECIFIED\", \"WITHIN_PROJECT\", \"WITHIN_ORGANIZATION\", \"UNRESTRICTED\", \"WITHIN_ORG_BUT_UNRESTRICTED_FOR_BA\"]","description_kind":"plain","computed":true},"allow_missing":{"type":"bool","description":"Allow idempotent deletion of backup vault. The request will still succeed in case the backup vault does not exist.","description_kind":"plain","computed":true},"annotations":{"type":["map","string"],"description":"Optional. User annotations. See https://google.aip.dev/128#annotations\nStores small amounts of arbitrary data. \n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"backup_count":{"type":"string","description":"Output only. The number of backups in this backup vault.","description_kind":"plain","computed":true},"backup_minimum_enforced_retention_duration":{"type":"string","description":"Required. The default and minimum enforced retention for each backup within the backup vault. The enforced retention for each backup can be extended.","description_kind":"plain","computed":true},"backup_vault_id":{"type":"string","description":"Required. ID of the requesting object.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time when the instance was created.","description_kind":"plain","computed":true},"deletable":{"type":"bool","description":"Output only. Set to true when there are no backups nested under this resource.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The description of the BackupVault instance (2048 characters or less).","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_time":{"type":"string","description":"Optional. Time after which the BackupVault resource is locked.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. Server specified ETag for the backup vault resource to prevent simultaneous updates from overwiting each other.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If set, the following restrictions against deletion of the backup vault instance can be overridden:\n * deletion of a backup vault instance containing no backups, but still containing empty datasources.\n * deletion of a backup vault instance that is being referenced by an active backup plan.","description_kind":"plain","computed":true},"force_update":{"type":"bool","description":"If set, allow update to extend the minimum enforced retention for backup vault. This overrides\n the restriction against conflicting retention periods. This conflict may occur when the\n expiration schedule defined by the associated backup plan is shorter than the minimum\n retention set by the backup vault.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_backup_plan_references":{"type":"bool","description":"If set, the following restrictions against deletion of the backup vault instance can be overridden:\n * deletion of a backup vault instance that is being referenced by an active backup plan.","description_kind":"plain","computed":true},"ignore_inactive_datasources":{"type":"bool","description":"If set, the following restrictions against deletion of the backup vault instance can be overridden:\n * deletion of a backup vault instance containing no backups, but still containing empty datasources.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Optional. Resource labels to represent user provided metadata. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The GCP location for the backup vault.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Identifier. The resource name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Output only. Service account used by the BackupVault Service for this BackupVault. The user should grant this account permissions in their workload project to enable the service to run backups and restores there.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The BackupVault resource instance state. \n Possible values:\n STATE_UNSPECIFIED\n CREATING\n ACTIVE\n DELETING\n ERROR","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"total_stored_bytes":{"type":"string","description":"Output only. Total size of the storage used by all backup resources.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Output only Immutable after resource creation until resource deletion.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the instance was updated.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_backup_dr_data_source":{"version":0,"block":{"attributes":{"backup_config_info":{"type":["list",["object",{"backup_appliance_backup_config":["list",["object",{"application_name":"string","backup_appliance_id":"string","backup_appliance_name":"string","host_name":"string","sla_id":"string","slp_name":"string","slt_name":"string"}]],"gcp_backup_config":["list",["object",{"backup_plan":"string","backup_plan_association":"string","backup_plan_description":"string","backup_plan_rules":["list","string"]}]],"last_backup_error":["map","string"],"last_backup_state":"string","last_successful_backup_consistency_time":"string"}]],"description":"Details of how the resource is configured for backup.","description_kind":"plain","computed":true},"backup_count":{"type":"string","description":"Number of backups in the data source.","description_kind":"plain","computed":true},"backup_vault_id":{"type":"string","description_kind":"plain","required":true},"config_state":{"type":"string","description":"The backup configuration state.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the instance was created.","description_kind":"plain","computed":true},"data_source_backup_appliance_application":{"type":["list",["object",{"appliance_id":"string","application_id":"string","application_name":"string","backup_appliance":"string","host_id":"string","hostname":"string","type":"string"}]],"description":"The backed up resource is a backup appliance application.","description_kind":"plain","computed":true},"data_source_gcp_resource":{"type":["list",["object",{"compute_instance_data_source_properties":["list",["object",{"description":"string","machine_type":"string","name":"string","total_disk_count":"string","total_disk_size_gb":"string"}]],"gcp_resourcename":"string","location":"string","type":"string"}]],"description":"The backed up resource is a Google Cloud resource.\n\t\t\tThe word 'DataSource' was included in the names to indicate that this is\n\t\t\tthe representation of the Google Cloud resource used within the\n\t\t\tDataSource object.","description_kind":"plain","computed":true},"data_source_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description":"Server specified ETag for the ManagementServer resource to prevent simultaneous updates from overwiting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.","description_kind":"plain","computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the datasource to create.\n\t\t\tIt must have the format \"projects/{project}/locations/{location}/backupVaults/{backupvault}/dataSources/{datasource}\".\n\t\t\t'{datasource}' cannot be changed after creation. It must be between 3-63 characters long and must be unique within the backup vault.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"state":{"type":"string","description":"The DataSource resource instance state.","description_kind":"plain","computed":true},"total_stored_bytes":{"type":"string","description":"The number of bytes (metadata and data) stored in this datasource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the instance was updated.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"application_endpoint":{"type":["list",["object",{"host":"string","port":"number"}]],"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain","computed":true},"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway":{"type":["list",["object",{"app_gateway":"string","ingress_port":"number","type":"string","uri":"string"}]],"description":"Gateway used by the AppConnection.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer\nto https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"principal_info":{"type":["list",["object",{"service_account":["list",["object",{"email":"string"}]]}]],"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","computed":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"access":{"type":["set",["object",{"condition":["list",["object",{"description":"string","expression":"string","location":"string","title":"string"}]],"dataset":["list",["object",{"dataset":["list",["object",{"dataset_id":"string","project_id":"string"}]],"target_types":["list","string"]}]],"domain":"string","group_by_email":"string","iam_member":"string","role":"string","routine":["list",["object",{"dataset_id":"string","project_id":"string","routine_id":"string"}]],"special_group":"string","user_by_email":"string","view":["list",["object",{"dataset_id":"string","project_id":"string","table_id":"string"}]]}]],"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain","computed":true},"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","computed":true},"default_encryption_configuration":{"type":["list",["object",{"kms_key_name":"string"}]],"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain","computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","computed":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","computed":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"external_dataset_reference":{"type":["list",["object",{"connection":"string","external_source":"string"}]],"description":"Information about the external metadata storage where the dataset is defined.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","computed":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"resource_tags":{"type":["map","string"],"description":"The tags attached to this table. Tag keys are globally unique. Tag key is expected to be\nin the namespaced format, for example \"123456789012/environment\" where 123456789012 is the\nID of the parent organization or project resource for this tag key. Tag value is expected\nto be the short name, for example \"Production\". See [Tag definitions](/iam/docs/tags-access-control#definitions)\nfor more details.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_default_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigquery_tables":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing the tables.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the dataset is located. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"tables":{"type":["list",["object",{"labels":["map","string"],"table_id":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lookup_projects":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"project_ids":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_certificate_manager_certificates":{"version":0,"block":{"attributes":{"certificates":{"type":["list",["object",{"description":"string","effective_labels":["map","string"],"labels":["map","string"],"location":"string","managed":["list",["object",{"authorization_attempt_info":["list",["object",{"details":"string","domain":"string","failure_reason":"string","state":"string"}]],"dns_authorizations":["list","string"],"domains":["list","string"],"issuance_config":"string","provisioning_issue":["list",["object",{"details":"string","reason":"string"}]],"state":"string"}]],"name":"string","project":"string","san_dnsnames":["list","string"],"scope":"string","terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_client_config":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"The OAuth2 access token used by the client to authenticate against the Google Cloud API.","description_kind":"markdown","computed":true,"sensitive":true},"default_labels":{"type":["map","string"],"description":"The default labels configured on the provider.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. It is created in a projects/{{project}}/regions/{{region}}/zones/{{zone}} format and is NOT used by the data source in requests to Google APIs.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project to apply any resources to.","description_kind":"markdown","computed":true},"region":{"type":"string","description":"The region to operate under.","description_kind":"markdown","computed":true},"zone":{"type":"string","description":"The zone to operate under.","description_kind":"markdown","computed":true}},"description":"Use this data source to access the configuration of the Google Cloud provider.","description_kind":"markdown"}},"google_client_openid_userinfo":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email of the account used by the provider to authenticate with GCP.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. Its value is the same as the `email` attribute. Do not use this field, use the `email` attribute instead.","description_kind":"markdown","computed":true}},"description":"Get OpenID userinfo about the credentials used with the Google provider, specifically the email.\nThis datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.\n\n~\u003e This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.","description_kind":"markdown"}},"google_cloud_asset_search_all_resources":{"version":0,"block":{"attributes":{"asset_types":{"type":["list","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query":{"type":"string","description_kind":"plain","optional":true},"results":{"type":["list",["object",{"asset_type":"string","create_time":"string","description":"string","display_name":"string","folders":["list","string"],"kms_keys":["list","string"],"labels":["map","string"],"location":"string","name":"string","network_tags":["list","string"],"organization":"string","parent_asset_type":"string","parent_full_resource_name":"string","project":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"scope":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_identity_group_lookup":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up Group.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity. For Google-managed entities, the id should be the email address of an existing group or user.\nFor external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements.\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group.\nIf specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source}.","description_kind":"plain","optional":true}},"description":"The EntityKey of the Group to lookup. A unique identifier for an entity in the Cloud Identity Groups API.\nAn entity can represent either a group with an optional namespace or a user without a namespace.\nThe combination of id and namespace must be unique; however, the same id can be used with different namespaces.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloud_identity_group_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"create_time":"string","group":"string","name":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"roles":["set",["object",{"expiry_detail":["list",["object",{"expire_time":"string"}]],"name":"string"}]],"type":"string","update_time":"string"}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_group_transitive_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"member":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"relation_type":"string","roles":["set",["object",{"role":"string"}]]}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_groups":{"version":0,"block":{"attributes":{"groups":{"type":["list",["object",{"additional_group_keys":["list",["object",{"id":"string","namespace":"string"}]],"create_time":"string","description":"string","display_name":"string","group_key":["list",["object",{"id":"string","namespace":"string"}]],"initial_group_config":"string","labels":["map","string"],"name":"string","parent":"string","update_time":"string"}]],"description":"List of Cloud Identity groups.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_quotas_quota_info":{"version":0,"block":{"attributes":{"container_type":{"type":"string","description_kind":"plain","computed":true},"dimensions":{"type":["list","string"],"description_kind":"plain","computed":true},"dimensions_infos":{"type":["list",["object",{"applicable_locations":["list","string"],"details":["list",["object",{"value":"string"}]],"dimensions":["map","string"]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_concurrent":{"type":"bool","description_kind":"plain","computed":true},"is_fixed":{"type":"bool","description_kind":"plain","computed":true},"is_precise":{"type":"bool","description_kind":"plain","computed":true},"metric":{"type":"string","description_kind":"plain","computed":true},"metric_display_name":{"type":"string","description_kind":"plain","computed":true},"metric_unit":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"quota_display_name":{"type":"string","description_kind":"plain","computed":true},"quota_id":{"type":"string","description_kind":"plain","required":true},"quota_increase_eligibility":{"type":["list",["object",{"ineligibility_reason":"string","is_eligible":"bool"}]],"description_kind":"plain","computed":true},"refresh_interval":{"type":"string","description_kind":"plain","computed":true},"service":{"type":"string","description_kind":"plain","required":true},"service_request_quota_uri":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_quotas_quota_infos":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"quota_infos":{"type":["list",["object",{"container_type":"string","dimensions":["list","string"],"dimensions_infos":["list",["object",{"applicable_locations":["list","string"],"details":["list",["object",{"value":"string"}]],"dimensions":["map","string"]}]],"is_concurrent":"bool","is_fixed":"bool","is_precise":"bool","metric":"string","metric_display_name":"string","metric_unit":"string","name":"string","quota_display_name":"string","quota_id":"string","quota_increase_eligibility":["list",["object",{"ineligibility_reason":"string","is_eligible":"bool"}]],"refresh_interval":"string","service":"string","service_request_quota_uri":"string"}]],"description_kind":"plain","computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"metadata":{"type":["list",["object",{"annotations":["map","string"],"effective_annotations":["map","string"],"effective_labels":["map","string"],"generation":"number","labels":["map","string"],"namespace":"string","resource_version":"string","self_link":"string","terraform_labels":["map","string"],"uid":"string"}]],"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"metadata":["list",["object",{"annotations":["map","string"],"generation":"number","labels":["map","string"],"name":"string","namespace":"string","resource_version":"string","self_link":"string","uid":"string"}]],"spec":["list",["object",{"container_concurrency":"number","containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_from":["list",["object",{"secret_key_ref":["list",["object",{"key":"string","name":"string"}]]}]]}]],"env_from":["list",["object",{"config_map_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]],"prefix":"string","secret_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string","protocol":"string"}]],"resources":["list",["object",{"limits":["map","string"],"requests":["map","string"]}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"service_account_name":"string","serving_state":"string","timeout_seconds":"number","volumes":["list",["object",{"csi":["list",["object",{"driver":"string","read_only":"bool","volume_attributes":["map","string"]}]],"empty_dir":["list",["object",{"medium":"string","size_limit":"string"}]],"name":"string","nfs":["list",["object",{"path":"string","read_only":"bool","server":"string"}]],"secret":["list",["object",{"default_mode":"number","items":["list",["object",{"key":"string","mode":"number","path":"string"}]],"secret_name":"string"}]]}]]}]]}]],"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","policy":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the job. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the job,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the job will fail.\nWhen the field is set to false, deleting the job is allowed.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permanently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"labels":["map","string"],"parallelism":"number","task_count":"number","template":["list",["object",{"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"limits":["map","string"]}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","max_retries":"number","service_account":"string","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["list","string"]}]],"empty_dir":["list",["object",{"medium":"string","size_limit":"string"}]],"gcs":["list",["object",{"bucket":"string","read_only":"bool"}]],"name":"string","nfs":["list",["object",{"path":"string","read_only":"bool","server":"string"}]],"secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]]}]],"description":"The template used to create executions for this Job.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","policy":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the service. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the service,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the service will fail.\nWhen the field is set to false, deleting the service is allowed.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permanently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","computed":true},"invoker_iam_disabled":{"type":"bool","description":"Disables IAM permission check for run.routes.invoke for callers of this service. This feature is available by invitation only. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"scaling":{"type":["list",["object",{"min_instance_count":"number"}]],"description":"Scaling settings that apply to the whole service","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"depends_on":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"cpu_idle":"bool","limits":["map","string"],"startup_cpu_boost":"bool"}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","labels":["map","string"],"max_instance_request_concurrency":"number","revision":"string","scaling":["list",["object",{"max_instance_count":"number","min_instance_count":"number"}]],"service_account":"string","session_affinity":"bool","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["set","string"]}]],"empty_dir":["list",["object",{"medium":"string","size_limit":"string"}]],"gcs":["list",["object",{"bucket":"string","read_only":"bool"}]],"name":"string","nfs":["list",["object",{"path":"string","read_only":"bool","server":"string"}]],"secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]],"description":"The template used to create revisions for this Service.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string"}]],"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true},"urls":{"type":["list","string"],"description":"All URLs serving traffic for this Service.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"approval_config":{"type":["list",["object",{"approval_required":"bool"}]],"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain","computed":true},"bitbucket_server_trigger_config":{"type":["list",["object",{"bitbucket_server_config_resource":"string","project_key":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repo_slug":"string"}]],"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain","computed":true},"build":{"type":["list",["object",{"artifacts":["list",["object",{"images":["list","string"],"maven_artifacts":["list",["object",{"artifact_id":"string","group_id":"string","path":"string","repository":"string","version":"string"}]],"npm_packages":["list",["object",{"package_path":"string","repository":"string"}]],"objects":["list",["object",{"location":"string","paths":["list","string"],"timing":["list",["object",{"end_time":"string","start_time":"string"}]]}]],"python_packages":["list",["object",{"paths":["list","string"],"repository":"string"}]]}]],"available_secrets":["list",["object",{"secret_manager":["list",["object",{"env":"string","version_name":"string"}]]}]],"images":["list","string"],"logs_bucket":"string","options":["list",["object",{"disk_size_gb":"number","dynamic_substitutions":"bool","env":["list","string"],"log_streaming_option":"string","logging":"string","machine_type":"string","requested_verify_option":"string","secret_env":["list","string"],"source_provenance_hash":["list","string"],"substitution_option":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"worker_pool":"string"}]],"queue_ttl":"string","secret":["list",["object",{"kms_key_name":"string","secret_env":["map","string"]}]],"source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","substitutions":["map","string"],"tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"string","object":"string"}]]}]],"step":["list",["object",{"allow_exit_codes":["list","number"],"allow_failure":"bool","args":["list","string"],"dir":"string","entrypoint":"string","env":["list","string"],"id":"string","name":"string","script":"string","secret_env":["list","string"],"timeout":"string","timing":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"wait_for":["list","string"]}]],"substitutions":["map","string"],"tags":["list","string"],"timeout":"string"}]],"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","computed":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","computed":true},"git_file_source":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","path":"string","repo_type":"string","repository":"string","revision":"string","uri":"string"}]],"description":"The file source describing the local or remote Build template.","description_kind":"plain","computed":true},"github":{"type":["list",["object",{"enterprise_config_resource_name":"string","name":"string","owner":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]]}]],"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","computed":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","computed":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_config":{"type":["list",["object",{"service_account_email":"string","state":"string","subscription":"string","topic":"string"}]],"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"repository_event_config":{"type":["list",["object",{"pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repository":"string"}]],"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","computed":true},"source_to_build":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","ref":"string","repo_type":"string","repository":"string","uri":"string"}]],"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","computed":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","required":true},"trigger_template":{"type":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"webhook_config":{"type":["list",["object",{"secret":"string","state":"string"}]],"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"build_config":{"type":["list",["object",{"automatic_update_policy":["list",["object",{}]],"build":"string","docker_repository":"string","entry_point":"string","environment_variables":["map","string"],"on_deploy_update_policy":["list",["object",{"runtime_version":"string"}]],"runtime":"string","service_account":"string","source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"number","object":"string"}]]}]],"worker_pool":"string"}]],"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_filters":["set",["object",{"attribute":"string","operator":"string","value":"string"}]],"event_type":"string","pubsub_topic":"string","retry_policy":"string","service_account_email":"string","trigger":"string","trigger_region":"string"}]],"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_config":{"type":["list",["object",{"all_traffic_on_latest_revision":"bool","available_cpu":"string","available_memory":"string","environment_variables":["map","string"],"gcf_uri":"string","ingress_settings":"string","max_instance_count":"number","max_instance_request_concurrency":"number","min_instance_count":"number","secret_environment_variables":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"secret_volumes":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"service":"string","service_account_email":"string","timeout_seconds":"number","uri":"string","vpc_connector":"string","vpc_connector_egress_settings":"string"}]],"description":"Describes the Service being deployed.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","computed":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","computed":true},"build_service_account":{"type":"string","description":"The fully-qualified name of the service account to be used for the build step of deploying this function","description_kind":"plain","computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","computed":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","computed":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_type":"string","failure_policy":["list",["object",{"retry":"bool"}]],"resource":"string"}]],"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain","computed":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","computed":true},"secret_environment_variables":{"type":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"description":"Secret environment variables configuration","description_kind":"plain","computed":true},"secret_volumes":{"type":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"description":"Secret volumes configuration.","description_kind":"plain","computed":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","computed":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","computed":true},"source_repository":{"type":["list",["object",{"deployed_url":"string","url":"string"}]],"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","computed":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","computed":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","computed":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"config":{"type":["list",["object",{"airflow_uri":"string","dag_gcs_prefix":"string","data_retention_config":["list",["object",{"airflow_metadata_retention_config":["list",["object",{"retention_days":"number","retention_mode":"string"}]],"task_logs_retention_config":["list",["object",{"storage_mode":"string"}]]}]],"database_config":["list",["object",{"machine_type":"string","zone":"string"}]],"enable_private_builds_only":"bool","enable_private_environment":"bool","encryption_config":["list",["object",{"kms_key_name":"string"}]],"environment_size":"string","gke_cluster":"string","maintenance_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]],"master_authorized_networks_config":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"enabled":"bool"}]],"node_config":["list",["object",{"composer_internal_ipv4_cidr_block":"string","composer_network_attachment":"string","disk_size_gb":"number","enable_ip_masq_agent":"bool","ip_allocation_policy":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"machine_type":"string","network":"string","oauth_scopes":["set","string"],"service_account":"string","subnetwork":"string","tags":["set","string"],"zone":"string"}]],"node_count":"number","private_environment_config":["list",["object",{"cloud_composer_connection_subnetwork":"string","cloud_composer_network_ipv4_cidr_block":"string","cloud_sql_ipv4_cidr_block":"string","connection_type":"string","enable_private_endpoint":"bool","enable_privately_used_public_ips":"bool","master_ipv4_cidr_block":"string","web_server_ipv4_cidr_block":"string"}]],"recovery_config":["list",["object",{"scheduled_snapshots_config":["list",["object",{"enabled":"bool","snapshot_creation_schedule":"string","snapshot_location":"string","time_zone":"string"}]]}]],"resilience_mode":"string","software_config":["list",["object",{"airflow_config_overrides":["map","string"],"cloud_data_lineage_integration":["list",["object",{"enabled":"bool"}]],"env_variables":["map","string"],"image_version":"string","pypi_packages":["map","string"],"python_version":"string","scheduler_count":"number","web_server_plugins_mode":"string"}]],"web_server_config":["list",["object",{"machine_type":"string"}]],"web_server_network_access_control":["list",["object",{"allowed_ip_range":["set",["object",{"description":"string","value":"string"}]]}]],"workloads_config":["list",["object",{"dag_processor":["list",["object",{"count":"number","cpu":"number","memory_gb":"number","storage_gb":"number"}]],"scheduler":["list",["object",{"count":"number","cpu":"number","memory_gb":"number","storage_gb":"number"}]],"triggerer":["list",["object",{"count":"number","cpu":"number","memory_gb":"number"}]],"web_server":["list",["object",{"cpu":"number","memory_gb":"number","storage_gb":"number"}]],"worker":["list",["object",{"cpu":"number","max_count":"number","memory_gb":"number","min_count":"number","storage_gb":"number"}]]}]]}]],"description":"Configuration parameters for this environment.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true},"storage_config":{"type":["list",["object",{"bucket":"string"}]],"description":"Configuration options for storage used by Composer environment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_composer_image_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_versions":{"type":["list",["object",{"image_version_id":"string","supported_python_versions":["list","string"]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_user_workloads_config_map":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"The \"data\" field of Kubernetes ConfigMap, organized in key-value pairs.\nFor details see: https://kubernetes.io/docs/concepts/configuration/configmap/","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Environment where the Kubernetes ConfigMap will be stored and used.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Kubernetes ConfigMap.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_composer_user_workloads_secret":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"A map of the secret data.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the secret.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_addresses":{"version":0,"block":{"attributes":{"addresses":{"type":["list",["object",{"address":"string","address_type":"string","description":"string","name":"string","region":"string","self_link":"string","status":"string"}]],"description_kind":"plain","computed":true},"filter":{"type":"string","description":"Filter sets the optional parameter \"filter\": A filter expression that\nfilters resources listed in the response. The expression must specify\nthe field name, an operator, and the value that you want to use for\nfiltering. The value must be a string, a number, or a boolean. The\noperator must be either \"=\", \"!=\", \"\u003e\", \"\u003c\", \"\u003c=\", \"\u003e=\" or \":\". For\nexample, if you are filtering Compute Engine instances, you can\nexclude instances named \"example-instance\" by specifying \"name !=\nexample-instance\". The \":\" operator can be used with string fields to\nmatch substrings. For non-string fields it is equivalent to the \"=\"\noperator. The \":*\" comparison can be used to test whether a key has\nbeen defined. For example, to find all objects with \"owner\" label\nuse: \"\"\" labels.owner:* \"\"\" You can also filter nested fields. For\nexample, you could specify \"scheduling.automaticRestart = false\" to\ninclude instances only if they are not scheduled for automatic\nrestarts. You can use filtering on nested fields to filter based on\nresource labels. To filter on multiple expressions, provide each\nseparate expression within parentheses. For example: \"\"\"\n(scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\")\n\"\"\" By default, each expression is an \"AND\" expression. However, you\ncan include \"AND\" and \"OR\" expressions explicitly. For example: \"\"\"\n(cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\")\nAND (scheduling.automaticRestart = true) \"\"\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The google project in which addresses are listed. Defaults to provider's configuration if missing.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region that should be considered to search addresses. All regions are considered if missing.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_http_headers":["list","string"],"query_string_whitelist":["list","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"request_coalescing":"bool","serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","computed":true},"backend":{"type":["set",["object",{"balancing_mode":"string","capacity_scaler":"number","description":"string","group":"string","max_connections":"number","max_connections_per_endpoint":"number","max_connections_per_instance":"number","max_rate":"number","max_rate_per_endpoint":"number","max_rate_per_instance":"number","max_utilization":"number"}]],"description":"The set of backends that serve this BackendService.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_host":"bool","include_http_headers":["list","string"],"include_named_cookies":["list","string"],"include_protocol":"bool","include_query_string":"bool","query_string_blacklist":["set","string"],"query_string_whitelist":["set","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain","computed":true},"circuit_breakers":{"type":["list",["object",{"max_connections":"number","max_pending_requests":"number","max_requests":"number","max_requests_per_connection":"number","max_retries":"number"}]],"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","computed":true},"consistent_hash":{"type":["list",["object",{"http_cookie":["list",["object",{"name":"string","path":"string","ttl":["list",["object",{"nanos":"number","seconds":"number"}]]}]],"http_header_name":"string","minimum_ring_size":"number"}]],"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","computed":true},"iap":{"type":["list",["object",{"enabled":"bool","oauth2_client_id":"string","oauth2_client_secret":"string","oauth2_client_secret_sha256":"string"}]],"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address_selection_policy":{"type":"string","description":"Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values: [\"IPV4_ONLY\", \"PREFER_IPV6\", \"IPV6_ONLY\"]","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"locality_lb_policies":{"type":["list",["object",{"custom_policy":["list",["object",{"data":"string","name":"string"}]],"policy":["list",["object",{"name":"string"}]]}]],"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain","computed":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. Only applicable to loadBalancingScheme\n EXTERNAL. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\nlocality_lb_policy is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\nIf session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","computed":true},"log_config":{"type":["list",["object",{"enable":"bool","sample_rate":"number"}]],"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"outlier_detection":{"type":["list",["object",{"base_ejection_time":["list",["object",{"nanos":"number","seconds":"number"}]],"consecutive_errors":"number","consecutive_gateway_failure":"number","enforcing_consecutive_errors":"number","enforcing_consecutive_gateway_failure":"number","enforcing_success_rate":"number","interval":["list",["object",{"nanos":"number","seconds":"number"}]],"max_ejection_percent":"number","success_rate_minimum_hosts":"number","success_rate_request_volume":"number","success_rate_stdev_factor":"number"}]],"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain","computed":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","computed":true},"security_settings":{"type":["list",["object",{"aws_v4_authentication":["list",["object",{"access_key":"string","access_key_id":"string","access_key_version":"string","origin_region":"string"}]],"client_tls_policy":"string","subject_alt_names":["list","string"]}]],"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_lb_policy":{"type":"string","description":"URL to networkservices.ServiceLbPolicy resource.\nCan only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"STRONG_COOKIE_AFFINITY\"]","description_kind":"plain","computed":true},"strong_session_affinity_cookie":{"type":["list",["object",{"name":"string","path":"string","ttl":["list",["object",{"nanos":"number","seconds":"number"}]]}]],"description":"Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY.","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"The backend service timeout has a different meaning depending on the type of load balancer.\nFor more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices).\nThe default is 30 seconds.\nThe full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"access_mode":{"type":"string","description":"The accessMode of the disk.\nFor example:\n* READ_WRITE_SINGLE\n* READ_WRITE_MANY\n* READ_ONLY_SINGLE","description_kind":"plain","computed":true},"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","rsa_encrypted_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"The URL or the name of the storage pool in which the new disk is created.\nFor example:\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/storagePools/{storagePool}\n* /projects/{project}/zones/{zone}/storagePools/{storagePool}\n* /zones/{zone}/storagePools/{storagePool}\n* /{storagePool}","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","computed":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","computed":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","computed":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","computed":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rule_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"rules":{"type":["list",["object",{"all_ports":"bool","allow_global_access":"bool","allow_psc_global_access":"bool","backend_service":"string","base_forwarding_rule":"string","creation_timestamp":"string","description":"string","effective_labels":["map","string"],"forwarding_rule_id":"number","ip_address":"string","ip_protocol":"string","ip_version":"string","is_mirroring_collector":"bool","label_fingerprint":"string","labels":["map","string"],"load_balancing_scheme":"string","name":"string","network":"string","network_tier":"string","no_automate_dns_zone":"bool","port_range":"string","ports":["set","string"],"project":"string","psc_connection_id":"string","psc_connection_status":"string","recreate_closed_psc":"bool","region":"string","self_link":"string","service_directory_registrations":["list",["object",{"namespace":"string","service":"string"}]],"service_label":"string","service_name":"string","source_ip_ranges":["list","string"],"subnetwork":"string","target":"string","terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"forwarding_rule_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","computed":true},"metadata_filters":{"type":["list",["object",{"filter_labels":["list",["object",{"name":"string","value":"string"}]],"filter_match_criteria":"string"}]],"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service_directory_region":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"gateway_ip_version":{"type":"string","description":"The IP family of the gateway IPs for the HA-VPN gateway interfaces. If not specified, IPV4 will be used. Default value: \"IPV4\" Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\", \"IPV6_ONLY\"]","description_kind":"plain","computed":true},"vpn_interfaces":{"type":["list",["object",{"id":"number","interconnect_attachment":"string","ip_address":"string"}]],"description":"A list of interfaces on this VPN gateway.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"grpc_health_check":{"type":["list",["object",{"grpc_service_name":"string","port":"number","port_name":"string","port_specification":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","computed":true},"http2_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"http_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"https_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool"}]],"description":"Configure logging on this health check.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_regions":{"type":["list","string"],"description":"The list of cloud regions from which health checks are performed. If\nany regions are specified, then exactly 3 regions should be specified.\nThe region names must be valid names of Google Cloud regions. This can\nonly be set for global health check. If this list is non-empty, then\nthere are restrictions on what other health check fields are supported\nand what other resources can use this health check:\n\n* SSL, HTTP2, and GRPC protocols are not supported.\n\n* The TCP request field is not supported.\n\n* The proxyHeader field for HTTP, HTTPS, and TCP is not supported.\n\n* The checkIntervalSec field must be at least 30.\n\n* The health check cannot be used with BackendService nor with managed\ninstance group auto-healing.","description_kind":"plain","computed":true},"ssl_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"tcp_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description_kind":"plain","computed":true},"family":{"type":"string","description_kind":"plain","optional":true,"computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"image_id":{"type":"string","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description_kind":"plain","computed":true},"source_disk_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","enable_uefi_networking":"bool","performance_monitoring_unit":"string","threads_per_core":"number","turbo_mode":"string","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","computed":true},"boot_disk":{"type":["list",["object",{"auto_delete":"bool","device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","initialize_params":["list",["object",{"enable_confidential_compute":"bool","image":"string","labels":["map","string"],"provisioned_iops":"number","provisioned_throughput":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"size":"number","storage_pool":"string","type":"string"}]],"interface":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"The boot disk for the instance.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"confidential_instance_type":"string","enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\", \"SUSPENDED\" or \"TERMINATED\".","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"key_revocation_action_type":{"type":"string","description":"Action to be taken when a customer's encryption key is revoked. Supports \"STOP\" and \"NONE\", with \"NONE\" being the default.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","optional":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"The networks attached to the instance.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"params":{"type":["list",["object",{"resource_manager_tags":["map","string"]}]],"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","availability_domain":"number","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"max_run_duration":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","on_instance_stop_action":["list",["object",{"discard_local_ssd":"bool"}]],"preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy being used by the instance.","description_kind":"plain","computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"The shielded vm config being used by the instance.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"named_port":{"type":["list",["object",{"name":"string","port":"number"}]],"description_kind":"plain","computed":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"all_instances_config":{"type":["list",["object",{"labels":["map","string"],"metadata":["map","string"]}]],"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain","computed":true},"auto_healing_policies":{"type":["list",["object",{"health_check":"string","initial_delay_sec":"number"}]],"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain","computed":true},"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_group_manager_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"instance_lifecycle_policy":{"type":["list",["object",{"default_action_on_failure":"string","force_update_on_repair":"string"}]],"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","optional":true},"named_port":{"type":["set",["object",{"name":"string","port":"number"}]],"description":"The named port configuration.","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","optional":true},"standby_policy":{"type":["list",["object",{"initial_delay_sec":"number","mode":"string"}]],"description":"Standby policy for stopped and suspended instances.","description_kind":"plain","computed":true},"stateful_disk":{"type":["set",["object",{"delete_rule":"string","device_name":"string"}]],"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain","computed":true},"stateful_external_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"stateful_internal_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","computed":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","computed":true},"target_stopped_size":{"type":"number","description":"The target number of stopped instances for this managed instance group.","description_kind":"plain","computed":true},"target_suspended_size":{"type":"number","description":"The target number of suspended instances for this managed instance group.","description_kind":"plain","computed":true},"update_policy":{"type":["list",["object",{"max_surge_fixed":"number","max_surge_percent":"number","max_unavailable_fixed":"number","max_unavailable_percent":"number","minimal_action":"string","most_disruptive_allowed_action":"string","replacement_method":"string","type":"string"}]],"description":"The update policy for this managed instance group.","description_kind":"plain","computed":true},"version":{"type":["list",["object",{"instance_template":"string","name":"string","target_size":["list",["object",{"fixed":"number","percent":"number"}]]}]],"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain","computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","computed":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_guest_attributes":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query_path":{"type":"string","description_kind":"plain","optional":true},"query_value":{"type":["list",["object",{"key":"string","namespace":"string","value":"string"}]],"description_kind":"plain","computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"variable_key":{"type":"string","description_kind":"plain","optional":true},"variable_value":{"type":"string","description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_serial_port":{"version":0,"block":{"attributes":{"contents":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"port":{"type":"number","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","enable_uefi_networking":"bool","performance_monitoring_unit":"string","threads_per_core":"number","turbo_mode":"string","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"confidential_instance_type":"string","enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","provisioned_throughput":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"key_revocation_action_type":{"type":"string","description":"Action to be taken when a customer's encryption key is revoked. Supports \"STOP\" and \"NONE\", with \"NONE\" being the default.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name. Max length is 54 characters. Prefixes with lengths longer than 37 characters will use a shortened UUID that will be more prone to collisions.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","computed":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","availability_domain":"number","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"max_run_duration":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","on_instance_stop_action":["list",["object",{"discard_local_ssd":"bool"}]],"preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_lb_ip_ranges":{"version":0,"block":{"attributes":{"http_ssl_tcp_internal":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_machine_types":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"machine_types":{"type":["list",["object",{"accelerators":["list",["object",{"guest_accelerator_count":"number","guest_accelerator_type":"string"}]],"deprecated":["set",["object",{"replacement":"string","state":"string"}]],"description":"string","guest_cpus":"number","is_shared_cpus":"bool","maximum_persistent_disks":"number","maximum_persistent_disks_size_gb":"number","memory_mb":"number","name":"string","self_link":"string"}]],"description":"The list of machine types","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID for this request.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the zone for this request.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_ipv4":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network_id":{"type":"number","description_kind":"plain","computed":true},"numeric_id":{"type":"string","description_kind":"plain","deprecated":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetworks_self_links":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","computed":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","computed":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_networks":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"networks":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_node_types":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_name":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_instance_group":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"instance":"string","named_ports":["list",["object",{"name":"string","port":"number"}]],"status":"string"}]],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_instance_group_manager":{"version":0,"block":{"attributes":{"all_instances_config":{"type":["list",["object",{"labels":["map","string"],"metadata":["map","string"]}]],"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain","computed":true},"auto_healing_policies":{"type":["list",["object",{"health_check":"string","initial_delay_sec":"number"}]],"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain","computed":true},"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","computed":true},"distribution_policy_target_shape":{"type":"string","description":"The shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).","description_kind":"plain","computed":true},"distribution_policy_zones":{"type":["set","string"],"description":"The distribution policy for this managed instance group. You can specify one or more values.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_flexibility_policy":{"type":["list",["object",{"instance_selections":["set",["object",{"machine_types":["set","string"],"name":"string","rank":"number"}]]}]],"description":"The flexibility policy for this managed instance group. Instance flexibility allowing MIG to create VMs from multiple types of machines. Instance flexibility configuration on MIG overrides instance template configuration.","description_kind":"plain","computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_group_manager_id":{"type":"number","description":"The unique identifier number for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"instance_lifecycle_policy":{"type":["list",["object",{"default_action_on_failure":"string","force_update_on_repair":"string"}]],"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","optional":true},"named_port":{"type":["set",["object",{"name":"string","port":"number"}]],"description":"The named port configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region where the managed instance group resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","optional":true},"standby_policy":{"type":["list",["object",{"initial_delay_sec":"number","mode":"string"}]],"description":"Standby policy for stopped and suspended instances.","description_kind":"plain","computed":true},"stateful_disk":{"type":["set",["object",{"delete_rule":"string","device_name":"string"}]],"description":"Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.","description_kind":"plain","computed":true},"stateful_external_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"stateful_internal_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","computed":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","computed":true},"target_stopped_size":{"type":"number","description":"The target number of stopped instances for this managed instance group.","description_kind":"plain","computed":true},"target_suspended_size":{"type":"number","description":"The target number of suspended instances for this managed instance group.","description_kind":"plain","computed":true},"update_policy":{"type":["list",["object",{"instance_redistribution_type":"string","max_surge_fixed":"number","max_surge_percent":"number","max_unavailable_fixed":"number","max_unavailable_percent":"number","minimal_action":"string","most_disruptive_allowed_action":"string","replacement_method":"string","type":"string"}]],"description":"The update policy for this managed instance group.","description_kind":"plain","computed":true},"version":{"type":["list",["object",{"instance_template":"string","name":"string","target_size":["list",["object",{"fixed":"number","percent":"number"}]]}]],"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain","computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","computed":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","enable_uefi_networking":"bool","performance_monitoring_unit":"string","threads_per_core":"number","turbo_mode":"string","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"confidential_instance_type":"string","enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"The time at which the instance was created in RFC 3339 format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","provisioned_throughput":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"key_revocation_action_type":{"type":"string","description":"Action to be taken when a customer's encryption key is revoked. Supports \"STOP\" and \"NONE\", with \"NONE\" being the default.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","availability_domain":"number","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"max_run_duration":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","on_instance_stop_action":["list",["object",{"discard_local_ssd":"bool"}]],"preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"app_engine":{"type":["list",["object",{"service":"string","url_mask":"string","version":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_function":{"type":["list",["object",{"function":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_run":{"type":["list",["object",{"service":"string","tag":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"GCE_VM_IP_PORTMAP\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_data":{"type":["list",["object",{"producer_port":"string"}]],"description":"This field is only used for PSC NEGs.","description_kind":"plain","computed":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_regions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"share_settings":{"type":["list",["object",{"project_map":["set",["object",{"id":"string","project_id":"string"}]],"share_type":"string"}]],"description":"The share setting for reservations.","description_kind":"plain","computed":true},"specific_reservation":{"type":["list",["object",{"count":"number","in_use_count":"number","instance_properties":["list",["object",{"guest_accelerators":["list",["object",{"accelerator_count":"number","accelerator_type":"string"}]],"local_ssds":["list",["object",{"disk_size_gb":"number","interface":"string"}]],"machine_type":"string","min_cpu_platform":"string"}]]}]],"description":"Reservation for instances with specific machine shapes.","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","computed":true},"disk_consistency_group_policy":{"type":["list",["object",{"enabled":"bool"}]],"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain","computed":true},"group_placement_policy":{"type":["list",["object",{"availability_domain_count":"number","collocation":"string","vm_count":"number"}]],"description":"Resource policy for instances used for placement configuration.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_schedule_policy":{"type":["list",["object",{"expiration_time":"string","start_time":"string","time_zone":"string","vm_start_schedule":["list",["object",{"schedule":"string"}]],"vm_stop_schedule":["list",["object",{"schedule":"string"}]]}]],"description":"Resource policy for scheduling instance operations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_schedule_policy":{"type":["list",["object",{"retention_policy":["list",["object",{"max_retention_days":"number","on_source_disk_delete":"string"}]],"schedule":["list",["object",{"daily_schedule":["list",["object",{"days_in_cycle":"number","start_time":"string"}]],"hourly_schedule":["list",["object",{"hours_in_cycle":"number","start_time":"string"}]],"weekly_schedule":["list",["object",{"day_of_weeks":["set",["object",{"day":"string","start_time":"string"}]]}]]}]],"snapshot_properties":["list",["object",{"chain_name":"string","guest_flush":"bool","labels":["map","string"],"storage_locations":["set","string"]}]]}]],"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"bgp":{"type":["list",["object",{"advertise_mode":"string","advertised_groups":["list","string"],"advertised_ip_ranges":["list",["object",{"description":"string","range":"string"}]],"asn":"number","identifier_range":"string","keepalive_interval":"number"}]],"description":"BGP information specific to this router.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"auto_network_tier":{"type":"string","description":"The network tier to use when automatically reserving NAT IP addresses.\nMust be one of: PREMIUM, STANDARD. If not specified, then the current\nproject-level default tier is used. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","computed":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","computed":true},"endpoint_types":{"type":["list","string"],"description":"Specifies the endpoint Types supported by the NAT Gateway.\nSupported values include:\n 'ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG',\n 'ENDPOINT_TYPE_MANAGED_PROXY_LB'.","description_kind":"plain","computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource.\nConflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.","description_kind":"plain","computed":true},"log_config":{"type":["list",["object",{"enable":"bool","filter":"string"}]],"description":"Configuration for logging on NAT","description_kind":"plain","computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","computed":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","computed":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.\nIf this field is used alongside with a count created list of address resources 'google_compute_address.foobar.*.self_link',\nthe access level resource for the address resource must have a 'lifecycle' block with 'create_before_destroy = true' so\nthe number of resources can be increased/decreased without triggering the 'resourceInUseByAnotherResource' error.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"rules":{"type":["set",["object",{"action":["list",["object",{"source_nat_active_ips":["set","string"],"source_nat_drain_ips":["set","string"]}]],"description":"string","match":"string","rule_number":"number"}]],"description":"A list of rules associated with this NAT.","description_kind":"plain","computed":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","computed":true},"subnetwork":{"type":["set",["object",{"name":"string","secondary_ip_range_names":["set","string"],"source_ip_ranges_to_nat":["set","string"]}]],"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain","computed":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","computed":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","computed":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","computed":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_status":{"version":0,"block":{"attributes":{"best_routes":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes for this router's network.","description_kind":"plain","computed":true},"best_routes_for_router":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes learned by this router.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the router to query.","description_kind":"plain","required":true},"network":{"type":"string","description":"URI of the network to which this router belongs.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the target router.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of the target router.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"adaptive_protection_config":{"type":["list",["object",{"layer_7_ddos_defense_config":["list",["object",{"enable":"bool","rule_visibility":"string","threshold_configs":["list",["object",{"auto_deploy_confidence_threshold":"number","auto_deploy_expiration_sec":"number","auto_deploy_impacted_baseline_threshold":"number","auto_deploy_load_threshold":"number","detection_absolute_qps":"number","detection_load_threshold":"number","detection_relative_to_baseline_qps":"number","name":"string","traffic_granularity_configs":["list",["object",{"enable_each_unique_value":"bool","type":"string","value":"string"}]]}]]}]]}]],"description":"Adaptive Protection Config of this security policy.","description_kind":"plain","computed":true},"advanced_options_config":{"type":["list",["object",{"json_custom_config":["list",["object",{"content_types":["set","string"]}]],"json_parsing":"string","log_level":"string","user_ip_request_headers":["set","string"]}]],"description":"Advanced Options Config of this security policy.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"recaptcha_options_config":{"type":["list",["object",{"redirect_site_key":"string"}]],"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain","computed":true},"rule":{"type":["set",["object",{"action":"string","description":"string","header_action":["list",["object",{"request_headers_to_adds":["list",["object",{"header_name":"string","header_value":"string"}]]}]],"match":["list",["object",{"config":["list",["object",{"src_ip_ranges":["set","string"]}]],"expr":["list",["object",{"expression":"string"}]],"expr_options":["list",["object",{"recaptcha_options":["list",["object",{"action_token_site_keys":["list","string"],"session_token_site_keys":["list","string"]}]]}]],"versioned_expr":"string"}]],"preconfigured_waf_config":["list",["object",{"exclusion":["list",["object",{"request_cookie":["list",["object",{"operator":"string","value":"string"}]],"request_header":["list",["object",{"operator":"string","value":"string"}]],"request_query_param":["list",["object",{"operator":"string","value":"string"}]],"request_uri":["list",["object",{"operator":"string","value":"string"}]],"target_rule_ids":["set","string"],"target_rule_set":"string"}]]}]],"preview":"bool","priority":"number","rate_limit_options":["list",["object",{"ban_duration_sec":"number","ban_threshold":["list",["object",{"count":"number","interval_sec":"number"}]],"conform_action":"string","enforce_on_key":"string","enforce_on_key_configs":["list",["object",{"enforce_on_key_name":"string","enforce_on_key_type":"string"}]],"enforce_on_key_name":"string","exceed_action":"string","exceed_redirect_options":["list",["object",{"target":"string","type":"string"}]],"rate_limit_threshold":["list",["object",{"count":"number","interval_sec":"number"}]]}]],"redirect_options":["list",["object",{"target":"string","type":"string"}]]}]],"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","computed":true},"source_disk_encryption_key":{"type":["list",["object",{"kms_key_service_account":"string","raw_key":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"network":{"type":"string","description_kind":"plain","computed":true},"private_ip_google_access":{"type":"bool","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork_id":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_subnetworks":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"subnetworks":{"type":["list",["object",{"description":"string","ip_cidr_range":"string","name":"string","network":"string","network_self_link":"string","private_ip_google_access":"bool","self_link":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_attached_install_manifest":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"manifest":{"type":"string","description_kind":"plain","computed":true},"platform_version":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_container_attached_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_aws_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_azure_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"addons_config":{"type":["list",["object",{"cloudrun_config":["list",["object",{"disabled":"bool","load_balancer_type":"string"}]],"config_connector_config":["list",["object",{"enabled":"bool"}]],"dns_cache_config":["list",["object",{"enabled":"bool"}]],"gce_persistent_disk_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcp_filestore_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcs_fuse_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gke_backup_agent_config":["list",["object",{"enabled":"bool"}]],"horizontal_pod_autoscaling":["list",["object",{"disabled":"bool"}]],"http_load_balancing":["list",["object",{"disabled":"bool"}]],"network_policy_config":["list",["object",{"disabled":"bool"}]],"parallelstore_csi_driver_config":["list",["object",{"enabled":"bool"}]],"ray_operator_config":["list",["object",{"enabled":"bool","ray_cluster_logging_config":["list",["object",{"enabled":"bool"}]],"ray_cluster_monitoring_config":["list",["object",{"enabled":"bool"}]]}]],"stateful_ha_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The configuration for addons supported by GKE.","description_kind":"plain","computed":true},"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","computed":true},"authenticator_groups_config":{"type":["list",["object",{"security_group":"string"}]],"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"enabled":"bool","evaluation_mode":"string"}]],"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain","computed":true},"cluster_autoscaling":{"type":["list",["object",{"auto_provisioning_defaults":["list",["object",{"boot_disk_kms_key":"string","disk_size":"number","disk_type":"string","image_type":"string","management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool","upgrade_options":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]]}]],"min_cpu_platform":"string","oauth_scopes":["list","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]]}]],"auto_provisioning_locations":["list","string"],"autoscaling_profile":"string","enabled":"bool","resource_limits":["list",["object",{"maximum":"number","minimum":"number","resource_type":"string"}]]}]],"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain","computed":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","computed":true},"confidential_nodes":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain","computed":true},"control_plane_endpoints_config":{"type":["list",["object",{"dns_endpoint_config":["list",["object",{"allow_external_traffic":"bool","endpoint":"string"}]]}]],"description":"Configuration for all of the cluster's control plane endpoints. Currently supports only DNS endpoint configuration, IP endpoint configuration is available in private_cluster_config.","description_kind":"plain","computed":true},"cost_management_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Cost management configuration for the cluster.","description_kind":"plain","computed":true},"database_encryption":{"type":["list",["object",{"key_name":"string","state":"string"}]],"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain","computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","computed":true},"default_snat_status":{"type":["list",["object",{"disabled":"bool"}]],"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"When the field is set to true or unset in Terraform state, a terraform apply or terraform destroy that would delete the cluster will fail. When the field is set to false, deleting the cluster is allowed.","description_kind":"plain","computed":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","computed":true},"dns_config":{"type":["list",["object",{"additive_vpc_scope_dns_domain":"string","cluster_dns":"string","cluster_dns_domain":"string","cluster_dns_scope":"string"}]],"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","computed":true},"enable_cilium_clusterwide_network_policy":{"type":"bool","description":"Whether Cilium cluster-wide network policy is enabled on this cluster.","description_kind":"plain","computed":true},"enable_fqdn_network_policy":{"type":"bool","description":"Whether FQDN Network Policy is enabled on this cluster.","description_kind":"plain","computed":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","computed":true},"enable_k8s_beta_apis":{"type":["list",["object",{"enabled_apis":["set","string"]}]],"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain","computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","computed":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","computed":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","computed":true},"enable_multi_networking":{"type":"bool","description":"Whether multi-networking is enabled for this cluster.","description_kind":"plain","computed":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","computed":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"enterprise_config":{"type":["list",["object",{"cluster_tier":"string","desired_tier":"string"}]],"description":"Defines the config needed to enable/disable GKE Enterprise","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string","membership_id":"string","membership_location":"string","pre_registered":"bool","project":"string"}]],"description":"Fleet configuration of the cluster.","description_kind":"plain","computed":true},"gateway_api_config":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration for GKE Gateway API controller.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_service_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain","computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","computed":true},"ip_allocation_policy":{"type":["list",["object",{"additional_pod_ranges_config":["list",["object",{"pod_range_names":["set","string"]}]],"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"services_ipv4_cidr_block":"string","services_secondary_range_name":"string","stack_type":"string"}]],"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true},"logging_config":{"type":["list",["object",{"enable_components":["list","string"]}]],"description":"Logging configuration for the cluster.","description_kind":"plain","computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"daily_maintenance_window":["list",["object",{"duration":"string","start_time":"string"}]],"maintenance_exclusion":["set",["object",{"end_time":"string","exclusion_name":"string","exclusion_options":["list",["object",{"scope":"string"}]],"start_time":"string"}]],"recurring_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]]}]],"description":"The maintenance policy to use for the cluster.","description_kind":"plain","computed":true},"master_auth":{"type":["list",["object",{"client_certificate":"string","client_certificate_config":["list",["object",{"issue_client_certificate":"bool"}]],"client_key":"string","cluster_ca_certificate":"string"}]],"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain","computed":true},"master_authorized_networks_config":{"type":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"gcp_public_cidrs_access_enabled":"bool","private_endpoint_enforcement_enabled":"bool"}]],"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain","computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"mesh_certificates":{"type":["list",["object",{"enable_certificates":"bool"}]],"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","computed":true},"monitoring_config":{"type":["list",["object",{"advanced_datapath_observability_config":["list",["object",{"enable_metrics":"bool","enable_relay":"bool"}]],"enable_components":["list","string"],"managed_prometheus":["list",["object",{"enabled":"bool"}]]}]],"description":"Monitoring configuration for the cluster.","description_kind":"plain","computed":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","computed":true},"network_policy":{"type":["list",["object",{"enabled":"bool","provider":"string"}]],"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain","computed":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","computed":true},"node_config":{"type":["list",["object",{"advanced_machine_features":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"containerd_config":["list",["object",{"private_registry_access_config":["list",["object",{"certificate_authority_domain_config":["list",["object",{"fqdns":["list","string"],"gcp_secret_manager_certificate_config":["list",["object",{"secret_uri":"string"}]]}]],"enabled":"bool"}]]}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","insecure_kubelet_readonly_port_enabled":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","hugepages_config":["list",["object",{"hugepage_size_1g":"number","hugepage_size_2m":"number"}]],"sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","local_ssd_encryption_mode":"string","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"secondary_boot_disks":["list",["object",{"disk_image":"string","mode":"string"}]],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","storage_pools":["list","string"],"tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"description":"The configuration of the nodepool","description_kind":"plain","computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","computed":true},"node_pool":{"type":["list",["object",{"autoscaling":["list",["object",{"location_policy":"string","max_node_count":"number","min_node_count":"number","total_max_node_count":"number","total_min_node_count":"number"}]],"initial_node_count":"number","instance_group_urls":["list","string"],"managed_instance_group_urls":["list","string"],"management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool"}]],"max_pods_per_node":"number","name":"string","name_prefix":"string","network_config":["list",["object",{"additional_node_network_configs":["list",["object",{"network":"string","subnetwork":"string"}]],"additional_pod_network_configs":["list",["object",{"max_pods_per_node":"number","secondary_pod_range":"string","subnetwork":"string"}]],"create_pod_range":"bool","enable_private_nodes":"bool","network_performance_config":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"pod_ipv4_cidr_block":"string","pod_range":"string"}]],"node_config":["list",["object",{"advanced_machine_features":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"containerd_config":["list",["object",{"private_registry_access_config":["list",["object",{"certificate_authority_domain_config":["list",["object",{"fqdns":["list","string"],"gcp_secret_manager_certificate_config":["list",["object",{"secret_uri":"string"}]]}]],"enabled":"bool"}]]}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","insecure_kubelet_readonly_port_enabled":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","hugepages_config":["list",["object",{"hugepage_size_1g":"number","hugepage_size_2m":"number"}]],"sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","local_ssd_encryption_mode":"string","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"secondary_boot_disks":["list",["object",{"disk_image":"string","mode":"string"}]],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","storage_pools":["list","string"],"tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"node_count":"number","node_locations":["set","string"],"placement_policy":["list",["object",{"policy_name":"string","tpu_topology":"string","type":"string"}]],"queued_provisioning":["list",["object",{"enabled":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]],"version":"string"}]],"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain","computed":true},"node_pool_auto_config":{"type":["list",["object",{"linux_node_config":["list",["object",{"cgroup_mode":"string"}]],"network_tags":["list",["object",{"tags":["list","string"]}]],"node_kubelet_config":["list",["object",{"insecure_kubelet_readonly_port_enabled":"string"}]],"resource_manager_tags":["map","string"]}]],"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain","computed":true},"node_pool_defaults":{"type":["list",["object",{"node_config_defaults":["list",["object",{"containerd_config":["list",["object",{"private_registry_access_config":["list",["object",{"certificate_authority_domain_config":["list",["object",{"fqdns":["list","string"],"gcp_secret_manager_certificate_config":["list",["object",{"secret_uri":"string"}]]}]],"enabled":"bool"}]]}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"insecure_kubelet_readonly_port_enabled":"string","logging_variant":"string"}]]}]],"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain","computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","computed":true},"notification_config":{"type":["list",["object",{"pubsub":["list",["object",{"enabled":"bool","filter":["list",["object",{"event_type":["list","string"]}]],"topic":"string"}]]}]],"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_cluster_config":{"type":["list",["object",{"enable_private_endpoint":"bool","enable_private_nodes":"bool","master_global_access_config":["list",["object",{"enabled":"bool"}]],"master_ipv4_cidr_block":"string","peering_name":"string","private_endpoint":"string","private_endpoint_subnetwork":"string","public_endpoint":"string"}]],"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"release_channel":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain","computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","computed":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"resource_usage_export_config":{"type":["list",["object",{"bigquery_destination":["list",["object",{"dataset_id":"string"}]],"enable_network_egress_metering":"bool","enable_resource_consumption_metering":"bool"}]],"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain","computed":true},"secret_manager_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for the Secret Manager feature.","description_kind":"plain","computed":true},"security_posture_config":{"type":["list",["object",{"mode":"string","vulnerability_mode":"string"}]],"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"service_external_ips_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true},"user_managed_keys_config":{"type":["list",["object",{"aggregation_ca":"string","cluster_ca":"string","control_plane_disk_encryption_key":"string","etcd_api_ca":"string","etcd_peer_ca":"string","gkeops_etcd_backup_encryption_key":"string","service_account_signing_keys":["set","string"],"service_account_verification_keys":["set","string"]}]],"description":"The custom keys configuration of the cluster.","description_kind":"plain","computed":true},"vertical_pod_autoscaling":{"type":["list",["object",{"enabled":"bool"}]],"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"workload_pool":"string"}]],"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_engine_versions":{"version":0,"block":{"attributes":{"default_cluster_version":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_master_version":{"type":"string","description_kind":"plain","computed":true},"latest_node_version":{"type":"string","description_kind":"plain","computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel_default_version":{"type":["map","string"],"description_kind":"plain","computed":true},"release_channel_latest_version":{"type":["map","string"],"description_kind":"plain","computed":true},"valid_master_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_node_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"version_prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_image":{"version":0,"block":{"attributes":{"digest":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_url":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"tag":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"repository_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_aspect_type_iam_policy":{"version":0,"block":{"attributes":{"aspect_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_entry_type_iam_policy":{"version":0,"block":{"attributes":{"entry_type_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_federation_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"federation_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Indicates if the dataproc metastore should be protected against accidental deletions.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_config":{"type":["list",["object",{"kms_key":"string"}]],"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"hive_metastore_config":{"type":["list",["object",{"auxiliary_versions":["set",["object",{"config_overrides":["map","string"],"key":"string","version":"string"}]],"config_overrides":["map","string"],"endpoint_protocol":"string","kerberos_config":["list",["object",{"keytab":["list",["object",{"cloud_secret":"string"}]],"krb5_config_gcs_uri":"string","principal":"string"}]],"version":"string"}]],"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","required":true},"maintenance_window":{"type":["list",["object",{"day_of_week":"string","hour_of_day":"number"}]],"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain","computed":true},"metadata_integration":{"type":["list",["object",{"data_catalog_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","computed":true},"network_config":{"type":["list",["object",{"consumers":["list",["object",{"endpoint_uri":"string","subnetwork":"string"}]]}]],"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","computed":true},"scaling_config":{"type":["list",["object",{"instance_size":"string","scaling_factor":"number"}]],"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain","computed":true},"scheduled_backup":{"type":["list",["object",{"backup_location":"string","cron_schedule":"string","enabled":"bool","time_zone":"string"}]],"description":"The configuration of scheduled backup for the metastore service.","description_kind":"plain","computed":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"telemetry_config":{"type":["list",["object",{"log_format":"string"}]],"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_datastream_static_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"static_ips":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"ds_record":"string","id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description_kind":"plain","computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"dns_name":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"managed_zone_id":{"type":"number","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"visibility":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_managed_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","computed":true},"managed_zones":{"type":["list",["object",{"description":"string","dns_name":"string","id":"string","managed_zone_id":"number","name":"string","name_servers":["list","string"],"project":"string","visibility":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","computed":true},"ttl":{"type":"number","description_kind":"plain","computed":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"deletion_protection_enabled":{"type":"bool","description":"Indicates whether the instance is protected against deletion.","description_kind":"plain","computed":true},"deletion_protection_reason":{"type":"string","description":"The reason for enabling deletion protection.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"file_shares":{"type":["list",["object",{"capacity_gb":"number","name":"string","nfs_export_options":["list",["object",{"access_mode":"string","anon_gid":"number","anon_uid":"number","ip_ranges":["list","string"],"squash_mode":"string"}]],"source_backup":"string"}]],"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"networks":{"type":["list",["object",{"connect_mode":"string","ip_addresses":["list","string"],"modes":["list","string"],"network":"string","reserved_ip_range":"string"}]],"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain","computed":true},"performance_config":{"type":["list",["object",{"fixed_iops":["list",["object",{"max_iops":"number"}]],"iops_per_tb":["list",["object",{"max_iops_per_tb":"number"}]]}]],"description":"Performance configuration for the instance. If not provided,\nthe default performance settings will be used.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"Either NFSv3, for using NFS version 3 as file sharing protocol,\nor NFSv4.1, for using NFS version 4.1 as file sharing protocol.\nNFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE.\nThe default is NFSv3. Default value: \"NFS_V3\" Possible values: [\"NFS_V3\", \"NFS_V4_1\"]","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"folder_id":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"lookup_organization":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folders":{"version":0,"block":{"attributes":{"folders":{"type":["list",["object",{"create_time":"string","delete_time":"string","display_name":"string","etag":"string","name":"string","parent":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. When the Feature resource was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. When the Feature resource was deleted.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"fleet_default_member_config":{"type":["list",["object",{"configmanagement":["list",["object",{"config_sync":["list",["object",{"enabled":"bool","git":["list",["object",{"gcp_service_account_email":"string","https_proxy":"string","policy_dir":"string","secret_type":"string","sync_branch":"string","sync_repo":"string","sync_rev":"string","sync_wait_secs":"string"}]],"oci":["list",["object",{"gcp_service_account_email":"string","policy_dir":"string","secret_type":"string","sync_repo":"string","sync_wait_secs":"string","version":"string"}]],"prevent_drift":"bool","source_format":"string"}]],"management":"string","version":"string"}]],"mesh":["list",["object",{"management":"string"}]],"policycontroller":["list",["object",{"policy_controller_hub_config":["list",["object",{"audit_interval_seconds":"number","constraint_violation_limit":"number","deployment_configs":["set",["object",{"component":"string","container_resources":["list",["object",{"limits":["list",["object",{"cpu":"string","memory":"string"}]],"requests":["list",["object",{"cpu":"string","memory":"string"}]]}]],"pod_affinity":"string","pod_toleration":["list",["object",{"effect":"string","key":"string","operator":"string","value":"string"}]],"replica_count":"number"}]],"exemptable_namespaces":["list","string"],"install_spec":"string","log_denies_enabled":"bool","monitoring":["list",["object",{"backends":["list","string"]}]],"mutation_enabled":"bool","policy_content":["list",["object",{"bundles":["set",["object",{"bundle":"string","exempted_namespaces":["list","string"]}]],"template_library":["list",["object",{"installation":"string"}]]}]],"referential_rules_enabled":"bool"}]],"version":"string"}]]}]],"description":"Optional. Fleet Default Membership Configuration.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"GCP labels for this Feature.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The full, unique name of this Feature resource","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"resource_state":{"type":["list",["object",{"has_resources":"bool","state":"string"}]],"description":"State of the Feature resource itself.","description_kind":"plain","computed":true},"spec":{"type":["list",["object",{"clusterupgrade":["list",["object",{"gke_upgrade_overrides":["list",["object",{"post_conditions":["list",["object",{"soaking":"string"}]],"upgrade":["list",["object",{"name":"string","version":"string"}]]}]],"post_conditions":["list",["object",{"soaking":"string"}]],"upstream_fleets":["list","string"]}]],"fleetobservability":["list",["object",{"logging_config":["list",["object",{"default_config":["list",["object",{"mode":"string"}]],"fleet_scope_logs_config":["list",["object",{"mode":"string"}]]}]]}]],"multiclusteringress":["list",["object",{"config_membership":"string"}]]}]],"description":"Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"state":["list",["object",{"code":"string","description":"string","update_time":"string"}]]}]],"description":"Output only. The Hub-wide Feature state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. When the Feature resource was last updated.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the MembershipBinding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the MembershipBinding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Membership binding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the membership","description_kind":"plain","required":true},"membership_binding_id":{"type":"string","description":"The client-provided identifier of the membership binding.","description_kind":"plain","required":true},"membership_id":{"type":"string","description":"Id of the membership","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the membershipbinding itself","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A Workspace resource name in the format\n'projects/*/locations/*/scopes/*'.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the membership binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the MembershipBinding was updated in UTC.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"audit_config":{"nesting_mode":"set","block":{"attributes":{"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"audit_log_configs":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description_kind":"plain","optional":true},"log_type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"binding":{"nesting_mode":"set","block":{"attributes":{"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"included_permissions":{"type":["list","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"stage":{"type":"string","description_kind":"plain","computed":true},"title":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_testable_permissions":{"version":0,"block":{"attributes":{"custom_support_level":{"type":"string","description_kind":"plain","optional":true},"full_resource_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permissions":{"type":["list",["object",{"api_disabled":"bool","custom_support_level":"string","name":"string","stage":"string","title":"string"}]],"description_kind":"plain","computed":true},"stages":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_policy":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"crypto_key_backend":{"type":"string","description":"The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.\nThe resource name is in the format \"projects/*/locations/*/ekmConnections/*\" and only applies to \"EXTERNAL_VPC\" keys.","description_kind":"plain","computed":true},"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 30 days.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","computed":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","computed":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion\nor 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version_template":{"type":["list",["object",{"algorithm":"string","protection_level":"string"}]],"description":"A template describing settings for new crypto key versions.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_latest_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"filter":{"type":"string","description":"\n\t\t\t\t\tThe filter argument is used to add a filter query parameter that limits which type of cryptoKeyVersion is retrieved as the latest by the data source: ?filter={{filter}}. When no value is provided there is no filtering.\n\n\t\t\t\t\tExample filter values if filtering on state.\n\n\t\t\t\t\t* \"state:ENABLED\" will retrieve the latest cryptoKeyVersion that has the state \"ENABLED\".\n\n\t\t\t\t\t[See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)\n\t\t\t\t","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"protection_level":{"type":"string","description_kind":"plain","computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"state":{"type":"string","description_kind":"plain","computed":true},"version":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"protection_level":{"type":"string","description_kind":"plain","computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"state":{"type":"string","description_kind":"plain","computed":true},"version":{"type":"number","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_crypto_key_versions":{"version":0,"block":{"attributes":{"crypto_key":{"type":"string","description_kind":"plain","required":true},"filter":{"type":"string","description":"\n\t\t\t\t\tThe filter argument is used to add a filter query parameter that limits which cryptoKeyVersions are retrieved by the data source: ?filter={{filter}}.\n\t\t\t\t\tExample values:\n\t\t\t\t\t\n\t\t\t\t\t* \"name:my-cryptokey-version-\" will retrieve cryptoKeyVersions that contain \"my-key-\" anywhere in their name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}/cryptoKeyVersions/{{cryptoKeyVersion}}.\n\t\t\t\t\t* \"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1/cryptoKeyVersions/1\" will only retrieve a key with that exact name.\n\t\t\t\t\t\n\t\t\t\t\t[See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)\n\t\t\t\t","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"versions":{"type":["list",["object",{"algorithm":"string","crypto_key":"string","id":"string","name":"string","protection_level":"string","public_key":["list",["object",{"algorithm":"string","pem":"string"}]],"state":"string","version":"number"}]],"description":"A list of all the retrieved cryptoKeyVersions from the provided crypto key","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_keys":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"\n\t\t\t\t\tThe filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}.\n\t\t\t\t\tExample values:\n\t\t\t\t\t\n\t\t\t\t\t* \"name:my-key-\" will retrieve keys that contain \"my-key-\" anywhere in their name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.\n\t\t\t\t\t* \"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1\" will only retrieve a key with that exact name.\n\t\t\t\t\t\n\t\t\t\t\t[See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)\n\t\t\t\t","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.","description_kind":"plain","required":true},"keys":{"type":["list",["object",{"crypto_key_backend":"string","destroy_scheduled_duration":"string","effective_labels":["map","string"],"id":"string","import_only":"bool","key_ring":"string","labels":["map","string"],"name":"string","primary":["list",["object",{"name":"string","state":"string"}]],"purpose":"string","rotation_period":"string","skip_initial_version_creation":"bool","terraform_labels":["map","string"],"version_template":["list",["object",{"algorithm":"string","protection_level":"string"}]]}]],"description":"A list of all the retrieved keys from the provided key ring","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_ekm_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_key_rings":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"\n\t\t\t\t\tThe filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}.\n\t\t\t\t\tExample values:\n\t\t\t\t\t\n\t\t\t\t\t* \"name:my-key-\" will retrieve key rings that contain \"my-key-\" anywhere in their name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}.\n\t\t\t\t\t* \"name=projects/my-project/locations/global/keyRings/my-key-ring\" will only retrieve a key ring with that exact name.\n\t\t\t\t\t\n\t\t\t\t\t[See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)\n\t\t\t\t","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_rings":{"type":["list",["object",{"id":"string","name":"string"}]],"description":"A list of all the retrieved key rings","description_kind":"plain","computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_secret":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description_kind":"plain","optional":true},"ciphertext":{"type":"string","description_kind":"plain","required":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"ciphertext":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain","deprecated":true}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_log_view_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_cmek_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","optional":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\n\t\t\t\tFor example:\n\t\t\t\t\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\n\t\t\t\tThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_sink":{"version":0,"block":{"attributes":{"bigquery_options":{"type":["list",["object",{"use_partitioned_tables":"bool"}]],"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","computed":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","computed":true},"exclusions":{"type":["list",["object",{"description":"string","disabled":"bool","filter":"string","name":"string"}]],"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","computed":true},"id":{"type":"string","description":"Required. An identifier for the resource in format: \"projects/[PROJECT_ID]/sinks/[SINK_NAME]\", \"organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME]\", \"billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_NAME]\", \"folders/[FOLDER_ID]/sinks/[SINK_NAME]\"","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","computed":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_app_engine_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"module_id":{"type":"string","description":"The ID of the App Engine module underlying this service. \nCorresponds to the 'moduleId' resource label for a 'gae_app'\nmonitored resource(see https://cloud.google.com/monitoring/api/resources#tag_gae_app)","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_cluster_istio_service":{"version":0,"block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the clusterName resource label in k8s_cluster resources.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the location resource label in k8s_cluster resources.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service. \n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_istio_canonical_service":{"version":0,"block":{"attributes":{"canonical_service":{"type":"string","description":"The name of the canonical service underlying this service.. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"canonical_service_namespace":{"type":"string","description":"The namespace of the canonical service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the Istio mesh in which this canonical service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_mesh_istio_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the mesh in which this Istio service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"sensitive_labels":{"type":["list",["object",{"auth_token":"string","password":"string","service_key":"string"}]],"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_uptime_check_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uptime_check_ips":{"type":["list",["object",{"ip_address":"string","location":"string","region":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_netblock_ip_ranges":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv4":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv6":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"range_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_oracle_database_autonomous_database":{"version":0,"block":{"attributes":{"admin_password":{"type":"string","description":"The password for the default ADMIN user.","description_kind":"plain","computed":true},"autonomous_database_id":{"type":"string","description":"The ID of the Autonomous Database to create. This value is restricted\nto (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$) and must be a maximum of 63\ncharacters in length. The value must start with a letter and end with\na letter or a number.","description_kind":"plain","required":true},"cidr":{"type":"string","description":"The subnet CIDR range for the Autonmous Database.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The date and time that the Autonomous Database was created.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The name of the Autonomous Database. The database name must be unique in\nthe project. The name must begin with a letter and can\ncontain a maximum of 30 alphanumeric characters.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the Autonomous Database. The name does not have to\nbe unique within your project.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitlement_id":{"type":"string","description":"The ID of the subscription entitlement associated with the Autonomous\nDatabase.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels or tags associated with the Autonomous Database. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. See documentation for resource type 'oracledatabase.googleapis.com/AutonomousDatabaseBackup'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the Autonomous Database resource in the following format:\nprojects/{project}/locations/{region}/autonomousDatabases/{autonomous_database}","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name of the VPC network used by the Autonomous Database.\nFormat: projects/{project}/global/networks/{network}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"properties":{"type":["list",["object",{"actual_used_data_storage_size_tb":"number","allocated_storage_size_tb":"number","apex_details":["list",["object",{"apex_version":"string","ords_version":"string"}]],"are_primary_allowlisted_ips_used":"bool","autonomous_container_database_id":"string","available_upgrade_versions":["list","string"],"backup_retention_period_days":"number","character_set":"string","compute_count":"number","connection_strings":["list",["object",{"all_connection_strings":["list",["object",{"high":"string","low":"string","medium":"string"}]],"dedicated":"string","high":"string","low":"string","medium":"string","profiles":["list",["object",{"consumer_group":"string","display_name":"string","host_format":"string","is_regional":"bool","protocol":"string","session_mode":"string","syntax_format":"string","tls_authentication":"string","value":"string"}]]}]],"connection_urls":["list",["object",{"apex_uri":"string","database_transforms_uri":"string","graph_studio_uri":"string","machine_learning_notebook_uri":"string","machine_learning_user_management_uri":"string","mongo_db_uri":"string","ords_uri":"string","sql_dev_web_uri":"string"}]],"customer_contacts":["list",["object",{"email":"string"}]],"data_safe_state":"string","data_storage_size_gb":"number","data_storage_size_tb":"number","database_management_state":"string","db_edition":"string","db_version":"string","db_workload":"string","failed_data_recovery_duration":"string","is_auto_scaling_enabled":"bool","is_local_data_guard_enabled":"bool","is_storage_auto_scaling_enabled":"bool","license_type":"string","lifecycle_details":"string","local_adg_auto_failover_max_data_loss_limit":"number","local_disaster_recovery_type":"string","local_standby_db":["list",["object",{"data_guard_role_changed_time":"string","disaster_recovery_role_changed_time":"string","lag_time_duration":"string","lifecycle_details":"string","state":"string"}]],"maintenance_begin_time":"string","maintenance_end_time":"string","maintenance_schedule_type":"string","memory_per_oracle_compute_unit_gbs":"number","memory_table_gbs":"number","mtls_connection_required":"bool","n_character_set":"string","next_long_term_backup_time":"string","oci_url":"string","ocid":"string","open_mode":"string","operations_insights_state":"string","peer_db_ids":["list","string"],"permission_level":"string","private_endpoint":"string","private_endpoint_ip":"string","private_endpoint_label":"string","refreshable_mode":"string","refreshable_state":"string","role":"string","scheduled_operation_details":["list",["object",{"day_of_week":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]],"stop_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]],"sql_web_developer_url":"string","state":"string","supported_clone_regions":["list","string"],"total_auto_backup_storage_size_gbs":"number","used_data_storage_size_tbs":"number"}]],"description":"The properties of an Autonomous Database.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_oracle_database_autonomous_databases":{"version":0,"block":{"attributes":{"autonomous_databases":{"type":["list",["object",{"admin_password":"string","autonomous_database_id":"string","cidr":"string","create_time":"string","database":"string","deletion_protection":"bool","display_name":"string","effective_labels":["map","string"],"entitlement_id":"string","labels":["map","string"],"location":"string","name":"string","network":"string","project":"string","properties":["list",["object",{"actual_used_data_storage_size_tb":"number","allocated_storage_size_tb":"number","apex_details":["list",["object",{"apex_version":"string","ords_version":"string"}]],"are_primary_allowlisted_ips_used":"bool","autonomous_container_database_id":"string","available_upgrade_versions":["list","string"],"backup_retention_period_days":"number","character_set":"string","compute_count":"number","connection_strings":["list",["object",{"all_connection_strings":["list",["object",{"high":"string","low":"string","medium":"string"}]],"dedicated":"string","high":"string","low":"string","medium":"string","profiles":["list",["object",{"consumer_group":"string","display_name":"string","host_format":"string","is_regional":"bool","protocol":"string","session_mode":"string","syntax_format":"string","tls_authentication":"string","value":"string"}]]}]],"connection_urls":["list",["object",{"apex_uri":"string","database_transforms_uri":"string","graph_studio_uri":"string","machine_learning_notebook_uri":"string","machine_learning_user_management_uri":"string","mongo_db_uri":"string","ords_uri":"string","sql_dev_web_uri":"string"}]],"customer_contacts":["list",["object",{"email":"string"}]],"data_safe_state":"string","data_storage_size_gb":"number","data_storage_size_tb":"number","database_management_state":"string","db_edition":"string","db_version":"string","db_workload":"string","failed_data_recovery_duration":"string","is_auto_scaling_enabled":"bool","is_local_data_guard_enabled":"bool","is_storage_auto_scaling_enabled":"bool","license_type":"string","lifecycle_details":"string","local_adg_auto_failover_max_data_loss_limit":"number","local_disaster_recovery_type":"string","local_standby_db":["list",["object",{"data_guard_role_changed_time":"string","disaster_recovery_role_changed_time":"string","lag_time_duration":"string","lifecycle_details":"string","state":"string"}]],"maintenance_begin_time":"string","maintenance_end_time":"string","maintenance_schedule_type":"string","memory_per_oracle_compute_unit_gbs":"number","memory_table_gbs":"number","mtls_connection_required":"bool","n_character_set":"string","next_long_term_backup_time":"string","oci_url":"string","ocid":"string","open_mode":"string","operations_insights_state":"string","peer_db_ids":["list","string"],"permission_level":"string","private_endpoint":"string","private_endpoint_ip":"string","private_endpoint_label":"string","refreshable_mode":"string","refreshable_state":"string","role":"string","scheduled_operation_details":["list",["object",{"day_of_week":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]],"stop_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]],"sql_web_developer_url":"string","state":"string","supported_clone_regions":["list","string"],"total_auto_backup_storage_size_gbs":"number","used_data_storage_size_tbs":"number"}]],"terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the dataset is located. If it is not provided, the provider project is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_oracle_database_cloud_exadata_infrastructure":{"version":0,"block":{"attributes":{"cloud_exadata_infrastructure_id":{"type":"string","description":"The ID of the Exadata Infrastructure to create. This value is restricted\nto (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$) and must be a maximum of 63\ncharacters in length. The value must start with a letter and end with\na letter or a number.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The date and time that the Exadata Infrastructure was created.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"User friendly name for this resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitlement_id":{"type":"string","description":"Entitlement ID of the private offer against which this infrastructure\nresource is provisioned.","description_kind":"plain","computed":true},"gcp_oracle_zone":{"type":"string","description":"GCP location where Oracle Exadata is hosted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels or tags associated with the resource. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. See documentation for resource type 'oracledatabase.googleapis.com/DbServer'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the Exadata Infrastructure resource with the following format:\nprojects/{project}/locations/{region}/cloudExadataInfrastructures/{cloud_exadata_infrastructure}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"properties":{"type":["list",["object",{"activated_storage_count":"number","additional_storage_count":"number","available_storage_size_gb":"number","compute_count":"number","cpu_count":"number","customer_contacts":["list",["object",{"email":"string"}]],"data_storage_size_tb":"number","db_node_storage_size_gb":"number","db_server_version":"string","maintenance_window":["list",["object",{"custom_action_timeout_mins":"number","days_of_week":["list","string"],"hours_of_day":["list","number"],"is_custom_action_timeout_enabled":"bool","lead_time_week":"number","months":["list","string"],"patching_mode":"string","preference":"string","weeks_of_month":["list","number"]}]],"max_cpu_count":"number","max_data_storage_tb":"number","max_db_node_storage_size_gb":"number","max_memory_gb":"number","memory_size_gb":"number","monthly_db_server_version":"string","monthly_storage_server_version":"string","next_maintenance_run_id":"string","next_maintenance_run_time":"string","next_security_maintenance_run_time":"string","oci_url":"string","ocid":"string","shape":"string","state":"string","storage_count":"number","storage_server_version":"string","total_storage_size_gb":"number"}]],"description":"Various properties of Exadata Infrastructure.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_oracle_database_cloud_exadata_infrastructures":{"version":0,"block":{"attributes":{"cloud_exadata_infrastructures":{"type":["list",["object",{"cloud_exadata_infrastructure_id":"string","create_time":"string","deletion_protection":"bool","display_name":"string","effective_labels":["map","string"],"entitlement_id":"string","gcp_oracle_zone":"string","labels":["map","string"],"location":"string","name":"string","project":"string","properties":["list",["object",{"activated_storage_count":"number","additional_storage_count":"number","available_storage_size_gb":"number","compute_count":"number","cpu_count":"number","customer_contacts":["list",["object",{"email":"string"}]],"data_storage_size_tb":"number","db_node_storage_size_gb":"number","db_server_version":"string","maintenance_window":["list",["object",{"custom_action_timeout_mins":"number","days_of_week":["list","string"],"hours_of_day":["list","number"],"is_custom_action_timeout_enabled":"bool","lead_time_week":"number","months":["list","string"],"patching_mode":"string","preference":"string","weeks_of_month":["list","number"]}]],"max_cpu_count":"number","max_data_storage_tb":"number","max_db_node_storage_size_gb":"number","max_memory_gb":"number","memory_size_gb":"number","monthly_db_server_version":"string","monthly_storage_server_version":"string","next_maintenance_run_id":"string","next_maintenance_run_time":"string","next_security_maintenance_run_time":"string","oci_url":"string","ocid":"string","shape":"string","state":"string","storage_count":"number","storage_server_version":"string","total_storage_size_gb":"number"}]],"terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the dataset is located. If it is not provided, the provider project is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_oracle_database_cloud_vm_cluster":{"version":0,"block":{"attributes":{"backup_subnet_cidr":{"type":"string","description":"CIDR range of the backup subnet.","description_kind":"plain","computed":true},"cidr":{"type":"string","description":"Network settings. CIDR to use for cluster IP allocation.","description_kind":"plain","computed":true},"cloud_vm_cluster_id":{"type":"string","description":"The ID of the VM Cluster to create. This value is restricted\nto (^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$) and must be a maximum of 63\ncharacters in length. The value must start with a letter and end with\na letter or a number.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The date and time that the VM cluster was created.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the cluster. Deleting this cluster via terraform destroy or terraform apply will only succeed if this field is false in the Terraform state.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"User friendly name for this resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"exadata_infrastructure":{"type":"string","description":"The name of the Exadata Infrastructure resource on which VM cluster\nresource is created, in the following format:\nprojects/{project}/locations/{region}/cloudExadataInfrastuctures/{cloud_extradata_infrastructure}","description_kind":"plain","computed":true},"gcp_oracle_zone":{"type":"string","description":"GCP location where Oracle Exadata is hosted. It is same as GCP Oracle zone\nof Exadata infrastructure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels or tags associated with the VM Cluster. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Resource ID segment making up resource 'name'. See documentation for resource type 'oracledatabase.googleapis.com/DbNode'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The name of the VM Cluster resource with the format:\nprojects/{project}/locations/{region}/cloudVmClusters/{cloud_vm_cluster}","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name of the VPC network.\nFormat: projects/{project}/global/networks/{network}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"properties":{"type":["list",["object",{"cluster_name":"string","compartment_id":"string","cpu_core_count":"number","data_storage_size_tb":"number","db_node_storage_size_gb":"number","db_server_ocids":["list","string"],"diagnostics_data_collection_options":["list",["object",{"diagnostics_events_enabled":"bool","health_monitoring_enabled":"bool","incident_logs_enabled":"bool"}]],"disk_redundancy":"string","dns_listener_ip":"string","domain":"string","gi_version":"string","hostname":"string","hostname_prefix":"string","license_type":"string","local_backup_enabled":"bool","memory_size_gb":"number","node_count":"number","oci_url":"string","ocid":"string","ocpu_count":"number","scan_dns":"string","scan_dns_record_id":"string","scan_ip_ids":["list","string"],"scan_listener_port_tcp":"number","scan_listener_port_tcp_ssl":"number","shape":"string","sparse_diskgroup_enabled":"bool","ssh_public_keys":["list","string"],"state":"string","storage_size_gb":"number","system_version":"string","time_zone":["list",["object",{"id":"string"}]]}]],"description":"Various properties and settings associated with Exadata VM cluster.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_oracle_database_cloud_vm_clusters":{"version":0,"block":{"attributes":{"cloud_vm_clusters":{"type":["list",["object",{"backup_subnet_cidr":"string","cidr":"string","cloud_vm_cluster_id":"string","create_time":"string","deletion_protection":"bool","display_name":"string","effective_labels":["map","string"],"exadata_infrastructure":"string","gcp_oracle_zone":"string","labels":["map","string"],"location":"string","name":"string","network":"string","project":"string","properties":["list",["object",{"cluster_name":"string","compartment_id":"string","cpu_core_count":"number","data_storage_size_tb":"number","db_node_storage_size_gb":"number","db_server_ocids":["list","string"],"diagnostics_data_collection_options":["list",["object",{"diagnostics_events_enabled":"bool","health_monitoring_enabled":"bool","incident_logs_enabled":"bool"}]],"disk_redundancy":"string","dns_listener_ip":"string","domain":"string","gi_version":"string","hostname":"string","hostname_prefix":"string","license_type":"string","local_backup_enabled":"bool","memory_size_gb":"number","node_count":"number","oci_url":"string","ocid":"string","ocpu_count":"number","scan_dns":"string","scan_dns_record_id":"string","scan_ip_ids":["list","string"],"scan_listener_port_tcp":"number","scan_listener_port_tcp_ssl":"number","shape":"string","sparse_diskgroup_enabled":"bool","ssh_public_keys":["list","string"],"state":"string","storage_size_gb":"number","system_version":"string","time_zone":["list",["object",{"id":"string"}]]}]],"terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the dataset is located. If it is not provided, the provider project is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_oracle_database_db_nodes":{"version":0,"block":{"attributes":{"cloud_vm_cluster":{"type":"string","description":"vmcluster","description_kind":"plain","required":true},"db_nodes":{"type":["list",["object",{"name":"string","properties":["list",["object",{"db_node_storage_size_gb":"number","db_server_ocid":"string","hostname":"string","memory_size_gb":"number","ocid":"string","ocpu_count":"number","state":"string","total_cpu_core_count":"number"}]]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the dataset is located. If it is not provided, the provider project is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_oracle_database_db_servers":{"version":0,"block":{"attributes":{"cloud_exadata_infrastructure":{"type":"string","description":"exadata","description_kind":"plain","required":true},"db_servers":{"type":["list",["object",{"display_name":"string","properties":["list",["object",{"db_node_ids":["list","string"],"db_node_storage_size_gb":"number","max_db_node_storage_size_gb":"number","max_memory_size_gb":"number","max_ocpu_count":"number","memory_size_gb":"number","ocid":"string","ocpu_count":"number","state":"string","vm_count":"number"}]]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"location","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the dataset is located. If it is not provided, the provider project is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_organization":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"directory_customer_id":{"type":"string","description_kind":"plain","computed":true},"domain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"org_id":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","optional":true},"config":{"type":["list",["object",{"subject_config":["list",["object",{"subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_config":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number","non_ca":"bool","zero_max_issuer_path_length":"bool"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the CertificateAuthority.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the CertificateAuthority will fail.\nWhen the field is set to false, deleting the CertificateAuthority is allowed.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.\nPossible values: ENABLED, DISABLED, STAGED.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"key_spec":{"type":["list",["object",{"algorithm":"string","cloud_kms_key_version":"string"}]],"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","computed":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"subordinate_config":{"type":["list",["object",{"certificate_authority":"string","pem_issuer_chain":["list",["object",{"pem_certificates":["list","string"]}]]}]],"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privileged_access_manager_entitlement":{"version":0,"block":{"attributes":{"additional_notification_targets":{"type":["list",["object",{"admin_email_recipients":["set","string"],"requester_email_recipients":["set","string"]}]],"description":"AdditionalNotificationTargets includes email addresses to be notified.","description_kind":"plain","computed":true},"approval_workflow":{"type":["list",["object",{"manual_approvals":["list",["object",{"require_approver_justification":"bool","steps":["list",["object",{"approvals_needed":"number","approver_email_recipients":["set","string"],"approvers":["list",["object",{"principals":["set","string"]}]]}]]}]]}]],"description":"The approvals needed before access will be granted to a requester.\nNo approvals will be needed if this field is null. Different types of approval workflows that can be used to gate privileged access granting.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"eligible_users":{"type":["list",["object",{"principals":["set","string"]}]],"description":"Who can create Grants using Entitlement. This list should contain at most one entry","description_kind":"plain","computed":true},"entitlement_id":{"type":"string","description":"The ID to use for this Entitlement. This will become the last part of the resource name.\nThis value should be 4-63 characters, and valid characters are \"[a-z]\", \"[0-9]\", and \"-\". The first character should be from [a-z].\nThis value should be unique among all other Entitlements under the specified 'parent'.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The region of the Entitlement resource.","description_kind":"plain","optional":true},"max_request_duration":{"type":"string","description":"The maximum amount of time for which access would be granted for a request.\nA requester can choose to ask for access for less than this duration but never more.\nFormat: calculate the time in seconds and concatenate it with 's' i.e. 2 hours = \"7200s\", 45 minutes = \"2700s\"","description_kind":"plain","computed":true},"name":{"type":"string","description":"Output Only. The entitlement's name follows a hierarchical structure, comprising the organization, folder, or project, alongside the region and a unique entitlement ID.\nFormats: organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}, folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}, and projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Format: projects/{project-id|project-number} or organizations/{organization-number} or folders/{folder-number}","description_kind":"plain","optional":true},"privileged_access":{"type":["list",["object",{"gcp_iam_access":["list",["object",{"resource":"string","resource_type":"string","role_bindings":["list",["object",{"condition_expression":"string","role":"string"}]]}]]}]],"description":"Privileged access that this service can be used to gate.","description_kind":"plain","computed":true},"requester_justification_config":{"type":["list",["object",{"not_mandatory":["list",["object",{}]],"unstructured":["list",["object",{}]]}]],"description":"Defines the ways in which a requester should provide the justification while requesting for access.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the Entitlement.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","computed":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the Project. Setting PREVENT will protect the project against any destroy actions caused by a terraform apply or terraform destroy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"PREVENT\", \"ABANDON\", \"DELETE\"","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","computed":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored when empty. This field is only set at create time and modifying this field after creation will trigger recreation. To apply tags to an existing resource, see the google_tags_tag_value resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"(ReadOnly) The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","computed":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_projects":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["list",["object",{"create_time":"string","labels":["map","string"],"lifecycle_state":"string","name":"string","number":"string","parent":["map","string"],"project_id":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","computed":true},"bigquery_config":{"type":["list",["object",{"drop_unknown_fields":"bool","service_account_email":"string","table":"string","use_table_schema":"bool","use_topic_schema":"bool","write_metadata":"bool"}]],"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"cloud_storage_config":{"type":["list",["object",{"avro_config":["list",["object",{"use_topic_schema":"bool","write_metadata":"bool"}]],"bucket":"string","filename_datetime_format":"string","filename_prefix":"string","filename_suffix":"string","max_bytes":"number","max_duration":"string","max_messages":"number","service_account_email":"string","state":"string"}]],"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"dead_letter_policy":{"type":["list",["object",{"dead_letter_topic":"string","max_delivery_attempts":"number"}]],"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","computed":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","computed":true},"expiration_policy":{"type":["list",["object",{"ttl":"string"}]],"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 31 days ('\"2678400s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"push_config":{"type":["list",["object",{"attributes":["map","string"],"no_wrapper":["list",["object",{"write_metadata":"bool"}]],"oidc_token":["list",["object",{"audience":"string","service_account_email":"string"}]],"push_endpoint":"string"}]],"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain","computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","computed":true},"retry_policy":{"type":["list",["object",{"maximum_backoff":"string","minimum_backoff":"string"}]],"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingestion_data_source_settings":{"type":["list",["object",{"aws_kinesis":["list",["object",{"aws_role_arn":"string","consumer_arn":"string","gcp_service_account":"string","stream_arn":"string"}]],"cloud_storage":["list",["object",{"avro_format":["list",["object",{}]],"bucket":"string","match_glob":"string","minimum_object_create_time":"string","pubsub_avro_format":["list",["object",{}]],"text_format":["list",["object",{"delimiter":"string"}]]}]],"platform_logs_settings":["list",["object",{"severity":"string"}]]}]],"description":"Settings for ingestion from a data source into this topic.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","computed":true},"message_storage_policy":{"type":["list",["object",{"allowed_persistence_regions":["list","string"]}]],"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"schema_settings":{"type":["list",["object",{"encoding":"string","schema":"string"}]],"description":"Settings for validating messages published against a schema.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","computed":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"create_time":"string","description":"string","update_time":"string","weekly_maintenance_window":["list",["object",{"day":"string","duration":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]]}]],"description":"Maintenance policy for an instance.","description_kind":"plain","computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"The self service update maintenance version.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_config":{"type":["list",["object",{"persistence_mode":"string","rdb_next_snapshot_time":"string","rdb_snapshot_period":"string","rdb_snapshot_start_time":"string"}]],"description":"Persistence configuration for an instance.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","computed":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_scc_v2_organization_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_regional_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the regional secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which the regional secret was created.","description_kind":"plain","computed":true},"customer_managed_encryption":{"type":["list",["object",{"kms_key_name":"string"}]],"description":"The customer-managed encryption configuration of the regional secret.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the regional secret is scheduled to expire. This is always provided on\noutput, regardless of what was sent on input. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\". Only one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this regional secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the regional secret. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the regional secret. Format:\n'projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"rotation":{"type":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"description":"The rotation time and period for a regional secret. At 'next_rotation_time', Secret Manager\nwill send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be\nset to configure rotation.","description_kind":"plain","computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topics":{"type":["list",["object",{"name":"string"}]],"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane\noperations are called on the regional secret or its versions.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the regional secret. A duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\". Only one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","computed":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires. It must be atleast 24h.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_regional_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_regional_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"customer_managed_encryption":{"type":["list",["object",{"kms_key_version_name":"string"}]],"description_kind":"plain","computed":true},"destroy_time":{"type":"string","description_kind":"plain","computed":true},"enabled":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description_kind":"plain","optional":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_regional_secret_version_access":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description_kind":"plain","optional":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_regional_secrets":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"Filter string, adhering to the rules in List-operation filtering (https://cloud.google.com/secret-manager/docs/filtering).\nList only secrets matching the filter. If filter is empty, all regional secrets are listed from the specified location.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secrets":{"type":["list",["object",{"annotations":["map","string"],"create_time":"string","customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"effective_annotations":["map","string"],"effective_labels":["map","string"],"expire_time":"string","labels":["map","string"],"location":"string","name":"string","project":"string","rotation":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"secret_id":"string","terraform_labels":["map","string"],"topics":["list",["object",{"name":"string"}]],"ttl":"string","version_aliases":["map","string"],"version_destroy_ttl":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"replication":{"type":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain","computed":true},"rotation":{"type":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain","computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topics":{"type":["list",["object",{"name":"string"}]],"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","computed":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"destroy_time":{"type":"string","description_kind":"plain","computed":true},"enabled":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_version_access":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secrets":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"Filter string, adhering to the rules in List-operation filtering (https://cloud.google.com/secret-manager/docs/filtering).\nList only secrets matching the filter. If filter is empty, all secrets are listed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secrets":{"type":["list",["object",{"annotations":["map","string"],"create_time":"string","effective_annotations":["map","string"],"effective_labels":["map","string"],"expire_time":"string","labels":["map","string"],"name":"string","project":"string","replication":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"rotation":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"secret_id":"string","terraform_labels":["map","string"],"topics":["list",["object",{"name":"string"}]],"ttl":"string","version_aliases":["map","string"],"version_destroy_ttl":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secure_source_manager_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description_kind":"plain","required":true},"disabled":{"type":"bool","description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_account_access_token":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifetime":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["set","string"],"description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_id_token":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"include_email":{"type":"bool","description_kind":"plain","optional":true},"target_audience":{"type":"string","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_account_jwt":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"expires_in":{"type":"number","description":"Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expires_in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwt":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"payload":{"type":"string","description":"A JSON-encoded JWT claims set that will be included in the signed JWT.","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description_kind":"plain","computed":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_accounts":{"version":0,"block":{"attributes":{"accounts":{"type":["list",["object",{"account_id":"string","disabled":"bool","display_name":"string","email":"string","member":"string","name":"string","unique_id":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_site_verification_token":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identifier":{"type":"string","description":"The site identifier. If the type is set to SITE, the identifier is a URL. If the type is\nset to INET_DOMAIN, the identifier is a domain name.","description_kind":"plain","required":true},"token":{"type":"string","description":"The returned token for use in subsequent verification steps.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of resource to be verified, either a domain or a web site. Possible values: [\"INET_DOMAIN\", \"SITE\"]","description_kind":"plain","required":true},"verification_method":{"type":"string","description":"The verification method for the Site Verification system to use to verify\nthis site or domain. Possible values: [\"ANALYTICS\", \"DNS_CNAME\", \"DNS_TXT\", \"FILE\", \"META\", \"TAG_MANAGER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"create_ignore_already_exists":{"type":"bool","description":"If set to true, skip repository creation if a repository with the same name already exists.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_configs":{"type":["set",["object",{"message_format":"string","service_account_email":"string","topic":"string"}]],"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database":{"version":0,"block":{"attributes":{"database_dialect":{"type":"string","description":"The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"]","description_kind":"plain","computed":true},"ddl":{"type":["list","string"],"description":"An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether Terraform will be prevented from destroying the database. Defaults to true.\nWhen a'terraform destroy' or 'terraform apply' would delete the database,\nthe command will fail if this field is not set to false in Terraform state.\nWhen the field is set to true or unset in Terraform state, a 'terraform apply'\nor 'terraform destroy' that would delete the database will fail.\nWhen the field is set to false, deleting the database is allowed.","description_kind":"plain","computed":true},"enable_drop_protection":{"type":"bool","description":"Whether drop protection is enabled for this database. Defaults to false.\nDrop protection is different from\nthe \"deletion_protection\" attribute in the following ways:\n(1) \"deletion_protection\" only protects the database from deletions in Terraform.\nwhereas setting “enableDropProtection” to true protects the database from deletions in all interfaces.\n(2) Setting \"enableDropProtection\" to true also prevents the deletion of the parent instance containing the database.\n\"deletion_protection\" attribute does not provide protection against the deletion of the parent instance.","description_kind":"plain","computed":true},"encryption_config":{"type":["list",["object",{"kms_key_name":"string","kms_key_names":["list","string"]}]],"description":"Encryption configuration for the database","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the database, which cannot be changed after the\ninstance is created. Values are of the form '[a-z][-_a-z0-9]*[a-z0-9]'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"An explanation of the status of the database.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"autoscaling_config":{"type":["list",["object",{"asymmetric_autoscaling_options":["list",["object",{"overrides":["list",["object",{"autoscaling_limits":["list",["object",{"max_nodes":"number","min_nodes":"number"}]]}]],"replica_selection":["list",["object",{"location":"string"}]]}]],"autoscaling_limits":["list",["object",{"max_nodes":"number","max_processing_units":"number","min_nodes":"number","min_processing_units":"number"}]],"autoscaling_targets":["list",["object",{"high_priority_cpu_utilization_percent":"number","storage_utilization_percent":"number"}]]}]],"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain","computed":true},"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","optional":true},"default_backup_schedule_type":{"type":"string","description":"Controls the default backup behavior for new databases within the instance.\nNote that 'AUTOMATIC' is not permitted for free instances, as backups and backup schedules are not allowed for free instances.\nif unset or NONE, no default backup schedule will be created for new databases within the instance. Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition selected for this instance. Different editions provide different capabilities at different price points. Possible values: [\"EDITION_UNSPECIFIED\", \"STANDARD\", \"ENTERPRISE\", \"ENTERPRISE_PLUS\"]","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","required":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_backup_run":{"version":0,"block":{"attributes":{"backup_id":{"type":"number","description":"The identifier for this backup run. Unique only for a specific Cloud SQL instance. If left empty and multiple backups exist for the instance, most_recent must be set to true.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"Name of the database instance.","description_kind":"plain","required":true},"location":{"type":"string","description":"Location of the backups.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description":"Toggles use of the most recent backup run if multiple backups exist for a Cloud SQL instance.","description_kind":"plain","optional":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time the backup operation actually started in UTC timezone in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of this run.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_ca_certs":{"version":0,"block":{"attributes":{"active_version":{"type":"string","description_kind":"plain","computed":true},"certs":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"clone":{"type":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, MYSQL_8_4, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, POSTGRES_16, POSTGRES_17, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","computed":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","computed":true},"replica_configuration":{"type":["list",["object",{"ca_certificate":"string","cascadable_replica":"bool","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"description":"The configuration for replication.","description_kind":"plain","computed":true},"replica_names":{"type":["list","string"],"description":"The replicas of the instance.","description_kind":"plain","computed":true},"restore_backup_context":{"type":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"description_kind":"plain","computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true},"settings":{"type":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","enable_dataplex_integration":"bool","enable_google_ml_integration":"bool","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_auto_connections":["list",["object",{"consumer_network":"string","consumer_service_project_id":"string"}]],"psc_enabled":"bool"}]],"server_ca_mode":"string","server_ca_pool":"string","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]],"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance_latest_recovery_time":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"latest_recovery_time":{"type":"string","description":"Timestamp, identifies the latest recovery time of the source instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database_instances":{"version":0,"block":{"attributes":{"database_version":{"type":"string","description":"To filter out the database instances which are of the specified database version.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"available_maintenance_versions":["list","string"],"clone":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"connection_name":"string","database_version":"string","deletion_protection":"bool","dns_name":"string","encryption_key_name":"string","first_ip_address":"string","instance_type":"string","ip_address":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"maintenance_version":"string","master_instance_name":"string","name":"string","private_ip_address":"string","project":"string","psc_service_attachment_link":"string","public_ip_address":"string","region":"string","replica_configuration":["list",["object",{"ca_certificate":"string","cascadable_replica":"bool","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"replica_names":["list","string"],"restore_backup_context":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"root_password":"string","self_link":"string","server_ca_cert":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"service_account_email_address":"string","settings":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","enable_dataplex_integration":"bool","enable_google_ml_integration":"bool","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_auto_connections":["list",["object",{"consumer_network":"string","consumer_service_project_id":"string"}]],"psc_enabled":"bool"}]],"server_ca_mode":"string","server_ca_pool":"string","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project that contains the instances.","description_kind":"plain","optional":true},"region":{"type":"string","description":"To filter out the database instances which are located in this specified region.","description_kind":"plain","optional":true},"state":{"type":"string","description":"To filter out the database instances based on the current state of the database instance, valid values include : \"SQL_INSTANCE_STATE_UNSPECIFIED\", \"RUNNABLE\", \"SUSPENDED\", \"PENDING_DELETE\", \"PENDING_CREATE\", \"MAINTENANCE\" and \"FAILED\".","description_kind":"plain","optional":true},"tier":{"type":"string","description":"To filter out the database instances based on the machine type.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"To filter out the database instances which are located in this specified zone.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_databases":{"version":0,"block":{"attributes":{"databases":{"type":["list",["object",{"charset":"string","collation":"string","deletion_policy":"string","instance":"string","name":"string","project":"string","self_link":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL database instance in which the database belongs.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_tiers":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project ID of the project for which to list tiers.","description_kind":"plain","optional":true,"computed":true},"tiers":{"type":["list",["object",{"disk_quota":"number","ram":"number","region":["list","string"],"tier":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket":{"version":3,"block":{"attributes":{"autoclass":{"type":["list",["object",{"enabled":"bool","terminal_storage_class":"string"}]],"description":"The bucket's autoclass configuration.","description_kind":"plain","computed":true},"cors":{"type":["list",["object",{"max_age_seconds":"number","method":["list","string"],"origin":["list","string"],"response_header":["list","string"]}]],"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain","computed":true},"custom_placement_config":{"type":["list",["object",{"data_locations":["set","string"]}]],"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain","computed":true},"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","computed":true},"encryption":{"type":["list",["object",{"default_kms_key_name":"string"}]],"description":"The bucket's encryption configuration.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","computed":true},"hierarchical_namespace":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's HNS configuration, which defines bucket can organize folders in logical file system structure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","computed":true},"lifecycle_rule":{"type":["list",["object",{"action":["set",["object",{"storage_class":"string","type":"string"}]],"condition":["set",["object",{"age":"number","created_before":"string","custom_time_before":"string","days_since_custom_time":"number","days_since_noncurrent_time":"number","matches_prefix":["list","string"],"matches_storage_class":["list","string"],"matches_suffix":["list","string"],"noncurrent_time_before":"string","num_newer_versions":"number","send_age_if_zero":"bool","send_days_since_custom_time_if_zero":"bool","send_days_since_noncurrent_time_if_zero":"bool","send_num_newer_versions_if_zero":"bool","with_state":"string"}]]}]],"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","computed":true},"logging":{"type":["list",["object",{"log_bucket":"string","log_object_prefix":"string"}]],"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"project_number":{"type":"number","description":"The project number of the project in which the resource belongs.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","computed":true},"retention_policy":{"type":["list",["object",{"is_locked":"bool","retention_period":"number"}]],"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain","computed":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"soft_delete_policy":{"type":["list",["object",{"effective_time":"string","retention_duration_seconds":"number"}]],"description":"The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true},"versioning":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's Versioning configuration.","description_kind":"plain","computed":true},"website":{"type":["list",["object",{"main_page_suffix":"string","not_found_page":"string"}]],"description":"Configuration if the bucket acts as a website.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","optional":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","computed":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of this object. Used for object versioning and soft delete.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","optional":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object_content":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of this object. Used for object versioning and soft delete.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_objects":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"bucket_objects":{"type":["list",["object",{"content_type":"string","media_link":"string","name":"string","self_link":"string","storage_class":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_glob":{"type":"string","description_kind":"plain","optional":true},"prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_buckets":{"version":0,"block":{"attributes":{"buckets":{"type":["list",["object",{"labels":["map","string"],"location":"string","name":"string","self_link":"string","storage_class":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_managed_folder_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_folder":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_object_signed_url":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"content_md5":{"type":"string","description_kind":"plain","optional":true},"content_type":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"duration":{"type":"string","description_kind":"plain","optional":true},"extension_headers":{"type":["map","string"],"description_kind":"plain","optional":true},"http_method":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description_kind":"plain","required":true},"signed_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_project_service_account":{"version":0,"block":{"attributes":{"email_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"user_project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_transfer_project_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subject_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keys":{"type":["list",["object",{"create_time":"string","description":"string","name":"string","namespaced_name":"string","parent":"string","purpose":"string","purpose_data":["map","string"],"short_name":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_values":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"values":{"type":["list",["object",{"create_time":"string","description":"string","name":"string","namespaced_name":"string","parent":"string","short_name":"string","update_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tpu_tensorflow_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"versions":{"type":["list","string"],"description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"metadata":{"type":["list",["object",{"config":["list",["object",{"algorithm_config":["list",["object",{"brute_force_config":["list",["object",{}]],"tree_ah_config":["list",["object",{"leaf_node_embedding_count":"number","leaf_nodes_to_search_percent":"number"}]]}]],"approximate_neighbors_count":"number","dimensions":"number","distance_measure_type":"string","feature_norm_type":"string","shard_size":"string"}]],"contents_delta_uri":"string","is_complete_overwrite":"bool"}]],"description":"An additional information about the Index","description_kind":"plain","computed":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"autoscaling_settings":{"type":["list",["object",{"autoscaling_policies":["set",["object",{"autoscale_policy_id":"string","consumed_memory_thresholds":["list",["object",{"scale_in":"number","scale_out":"number"}]],"cpu_thresholds":["list",["object",{"scale_in":"number","scale_out":"number"}]],"node_type_id":"string","scale_out_size":"number","storage_thresholds":["list",["object",{"scale_in":"number","scale_out":"number"}]]}]],"cool_down_period":"string","max_cluster_node_count":"number","min_cluster_node_count":"number"}]],"description":"Configuration of the autoscaling applied to this cluster","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"node_type_configs":{"type":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","computed":true},"destination_ip_ranges":{"type":["list",["object",{"external_address":"string","ip_address_range":"string"}]],"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain","computed":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list",["object",{"ip_address":"string","ip_address_range":"string"}]],"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain","computed":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","computed":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","computed":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","computed":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","computed":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","computed":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","computed":true},"external_ip":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internet_access":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_nsx_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains NSX.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"deletion_delay_hours":{"type":"number","description":"The number of hours to delay this request. You can set this value to an hour between 0 to 8, where setting it to 0 starts the deletion request immediately. If no value is set, a default value is set at the API Level.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","computed":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"management_cluster":{"type":["list",["object",{"autoscaling_settings":["list",["object",{"autoscaling_policies":["set",["object",{"autoscale_policy_id":"string","consumed_memory_thresholds":["list",["object",{"scale_in":"number","scale_out":"number"}]],"cpu_thresholds":["list",["object",{"scale_in":"number","scale_out":"number"}]],"node_type_id":"string","scale_out_size":"number","storage_thresholds":["list",["object",{"scale_in":"number","scale_out":"number"}]]}]],"cool_down_period":"string","max_cluster_node_count":"number","min_cluster_node_count":"number"}]],"cluster_id":"string","node_type_configs":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"stretched_cluster_config":["list",["object",{"preferred_location":"string","secondary_location":"string"}]]}]],"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"network_config":{"type":["list",["object",{"dns_server_ip":"string","management_cidr":"string","management_ip_address_layout_version":"number","vmware_engine_network":"string","vmware_engine_network_canonical":"string"}]],"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain","computed":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"send_deletion_delay_hours_if_zero":{"type":"bool","description":"While set true, deletion_delay_hours value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the deletion_delay_hours field. It can be used both alone and together with deletion_delay_hours.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\", \"STRETCHED\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_vcenter_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains vcenter.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be\nhigher than the value specified by min_instances.","description_kind":"plain","computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300. Refers to the expected throughput\nwhen using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by\nmin_throughput. Only one of 'max_throughput' and 'max_instances' can be specified. The use of max_throughput is discouraged in favor of max_instances.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be\nlower than the value specified by max_instances.","description_kind":"plain","computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type.\nValue must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput.\nOnly one of 'min_throughput' and 'min_instances' can be specified. The use of min_throughput is discouraged in favor of min_instances.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true},"subnet":{"type":["list",["object",{"name":"string","project_id":"string"}]],"description":"The subnet in which to house the connector","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}}}}}} From e78d986d3f23b6ca673549c0a089e51741e34633 Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Tue, 28 Jan 2025 21:25:44 +0100 Subject: [PATCH 46/47] fmt Signed-off-by: Rickard von Essen --- config/externalname.go | 2 +- config/externalnamenottested.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/externalname.go b/config/externalname.go index a75b6f134..43afd9a3d 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -555,7 +555,7 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{ // identityplatform // - // Imported by using the following projects/{{project}}/config + // Imported by using the following projects/{{project}}/config "google_identity_platform_config": config.TemplatedStringAsIdentifier("", "projects/{{ .setup.configuration.project }}/config"), // Imported by using the following format: projects/{{project}}/defaultSupportedIdpConfigs/{{idp_id}} "google_identity_platform_default_supported_idp_config": config.IdentifierFromProvider, diff --git a/config/externalnamenottested.go b/config/externalnamenottested.go index 846be5605..147cb2c68 100644 --- a/config/externalnamenottested.go +++ b/config/externalnamenottested.go @@ -377,7 +377,7 @@ var ExternalNameNotTestedConfigs = map[string]config.ExternalName{ "google_iam_workload_identity_pool_provider": config.TemplatedStringAsIdentifier("workload_identity_pool_provider_id", "projects/{{ .setup.configuration.project }}/locations/global/workloadIdentityPools/{{ .parameters.workload_identity_pool_id }}/providers/{{ .external_name }}"), // identityplatform - // + // // kms // From 815be5f5ced93333f4e0f9503fe3a29477cd205d Mon Sep 17 00:00:00 2001 From: Rickard von Essen Date: Thu, 30 Jan 2025 09:49:13 +0100 Subject: [PATCH 47/47] Remove deletionProtection deletion_protection was added in Terraform to help protect from remove/create a resource when you change an immutable attribute. This is not allowed in Crossplane so this is unnecessary. Also this overlap with Crossplane managementPolicy. Signed-off-by: Rickard von Essen --- .../v1beta1/zz_domain_types.go | 9 --------- .../v1beta1/zz_generated.deepcopy.go | 10 ---------- .../bigquery/v1beta2/zz_generated.deepcopy.go | 10 ---------- apis/bigquery/v1beta2/zz_table_types.go | 7 ------- .../bigtable/v1beta1/zz_generated.deepcopy.go | 10 ---------- apis/bigtable/v1beta1/zz_table_types.go | 7 ------- .../bigtable/v1beta2/zz_generated.deepcopy.go | 10 ---------- apis/bigtable/v1beta2/zz_instance_types.go | 7 ------- apis/cloudplatform/v1beta1/zz_folder_types.go | 4 ---- .../v1beta1/zz_generated.deepcopy.go | 10 ---------- .../cloudrun/v1beta2/zz_generated.deepcopy.go | 20 ------------------- apis/cloudrun/v1beta2/zz_v2job_types.go | 9 --------- apis/cloudrun/v1beta2/zz_v2service_types.go | 9 --------- apis/compute/v1beta2/zz_generated.deepcopy.go | 20 ------------------- apis/compute/v1beta2/zz_instance_types.go | 9 --------- .../v1beta2/zz_instancefromtemplate_types.go | 5 ----- apis/container/v1beta2/zz_cluster_types.go | 5 ----- .../v1beta2/zz_generated.deepcopy.go | 10 ---------- .../dataproc/v1beta2/zz_generated.deepcopy.go | 10 ---------- .../v1beta2/zz_metastoreservice_types.go | 7 ------- .../v1beta2/zz_certificateauthority_types.go | 7 ------- .../v1beta2/zz_generated.deepcopy.go | 10 ---------- apis/spanner/v1beta2/zz_database_types.go | 9 --------- apis/spanner/v1beta2/zz_generated.deepcopy.go | 10 ---------- apis/sql/v1beta2/zz_databaseinstance_types.go | 7 ------- apis/sql/v1beta2/zz_generated.deepcopy.go | 10 ---------- .../v1beta1/zz_generated.deepcopy.go | 10 ---------- apis/workflows/v1beta1/zz_workflow_types.go | 9 --------- config/overrides.go | 10 ++++++++++ config/registry.go | 1 + .../activedirectory/v1beta1/domain.yaml | 1 - examples-generated/bigquery/v1beta2/job.yaml | 1 - .../bigtable/v1beta2/appprofile.yaml | 1 - .../cloudrun/v1beta2/v2job.yaml | 1 - .../cloudrun/v1beta2/v2service.yaml | 1 - .../v1beta1/firewallpolicyassociation.yaml | 1 - .../v1beta1/instancegroupnamedport.yaml | 1 - .../compute/v1beta2/firewallpolicyrule.yaml | 1 - .../dns/v1beta1/responsepolicy.yaml | 1 - .../gke/v1beta2/backupbackupplan.yaml | 1 - .../gkehub/v1beta2/membership.yaml | 1 - .../privateca/v1beta2/certificate.yaml | 1 - .../v1beta2/certificateauthority.yaml | 1 - .../spanner/v1beta2/database.yaml | 1 - examples-generated/sql/v1beta1/database.yaml | 1 - .../workflows/v1beta1/workflow.yaml | 1 - examples/activedirectory/v1beta1/domain.yaml | 1 - examples/bigquery/v1beta2/connection.yaml | 1 - examples/bigquery/v1beta2/job.yaml | 1 - examples/bigquery/v1beta2/table.yaml | 1 - .../bigquery/v1beta2/tableiambinding.yaml | 1 - examples/bigquery/v1beta2/tableiammember.yaml | 1 - examples/bigtable/v1beta2/appprofile.yaml | 1 - .../v1beta2/garbagecollectionpolicy.yaml | 1 - examples/bigtable/v1beta2/instance.yaml | 1 - .../bigtable/v1beta2/instanceiambinding.yaml | 1 - .../bigtable/v1beta2/instanceiammember.yaml | 1 - .../bigtable/v1beta2/tableiambinding.yaml | 1 - examples/bigtable/v1beta2/tableiammember.yaml | 1 - examples/cloudrun/v1beta2/v2job.yaml | 1 - examples/cloudrun/v1beta2/v2service.yaml | 1 - .../v1beta1/firewallpolicyassociation.yaml | 1 - .../v1beta1/instancegroupnamedport.yaml | 1 - examples/container/v1beta2/cluster.yaml | 1 - examples/container/v1beta2/nodepool.yaml | 1 - examples/dns/v1beta1/responsepolicy.yaml | 1 - examples/gke/v1beta2/backupbackupplan.yaml | 1 - examples/gkehub/v1beta2/membership.yaml | 1 - examples/privateca/v1beta2/certificate.yaml | 1 - .../v1beta2/certificateauthority.yaml | 1 - examples/spanner/v1beta2/database.yaml | 1 - .../spanner/v1beta2/databaseiammember.yaml | 1 - examples/sql/v1beta2/instance.yaml | 1 - examples/sql/v1beta2/user.yaml | 1 - examples/workflows/v1beta1/workflow.yaml | 1 - ...ctivedirectory.gcp.upbound.io_domains.yaml | 10 ---------- .../crds/bigquery.gcp.upbound.io_tables.yaml | 8 -------- .../bigtable.gcp.upbound.io_instances.yaml | 8 -------- .../crds/bigtable.gcp.upbound.io_tables.yaml | 14 ------------- .../cloudplatform.gcp.upbound.io_folders.yaml | 4 ---- .../crds/cloudrun.gcp.upbound.io_v2jobs.yaml | 10 ---------- .../cloudrun.gcp.upbound.io_v2services.yaml | 10 ---------- ....gcp.upbound.io_instancefromtemplates.yaml | 4 ---- .../compute.gcp.upbound.io_instances.yaml | 10 ---------- .../container.gcp.upbound.io_clusters.yaml | 4 ---- ...proc.gcp.upbound.io_metastoreservices.yaml | 8 -------- ...gcp.upbound.io_certificateauthorities.yaml | 8 -------- .../spanner.gcp.upbound.io_databases.yaml | 10 ---------- .../sql.gcp.upbound.io_databaseinstances.yaml | 8 -------- .../workflows.gcp.upbound.io_workflows.yaml | 10 ---------- 90 files changed, 11 insertions(+), 431 deletions(-) diff --git a/apis/activedirectory/v1beta1/zz_domain_types.go b/apis/activedirectory/v1beta1/zz_domain_types.go index a159bcfe3..eddfa8559 100755 --- a/apis/activedirectory/v1beta1/zz_domain_types.go +++ b/apis/activedirectory/v1beta1/zz_domain_types.go @@ -24,10 +24,6 @@ type DomainInitParameters struct { // +listType=set AuthorizedNetworks []*string `json:"authorizedNetworks,omitempty" tf:"authorized_networks,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the domain is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions // of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. DomainName *string `json:"domainName,omitempty" tf:"domain_name,omitempty"` @@ -120,11 +116,6 @@ type DomainParameters struct { // +listType=set AuthorizedNetworks []*string `json:"authorizedNetworks,omitempty" tf:"authorized_networks,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the domain is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions // of https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. // +kubebuilder:validation:Optional diff --git a/apis/activedirectory/v1beta1/zz_generated.deepcopy.go b/apis/activedirectory/v1beta1/zz_generated.deepcopy.go index 7fc6a0659..9df22b1cc 100644 --- a/apis/activedirectory/v1beta1/zz_generated.deepcopy.go +++ b/apis/activedirectory/v1beta1/zz_generated.deepcopy.go @@ -58,11 +58,6 @@ func (in *DomainInitParameters) DeepCopyInto(out *DomainInitParameters) { } } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DomainName != nil { in, out := &in.DomainName, &out.DomainName *out = new(string) @@ -293,11 +288,6 @@ func (in *DomainParameters) DeepCopyInto(out *DomainParameters) { } } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DomainName != nil { in, out := &in.DomainName, &out.DomainName *out = new(string) diff --git a/apis/bigquery/v1beta2/zz_generated.deepcopy.go b/apis/bigquery/v1beta2/zz_generated.deepcopy.go index f82342d5a..fdca51d7d 100644 --- a/apis/bigquery/v1beta2/zz_generated.deepcopy.go +++ b/apis/bigquery/v1beta2/zz_generated.deepcopy.go @@ -12817,11 +12817,6 @@ func (in *TableInitParameters) DeepCopyInto(out *TableInitParameters) { } } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -13232,11 +13227,6 @@ func (in *TableParameters) DeepCopyInto(out *TableParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/bigquery/v1beta2/zz_table_types.go b/apis/bigquery/v1beta2/zz_table_types.go index 97204eaaa..b10af6252 100755 --- a/apis/bigquery/v1beta2/zz_table_types.go +++ b/apis/bigquery/v1beta2/zz_table_types.go @@ -1211,9 +1211,6 @@ type TableInitParameters struct { // descending priority order. Clustering []*string `json:"clustering,omitempty" tf:"clustering,omitempty"` - // When the field is set to false, deleting the table is allowed.. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The field description. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1450,10 +1447,6 @@ type TableParameters struct { // +kubebuilder:validation:Optional DatasetIDSelector *v1.Selector `json:"datasetIdSelector,omitempty" tf:"-"` - // When the field is set to false, deleting the table is allowed.. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The field description. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/bigtable/v1beta1/zz_generated.deepcopy.go b/apis/bigtable/v1beta1/zz_generated.deepcopy.go index 841d39d01..55a1fe7b0 100644 --- a/apis/bigtable/v1beta1/zz_generated.deepcopy.go +++ b/apis/bigtable/v1beta1/zz_generated.deepcopy.go @@ -3471,11 +3471,6 @@ func (in *TableInitParameters) DeepCopyInto(out *TableInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(string) - **out = **in - } if in.Project != nil { in, out := &in.Project, &out.Project *out = new(string) @@ -3619,11 +3614,6 @@ func (in *TableParameters) DeepCopyInto(out *TableParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(string) - **out = **in - } if in.InstanceName != nil { in, out := &in.InstanceName, &out.InstanceName *out = new(string) diff --git a/apis/bigtable/v1beta1/zz_table_types.go b/apis/bigtable/v1beta1/zz_table_types.go index 558dcf431..c3e380715 100755 --- a/apis/bigtable/v1beta1/zz_table_types.go +++ b/apis/bigtable/v1beta1/zz_table_types.go @@ -74,9 +74,6 @@ type TableInitParameters struct { // A group of columns within a table which share a common configuration. This can be specified multiple times. Structure is documented below. ColumnFamily []ColumnFamilyInitParameters `json:"columnFamily,omitempty" tf:"column_family,omitempty"` - // A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, deletion protection will be set to UNPROTECTED. - DeletionProtection *string `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` @@ -127,10 +124,6 @@ type TableParameters struct { // +kubebuilder:validation:Optional ColumnFamily []ColumnFamilyParameters `json:"columnFamily,omitempty" tf:"column_family,omitempty"` - // A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, deletion protection will be set to UNPROTECTED. - // +kubebuilder:validation:Optional - DeletionProtection *string `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The name of the Bigtable instance. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigtable/v1beta2.Instance // +kubebuilder:validation:Optional diff --git a/apis/bigtable/v1beta2/zz_generated.deepcopy.go b/apis/bigtable/v1beta2/zz_generated.deepcopy.go index 49e5989fd..efc768eab 100644 --- a/apis/bigtable/v1beta2/zz_generated.deepcopy.go +++ b/apis/bigtable/v1beta2/zz_generated.deepcopy.go @@ -1638,11 +1638,6 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -1833,11 +1828,6 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) diff --git a/apis/bigtable/v1beta2/zz_instance_types.go b/apis/bigtable/v1beta2/zz_instance_types.go index 3aec4142a..339eb7cdb 100755 --- a/apis/bigtable/v1beta2/zz_instance_types.go +++ b/apis/bigtable/v1beta2/zz_instance_types.go @@ -153,9 +153,6 @@ type InstanceInitParameters struct { // to default to the backend value. See structure below. Cluster []ClusterInitParameters `json:"cluster,omitempty" tf:"cluster,omitempty"` - // When the field is set to false, deleting the instance is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The human-readable display name of the Bigtable instance. Defaults to the instance name. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` @@ -228,10 +225,6 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional Cluster []ClusterParameters `json:"cluster,omitempty" tf:"cluster,omitempty"` - // When the field is set to false, deleting the instance is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The human-readable display name of the Bigtable instance. Defaults to the instance name. // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` diff --git a/apis/cloudplatform/v1beta1/zz_folder_types.go b/apis/cloudplatform/v1beta1/zz_folder_types.go index b8deba6c7..9ee5ab60c 100755 --- a/apis/cloudplatform/v1beta1/zz_folder_types.go +++ b/apis/cloudplatform/v1beta1/zz_folder_types.go @@ -14,7 +14,6 @@ import ( ) type FolderInitParameters struct { - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` // The folder’s display name. // A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. @@ -73,9 +72,6 @@ type FolderObservation struct { type FolderParameters struct { - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The folder’s display name. // A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. // +kubebuilder:validation:Optional diff --git a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go index 536b8974c..ce824c6d7 100644 --- a/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go +++ b/apis/cloudplatform/v1beta1/zz_generated.deepcopy.go @@ -461,11 +461,6 @@ func (in *FolderIAMMemberStatus) DeepCopy() *FolderIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FolderInitParameters) DeepCopyInto(out *FolderInitParameters) { *out = *in - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) @@ -620,11 +615,6 @@ func (in *FolderObservation) DeepCopy() *FolderObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FolderParameters) DeepCopyInto(out *FolderParameters) { *out = *in - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DisplayName != nil { in, out := &in.DisplayName, &out.DisplayName *out = new(string) diff --git a/apis/cloudrun/v1beta2/zz_generated.deepcopy.go b/apis/cloudrun/v1beta2/zz_generated.deepcopy.go index d1c797b36..7d4f0219b 100644 --- a/apis/cloudrun/v1beta2/zz_generated.deepcopy.go +++ b/apis/cloudrun/v1beta2/zz_generated.deepcopy.go @@ -8408,11 +8408,6 @@ func (in *V2JobInitParameters) DeepCopyInto(out *V2JobInitParameters) { *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -8743,11 +8738,6 @@ func (in *V2JobParameters) DeepCopyInto(out *V2JobParameters) { *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]*string, len(*in)) @@ -9264,11 +9254,6 @@ func (in *V2ServiceInitParameters) DeepCopyInto(out *V2ServiceInitParameters) { } } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -9696,11 +9681,6 @@ func (in *V2ServiceParameters) DeepCopyInto(out *V2ServiceParameters) { } } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/cloudrun/v1beta2/zz_v2job_types.go b/apis/cloudrun/v1beta2/zz_v2job_types.go index 86b4e4f77..5b8050e21 100755 --- a/apis/cloudrun/v1beta2/zz_v2job_types.go +++ b/apis/cloudrun/v1beta2/zz_v2job_types.go @@ -760,10 +760,6 @@ type V2JobInitParameters struct { // Arbitrary version identifier for the API client. ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the job is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, // or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or // https://cloud.google.com/run/docs/configuring/labels. @@ -924,11 +920,6 @@ type V2JobParameters struct { // +kubebuilder:validation:Optional ClientVersion *string `json:"clientVersion,omitempty" tf:"client_version,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the job is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, // or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or // https://cloud.google.com/run/docs/configuring/labels. diff --git a/apis/cloudrun/v1beta2/zz_v2service_types.go b/apis/cloudrun/v1beta2/zz_v2service_types.go index 99765f3c1..520d69222 100755 --- a/apis/cloudrun/v1beta2/zz_v2service_types.go +++ b/apis/cloudrun/v1beta2/zz_v2service_types.go @@ -1058,10 +1058,6 @@ type V2ServiceInitParameters struct { // For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. CustomAudiences []*string `json:"customAudiences,omitempty" tf:"custom_audiences,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the service is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // User-provided description of the Service. This field currently has a 512-character limit. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1274,11 +1270,6 @@ type V2ServiceParameters struct { // +kubebuilder:validation:Optional CustomAudiences []*string `json:"customAudiences,omitempty" tf:"custom_audiences,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the service is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // User-provided description of the Service. This field currently has a 512-character limit. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/compute/v1beta2/zz_generated.deepcopy.go b/apis/compute/v1beta2/zz_generated.deepcopy.go index 97ca8e4be..e758d93ca 100644 --- a/apis/compute/v1beta2/zz_generated.deepcopy.go +++ b/apis/compute/v1beta2/zz_generated.deepcopy.go @@ -18306,11 +18306,6 @@ func (in *InstanceFromTemplateInitParameters) DeepCopyInto(out *InstanceFromTemp *out = new(InstanceFromTemplateConfidentialInstanceConfigInitParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -19194,11 +19189,6 @@ func (in *InstanceFromTemplateParameters) DeepCopyInto(out *InstanceFromTemplate *out = new(InstanceFromTemplateConfidentialInstanceConfigParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -21016,11 +21006,6 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(ConfidentialInstanceConfigInitParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -21609,11 +21594,6 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(ConfidentialInstanceConfigParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/compute/v1beta2/zz_instance_types.go b/apis/compute/v1beta2/zz_instance_types.go index 37d15b86a..21e9d1187 100755 --- a/apis/compute/v1beta2/zz_instance_types.go +++ b/apis/compute/v1beta2/zz_instance_types.go @@ -745,10 +745,6 @@ type InstanceInitParameters struct { // Enable Confidential Mode on this VM. Structure is documented below ConfidentialInstanceConfig *ConfidentialInstanceConfigInitParameters `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` - // Enable deletion protection on this instance. Defaults to false. - // Note: you must disable deletion protection before removing the resource (e.g. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // A brief description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1052,11 +1048,6 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional ConfidentialInstanceConfig *ConfidentialInstanceConfigParameters `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` - // Enable deletion protection on this instance. Defaults to false. - // Note: you must disable deletion protection before removing the resource (e.g. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // A brief description of this resource. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/compute/v1beta2/zz_instancefromtemplate_types.go b/apis/compute/v1beta2/zz_instancefromtemplate_types.go index 0994cf054..429728891 100755 --- a/apis/compute/v1beta2/zz_instancefromtemplate_types.go +++ b/apis/compute/v1beta2/zz_instancefromtemplate_types.go @@ -322,8 +322,6 @@ type InstanceFromTemplateInitParameters struct { ConfidentialInstanceConfig *InstanceFromTemplateConfidentialInstanceConfigInitParameters `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - Description *string `json:"description,omitempty" tf:"description,omitempty"` DesiredStatus *string `json:"desiredStatus,omitempty" tf:"desired_status,omitempty"` @@ -666,9 +664,6 @@ type InstanceFromTemplateParameters struct { // +kubebuilder:validation:Optional ConfidentialInstanceConfig *InstanceFromTemplateConfidentialInstanceConfigParameters `json:"confidentialInstanceConfig,omitempty" tf:"confidential_instance_config,omitempty"` - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/container/v1beta2/zz_cluster_types.go b/apis/container/v1beta2/zz_cluster_types.go index 5394a4e5b..d55678833 100755 --- a/apis/container/v1beta2/zz_cluster_types.go +++ b/apis/container/v1beta2/zz_cluster_types.go @@ -897,8 +897,6 @@ type ClusterInitParameters struct { // GKE SNAT DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, API doc. Structure is documented below DefaultSnatStatus *DefaultSnatStatusInitParameters `json:"defaultSnatStatus,omitempty" tf:"default_snat_status,omitempty"` - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Description of the cluster. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -1570,9 +1568,6 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional DefaultSnatStatus *DefaultSnatStatusParameters `json:"defaultSnatStatus,omitempty" tf:"default_snat_status,omitempty"` - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Description of the cluster. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/container/v1beta2/zz_generated.deepcopy.go b/apis/container/v1beta2/zz_generated.deepcopy.go index 958ae39f5..3d64f3ade 100644 --- a/apis/container/v1beta2/zz_generated.deepcopy.go +++ b/apis/container/v1beta2/zz_generated.deepcopy.go @@ -1812,11 +1812,6 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(DefaultSnatStatusInitParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -2662,11 +2657,6 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(DefaultSnatStatusParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/dataproc/v1beta2/zz_generated.deepcopy.go b/apis/dataproc/v1beta2/zz_generated.deepcopy.go index 50a4ac7f5..0c8fe0541 100644 --- a/apis/dataproc/v1beta2/zz_generated.deepcopy.go +++ b/apis/dataproc/v1beta2/zz_generated.deepcopy.go @@ -9016,11 +9016,6 @@ func (in *MetastoreServiceInitParameters) DeepCopyInto(out *MetastoreServiceInit *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = new(MetastoreServiceEncryptionConfigInitParameters) @@ -9332,11 +9327,6 @@ func (in *MetastoreServiceParameters) DeepCopyInto(out *MetastoreServiceParamete *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.EncryptionConfig != nil { in, out := &in.EncryptionConfig, &out.EncryptionConfig *out = new(MetastoreServiceEncryptionConfigParameters) diff --git a/apis/dataproc/v1beta2/zz_metastoreservice_types.go b/apis/dataproc/v1beta2/zz_metastoreservice_types.go index 9d16ca753..1547a92e9 100755 --- a/apis/dataproc/v1beta2/zz_metastoreservice_types.go +++ b/apis/dataproc/v1beta2/zz_metastoreservice_types.go @@ -384,9 +384,6 @@ type MetastoreServiceInitParameters struct { // Possible values are: MYSQL, SPANNER. DatabaseType *string `json:"databaseType,omitempty" tf:"database_type,omitempty"` - // Indicates if the dataproc metastore should be protected against accidental deletions. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Information used to configure the Dataproc Metastore service to encrypt // customer data at rest. // Structure is documented below. @@ -562,10 +559,6 @@ type MetastoreServiceParameters struct { // +kubebuilder:validation:Optional DatabaseType *string `json:"databaseType,omitempty" tf:"database_type,omitempty"` - // Indicates if the dataproc metastore should be protected against accidental deletions. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Information used to configure the Dataproc Metastore service to encrypt // customer data at rest. // Structure is documented below. diff --git a/apis/privateca/v1beta2/zz_certificateauthority_types.go b/apis/privateca/v1beta2/zz_certificateauthority_types.go index 34fcbfe9a..b9b479448 100755 --- a/apis/privateca/v1beta2/zz_certificateauthority_types.go +++ b/apis/privateca/v1beta2/zz_certificateauthority_types.go @@ -105,9 +105,6 @@ type CertificateAuthorityInitParameters struct { // Structure is documented below. Config *CertificateAuthorityConfigInitParameters `json:"config,omitempty" tf:"config,omitempty"` - // When the field is set to false, deleting the CertificateAuthority is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. // Possible values: ENABLED, DISABLED, STAGED. DesiredState *string `json:"desiredState,omitempty" tf:"desired_state,omitempty"` @@ -285,10 +282,6 @@ type CertificateAuthorityParameters struct { // +kubebuilder:validation:Optional Config *CertificateAuthorityConfigParameters `json:"config,omitempty" tf:"config,omitempty"` - // When the field is set to false, deleting the CertificateAuthority is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. // Possible values: ENABLED, DISABLED, STAGED. // +kubebuilder:validation:Optional diff --git a/apis/privateca/v1beta2/zz_generated.deepcopy.go b/apis/privateca/v1beta2/zz_generated.deepcopy.go index 69b73385a..fa815b25c 100644 --- a/apis/privateca/v1beta2/zz_generated.deepcopy.go +++ b/apis/privateca/v1beta2/zz_generated.deepcopy.go @@ -1785,11 +1785,6 @@ func (in *CertificateAuthorityInitParameters) DeepCopyInto(out *CertificateAutho *out = new(CertificateAuthorityConfigInitParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DesiredState != nil { in, out := &in.DesiredState, &out.DesiredState *out = new(string) @@ -2084,11 +2079,6 @@ func (in *CertificateAuthorityParameters) DeepCopyInto(out *CertificateAuthority *out = new(CertificateAuthorityConfigParameters) (*in).DeepCopyInto(*out) } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.DesiredState != nil { in, out := &in.DesiredState, &out.DesiredState *out = new(string) diff --git a/apis/spanner/v1beta2/zz_database_types.go b/apis/spanner/v1beta2/zz_database_types.go index 2f7dab33b..5b219b973 100755 --- a/apis/spanner/v1beta2/zz_database_types.go +++ b/apis/spanner/v1beta2/zz_database_types.go @@ -26,10 +26,6 @@ type DatabaseInitParameters struct { // error in any statement, the database is not created. Ddl []*string `json:"ddl,omitempty" tf:"ddl,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the database is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Whether drop protection is enabled for this database. Defaults to false. // whereas setting “enableDropProtection” to true protects the database from deletions in all interfaces. // (2) Setting "enableDropProtection" to true also prevents the deletion of the parent instance containing the database. @@ -115,11 +111,6 @@ type DatabaseParameters struct { // +kubebuilder:validation:Optional Ddl []*string `json:"ddl,omitempty" tf:"ddl,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the database is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Whether drop protection is enabled for this database. Defaults to false. // whereas setting “enableDropProtection” to true protects the database from deletions in all interfaces. // (2) Setting "enableDropProtection" to true also prevents the deletion of the parent instance containing the database. diff --git a/apis/spanner/v1beta2/zz_generated.deepcopy.go b/apis/spanner/v1beta2/zz_generated.deepcopy.go index cd9ff14a4..4be0d52e0 100644 --- a/apis/spanner/v1beta2/zz_generated.deepcopy.go +++ b/apis/spanner/v1beta2/zz_generated.deepcopy.go @@ -854,11 +854,6 @@ func (in *DatabaseInitParameters) DeepCopyInto(out *DatabaseInitParameters) { } } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.EnableDropProtection != nil { in, out := &in.EnableDropProtection, &out.EnableDropProtection *out = new(bool) @@ -1013,11 +1008,6 @@ func (in *DatabaseParameters) DeepCopyInto(out *DatabaseParameters) { } } } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.EnableDropProtection != nil { in, out := &in.EnableDropProtection, &out.EnableDropProtection *out = new(bool) diff --git a/apis/sql/v1beta2/zz_databaseinstance_types.go b/apis/sql/v1beta2/zz_databaseinstance_types.go index 965591c67..332ed252a 100755 --- a/apis/sql/v1beta2/zz_databaseinstance_types.go +++ b/apis/sql/v1beta2/zz_databaseinstance_types.go @@ -349,9 +349,6 @@ type DatabaseInstanceInitParameters struct { // includes an up-to-date reference of supported versions. DatabaseVersion *string `json:"databaseVersion,omitempty" tf:"database_version,omitempty"` - // When the field is set to false, deleting the instance is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The full path to the encryption key used for the CMEK disk encryption. // The provided key must be in the same region as the SQL instance. In order // to use this feature, a special kind of service account must be created and @@ -513,10 +510,6 @@ type DatabaseInstanceParameters struct { // +kubebuilder:validation:Optional DatabaseVersion *string `json:"databaseVersion,omitempty" tf:"database_version,omitempty"` - // When the field is set to false, deleting the instance is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // The full path to the encryption key used for the CMEK disk encryption. // The provided key must be in the same region as the SQL instance. In order // to use this feature, a special kind of service account must be created and diff --git a/apis/sql/v1beta2/zz_generated.deepcopy.go b/apis/sql/v1beta2/zz_generated.deepcopy.go index 2ceb527c4..5e4ff77e3 100644 --- a/apis/sql/v1beta2/zz_generated.deepcopy.go +++ b/apis/sql/v1beta2/zz_generated.deepcopy.go @@ -761,11 +761,6 @@ func (in *DatabaseInstanceInitParameters) DeepCopyInto(out *DatabaseInstanceInit *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.EncryptionKeyName != nil { in, out := &in.EncryptionKeyName, &out.EncryptionKeyName *out = new(string) @@ -1028,11 +1023,6 @@ func (in *DatabaseInstanceParameters) DeepCopyInto(out *DatabaseInstanceParamete *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.EncryptionKeyName != nil { in, out := &in.EncryptionKeyName, &out.EncryptionKeyName *out = new(string) diff --git a/apis/workflows/v1beta1/zz_generated.deepcopy.go b/apis/workflows/v1beta1/zz_generated.deepcopy.go index a8912971a..ce228ef05 100644 --- a/apis/workflows/v1beta1/zz_generated.deepcopy.go +++ b/apis/workflows/v1beta1/zz_generated.deepcopy.go @@ -53,11 +53,6 @@ func (in *WorkflowInitParameters) DeepCopyInto(out *WorkflowInitParameters) { *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -346,11 +341,6 @@ func (in *WorkflowParameters) DeepCopyInto(out *WorkflowParameters) { *out = new(string) **out = **in } - if in.DeletionProtection != nil { - in, out := &in.DeletionProtection, &out.DeletionProtection - *out = new(bool) - **out = **in - } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/workflows/v1beta1/zz_workflow_types.go b/apis/workflows/v1beta1/zz_workflow_types.go index 2a4e8b209..3c0b03944 100755 --- a/apis/workflows/v1beta1/zz_workflow_types.go +++ b/apis/workflows/v1beta1/zz_workflow_types.go @@ -25,10 +25,6 @@ type WorkflowInitParameters struct { // Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} CryptoKeyName *string `json:"cryptoKeyName,omitempty" tf:"crypto_key_name,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the workflow is allowed. - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Description of the workflow provided by the user. Must be at most 1000 unicode characters long. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -169,11 +165,6 @@ type WorkflowParameters struct { // +kubebuilder:validation:Optional CryptoKeyName *string `json:"cryptoKeyName,omitempty" tf:"crypto_key_name,omitempty"` - // Defaults to true. - // When the field is set to false, deleting the workflow is allowed. - // +kubebuilder:validation:Optional - DeletionProtection *bool `json:"deletionProtection,omitempty" tf:"deletion_protection,omitempty"` - // Description of the workflow provided by the user. Must be at most 1000 unicode characters long. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/config/overrides.go b/config/overrides.go index 57f3e3602..250d200fe 100644 --- a/config/overrides.go +++ b/config/overrides.go @@ -142,3 +142,13 @@ func descriptionOverrides() tjconfig.ResourceOption { }) } } + +func DeletionProtectionRemove() tjconfig.ResourceOption { + return func(r *tjconfig.Resource) { + if t, ok := r.TerraformResource.Schema["deletion_protection"]; ok { + t.Computed = true + t.Optional = false + t.Default = false + } + } +} diff --git a/config/registry.go b/config/registry.go index f8627068f..27f06a87e 100644 --- a/config/registry.go +++ b/config/registry.go @@ -161,6 +161,7 @@ func GetProvider(_ context.Context, generationProvider bool) (*ujconfig.Provider defaultVersion(), resourceConfigurator(), descriptionOverrides(), + DeletionProtectionRemove(), ), ujconfig.WithRootGroup("gcp.upbound.io"), ujconfig.WithShortName("gcp"), diff --git a/examples-generated/activedirectory/v1beta1/domain.yaml b/examples-generated/activedirectory/v1beta1/domain.yaml index ddb5f7d11..ce8806cdc 100644 --- a/examples-generated/activedirectory/v1beta1/domain.yaml +++ b/examples-generated/activedirectory/v1beta1/domain.yaml @@ -8,7 +8,6 @@ metadata: name: ad-domain spec: forProvider: - deletionProtection: false domainName: tfgen.org.com locations: - us-central1 diff --git a/examples-generated/bigquery/v1beta2/job.yaml b/examples-generated/bigquery/v1beta2/job.yaml index ad0ddfeeb..10d43d640 100644 --- a/examples-generated/bigquery/v1beta2/job.yaml +++ b/examples-generated/bigquery/v1beta2/job.yaml @@ -57,4 +57,3 @@ spec: datasetIdSelector: matchLabels: testing.upbound.io/example-name: example - deletionProtection: false diff --git a/examples-generated/bigtable/v1beta2/appprofile.yaml b/examples-generated/bigtable/v1beta2/appprofile.yaml index d13b50f7a..d23aa355a 100644 --- a/examples-generated/bigtable/v1beta2/appprofile.yaml +++ b/examples-generated/bigtable/v1beta2/appprofile.yaml @@ -39,4 +39,3 @@ spec: numNodes: 3 storageType: HDD zone: us-central1-c - deletionProtection: true diff --git a/examples-generated/cloudrun/v1beta2/v2job.yaml b/examples-generated/cloudrun/v1beta2/v2job.yaml index ff083b403..d5758d243 100644 --- a/examples-generated/cloudrun/v1beta2/v2job.yaml +++ b/examples-generated/cloudrun/v1beta2/v2job.yaml @@ -8,7 +8,6 @@ metadata: name: default spec: forProvider: - deletionProtection: false location: us-central1 template: - template: diff --git a/examples-generated/cloudrun/v1beta2/v2service.yaml b/examples-generated/cloudrun/v1beta2/v2service.yaml index 34e763a2d..2a2ba1ec0 100644 --- a/examples-generated/cloudrun/v1beta2/v2service.yaml +++ b/examples-generated/cloudrun/v1beta2/v2service.yaml @@ -8,7 +8,6 @@ metadata: name: default spec: forProvider: - deletionProtection: false ingress: INGRESS_TRAFFIC_ALL location: us-central1 template: diff --git a/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml b/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml index c0c69ba1c..a34755841 100644 --- a/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml +++ b/examples-generated/compute/v1beta1/firewallpolicyassociation.yaml @@ -44,7 +44,6 @@ metadata: name: folder spec: forProvider: - deletionProtection: false displayName: my-folder parentSelector: matchLabels: diff --git a/examples-generated/compute/v1beta1/instancegroupnamedport.yaml b/examples-generated/compute/v1beta1/instancegroupnamedport.yaml index 4127d2230..052e16d70 100644 --- a/examples-generated/compute/v1beta1/instancegroupnamedport.yaml +++ b/examples-generated/compute/v1beta1/instancegroupnamedport.yaml @@ -57,7 +57,6 @@ metadata: name: my-cluster spec: forProvider: - deletionProtection: true initialNodeCount: 1 ipAllocationPolicy: - clusterIpv4CidrBlock: /19 diff --git a/examples-generated/compute/v1beta2/firewallpolicyrule.yaml b/examples-generated/compute/v1beta2/firewallpolicyrule.yaml index b06345ea1..902115fa2 100644 --- a/examples-generated/compute/v1beta2/firewallpolicyrule.yaml +++ b/examples-generated/compute/v1beta2/firewallpolicyrule.yaml @@ -66,7 +66,6 @@ metadata: name: folder spec: forProvider: - deletionProtection: false displayName: folder parentSelector: matchLabels: diff --git a/examples-generated/dns/v1beta1/responsepolicy.yaml b/examples-generated/dns/v1beta1/responsepolicy.yaml index 2e89bd162..24030fdb5 100644 --- a/examples-generated/dns/v1beta1/responsepolicy.yaml +++ b/examples-generated/dns/v1beta1/responsepolicy.yaml @@ -86,7 +86,6 @@ spec: forProvider: defaultSnatStatus: - disabled: true - deletionProtection: true initialNodeCount: 1 ipAllocationPolicy: - clusterSecondaryRangeName: pod diff --git a/examples-generated/gke/v1beta2/backupbackupplan.yaml b/examples-generated/gke/v1beta2/backupbackupplan.yaml index 66de7bc3a..e279acfaf 100644 --- a/examples-generated/gke/v1beta2/backupbackupplan.yaml +++ b/examples-generated/gke/v1beta2/backupbackupplan.yaml @@ -32,7 +32,6 @@ spec: addonsConfig: - gkeBackupAgentConfig: - enabled: true - deletionProtection: true initialNodeCount: 1 location: us-central1 networkSelector: diff --git a/examples-generated/gkehub/v1beta2/membership.yaml b/examples-generated/gkehub/v1beta2/membership.yaml index f248ee95a..430551ae6 100644 --- a/examples-generated/gkehub/v1beta2/membership.yaml +++ b/examples-generated/gkehub/v1beta2/membership.yaml @@ -27,7 +27,6 @@ metadata: name: primary spec: forProvider: - deletionProtection: false initialNodeCount: 1 location: us-central1-a networkSelector: diff --git a/examples-generated/privateca/v1beta2/certificate.yaml b/examples-generated/privateca/v1beta2/certificate.yaml index 4efe1254b..31502727c 100644 --- a/examples-generated/privateca/v1beta2/certificate.yaml +++ b/examples-generated/privateca/v1beta2/certificate.yaml @@ -111,7 +111,6 @@ spec: crlSign: true extendedKeyUsage: - serverAuth: true - deletionProtection: false ignoreActiveCertificatesOnDeletion: true keySpec: - algorithm: RSA_PKCS1_4096_SHA256 diff --git a/examples-generated/privateca/v1beta2/certificateauthority.yaml b/examples-generated/privateca/v1beta2/certificateauthority.yaml index 67c2f38b4..cf1ea4169 100644 --- a/examples-generated/privateca/v1beta2/certificateauthority.yaml +++ b/examples-generated/privateca/v1beta2/certificateauthority.yaml @@ -22,7 +22,6 @@ spec: crlSign: true extendedKeyUsage: - {} - deletionProtection: true keySpec: - algorithm: RSA_PKCS1_4096_SHA256 lifetime: ${10 * 365 * 24 * 3600}s diff --git a/examples-generated/spanner/v1beta2/database.yaml b/examples-generated/spanner/v1beta2/database.yaml index ec94410cd..929386e17 100644 --- a/examples-generated/spanner/v1beta2/database.yaml +++ b/examples-generated/spanner/v1beta2/database.yaml @@ -11,7 +11,6 @@ spec: ddl: - CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1) - CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2) - deletionProtection: false instanceSelector: matchLabels: testing.upbound.io/example-name: main diff --git a/examples-generated/sql/v1beta1/database.yaml b/examples-generated/sql/v1beta1/database.yaml index 1b0e0c1c4..60be18f7a 100644 --- a/examples-generated/sql/v1beta1/database.yaml +++ b/examples-generated/sql/v1beta1/database.yaml @@ -25,7 +25,6 @@ metadata: spec: forProvider: databaseVersion: MYSQL_8_0 - deletionProtection: true region: us-central1 settings: - tier: db-f1-micro diff --git a/examples-generated/workflows/v1beta1/workflow.yaml b/examples-generated/workflows/v1beta1/workflow.yaml index eab9b410c..6b0828788 100644 --- a/examples-generated/workflows/v1beta1/workflow.yaml +++ b/examples-generated/workflows/v1beta1/workflow.yaml @@ -9,7 +9,6 @@ metadata: spec: forProvider: callLogLevel: LOG_ERRORS_ONLY - deletionProtection: false description: Magic labels: env: test diff --git a/examples/activedirectory/v1beta1/domain.yaml b/examples/activedirectory/v1beta1/domain.yaml index ca49b5757..3a239d57c 100644 --- a/examples/activedirectory/v1beta1/domain.yaml +++ b/examples/activedirectory/v1beta1/domain.yaml @@ -13,7 +13,6 @@ metadata: name: domain spec: forProvider: - deletionProtection: false domainName: "fndomain.org.com" locations: - us-central1 diff --git a/examples/bigquery/v1beta2/connection.yaml b/examples/bigquery/v1beta2/connection.yaml index 4af9312e4..a1e6fb79c 100644 --- a/examples/bigquery/v1beta2/connection.yaml +++ b/examples/bigquery/v1beta2/connection.yaml @@ -63,7 +63,6 @@ metadata: spec: forProvider: databaseVersion: POSTGRES_11 - deletionProtection: false region: us-central1 settings: tier: db-f1-micro diff --git a/examples/bigquery/v1beta2/job.yaml b/examples/bigquery/v1beta2/job.yaml index f5a6e9fc9..cacecb500 100644 --- a/examples/bigquery/v1beta2/job.yaml +++ b/examples/bigquery/v1beta2/job.yaml @@ -66,4 +66,3 @@ spec: datasetIdSelector: matchLabels: testing.upbound.io/example-name: bar - deletionProtection: false diff --git a/examples/bigquery/v1beta2/table.yaml b/examples/bigquery/v1beta2/table.yaml index 2e0f9c1e7..c2e3e053f 100644 --- a/examples/bigquery/v1beta2/table.yaml +++ b/examples/bigquery/v1beta2/table.yaml @@ -15,7 +15,6 @@ spec: datasetIdSelector: matchLabels: testing.upbound.io/example-name: default - deletionProtection: false labels: env: default schema: | diff --git a/examples/bigquery/v1beta2/tableiambinding.yaml b/examples/bigquery/v1beta2/tableiambinding.yaml index 01b09cc31..e6e1fe617 100644 --- a/examples/bigquery/v1beta2/tableiambinding.yaml +++ b/examples/bigquery/v1beta2/tableiambinding.yaml @@ -40,7 +40,6 @@ spec: datasetIdSelector: matchLabels: testing.upbound.io/example-name: default - deletionProtection: false labels: env: default schema: | diff --git a/examples/bigquery/v1beta2/tableiammember.yaml b/examples/bigquery/v1beta2/tableiammember.yaml index 6a686a18d..930a1046f 100644 --- a/examples/bigquery/v1beta2/tableiammember.yaml +++ b/examples/bigquery/v1beta2/tableiammember.yaml @@ -39,7 +39,6 @@ spec: datasetIdSelector: matchLabels: testing.upbound.io/example-name: default - deletionProtection: false labels: env: default schema: | diff --git a/examples/bigtable/v1beta2/appprofile.yaml b/examples/bigtable/v1beta2/appprofile.yaml index b997fd659..49fc0aa06 100644 --- a/examples/bigtable/v1beta2/appprofile.yaml +++ b/examples/bigtable/v1beta2/appprofile.yaml @@ -43,4 +43,3 @@ spec: numNodes: 3 storageType: HDD zone: us-central1-c - deletionProtection: false diff --git a/examples/bigtable/v1beta2/garbagecollectionpolicy.yaml b/examples/bigtable/v1beta2/garbagecollectionpolicy.yaml index 664c56c51..ad0e5d323 100644 --- a/examples/bigtable/v1beta2/garbagecollectionpolicy.yaml +++ b/examples/bigtable/v1beta2/garbagecollectionpolicy.yaml @@ -39,7 +39,6 @@ spec: numNodes: 3 storageType: HDD zone: us-central1-b - deletionProtection: false --- diff --git a/examples/bigtable/v1beta2/instance.yaml b/examples/bigtable/v1beta2/instance.yaml index b81a1ca61..d19d85882 100644 --- a/examples/bigtable/v1beta2/instance.yaml +++ b/examples/bigtable/v1beta2/instance.yaml @@ -17,6 +17,5 @@ spec: numNodes: 1 storageType: HDD zone: us-central1-b - deletionProtection: false labels: my-label: prod-label diff --git a/examples/bigtable/v1beta2/instanceiambinding.yaml b/examples/bigtable/v1beta2/instanceiambinding.yaml index ec4972979..838734854 100644 --- a/examples/bigtable/v1beta2/instanceiambinding.yaml +++ b/examples/bigtable/v1beta2/instanceiambinding.yaml @@ -34,6 +34,5 @@ spec: numNodes: 1 storageType: HDD zone: us-central1-b - deletionProtection: false labels: my-label: prod-label diff --git a/examples/bigtable/v1beta2/instanceiammember.yaml b/examples/bigtable/v1beta2/instanceiammember.yaml index e374eb01b..91914c424 100644 --- a/examples/bigtable/v1beta2/instanceiammember.yaml +++ b/examples/bigtable/v1beta2/instanceiammember.yaml @@ -33,6 +33,5 @@ spec: numNodes: 1 storageType: HDD zone: us-central1-b - deletionProtection: false labels: my-label: prod-label diff --git a/examples/bigtable/v1beta2/tableiambinding.yaml b/examples/bigtable/v1beta2/tableiambinding.yaml index ab13eaf64..f452c3925 100644 --- a/examples/bigtable/v1beta2/tableiambinding.yaml +++ b/examples/bigtable/v1beta2/tableiambinding.yaml @@ -55,4 +55,3 @@ spec: numNodes: 3 storageType: HDD zone: us-central1-b - deletionProtection: false diff --git a/examples/bigtable/v1beta2/tableiammember.yaml b/examples/bigtable/v1beta2/tableiammember.yaml index ae835070a..344dcf36e 100644 --- a/examples/bigtable/v1beta2/tableiammember.yaml +++ b/examples/bigtable/v1beta2/tableiammember.yaml @@ -54,4 +54,3 @@ spec: numNodes: 3 storageType: HDD zone: us-central1-b - deletionProtection: false diff --git a/examples/cloudrun/v1beta2/v2job.yaml b/examples/cloudrun/v1beta2/v2job.yaml index 9913663f3..bf515b23f 100644 --- a/examples/cloudrun/v1beta2/v2job.yaml +++ b/examples/cloudrun/v1beta2/v2job.yaml @@ -12,7 +12,6 @@ metadata: name: default spec: forProvider: - deletionProtection: false launchStage: BETA location: us-central1 template: diff --git a/examples/cloudrun/v1beta2/v2service.yaml b/examples/cloudrun/v1beta2/v2service.yaml index 249883788..47a970370 100644 --- a/examples/cloudrun/v1beta2/v2service.yaml +++ b/examples/cloudrun/v1beta2/v2service.yaml @@ -12,7 +12,6 @@ metadata: name: default spec: forProvider: - deletionProtection: false binaryAuthorization: breakglassJustification: Some justification useDefault: true diff --git a/examples/compute/v1beta1/firewallpolicyassociation.yaml b/examples/compute/v1beta1/firewallpolicyassociation.yaml index 337050a72..dbfcf0983 100644 --- a/examples/compute/v1beta1/firewallpolicyassociation.yaml +++ b/examples/compute/v1beta1/firewallpolicyassociation.yaml @@ -51,6 +51,5 @@ metadata: name: firewall-policy-assoc spec: forProvider: - deletionPolicy: false displayName: firewall-policy-assoc parent: organizations/1234567 diff --git a/examples/compute/v1beta1/instancegroupnamedport.yaml b/examples/compute/v1beta1/instancegroupnamedport.yaml index e1f2a53fe..0f3dc8088 100644 --- a/examples/compute/v1beta1/instancegroupnamedport.yaml +++ b/examples/compute/v1beta1/instancegroupnamedport.yaml @@ -67,7 +67,6 @@ metadata: name: instance-group-named-port spec: forProvider: - deletionProtection: false initialNodeCount: 1 ipAllocationPolicy: - clusterIpv4CidrBlock: /19 diff --git a/examples/container/v1beta2/cluster.yaml b/examples/container/v1beta2/cluster.yaml index a9bd3980f..0d14a4886 100644 --- a/examples/container/v1beta2/cluster.yaml +++ b/examples/container/v1beta2/cluster.yaml @@ -12,7 +12,6 @@ metadata: name: cluster spec: forProvider: - deletionProtection: false enableAutopilot: true enableIntranodeVisibility: true ipAllocationPolicy: {} diff --git a/examples/container/v1beta2/nodepool.yaml b/examples/container/v1beta2/nodepool.yaml index 37613763d..7775598b6 100644 --- a/examples/container/v1beta2/nodepool.yaml +++ b/examples/container/v1beta2/nodepool.yaml @@ -38,7 +38,6 @@ metadata: name: nodepool spec: forProvider: - deletionProtection: false initialNodeCount: 1 location: us-central1-a removeDefaultNodePool: true diff --git a/examples/dns/v1beta1/responsepolicy.yaml b/examples/dns/v1beta1/responsepolicy.yaml index 253591fe0..f6071b00c 100644 --- a/examples/dns/v1beta1/responsepolicy.yaml +++ b/examples/dns/v1beta1/responsepolicy.yaml @@ -80,7 +80,6 @@ metadata: name: cluster-1 spec: forProvider: - deletionProtection: false defaultSnatStatus: - disabled: true initialNodeCount: 1 diff --git a/examples/gke/v1beta2/backupbackupplan.yaml b/examples/gke/v1beta2/backupbackupplan.yaml index 8a92219fd..2f3160bc8 100644 --- a/examples/gke/v1beta2/backupbackupplan.yaml +++ b/examples/gke/v1beta2/backupbackupplan.yaml @@ -36,7 +36,6 @@ spec: addonsConfig: gkeBackupAgentConfig: enabled: true - deletionProtection: false initialNodeCount: 1 location: us-central1 removeDefaultNodePool: false diff --git a/examples/gkehub/v1beta2/membership.yaml b/examples/gkehub/v1beta2/membership.yaml index 109a5f7c2..924bdcd51 100644 --- a/examples/gkehub/v1beta2/membership.yaml +++ b/examples/gkehub/v1beta2/membership.yaml @@ -31,7 +31,6 @@ metadata: name: membership spec: forProvider: - deletionProtection: false initialNodeCount: 2 location: us-central1-a nodeConfig: diff --git a/examples/privateca/v1beta2/certificate.yaml b/examples/privateca/v1beta2/certificate.yaml index 808857a8f..592facd0e 100644 --- a/examples/privateca/v1beta2/certificate.yaml +++ b/examples/privateca/v1beta2/certificate.yaml @@ -102,7 +102,6 @@ spec: crlSign: true extendedKeyUsage: serverAuth: true - deletionProtection: false ignoreActiveCertificatesOnDeletion: false keySpec: algorithm: RSA_PKCS1_4096_SHA256 diff --git a/examples/privateca/v1beta2/certificateauthority.yaml b/examples/privateca/v1beta2/certificateauthority.yaml index 55c895236..59222de24 100644 --- a/examples/privateca/v1beta2/certificateauthority.yaml +++ b/examples/privateca/v1beta2/certificateauthority.yaml @@ -42,7 +42,6 @@ spec: emailProtection: true serverAuth: true timeStamping: true - deletionProtection: false keySpec: algorithm: RSA_PKCS1_4096_SHA256 lifetime: 86400s diff --git a/examples/spanner/v1beta2/database.yaml b/examples/spanner/v1beta2/database.yaml index ccf46bf05..6c46025e8 100644 --- a/examples/spanner/v1beta2/database.yaml +++ b/examples/spanner/v1beta2/database.yaml @@ -15,7 +15,6 @@ spec: ddl: - CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1) - CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2) - deletionProtection: false instanceSelector: matchLabels: testing.upbound.io/example-name: main diff --git a/examples/spanner/v1beta2/databaseiammember.yaml b/examples/spanner/v1beta2/databaseiammember.yaml index 4a6418b05..69078a5e6 100644 --- a/examples/spanner/v1beta2/databaseiammember.yaml +++ b/examples/spanner/v1beta2/databaseiammember.yaml @@ -34,7 +34,6 @@ spec: ddl: - CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1) - CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2) - deletionProtection: false instanceSelector: matchLabels: testing.upbound.io/example-name: main diff --git a/examples/sql/v1beta2/instance.yaml b/examples/sql/v1beta2/instance.yaml index d547ccf24..4449cb17b 100644 --- a/examples/sql/v1beta2/instance.yaml +++ b/examples/sql/v1beta2/instance.yaml @@ -13,7 +13,6 @@ metadata: spec: forProvider: databaseVersion: MYSQL_5_7 - deletionProtection: false region: us-central1 settings: diskSize: 20 diff --git a/examples/sql/v1beta2/user.yaml b/examples/sql/v1beta2/user.yaml index 7914534c4..748e5f004 100644 --- a/examples/sql/v1beta2/user.yaml +++ b/examples/sql/v1beta2/user.yaml @@ -51,7 +51,6 @@ metadata: spec: forProvider: databaseVersion: MYSQL_5_7 - deletionProtection: false region: us-central1 settings: diskSize: 20 diff --git a/examples/workflows/v1beta1/workflow.yaml b/examples/workflows/v1beta1/workflow.yaml index 1fade5c10..4a6d01df2 100644 --- a/examples/workflows/v1beta1/workflow.yaml +++ b/examples/workflows/v1beta1/workflow.yaml @@ -12,7 +12,6 @@ metadata: name: example spec: forProvider: - deletionProtection: false description: Magic name: workflow region: us-central1 diff --git a/package/crds/activedirectory.gcp.upbound.io_domains.yaml b/package/crds/activedirectory.gcp.upbound.io_domains.yaml index 71583fc24..77bdd0d37 100644 --- a/package/crds/activedirectory.gcp.upbound.io_domains.yaml +++ b/package/crds/activedirectory.gcp.upbound.io_domains.yaml @@ -86,11 +86,6 @@ spec: type: string type: array x-kubernetes-list-type: set - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the domain is allowed. - type: boolean domainName: description: |- The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions @@ -149,11 +144,6 @@ spec: type: string type: array x-kubernetes-list-type: set - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the domain is allowed. - type: boolean domainName: description: |- The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions diff --git a/package/crds/bigquery.gcp.upbound.io_tables.yaml b/package/crds/bigquery.gcp.upbound.io_tables.yaml index 84001f662..a54980d8e 100644 --- a/package/crds/bigquery.gcp.upbound.io_tables.yaml +++ b/package/crds/bigquery.gcp.upbound.io_tables.yaml @@ -2552,10 +2552,6 @@ spec: type: string type: object type: object - deletionProtection: - description: When the field is set to false, deleting the table - is allowed.. - type: boolean description: description: The field description. type: string @@ -3185,10 +3181,6 @@ spec: items: type: string type: array - deletionProtection: - description: When the field is set to false, deleting the table - is allowed.. - type: boolean description: description: The field description. type: string diff --git a/package/crds/bigtable.gcp.upbound.io_instances.yaml b/package/crds/bigtable.gcp.upbound.io_instances.yaml index 10f13ce98..92cfbf992 100644 --- a/package/crds/bigtable.gcp.upbound.io_instances.yaml +++ b/package/crds/bigtable.gcp.upbound.io_instances.yaml @@ -754,10 +754,6 @@ spec: type: string type: object type: array - deletionProtection: - description: When the field is set to false, deleting the instance - is allowed. - type: boolean displayName: description: The human-readable display name of the Bigtable instance. Defaults to the instance name. @@ -865,10 +861,6 @@ spec: type: string type: object type: array - deletionProtection: - description: When the field is set to false, deleting the instance - is allowed. - type: boolean displayName: description: The human-readable display name of the Bigtable instance. Defaults to the instance name. diff --git a/package/crds/bigtable.gcp.upbound.io_tables.yaml b/package/crds/bigtable.gcp.upbound.io_tables.yaml index 4e1513566..76b2c18d8 100644 --- a/package/crds/bigtable.gcp.upbound.io_tables.yaml +++ b/package/crds/bigtable.gcp.upbound.io_tables.yaml @@ -101,13 +101,6 @@ spec: type: string type: object type: array - deletionProtection: - description: A field to make the table protected against data - loss i.e. when set to PROTECTED, deleting the table, the column - families in the table, and the instance containing the table - would be prohibited. If not provided, deletion protection will - be set to UNPROTECTED. - type: string instanceName: description: The name of the Bigtable instance. type: string @@ -237,13 +230,6 @@ spec: type: string type: object type: array - deletionProtection: - description: A field to make the table protected against data - loss i.e. when set to PROTECTED, deleting the table, the column - families in the table, and the instance containing the table - would be prohibited. If not provided, deletion protection will - be set to UNPROTECTED. - type: string project: description: |- The ID of the project in which the resource belongs. If it diff --git a/package/crds/cloudplatform.gcp.upbound.io_folders.yaml b/package/crds/cloudplatform.gcp.upbound.io_folders.yaml index 5b43ad489..4f455149b 100644 --- a/package/crds/cloudplatform.gcp.upbound.io_folders.yaml +++ b/package/crds/cloudplatform.gcp.upbound.io_folders.yaml @@ -73,8 +73,6 @@ spec: type: string forProvider: properties: - deletionProtection: - type: boolean displayName: description: |- The folder’s display name. @@ -188,8 +186,6 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: - deletionProtection: - type: boolean displayName: description: |- The folder’s display name. diff --git a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml index e7d33f9f4..76ad52e39 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml @@ -2367,11 +2367,6 @@ spec: clientVersion: description: Arbitrary version identifier for the API client. type: string - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the job is allowed. - type: boolean labels: additionalProperties: type: string @@ -3063,11 +3058,6 @@ spec: clientVersion: description: Arbitrary version identifier for the API client. type: string - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the job is allowed. - type: boolean labels: additionalProperties: type: string diff --git a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml index 9cb396581..0ffbf3a43 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml @@ -3369,11 +3369,6 @@ spec: items: type: string type: array - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the service is allowed. - type: boolean description: description: User-provided description of the Service. This field currently has a 512-character limit. @@ -4387,11 +4382,6 @@ spec: items: type: string type: array - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the service is allowed. - type: boolean description: description: User-provided description of the Service. This field currently has a 512-character limit. diff --git a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml index d89bc5a4c..7c831622f 100644 --- a/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml +++ b/package/crds/compute.gcp.upbound.io_instancefromtemplates.yaml @@ -2100,8 +2100,6 @@ spec: enableConfidentialCompute: type: boolean type: object - deletionProtection: - type: boolean description: type: string desiredStatus: @@ -2716,8 +2714,6 @@ spec: enableConfidentialCompute: type: boolean type: object - deletionProtection: - type: boolean description: type: string desiredStatus: diff --git a/package/crds/compute.gcp.upbound.io_instances.yaml b/package/crds/compute.gcp.upbound.io_instances.yaml index a4fb772b0..7d086d693 100644 --- a/package/crds/compute.gcp.upbound.io_instances.yaml +++ b/package/crds/compute.gcp.upbound.io_instances.yaml @@ -3568,11 +3568,6 @@ spec: TERMINATE or this will fail to create the VM. type: boolean type: object - deletionProtection: - description: |- - Enable deletion protection on this instance. Defaults to false. - Note: you must disable deletion protection before removing the resource (e.g. - type: boolean description: description: A brief description of this resource. type: string @@ -4643,11 +4638,6 @@ spec: TERMINATE or this will fail to create the VM. type: boolean type: object - deletionProtection: - description: |- - Enable deletion protection on this instance. Defaults to false. - Note: you must disable deletion protection before removing the resource (e.g. - type: boolean description: description: A brief description of this resource. type: string diff --git a/package/crds/container.gcp.upbound.io_clusters.yaml b/package/crds/container.gcp.upbound.io_clusters.yaml index ee0da427d..e920424df 100644 --- a/package/crds/container.gcp.upbound.io_clusters.yaml +++ b/package/crds/container.gcp.upbound.io_clusters.yaml @@ -7751,8 +7751,6 @@ spec: internal traffic type: boolean type: object - deletionProtection: - type: boolean description: description: Description of the cluster. type: string @@ -9816,8 +9814,6 @@ spec: internal traffic type: boolean type: object - deletionProtection: - type: boolean description: description: Description of the cluster. type: string diff --git a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml index d4f6405dc..3b5a6cebe 100644 --- a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml +++ b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml @@ -1534,10 +1534,6 @@ spec: Default value is MYSQL. Possible values are: MYSQL, SPANNER. type: string - deletionProtection: - description: Indicates if the dataproc metastore should be protected - against accidental deletions. - type: boolean encryptionConfig: description: |- Information used to configure the Dataproc Metastore service to encrypt @@ -1947,10 +1943,6 @@ spec: Default value is MYSQL. Possible values are: MYSQL, SPANNER. type: string - deletionProtection: - description: Indicates if the dataproc metastore should be protected - against accidental deletions. - type: boolean encryptionConfig: description: |- Information used to configure the Dataproc Metastore service to encrypt diff --git a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml index 26ce30d19..0853e37e3 100644 --- a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml @@ -2504,10 +2504,6 @@ spec: type: array type: object type: object - deletionProtection: - description: When the field is set to false, deleting the CertificateAuthority - is allowed. - type: boolean desiredState: description: |- Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. @@ -3127,10 +3123,6 @@ spec: type: array type: object type: object - deletionProtection: - description: When the field is set to false, deleting the CertificateAuthority - is allowed. - type: boolean desiredState: description: |- Desired state of the CertificateAuthority. Set this field to STAGED to create a STAGED root CA. diff --git a/package/crds/spanner.gcp.upbound.io_databases.yaml b/package/crds/spanner.gcp.upbound.io_databases.yaml index d9c9556c1..2a5df173b 100644 --- a/package/crds/spanner.gcp.upbound.io_databases.yaml +++ b/package/crds/spanner.gcp.upbound.io_databases.yaml @@ -631,11 +631,6 @@ spec: items: type: string type: array - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the database is allowed. - type: boolean enableDropProtection: description: |- Whether drop protection is enabled for this database. Defaults to false. @@ -780,11 +775,6 @@ spec: items: type: string type: array - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the database is allowed. - type: boolean enableDropProtection: description: |- Whether drop protection is enabled for this database. Defaults to false. diff --git a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml index 16fc1fa4b..9b7622080 100644 --- a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml +++ b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml @@ -2435,10 +2435,6 @@ spec: Database Version Policies includes an up-to-date reference of supported versions. type: string - deletionProtection: - description: When the field is set to false, deleting the instance - is allowed. - type: boolean encryptionKeyName: description: |- The full path to the encryption key used for the CMEK disk encryption. @@ -3136,10 +3132,6 @@ spec: Database Version Policies includes an up-to-date reference of supported versions. type: string - deletionProtection: - description: When the field is set to false, deleting the instance - is allowed. - type: boolean encryptionKeyName: description: |- The full path to the encryption key used for the CMEK disk encryption. diff --git a/package/crds/workflows.gcp.upbound.io_workflows.yaml b/package/crds/workflows.gcp.upbound.io_workflows.yaml index e28e1cbca..ea39753ee 100644 --- a/package/crds/workflows.gcp.upbound.io_workflows.yaml +++ b/package/crds/workflows.gcp.upbound.io_workflows.yaml @@ -85,11 +85,6 @@ spec: The KMS key used to encrypt workflow and execution data. Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} type: string - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the workflow is allowed. - type: boolean description: description: Description of the workflow provided by the user. Must be at most 1000 unicode characters long. @@ -241,11 +236,6 @@ spec: The KMS key used to encrypt workflow and execution data. Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} type: string - deletionProtection: - description: |- - Defaults to true. - When the field is set to false, deleting the workflow is allowed. - type: boolean description: description: Description of the workflow provided by the user. Must be at most 1000 unicode characters long.